Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2ab0f0f3 by security tracker role at 2026-07-15T07:13:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,27 +1,1861 @@
-CVE-2026-15719
+CVE-2026-9770 (Kasa EC71 v4 and EC70 v4 firmware contains a static 
cryptographic priv ...)
+       TODO: check
+CVE-2026-9653 (A denial-of-service security issue exists across all the 
1756-EN2, EN3 ...)
+       TODO: check
+CVE-2026-9636 (A security issue exists within CompactLogix\xae 5380, 
ControlLogix\xae ...)
+       TODO: check
+CVE-2026-9561 (Eclipse Kura versions prior to 5.6.2 trust the client-supplied 
X-Forwa ...)
+       TODO: check
+CVE-2026-9341 (The Academy LMS \u2013 WordPress LMS Plugin for Complete 
eLearning Sol ...)
+       TODO: check
+CVE-2026-9292 (A Stored Cross-Site Scripting security issue exists within 
FactoryTalk ...)
+       TODO: check
+CVE-2026-9140 (A denial-of-service security issue exists in the1719-AENTR. The 
securi ...)
+       TODO: check
+CVE-2026-9128 (A code execution security issue exists withinStudio 5000 Logix 
Designe ...)
+       TODO: check
+CVE-2026-9127 (A remote code execution security issue exists withinStudio 5000 
Logix  ...)
+       TODO: check
+CVE-2026-9108 (A path traversal security issue exists withinStudio 5000 Logix 
Designe ...)
+       TODO: check
+CVE-2026-8920 (Improper Restriction of Communication Channel to Intended 
Endpoints an ...)
+       TODO: check
+CVE-2026-8919 (Permissive Cross-domain Security Policy with Untrusted Domains 
in ASUS ...)
+       TODO: check
+CVE-2026-8590 (Vulnerability in Spotfire Spotfire Enterprise (Spotfire Server 
modules ...)
+       TODO: check
+CVE-2026-8384 (In Eclipse Jetty, an HTTP URI of this form:      
/public;/../admin/sec ...)
+       TODO: check
+CVE-2026-8314 (A security issue exists within Arena\xae Simulation due to a 
memory co ...)
+       TODO: check
+CVE-2026-8313 (A security issue exists within Arena\xae Simulation due to a 
memory co ...)
+       TODO: check
+CVE-2026-8312 (A security issue exists within Arena\xae Simulation due to a 
memory co ...)
+       TODO: check
+CVE-2026-8085 (A security issue exists within Arena\xae Simulation due to a 
memory co ...)
+       TODO: check
+CVE-2026-7494 (Nexus Repository 3 is vulnerable to Server-Side Request Forgery 
(SSRF) ...)
+       TODO: check
+CVE-2026-6851 (An Improper link resolution before file access ('link 
following') vuln ...)
+       TODO: check
+CVE-2026-6790 (In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there 
is no  ...)
+       TODO: check
+CVE-2026-62659 (A security flaw was discovered in the NETGEAR WAX333 Access 
Point that ...)
+       TODO: check
+CVE-2026-62658 (A security flaw was discovered in certain NETGEAR Nighthawk 
RAX series ...)
+       TODO: check
+CVE-2026-62657 (A security flaw in the router's certificate validation process 
was dis ...)
+       TODO: check
+CVE-2026-62656 (A security flaw was found in certain NETGEAR RAX models that 
could all ...)
+       TODO: check
+CVE-2026-62655 (A security flaw was found in certain NETGEAR Orbi models that 
could al ...)
+       TODO: check
+CVE-2026-62422 (In JetBrains YouTrack before 2026.1.13757, 2025.3.148033, 
2025.2.14804 ...)
+       TODO: check
+CVE-2026-61520 (Simple Machines Forum 2.1 prior to commit 4bf35cf and 3.0 
prior to com ...)
+       TODO: check
+CVE-2026-60119 (Hi.Events before 1.11.0 contains a cross-site scripting 
vulnerability  ...)
+       TODO: check
+CVE-2026-60118 (Hi.Events before 1.11.0 contains a missing server-side 
visibility enfo ...)
+       TODO: check
+CVE-2026-60114 (Sustainable Irrigation Platform (SIP) through version 5.2.16 
contains  ...)
+       TODO: check
+CVE-2026-5270 (An authentication bypass vulnerability exists in certain 
releases of C ...)
+       TODO: check
+CVE-2026-5269 (In Ciena's Navigator Network Control Suite (NCS) and Manage 
Control Pl ...)
+       TODO: check
+CVE-2026-5040 (TP-Link Deco M5 v1 uses a weak password hashing mechanism to 
store use ...)
+       TODO: check
+CVE-2026-59891 (sigstore-js provides JavaScript libraries for interacting with 
Sigstor ...)
+       TODO: check
+CVE-2026-59889 (jackson-databind contains the general-purpose data-binding 
functionali ...)
+       TODO: check
+CVE-2026-59888 (jackson-databind contains the general-purpose data-binding 
functionali ...)
+       TODO: check
+CVE-2026-59886 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, 
the univ ...)
+       TODO: check
+CVE-2026-59885 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, 
the BER, ...)
+       TODO: check
+CVE-2026-59884 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.4, 
the BER  ...)
+       TODO: check
+CVE-2026-59841 (A improper restriction of communication channel to intended 
endpoints  ...)
+       TODO: check
+CVE-2026-59840 (A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 
through 7.6 ...)
+       TODO: check
+CVE-2026-59839 (A improper limitation of a pathname to a restricted directory 
('path t ...)
+       TODO: check
+CVE-2026-59837 (A stack-based buffer overflow vulnerability in Fortinet 
FortiOS 7.4.0  ...)
+       TODO: check
+CVE-2026-59836 (A improper certificate validation vulnerability in Fortinet 
FortiClien ...)
+       TODO: check
+CVE-2026-59835 (A exposure of resource to wrong sphere vulnerability in 
Fortinet Forti ...)
+       TODO: check
+CVE-2026-59733 (Rclone is a command-line program to sync files and directories 
to and  ...)
+       TODO: check
+CVE-2026-59732 (Rclone is a command-line program to sync files and directories 
to and  ...)
+       TODO: check
+CVE-2026-59674 (A UNIX Symbolic Link (Symlink) Following vulnerability in 
openSUSE Tum ...)
+       TODO: check
+CVE-2026-59246 (Allocation of resources without limits vulnerability in 
elixir-mint mi ...)
+       TODO: check
+CVE-2026-59205 (Pillow is a Python imaging library. Prior to 12.3.0, Pillow's 
ImageCms ...)
+       TODO: check
+CVE-2026-59204 (Pillow is a Python imaging library. From 8.2.0 through 12.2.0, 
src/lib ...)
+       TODO: check
+CVE-2026-59203 (Pillow is a Python imaging library. From 12.0.0 through 
12.2.0, Pillow ...)
+       TODO: check
+CVE-2026-59200 (Pillow is a Python imaging library. From 5.1.0 until 12.3.0, 
PdfParser ...)
+       TODO: check
+CVE-2026-59199 (Pillow is a Python imaging library. Prior to 12.3.0, Pillow 
public ima ...)
+       TODO: check
+CVE-2026-59198 (Pillow is a Python imaging library. From 5.2.0 until 12.3.0, 
Pillow's  ...)
+       TODO: check
+CVE-2026-59197 (Pillow is a Python imaging library. Prior to 12.3.0, Pillow's 
public r ...)
+       TODO: check
+CVE-2026-59084 (Insufficient Technical Documentation vulnerability in Apache 
Tomcat si ...)
+       TODO: check
+CVE-2026-59083 (Improper Handling of URL Encoding (Hex Encoding) vulnerability 
in Apac ...)
+       TODO: check
+CVE-2026-58647 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-58644 (Deserialization of untrusted data in Microsoft Office 
SharePoint allow ...)
+       TODO: check
+CVE-2026-58640 (Heap-based buffer overflow in Windows NTFS allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-58638 (Missing cryptographic step in Windows Boot Loader allows an 
authorized ...)
+       TODO: check
+CVE-2026-58637 (Use after free in Windows Client-Side Caching (CSC) Service 
allows an  ...)
+       TODO: check
+CVE-2026-58636 (Improper link resolution before file access ('link following') 
in Wind ...)
+       TODO: check
+CVE-2026-58635 (Improper neutralization of special elements used in a command 
('comman ...)
+       TODO: check
+CVE-2026-58634 (Use after free in Desktop Window Manager allows an authorized 
attacker ...)
+       TODO: check
+CVE-2026-58633 (Use after free in Desktop Window Manager allows an authorized 
attacker ...)
+       TODO: check
+CVE-2026-58632 (Use after free in Windows Win32K allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-58631 (Improper authorization in Windows Admin Center allows an 
authorized at ...)
+       TODO: check
+CVE-2026-58629 (Use after free in Windows DirectX allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-58628 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-58627 (Uncontrolled resource consumption in Windows DHCP Server 
allows an una ...)
+       TODO: check
+CVE-2026-58626 (Use after free in Windows Remote Desktop Services allows an 
authorized ...)
+       TODO: check
+CVE-2026-58619 (Use after free in Windows Sensor Data Service allows an 
authorized att ...)
+       TODO: check
+CVE-2026-58618 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-58617 (Improper access control in Microsoft 365 Copilot for iOS 
allows an una ...)
+       TODO: check
+CVE-2026-58614 (Out-of-bounds read in Windows Kernel allows an authorized 
attacker to  ...)
+       TODO: check
+CVE-2026-58613 (Use after free in Windows Cloud Files Mini Filter Driver 
allows an aut ...)
+       TODO: check
+CVE-2026-58610 (Heap-based buffer overflow in Microsoft Windows Media 
Foundation allow ...)
+       TODO: check
+CVE-2026-58609 (Out-of-bounds read in Microsoft Graphics Component allows an 
unauthori ...)
+       TODO: check
+CVE-2026-58608 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-58602 (Use after free in Windows Kernel Mode Driver allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-58601 (Heap-based buffer overflow in Virtual Hard Disk (VHD) Miniport 
Driver  ...)
+       TODO: check
+CVE-2026-58595 (Improper restriction of rendered ui layers or frames in 
Microsoft Bing ...)
+       TODO: check
+CVE-2026-58594 (Integer overflow or wraparound in Windows RDP allows an 
unauthorized a ...)
+       TODO: check
+CVE-2026-58547 (Heap-based buffer overflow in Universal Plug and Play 
(upnp.dll) allow ...)
+       TODO: check
+CVE-2026-58546 (Use of uninitialized resource in Windows RDP allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-58545 (Improper access control in Windows Kernel allows an authorized 
attacke ...)
+       TODO: check
+CVE-2026-58544 (Use after free in Windows Management Services allows an 
authorized att ...)
+       TODO: check
+CVE-2026-58543 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-58542 (Heap-based buffer overflow in Windows Media allows an 
unauthorized att ...)
+       TODO: check
+CVE-2026-58541 (Access of resource using incompatible type ('type confusion') 
in Windo ...)
+       TODO: check
+CVE-2026-58540 (Improper authorization in Windows Installer allows an 
authorized attac ...)
+       TODO: check
+CVE-2026-58539 (Out-of-bounds read in Windows RDP allows an unauthorized 
attacker to d ...)
+       TODO: check
+CVE-2026-58538 (Heap-based buffer overflow in Windows Bluetooth Service allows 
an auth ...)
+       TODO: check
+CVE-2026-58537 (Use after free in Microsoft NAT Helper Components 
(ipnathlp.dll) allow ...)
+       TODO: check
+CVE-2026-58536 (Use after free in Windows Cloud Files Mini Filter Driver 
allows an aut ...)
+       TODO: check
+CVE-2026-58535 (Use of uninitialized resource in Windows RDP allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-58534 (Heap-based buffer overflow in Microsoft Input Method Editor 
(IME) allo ...)
+       TODO: check
+CVE-2026-58533 (Use of uninitialized resource in Windows RDP allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-58532 (Integer overflow or wraparound in Windows Kernel allows an 
authorized  ...)
+       TODO: check
+CVE-2026-58531 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-58530 (Heap-based buffer overflow in Windows Resilient File System 
(ReFS) all ...)
+       TODO: check
+CVE-2026-58529 (Out-of-bounds read in Active Directory Federation Services (AD 
FS) all ...)
+       TODO: check
+CVE-2026-58528 (Out-of-bounds read in Windows USB Audio Class driver 
(usbaudio.sys) al ...)
+       TODO: check
+CVE-2026-58527 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-58526 (Use after free in Windows Storage allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-58479 (Sustainable Irrigation Platform (SIP) through version 5.2.16 
contains  ...)
+       TODO: check
+CVE-2026-58478 (Sustainable Irrigation Platform (SIP) through version 5.2.16 
contains  ...)
+       TODO: check
+CVE-2026-58477 (Sustainable Irrigation Platform (SIP) through version 5.2.16 
contains  ...)
+       TODO: check
+CVE-2026-58476 (Sustainable Irrigation Platform (SIP) through version 5.2.16 
contains  ...)
+       TODO: check
+CVE-2026-58475 (Sustainable Irrigation Platform (SIP) through version 5.2.16 
contains  ...)
+       TODO: check
+CVE-2026-58461
+       REJECTED
+CVE-2026-58279 (Missing authorization in Azure CycleCloud allows an authorized 
attacke ...)
+       TODO: check
+CVE-2026-58277 (Improper authorization in Microsoft Office SharePoint allows 
an author ...)
+       TODO: check
+CVE-2026-58229 (Allocation of resources without limits vulnerability in 
elixir-mint mi ...)
+       TODO: check
+CVE-2026-57982 (Use of uninitialized resource in Windows RDP allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-57979 (Out-of-bounds read in Windows RDP allows an unauthorized 
attacker to d ...)
+       TODO: check
+CVE-2026-57976 (Null pointer dereference in Active Directory Domain Services 
allows an ...)
+       TODO: check
+CVE-2026-57973 (Time-of-check time-of-use (toctou) race condition in Windows 
Subsystem ...)
+       TODO: check
+CVE-2026-57969 (Missing authentication for critical function in Azure 
CycleCloud allow ...)
+       TODO: check
+CVE-2026-57968 (Buffer over-read in Windows Subsystem for Linux allows an 
authorized a ...)
+       TODO: check
+CVE-2026-57898 (In Eclipse BaSyx Java Server SDK versions 2.0.0-milestone-05 
to 2.0.0- ...)
+       TODO: check
+CVE-2026-57108 (Access of resource using incompatible type ('type confusion') 
in .NET  ...)
+       TODO: check
+CVE-2026-57107 (Improper authentication in Windows Admin Center allows an 
authorized a ...)
+       TODO: check
+CVE-2026-57102 (Inclusion of functionality from untrusted control sphere in 
Visual Stu ...)
+       TODO: check
+CVE-2026-57101 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-57097 (Untrusted search path in Microsoft XML allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-57096 (Heap-based buffer overflow in Windows Routing and Remote 
Access Servic ...)
+       TODO: check
+CVE-2026-57095 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-57094 (Heap-based buffer overflow in Microsoft Windows Media 
Foundation allow ...)
+       TODO: check
+CVE-2026-57093 (Use after free in Windows Ancillary Function Driver for 
WinSock allows ...)
+       TODO: check
+CVE-2026-57092 (Use after free in Windows VMSwitch allows an authorized 
attacker to el ...)
+       TODO: check
+CVE-2026-57091 (Stack-based buffer overflow in Windows File History Service 
allows an  ...)
+       TODO: check
+CVE-2026-57090 (Heap-based buffer overflow in Microsoft Windows Media 
Foundation allow ...)
+       TODO: check
+CVE-2026-57089 (Use after free in Windows SMB Server Network Transport Driver 
(srvnet. ...)
+       TODO: check
+CVE-2026-57088 (Improper access control in Extensible Storage Engine (ESENT) 
allows an ...)
+       TODO: check
+CVE-2026-57087 (Heap-based buffer overflow in Microsoft Windows Media 
Foundation allow ...)
+       TODO: check
+CVE-2026-57085 (Out-of-bounds read in Windows Print Spooler Components allows 
an autho ...)
+       TODO: check
+CVE-2026-57084 (Use of uninitialized resource in Windows File Explorer allows 
an unaut ...)
+       TODO: check
+CVE-2026-57083 (Use of uninitialized resource in Microsoft Windows Codecs 
Library allo ...)
+       TODO: check
+CVE-2026-56650 (Heap-based buffer overflow in Windows Network File System 
allows an au ...)
+       TODO: check
+CVE-2026-56649 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-56648 (Time-of-check time-of-use (toctou) race condition in Windows 
Network F ...)
+       TODO: check
+CVE-2026-56647 (Integer overflow or wraparound in Windows Remote Access 
Service Infras ...)
+       TODO: check
+CVE-2026-56644 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-56643 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-56642 (Stack-based buffer overflow in Microsoft Fabric Data Warehouse 
allows  ...)
+       TODO: check
+CVE-2026-56451 (A vulnerability has been identified in Opcenter X (All 
versions < V260 ...)
+       TODO: check
+CVE-2026-56197 (Improper neutralization of special elements used in a command 
('comman ...)
+       TODO: check
+CVE-2026-56196 (Relative path traversal in Windows Admin Center allows an 
authorized a ...)
+       TODO: check
+CVE-2026-56195 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-56194 (Heap-based buffer overflow in Windows Network File System 
allows an au ...)
+       TODO: check
+CVE-2026-56193 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-56192 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-56190 (Use of uninitialized resource in Windows RDP allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-56189 (Heap-based buffer overflow in Microsoft Windows Media 
Foundation allow ...)
+       TODO: check
+CVE-2026-56188 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-56187 (Use after free in Windows MIDI Service Module allows an 
authorized att ...)
+       TODO: check
+CVE-2026-56186 (Out-of-bounds read in Windows Schannel allows an authorized 
attacker t ...)
+       TODO: check
+CVE-2026-56185 (Improper authentication in Windows Admin Center allows an 
authorized a ...)
+       TODO: check
+CVE-2026-56184 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-56183 (Use after free in Windows MIDI Service Module allows an 
authorized att ...)
+       TODO: check
+CVE-2026-56182 (Integer overflow or wraparound in Windows NTFS allows an 
authorized at ...)
+       TODO: check
+CVE-2026-56181 (Origin validation error in Windows Network Address Translation 
(NAT) a ...)
+       TODO: check
+CVE-2026-56178 (Time-of-check time-of-use (toctou) race condition in Microsoft 
Defende ...)
+       TODO: check
+CVE-2026-56176 (Out-of-bounds read in Windows Win32K - GRFX allows an 
authorized attac ...)
+       TODO: check
+CVE-2026-56175 (Heap-based buffer overflow in Windows NTFS allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-56173 (Use after free in Windows WebView allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-56170 (Allocation of resources without limits or throttling in 
ASP.NET Core a ...)
+       TODO: check
+CVE-2026-56169 (Improper authentication in Windows Admin Center allows an 
authorized a ...)
+       TODO: check
+CVE-2026-56168 (Null pointer dereference in Windows SMB Server allows an 
authorized at ...)
+       TODO: check
+CVE-2026-56164 (Missing authentication for critical function in Microsoft 
Office Share ...)
+       TODO: check
+CVE-2026-56159 (Heap-based buffer overflow in Windows DHCP Server allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-56157 (Improper access control in Microsoft Office SharePoint allows 
an autho ...)
+       TODO: check
+CVE-2026-56156 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-56155 (Insufficient granularity of access control in Active Directory 
Federat ...)
+       TODO: check
+CVE-2026-55954 (Authentication Bypass by Spoofing vulnerability in ueberauth 
ueberauth ...)
+       TODO: check
+CVE-2026-55949 (Use of uninitialized resource in Microsoft Office Excel allows 
an unau ...)
+       TODO: check
+CVE-2026-55948 (Use after free in Microsoft Office Excel allows an 
unauthorized attack ...)
+       TODO: check
+CVE-2026-55947 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-55944 (Deserialization of untrusted data in Microsoft Dynamics NAV 
allows an  ...)
+       TODO: check
+CVE-2026-55899 (Stack-based buffer overflow in Microsoft Office Excel allows 
an unauth ...)
+       TODO: check
+CVE-2026-55898 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-55651 (Easy!Appointments is a self hosted appointment scheduler. In 
version 1 ...)
+       TODO: check
+CVE-2026-55145 (Improper neutralization of special elements used in a command 
('comman ...)
+       TODO: check
+CVE-2026-55144 (Missing cryptographic step in Windows CryptoAPI allows an 
authorized a ...)
+       TODO: check
+CVE-2026-55142 (Numeric truncation error in Microsoft Office Word allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-55141 (Stack-based buffer overflow in Microsoft Office Excel allows 
an unauth ...)
+       TODO: check
+CVE-2026-55140 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+       TODO: check
+CVE-2026-55139 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-55138 (Untrusted pointer dereference in Microsoft Office Excel allows 
an unau ...)
+       TODO: check
+CVE-2026-55137 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-55136 (Untrusted pointer dereference in Microsoft Office Excel allows 
an unau ...)
+       TODO: check
+CVE-2026-55135 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-55134 (Stack-based buffer overflow in Microsoft Office Word allows an 
unautho ...)
+       TODO: check
+CVE-2026-55133 (Heap-based buffer overflow in Microsoft Office OneNote allows 
an unaut ...)
+       TODO: check
+CVE-2026-55132 (Double free in Microsoft Office Word allows an unauthorized 
attacker t ...)
+       TODO: check
+CVE-2026-55131 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-55130 (Heap-based buffer overflow in Microsoft Office Word allows an 
unauthor ...)
+       TODO: check
+CVE-2026-55129 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+       TODO: check
+CVE-2026-55128 (Use after free in Microsoft Office Word allows an unauthorized 
attacke ...)
+       TODO: check
+CVE-2026-55127 (Heap-based buffer overflow in Microsoft Office Word allows an 
unauthor ...)
+       TODO: check
+CVE-2026-55126 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-55125 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+       TODO: check
+CVE-2026-55124 (Improper validation of specified type of input in Microsoft 
Office Wor ...)
+       TODO: check
+CVE-2026-55123 (Heap-based buffer overflow in Microsoft Office PowerPoint 
allows an un ...)
+       TODO: check
+CVE-2026-55122 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-55121 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-55120 (Heap-based buffer overflow in Microsoft Office PowerPoint 
allows an un ...)
+       TODO: check
+CVE-2026-55058 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-55057 (Integer overflow or wraparound in Microsoft Office allows an 
unauthori ...)
+       TODO: check
+CVE-2026-55056 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+       TODO: check
+CVE-2026-55055 (Stack-based buffer overflow in Microsoft Office Word allows an 
unautho ...)
+       TODO: check
+CVE-2026-55054 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-55053 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-55052 (Missing authorization in Microsoft Office SharePoint allows an 
authori ...)
+       TODO: check
+CVE-2026-55051 (Server-side request forgery (ssrf) in Microsoft Office 
SharePoint allo ...)
+       TODO: check
+CVE-2026-55050 (Out-of-bounds read in Microsoft Office Word allows an 
unauthorized att ...)
+       TODO: check
+CVE-2026-55049 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+       TODO: check
+CVE-2026-55048 (Integer overflow or wraparound in Microsoft Office Excel 
allows an una ...)
+       TODO: check
+CVE-2026-55047 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-55046 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-55045 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-55044 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-55043 (Heap-based buffer overflow in Microsoft Office PowerPoint 
allows an un ...)
+       TODO: check
+CVE-2026-55042 (Use of uninitialized resource in Microsoft Office allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-55041 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-55040 (Weak authentication in Microsoft Office SharePoint allows an 
unauthori ...)
+       TODO: check
+CVE-2026-55039 (Integer underflow (wrap or wraparound) in Microsoft Office 
Excel allow ...)
+       TODO: check
+CVE-2026-55038 (Stack-based buffer overflow in Microsoft Office Word allows an 
unautho ...)
+       TODO: check
+CVE-2026-55037 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-55036 (Buffer over-read in Microsoft Office Excel allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-55035 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-55034 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-55033 (Integer overflow or wraparound in Microsoft Office Word allows 
an unau ...)
+       TODO: check
+CVE-2026-55032 (Use after free in Microsoft Office Word allows an unauthorized 
attacke ...)
+       TODO: check
+CVE-2026-55031 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-55030 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-55029 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-55028 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-55027 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-55026 (Integer overflow or wraparound in Microsoft Office allows an 
unauthori ...)
+       TODO: check
+CVE-2026-55025 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+       TODO: check
+CVE-2026-55024 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+       TODO: check
+CVE-2026-55023 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-55022 (Access of resource using incompatible type ('type confusion') 
in Micro ...)
+       TODO: check
+CVE-2026-55021 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-55020 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-55019 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-55018 (Use after free in Microsoft Office allows an unauthorized 
attacker to  ...)
+       TODO: check
+CVE-2026-55017 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+       TODO: check
+CVE-2026-55016 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-55014 (Improper access control in Windows Remote Help Defense allows 
an autho ...)
+       TODO: check
+CVE-2026-55012 (Integer overflow or wraparound in Microsoft Defender allows an 
unautho ...)
+       TODO: check
+CVE-2026-55011 (Integer underflow (wrap or wraparound) in Microsoft Defender 
allows an ...)
+       TODO: check
+CVE-2026-55010 (Heap-based buffer overflow in Minecraft Bedrock Dedicated 
Server allow ...)
+       TODO: check
+CVE-2026-55009 (Deserialization of untrusted data in Microsoft Exchange Server 
allows  ...)
+       TODO: check
+CVE-2026-55008 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-55006 (Insufficient granularity of access control in Microsoft 
Exchange Serve ...)
+       TODO: check
+CVE-2026-55005 (Heap-based buffer overflow in Microsoft Exchange Server allows 
an auth ...)
+       TODO: check
+CVE-2026-55004 (Double free in Microsoft Printer Drivers allows an authorized 
attacker ...)
+       TODO: check
+CVE-2026-55003 (Use of uninitialized resource in Windows RDP allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-55002 (External control of file name or path in SQL Server allows an 
authoriz ...)
+       TODO: check
+CVE-2026-55001 (Improper certificate validation in Windows Active Directory 
allows an  ...)
+       TODO: check
+CVE-2026-55000 (Use after free in Windows USB Print Driver allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-54999 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-54997 (Use of uninitialized resource in Windows SMB allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-54996 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-54995 (Use after free in Reliable Multicast Transport Driver (RMCAST) 
allows  ...)
+       TODO: check
+CVE-2026-54993 (Heap-based buffer overflow in Microsoft Windows Media 
Foundation allow ...)
+       TODO: check
+CVE-2026-54992 (Heap-based buffer overflow in Windows Message Queuing Queue 
Manager al ...)
+       TODO: check
+CVE-2026-54991 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-54990 (Heap-based buffer overflow in Remote Desktop Client allows an 
unauthor ...)
+       TODO: check
+CVE-2026-54989 (Use after free in Quality Windows Audio/Video Experience 
(QWAVE) servi ...)
+       TODO: check
+CVE-2026-54988 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-54987 (Heap-based buffer overflow in Windows Overlay Filter allows an 
authori ...)
+       TODO: check
+CVE-2026-54986 (Heap-based buffer overflow in Windows Win32K allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-54983 (Stack-based buffer overflow in Active Directory Federation 
Services (A ...)
+       TODO: check
+CVE-2026-54982 (Integer underflow (wrap or wraparound) in Reliable Multicast 
Transport ...)
+       TODO: check
+CVE-2026-54684 (jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a 
malicious .xa ...)
+       TODO: check
+CVE-2026-54572 (Rclone is a command-line program to sync files and directories 
to and  ...)
+       TODO: check
+CVE-2026-54429 (A vulnerability has been identified in SIMATIC S7-PLCSIM 
Advanced (All ...)
+       TODO: check
+CVE-2026-54132 (Heap-based buffer overflow in Windows Kernel allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-54131 (Use after free in Microsoft Office Excel allows an 
unauthorized attack ...)
+       TODO: check
+CVE-2026-54129 (Use after free in Windows Hyper-V allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-54128 (Use after free in Windows DHCP Client allows an unauthorized 
attacker  ...)
+       TODO: check
+CVE-2026-54127 (Use after free in Windows Hyper-V allows an unauthorized 
attacker to e ...)
+       TODO: check
+CVE-2026-54126 (Out-of-bounds read in Windows RDP allows an unauthorized 
attacker to d ...)
+       TODO: check
+CVE-2026-54125 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-54124 (Integer overflow or wraparound in Windows Terminal allows an 
unauthori ...)
+       TODO: check
+CVE-2026-54122 (Heap-based buffer overflow in Windows GDI+ allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-54121 (Improper authorization in Active Directory Certificate 
Services (AD CS ...)
+       TODO: check
+CVE-2026-54119 (Loop with unreachable exit condition ('infinite loop') in 
Windows Acti ...)
+       TODO: check
+CVE-2026-54118 (Deserialization of untrusted data in SQL Server allows an 
authorized a ...)
+       TODO: check
+CVE-2026-54117 (Deserialization of untrusted data in SQL Server allows an 
authorized a ...)
+       TODO: check
+CVE-2026-54116 (Access of resource using incompatible type ('type confusion') 
in SQL S ...)
+       TODO: check
+CVE-2026-54115 (Integer overflow or wraparound in Windows Active Directory 
allows an a ...)
+       TODO: check
+CVE-2026-54114 (Use after free in Windows Win32K allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-54112 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-54111 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-54109 (Integer overflow or wraparound in Windows Resilient File 
System (ReFS) ...)
+       TODO: check
+CVE-2026-54108 (External control of file name or path in Microsoft Office 
SharePoint a ...)
+       TODO: check
+CVE-2026-54107 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-54058 (Pillow is a Python imaging library. Prior to 12.3.0, when 
Pillow loads ...)
+       TODO: check
+CVE-2026-53633 (Vitest is a testing framework powered by Vite. From 3.0.0 
until 3.2.5, ...)
+       TODO: check
+CVE-2026-53566 (Out-of-bounds read vulnerability in Citrix Citrix Secure 
Access Client ...)
+       TODO: check
+CVE-2026-53565 (Improper Privilege Management vulnerability in Citrix Secure 
Access Cl ...)
+       TODO: check
+CVE-2026-53486 (The decompress package for Node.js extracts archives. Prior to 
10.2.1  ...)
+       TODO: check
+CVE-2026-52841 (Easy!Appointments is a self hosted appointment scheduler. In 
versions  ...)
+       TODO: check
+CVE-2026-52840 (Easy!Appointments is a self hosted appointment scheduler. In 
versions  ...)
+       TODO: check
+CVE-2026-52839 (Easy!Appointments is a self hosted appointment scheduler. 
Versions pri ...)
+       TODO: check
+CVE-2026-52838 (Easy!Appointments is a self hosted appointment scheduler. 
Versions pri ...)
+       TODO: check
+CVE-2026-52837 (Easy!Appointments is a self hosted appointment scheduler. In 
versions  ...)
+       TODO: check
+CVE-2026-52101 (An issue in andreimarcu linux-server v.1.0 through v.2.3.8 
allows a re ...)
+       TODO: check
+CVE-2026-52100 (Cross Site Request Forgery vulnerability in andreimarcu 
linux-server v ...)
+       TODO: check
+CVE-2026-51808 (Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before 
allows  ...)
+       TODO: check
+CVE-2026-51807 (Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before 
allows  ...)
+       TODO: check
+CVE-2026-51105 (Buffer Overflow vulnerability in aMULE-Project aMule v.2.3.3 
allows a  ...)
+       TODO: check
+CVE-2026-50697 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50696 (Heap-based buffer overflow in Windows Internet Key Exchange 
(IKE) Prot ...)
+       TODO: check
+CVE-2026-50695 (Stack-based buffer overflow in Active Directory Federation 
Services al ...)
+       TODO: check
+CVE-2026-50694 (Use after free in Windows Secure Socket Tunneling Protocol 
(SSTP) allo ...)
+       TODO: check
+CVE-2026-50692 (Heap-based buffer overflow in Desktop Window Manager allows an 
authori ...)
+       TODO: check
+CVE-2026-50690 (Use of uninitialized resource in Windows SMB allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-50689 (Use after free in Windows Clipboard Server allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-50688 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-50687 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-50686 (Access of resource using incompatible type ('type confusion') 
in Windo ...)
+       TODO: check
+CVE-2026-50685 (Double free in Windows DHCP Server allows an authorized 
attacker to ex ...)
+       TODO: check
+CVE-2026-50684 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-50683 (Heap-based buffer overflow in Windows DHCP Server allows an 
authorized ...)
+       TODO: check
+CVE-2026-50682 (Out-of-bounds read in Windows Active Directory allows an 
authorized at ...)
+       TODO: check
+CVE-2026-50681 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50680 (Heap-based buffer overflow in Windows Hyper-V allows an 
authorized att ...)
+       TODO: check
+CVE-2026-50679 (Heap-based buffer overflow in Microsoft Windows Search 
Component allow ...)
+       TODO: check
+CVE-2026-50678 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-50677 (Use after free in Windows Media allows an authorized attacker 
to eleva ...)
+       TODO: check
+CVE-2026-50676 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50675 (Heap-based buffer overflow in Microsoft Office Excel allows an 
unautho ...)
+       TODO: check
+CVE-2026-50674 (Use after free in Windows USB Print Driver allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-50673 (Null pointer dereference in Windows Kernel allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-50672 (Use after free in Windows NTFS allows an authorized attacker 
to elevat ...)
+       TODO: check
+CVE-2026-50670 (Out-of-bounds read in Windows Kernel allows an authorized 
attacker to  ...)
+       TODO: check
+CVE-2026-50669 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50668 (Heap-based buffer overflow in Windows NTFS allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-50667 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50666 (Use after free in Windows Remote Access Connection Manager 
allows an a ...)
+       TODO: check
+CVE-2026-50665 (Out-of-bounds read in Microsoft Office allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-50663 (Relative path traversal in Age of Empires II: Definitive 
Edition Game  ...)
+       TODO: check
+CVE-2026-50661 (Protection mechanism failure in Windows BitLocker allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-50659 (Improper encoding or escaping of output in .NET allows an 
authorized a ...)
+       TODO: check
+CVE-2026-50658 (Time-of-check time-of-use (toctou) race condition in Microsoft 
Defende ...)
+       TODO: check
+CVE-2026-50657 (Exposure of private personal information to an unauthorized 
actor in M ...)
+       TODO: check
+CVE-2026-50655 (Heap-based buffer overflow in Windows Media allows an 
unauthorized att ...)
+       TODO: check
+CVE-2026-50653 (Loop with unreachable exit condition ('infinite loop') in 
Azure Active ...)
+       TODO: check
+CVE-2026-50652 (Deserialization of untrusted data in Azure Active Directory 
allows an  ...)
+       TODO: check
+CVE-2026-50651 (Allocation of resources without limits or throttling in .NET 
allows an ...)
+       TODO: check
+CVE-2026-50650 (Improper control of generation of code ('code injection') in 
.NET Fram ...)
+       TODO: check
+CVE-2026-50649 (Deserialization of untrusted data in .NET allows an 
unauthorized attac ...)
+       TODO: check
+CVE-2026-50648 (Allocation of resources without limits or throttling in .NET 
Framework ...)
+       TODO: check
+CVE-2026-50647 (Loop with unreachable exit condition ('infinite loop') in 
Active Direc ...)
+       TODO: check
+CVE-2026-50646 (Protection mechanism failure in .NET Framework allows an 
unauthorized  ...)
+       TODO: check
+CVE-2026-50528 (Incorrect authorization in .NET allows an unauthorized 
attacker to byp ...)
+       TODO: check
+CVE-2026-50527 (Stack-based buffer overflow in .NET Framework allows an 
unauthorized a ...)
+       TODO: check
+CVE-2026-50526 (Improper link resolution before file access ('link following') 
in .NET ...)
+       TODO: check
+CVE-2026-50525 (Allocation of resources without limits or throttling in .NET 
allows an ...)
+       TODO: check
+CVE-2026-50524 (Improper validation of specified type of input in .NET 
Framework allow ...)
+       TODO: check
+CVE-2026-50522 (Deserialization of untrusted data in Microsoft Office 
SharePoint allow ...)
+       TODO: check
+CVE-2026-50520 (Improper neutralization of special elements used in a command 
('comman ...)
+       TODO: check
+CVE-2026-50518 (Heap-based buffer overflow in Windows DHCP Server allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-50510 (Improper restriction of names for files and other resources in 
Github  ...)
+       TODO: check
+CVE-2026-50509 (Deserialization of untrusted data in Windows Wireless Wide 
Area Networ ...)
+       TODO: check
+CVE-2026-50506 (Allocation of resources without limits or throttling in 
ASP.NET Core a ...)
+       TODO: check
+CVE-2026-50505 (Use after free in Windows Message Queuing allows an authorized 
attacke ...)
+       TODO: check
+CVE-2026-50504 (Buffer over-read in Remote Desktop Client allows an 
unauthorized attac ...)
+       TODO: check
+CVE-2026-50503 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50502 (Insufficient granularity of access control in Windows Event 
Logging Se ...)
+       TODO: check
+CVE-2026-50501 (Stack-based buffer overflow in Windows Resilient File System 
(ReFS) al ...)
+       TODO: check
+CVE-2026-50500 (Use after free in Windows Netlogon allows an authorized 
attacker to el ...)
+       TODO: check
+CVE-2026-50499 (Heap-based buffer overflow in Windows Print Spooler Components 
allows  ...)
+       TODO: check
+CVE-2026-50498 (Windows Universal Disk Format File System Driver (UDFS) 
Elevation of P ...)
+       TODO: check
+CVE-2026-50497 (Off-by-one error in Windows Remote Desktop Protocol allows an 
unauthor ...)
+       TODO: check
+CVE-2026-50496 (Out-of-bounds read in Windows Network Policy Server SNMP 
allows an una ...)
+       TODO: check
+CVE-2026-50495 (Improper access control in Microsoft Windows DNS allows an 
authorized  ...)
+       TODO: check
+CVE-2026-50494 (Heap-based buffer overflow in Windows NTFS allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-50493 (Use after free in Windows Graphics Kernel allows an authorized 
attacke ...)
+       TODO: check
+CVE-2026-50492 (Heap-based buffer overflow in Windows Resilient File System 
(ReFS) all ...)
+       TODO: check
+CVE-2026-50491 (Out-of-bounds read in Code Integrity DLL (ci.dll) allows an 
authorized ...)
+       TODO: check
+CVE-2026-50490 (Use after free in Windows Installer allows an authorized 
attacker to e ...)
+       TODO: check
+CVE-2026-50489 (Heap-based buffer overflow in Windows Win32K allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-50488 (Improper neutralization of special elements used in a command 
('comman ...)
+       TODO: check
+CVE-2026-50487 (Use after free in Microsoft Windows DNS allows an unauthorized 
attacke ...)
+       TODO: check
+CVE-2026-50486 (Use after free in Windows Runtime allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-50485 (Buffer over-read in Windows Hyper-V allows an authorized 
attacker to d ...)
+       TODO: check
+CVE-2026-50484 (Heap-based buffer overflow in Windows Kernel allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-50483 (Exposure of sensitive information to an unauthorized actor in 
Microsof ...)
+       TODO: check
+CVE-2026-50482 (Heap-based buffer overflow in Windows NTFS allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-50480 (Heap-based buffer overflow in Windows Web Proxy Auto-Discovery 
Protoco ...)
+       TODO: check
+CVE-2026-50479 (Untrusted pointer dereference in Windows USB Hub Driver allows 
an auth ...)
+       TODO: check
+CVE-2026-50478 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-50477 (Heap-based buffer overflow in Windows Kernel allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-50476 (Use after free in Microsoft Windows allows an authorized 
attacker to e ...)
+       TODO: check
+CVE-2026-50475 (Buffer over-read in Windows Kernel allows an authorized 
attacker to di ...)
+       TODO: check
+CVE-2026-50474 (Use after free in Remote Desktop Client allows an unauthorized 
attacke ...)
+       TODO: check
+CVE-2026-50473 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50471 (Heap-based buffer overflow in Windows NTFS allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-50470 (Out-of-bounds read in Windows Network Policy Server SNMP 
allows an una ...)
+       TODO: check
+CVE-2026-50469 (Improper link resolution before file access ('link following') 
in Wind ...)
+       TODO: check
+CVE-2026-50468 (Buffer over-read in SQL Server allows an authorized attacker 
to disclo ...)
+       TODO: check
+CVE-2026-50467 (Use after free in Microsoft Office allows an unauthorized 
attacker to  ...)
+       TODO: check
+CVE-2026-50466 (Use after free in Windows Brokering File System allows an 
authorized a ...)
+       TODO: check
+CVE-2026-50465 (Improper access control in Microsoft Windows DNS allows an 
authorized  ...)
+       TODO: check
+CVE-2026-50463 (Out-of-bounds read in Windows Kernel allows an unauthorized 
attacker t ...)
+       TODO: check
+CVE-2026-50462 (External control of file name or path in Windows Ancillary 
Function Dr ...)
+       TODO: check
+CVE-2026-50461 (Heap-based buffer overflow in Windows NTFS allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-50460 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50459 (Use after free in Windows Kernel allows an unauthorized 
attacker to el ...)
+       TODO: check
+CVE-2026-50458 (Use after free in Microsoft Brokering File System allows an 
authorized ...)
+       TODO: check
+CVE-2026-50457 (Use after free in Windows Runtime allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-50456 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50455 (Use of uninitialized resource in Universal Plug and Play 
(upnp.dll) al ...)
+       TODO: check
+CVE-2026-50454 (Relative path traversal in Windows User Interface Core allows 
an autho ...)
+       TODO: check
+CVE-2026-50453 (Out-of-bounds read in Windows USB Audio Class driver 
(usbaudio.sys) al ...)
+       TODO: check
+CVE-2026-50452 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50451 (Missing authentication for critical function in Windows 
Routing and Re ...)
+       TODO: check
+CVE-2026-50450 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50449 (Use after free in Windows Runtime allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-50448 (Heap-based buffer overflow in Windows NTFS allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-50447 (Heap-based buffer overflow in Windows Message Queuing allows 
an unauth ...)
+       TODO: check
+CVE-2026-50445 (Buffer over-read in Windows RDP allows an unauthorized 
attacker to dis ...)
+       TODO: check
+CVE-2026-50444 (Missing authentication for critical function in Windows Server 
Update  ...)
+       TODO: check
+CVE-2026-50442 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50441 (Untrusted pointer dereference in Windows Resilient File System 
(ReFS)  ...)
+       TODO: check
+CVE-2026-50440 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50439 (Use after free in Microsoft Message Queuing Queue Manager 
allows an un ...)
+       TODO: check
+CVE-2026-50438 (Improper link resolution before file access ('link following') 
in Micr ...)
+       TODO: check
+CVE-2026-50437 (Out-of-bounds read in Windows DWM Core Library allows an 
authorized at ...)
+       TODO: check
+CVE-2026-50436 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-50435 (Buffer over-read in Windows Overlay Filter allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-50434 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50433 (Use after free in Windows Media allows an authorized attacker 
to eleva ...)
+       TODO: check
+CVE-2026-50432 (Use after free in Windows Virtual Filtering Platform (VFP) 
allows an a ...)
+       TODO: check
+CVE-2026-50431 (Windows Quality of Service (QoS) Packet Scheduler Information 
Disclosu ...)
+       TODO: check
+CVE-2026-50430 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50429 (Out-of-bounds read in Windows Kernel allows an unauthorized 
attacker t ...)
+       TODO: check
+CVE-2026-50428 (Out-of-bounds read in Windows Container Isolation FS Filter 
Driver (un ...)
+       TODO: check
+CVE-2026-50427 (Use after free in Content Delivery Manager allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-50426 (Relative path traversal in DNS Server allows an authorized 
attacker to ...)
+       TODO: check
+CVE-2026-50425 (Use after free in Windows Internal System User Profile allows 
an autho ...)
+       TODO: check
+CVE-2026-50424 (Untrusted pointer dereference in Windows Domain Controller 
allows an u ...)
+       TODO: check
+CVE-2026-50423 (Improper access control in Windows Kernel allows an authorized 
attacke ...)
+       TODO: check
+CVE-2026-50422 (Out-of-bounds read in Windows NTFS allows an authorized 
attacker to el ...)
+       TODO: check
+CVE-2026-50421 (Access of resource using incompatible type ('type confusion') 
in Windo ...)
+       TODO: check
+CVE-2026-50420 (Out-of-bounds read in Windows HTTP.sys allows an unauthorized 
attacker ...)
+       TODO: check
+CVE-2026-50419 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50418 (Improper access control in Windows System allows an 
unauthorized attac ...)
+       TODO: check
+CVE-2026-50417 (Heap-based buffer overflow in Windows NTFS allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-50416 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50415 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50414 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50413 (Use after free in Windows Runtime allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-50412 (Stack-based buffer overflow in Windows NTFS allows an 
authorized attac ...)
+       TODO: check
+CVE-2026-50411 (Stack-based buffer overflow in Active Directory Federation 
Services (A ...)
+       TODO: check
+CVE-2026-50410 (Use after free in Windows Runtime allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-50409 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50408 (Out-of-bounds read in Microsoft Office Excel allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-50407 (Heap-based buffer overflow in Windows Resilient File System 
(ReFS) all ...)
+       TODO: check
+CVE-2026-50406 (Use after free in Windows Backup Engine allows an authorized 
attacker  ...)
+       TODO: check
+CVE-2026-50405 (Insufficient granularity of access control in Windows 
Filtering Platfo ...)
+       TODO: check
+CVE-2026-50404 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50403 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50402 (Incorrect conversion between numeric types in Windows NTFS 
allows an a ...)
+       TODO: check
+CVE-2026-50401 (Out-of-bounds read in Windows Cloud Files Mini Filter Driver 
allows an ...)
+       TODO: check
+CVE-2026-50400 (Stack-based buffer overflow in Windows App Installer allows an 
authori ...)
+       TODO: check
+CVE-2026-50399 (Out-of-bounds read in Windows Kernel allows an authorized 
attacker to  ...)
+       TODO: check
+CVE-2026-50398 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50397 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-50396 (Use after free in Windows Kernel-Mode Drivers allows an 
authorized att ...)
+       TODO: check
+CVE-2026-50394 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50393 (Use after free in Windows Kernel-Mode Drivers allows an 
authorized att ...)
+       TODO: check
+CVE-2026-50392 (Use after free in Windows Secure Kernel Mode allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-50391 (Improper privilege management in Windows Group Policy allows 
an author ...)
+       TODO: check
+CVE-2026-50390 (Access of resource using incompatible type ('type confusion') 
in Windo ...)
+       TODO: check
+CVE-2026-50389 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50388 (Out-of-bounds read in Windows NTFS allows an unauthorized 
attacker to  ...)
+       TODO: check
+CVE-2026-50387 (Stack-based buffer overflow in Windows GDI allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-50386 (Heap-based buffer overflow in Windows NTFS allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-50385 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50384 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50383 (Buffer over-read in Windows Print Spooler Components allows an 
authori ...)
+       TODO: check
+CVE-2026-50382 (Untrusted pointer dereference in Windows DirectX allows an 
authorized  ...)
+       TODO: check
+CVE-2026-50381 (Access of resource using incompatible type ('type confusion') 
in Compo ...)
+       TODO: check
+CVE-2026-50380 (Heap-based buffer overflow in Windows GDI+ allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-50379 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50378 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50377 (Out-of-bounds read in Windows Kernel allows an authorized 
attacker to  ...)
+       TODO: check
+CVE-2026-50376 (Use of uninitialized resource in Windows RDP allows an 
unauthorized at ...)
+       TODO: check
+CVE-2026-50375 (Heap-based buffer overflow in Windows DirectX allows an 
authorized att ...)
+       TODO: check
+CVE-2026-50374 (Use after free in Windows Cloud Files Mini Filter Driver 
allows an aut ...)
+       TODO: check
+CVE-2026-50373 (Improper access control in Microsoft Windows Search Component 
allows a ...)
+       TODO: check
+CVE-2026-50372 (Buffer over-read in Windows Redirected Drive Buffering allows 
an autho ...)
+       TODO: check
+CVE-2026-50371 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50370 (Heap-based buffer overflow in Windows DHCP Server allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-50369 (Use after free in Windows Remote Desktop Services allows an 
authorized ...)
+       TODO: check
+CVE-2026-50368 (Stack-based buffer overflow in Active Directory Federation 
Services al ...)
+       TODO: check
+CVE-2026-50367 (Incorrect access of indexable resource ('range error') in 
Windows Sens ...)
+       TODO: check
+CVE-2026-50366 (Null pointer dereference in Active Directory Domain Services 
allows an ...)
+       TODO: check
+CVE-2026-50365 (Improper authentication in Windows RPC API allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-50364 (Improper link resolution before file access ('link following') 
in Wind ...)
+       TODO: check
+CVE-2026-50363 (Heap-based buffer overflow in Windows Push Notifications 
allows an aut ...)
+       TODO: check
+CVE-2026-50362 (Heap-based buffer overflow in Windows Resilient File System 
(ReFS) all ...)
+       TODO: check
+CVE-2026-50361 (Double free in Microsoft Brokering File System allows an 
authorized at ...)
+       TODO: check
+CVE-2026-50360 (Incorrect implementation of authentication algorithm in 
Windows SMB Se ...)
+       TODO: check
+CVE-2026-50359 (Use after free in Microsoft XML Core Services allows an 
authorized att ...)
+       TODO: check
+CVE-2026-50358 (Use after free in Windows Media allows an authorized attacker 
to eleva ...)
+       TODO: check
+CVE-2026-50357 (Numeric truncation error in Windows Resilient File System 
(ReFS) allow ...)
+       TODO: check
+CVE-2026-50356 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50355 (Stack-based buffer overflow in Active Directory Federation 
Services al ...)
+       TODO: check
+CVE-2026-50354 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-50353 (Use after free in Windows DirectX allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-50352 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50351 (Improper access control in Windows Audio Compression Manager 
(ACM) all ...)
+       TODO: check
+CVE-2026-50350 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50348 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50347 (Heap-based buffer overflow in Windows Data dll allows an 
unauthorized  ...)
+       TODO: check
+CVE-2026-50346 (Improper authorization in RPC Runtime allows an authorized 
attacker to ...)
+       TODO: check
+CVE-2026-50345 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50344 (Improper authorization in Windows OLE allows an authorized 
attacker to ...)
+       TODO: check
+CVE-2026-50343 (Improper privilege management in Microsoft Install Service 
allows an a ...)
+       TODO: check
+CVE-2026-50342 (Improper access control in Windows MIDI Service Module allows 
an autho ...)
+       TODO: check
+CVE-2026-50341 (Buffer over-read in Windows NTFS allows an authorized attacker 
to disc ...)
+       TODO: check
+CVE-2026-50340 (Use after free in Windows Runtime allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-50339 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50338 (Improper authentication in Azure Spring Apps allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-50337 (Incorrect type conversion or cast in Windows Notification 
allows an au ...)
+       TODO: check
+CVE-2026-50336 (Heap-based buffer overflow in Windows Media allows an 
authorized attac ...)
+       TODO: check
+CVE-2026-50335 (Improper access control in Windows Operating Systems allows an 
authori ...)
+       TODO: check
+CVE-2026-50334 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-50333 (Missing authentication for critical function in Windows 
Spaceport.sys  ...)
+       TODO: check
+CVE-2026-50332 (Heap-based buffer overflow in Windows Kernel allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-50331 (Use after free in Windows Application Model allows an 
authorized attac ...)
+       TODO: check
+CVE-2026-50330 (Heap-based buffer overflow in Remote Desktop Client allows an 
unauthor ...)
+       TODO: check
+CVE-2026-50329 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-50328 (Uncaught exception in Windows Server Update Service allows an 
unauthor ...)
+       TODO: check
+CVE-2026-50327 (Heap-based buffer overflow in Windows Media allows an 
authorized attac ...)
+       TODO: check
+CVE-2026-50326 (Use after free in Windows Unified Consent System allows an 
authorized  ...)
+       TODO: check
+CVE-2026-50325 (Improper access control in Windows Win32K allows an authorized 
attacke ...)
+       TODO: check
+CVE-2026-50324 (Loop with unreachable exit condition ('infinite loop') in 
Active Direc ...)
+       TODO: check
+CVE-2026-50323 (Use after free in Windows Runtime allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-50322 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50321 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50318 (Stack-based buffer overflow in Windows Resilient File System 
(ReFS) al ...)
+       TODO: check
+CVE-2026-50317 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-50316 (Insertion of sensitive information into log file in Windows 
Kernel all ...)
+       TODO: check
+CVE-2026-50315 (Null pointer dereference in Windows Image Acquisition allows 
an author ...)
+       TODO: check
+CVE-2026-50314 (Use after free in Microsoft Office allows an unauthorized 
attacker to  ...)
+       TODO: check
+CVE-2026-50313 (Heap-based buffer overflow in Windows NTFS allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-50312 (Use after free in Windows Ancillary Function Driver for 
WinSock allows ...)
+       TODO: check
+CVE-2026-50311 (Improper access control in Windows Server allows an authorized 
attacke ...)
+       TODO: check
+CVE-2026-50310 (Integer overflow or wraparound in Windows Devices Human 
Interface allo ...)
+       TODO: check
+CVE-2026-50309 (Heap-based buffer overflow in Windows NTFS allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-50308 (Integer underflow (wrap or wraparound) in Windows NTFS allows 
an unaut ...)
+       TODO: check
+CVE-2026-50307 (Use after free in Windows TCP/IP allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-50306 (Use after free in Windows TCP/IP allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-50305 (Use after free in Microsoft Brokering File System allows an 
authorized ...)
+       TODO: check
+CVE-2026-50304 (Stack-based buffer overflow in Active Directory Federation 
Services al ...)
+       TODO: check
+CVE-2026-50303 (Use of a cryptographic primitive with a risky implementation 
in Window ...)
+       TODO: check
+CVE-2026-50302 (Improper certificate validation in Windows Cryptographic 
Services allo ...)
+       TODO: check
+CVE-2026-50301 (Heap-based buffer overflow in Microsoft Office allows an 
unauthorized  ...)
+       TODO: check
+CVE-2026-50300 (Integer underflow (wrap or wraparound) in Windows Kernel 
allows an aut ...)
+       TODO: check
+CVE-2026-50299 (Integer overflow or wraparound in Windows Storage Spaces 
Direct allows ...)
+       TODO: check
+CVE-2026-50298 (Integer overflow or wraparound in Windows Spaceport.sys allows 
an unau ...)
+       TODO: check
+CVE-2026-50297 (Improper access control in Windows Win32K allows an authorized 
attacke ...)
+       TODO: check
+CVE-2026-50296 (Use after free in Graphics Kernel allows an authorized 
attacker to ele ...)
+       TODO: check
+CVE-2026-50295 (Improper privilege management in Microsoft Windows DNS allows 
an autho ...)
+       TODO: check
+CVE-2026-50294 (Exposure of sensitive system information to an unauthorized 
control sp ...)
+       TODO: check
+CVE-2026-50293 (Use after free in Windows Internal Task Bar allows an 
authorized attac ...)
+       TODO: check
+CVE-2026-50130 (Pi-hole is a DNS sinkhole that protects devices from unwanted 
content  ...)
+       TODO: check
+CVE-2026-4018 (TOCTOU Race Condition in specific trace commands of the 
TraceEvent() s ...)
+       TODO: check
+CVE-2026-4017 (Buffer Overflow in the entry handler of the TraceEvent() system 
call c ...)
+       TODO: check
+CVE-2026-49981 (Twig is a template language for PHP. Prior to 3.27.0, the 
per-template ...)
+       TODO: check
+CVE-2026-49978 (DOMPurify is a DOM-only cross-site scripting sanitizer for 
HTML, MathM ...)
+       TODO: check
+CVE-2026-49855 (Tornado is a Python web framework and asynchronous networking 
library. ...)
+       TODO: check
+CVE-2026-49854 (Tornado is a Python web framework and asynchronous networking 
library. ...)
+       TODO: check
+CVE-2026-49853 (Tornado is a Python web framework and asynchronous networking 
library. ...)
+       TODO: check
+CVE-2026-49808 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-49807 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-49806 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-49805 (Improper access control in Windows Win32K allows an authorized 
attacke ...)
+       TODO: check
+CVE-2026-49804 (Heap-based buffer overflow in Windows USB Video Driver allows 
an unaut ...)
+       TODO: check
+CVE-2026-49803 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-49802 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-49801 (Use of uninitialized resource in Windows SMB allows an 
authorized atta ...)
+       TODO: check
+CVE-2026-49800 (Integer overflow or wraparound in Windows Web Proxy 
Auto-Discovery Pro ...)
+       TODO: check
+CVE-2026-49799 (Uncontrolled resource consumption in Windows Local Security 
Authority  ...)
+       TODO: check
+CVE-2026-49798 (Use after free in Windows Kernel allows an unauthorized 
attacker to el ...)
+       TODO: check
+CVE-2026-49797 (Heap-based buffer overflow in Windows NTFS allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-49796 (Heap-based buffer overflow in Windows GDI+ allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-49795 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-49794 (Out-of-bounds read in Windows USB Audio Class driver 
(usbaudio.sys) al ...)
+       TODO: check
+CVE-2026-49793 (Heap-based buffer overflow in Windows Resilient File System 
(ReFS) all ...)
+       TODO: check
+CVE-2026-49792 (Numeric truncation error in Windows Resilient File System 
(ReFS) allow ...)
+       TODO: check
+CVE-2026-49791 (Improper link resolution before file access ('link following') 
in Wind ...)
+       TODO: check
+CVE-2026-49790 (Windows Universal Disk Format File System Driver (UDFS) 
Elevation of P ...)
+       TODO: check
+CVE-2026-49789 (Stack-based buffer overflow in Windows NTFS allows an 
authorized attac ...)
+       TODO: check
+CVE-2026-49788 (Allocation of resources without limits or throttling in HTTP/2 
allows  ...)
+       TODO: check
+CVE-2026-49787 (Allocation of resources without limits or throttling in 
Windows HTTP.s ...)
+       TODO: check
+CVE-2026-49784 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-49783 (Improperly implemented security check for standard in Windows 
Secure B ...)
+       TODO: check
+CVE-2026-49477 (Soup Sieve is a CSS selector library designed to be used with 
Beautifu ...)
+       TODO: check
+CVE-2026-49476 (Soup Sieve is a CSS selector library designed to be used with 
Beautifu ...)
+       TODO: check
+CVE-2026-49459 (DOMPurify is a DOM-only cross-site scripting sanitizer for 
HTML, MathM ...)
+       TODO: check
+CVE-2026-49458 (DOMPurify is a DOM-only cross-site scripting sanitizer for 
HTML, MathM ...)
+       TODO: check
+CVE-2026-49184 (Heap-based buffer overflow in Windows NTFS allows an 
unauthorized atta ...)
+       TODO: check
+CVE-2026-49183 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-49181 (Integer underflow (wrap or wraparound) in Windows DHCP Client 
allows a ...)
+       TODO: check
+CVE-2026-49180 (Improper link resolution before file access ('link following') 
in Univ ...)
+       TODO: check
+CVE-2026-49178 (Heap-based buffer overflow in Active Directory Domain Services 
allows  ...)
+       TODO: check
+CVE-2026-49177 (Out-of-bounds read in Windows TCP/IP allows an authorized 
attacker to  ...)
+       TODO: check
+CVE-2026-49176 (Improper privilege management in Windows WalletService allows 
an autho ...)
+       TODO: check
+CVE-2026-49175 (Heap-based buffer overflow in Windows DNS allows an authorized 
attacke ...)
+       TODO: check
+CVE-2026-49174 (Missing authentication for critical function in Microsoft 
Windows DNS  ...)
+       TODO: check
+CVE-2026-49173 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-49172 (Heap-based buffer overflow in Windows FTP Service allows an 
unauthoriz ...)
+       TODO: check
+CVE-2026-49171 (Use after free in Microsoft Windows Speech allows an 
authorized attack ...)
+       TODO: check
+CVE-2026-49170 (Insufficient granularity of access control in Windows 
StateRepository  ...)
+       TODO: check
+CVE-2026-49169 (Use after free in DNS Server allows an authorized attacker to 
execute  ...)
+       TODO: check
+CVE-2026-49168 (Integer overflow or wraparound in Windows Storage Spaces 
Direct allows ...)
+       TODO: check
+CVE-2026-49167 (Use after free in Windows Kernel allows an authorized attacker 
to elev ...)
+       TODO: check
+CVE-2026-49166 (Use after free in Microsoft Printer Drivers allows an 
authorized attac ...)
+       TODO: check
+CVE-2026-49165 (Use of uninitialized resource in Microsoft Windows App Store 
allows an ...)
+       TODO: check
+CVE-2026-49164 (Heap-based buffer overflow in Active Directory Domain Services 
allows  ...)
+       TODO: check
+CVE-2026-49162 (Use after free in Microsoft Brokering File System allows an 
authorized ...)
+       TODO: check
+CVE-2026-48816 (sigstore-js provides JavaScript libraries for interacting with 
Sigstor ...)
+       TODO: check
+CVE-2026-48815 (sigstore-js provides JavaScript libraries for interacting with 
Sigstor ...)
+       TODO: check
+CVE-2026-48801 (linkify-it is a links recognition library with full Unicode 
support. P ...)
+       TODO: check
+CVE-2026-48758 (sigstore-js provides JavaScript libraries for interacting with 
Sigstor ...)
+       TODO: check
+CVE-2026-48581 (Insufficient granularity of access control in Microsoft 
Surface allows ...)
+       TODO: check
+CVE-2026-48580 (Untrusted pointer dereference in Microsoft Office Excel allows 
an unau ...)
+       TODO: check
+CVE-2026-48572 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-48571 (Use after free in Windows App Installer allows an authorized 
attacker  ...)
+       TODO: check
+CVE-2026-48564 (Heap-based buffer overflow in Windows DHCP Server allows an 
authorized ...)
+       TODO: check
+CVE-2026-48561 (Improper neutralization of special elements used in a command 
('comman ...)
+       TODO: check
+CVE-2026-48371 (Adobe Commerce is affected by a stored Cross-Site Scripting 
(XSS) vuln ...)
+       TODO: check
+CVE-2026-48370 (Media Encoder is affected by an out-of-bounds write 
vulnerability that ...)
+       TODO: check
+CVE-2026-48369 (Premiere Pro is affected by an out-of-bounds write 
vulnerability that  ...)
+       TODO: check
+CVE-2026-48368 (Audition is affected by an out-of-bounds write vulnerability 
that coul ...)
+       TODO: check
+CVE-2026-48367 (After Effects is affected by an out-of-bounds write 
vulnerability that ...)
+       TODO: check
+CVE-2026-48366 (Media Encoder is affected by an out-of-bounds write 
vulnerability that ...)
+       TODO: check
+CVE-2026-48365 (Audition is affected by an out-of-bounds write vulnerability 
that coul ...)
+       TODO: check
+CVE-2026-48359 (Adobe Experience Manager is affected by an Improper 
Restriction of XML ...)
+       TODO: check
+CVE-2026-48358 (Adobe Commerce is affected by an Improper Encoding or Escaping 
of Outp ...)
+       TODO: check
+CVE-2026-48357 (CAI Content Credentials is affected by an Uncontrolled 
Resource Consum ...)
+       TODO: check
+CVE-2026-48356 (Adobe Commerce is affected by an Unrestricted Upload of File 
with Dang ...)
+       TODO: check
+CVE-2026-48355 (Adobe Experience Manager is affected by a stored Cross-Site 
Scripting  ...)
+       TODO: check
+CVE-2026-48354 (CAI Content Credentials is affected by an Integer Overflow or 
Wraparou ...)
+       TODO: check
+CVE-2026-48353 (CAI Content Credentials is affected by an Improper Input 
Validation vu ...)
+       TODO: check
+CVE-2026-48352 (CAI Content Credentials is affected by an Improper Input 
Validation vu ...)
+       TODO: check
+CVE-2026-48351 (CAI Content Credentials is affected by an Improper Input 
Validation vu ...)
+       TODO: check
+CVE-2026-48350 (Animate is affected by an Improper Limitation of a Pathname to 
a Restr ...)
+       TODO: check
+CVE-2026-48349 (Animate is affected by an Incorrect Authorization 
vulnerability that c ...)
+       TODO: check
+CVE-2026-48348 (Animate is affected by an Incorrect Authorization 
vulnerability that c ...)
+       TODO: check
+CVE-2026-48347 (Animate is affected by an Improper Neutralization of Special 
Elements  ...)
+       TODO: check
+CVE-2026-48346 (Animate is affected by an Untrusted Search Path vulnerability 
that cou ...)
+       TODO: check
+CVE-2026-48345 (Animate is affected by an Improper Neutralization of Special 
Elements  ...)
+       TODO: check
+CVE-2026-48344 (Creative Cloud Desktop is affected by a Time-of-check 
Time-of-use (TOC ...)
+       TODO: check
+CVE-2026-48343 (Bridge is affected by an out-of-bounds write vulnerability 
that could  ...)
+       TODO: check
+CVE-2026-48342 (Bridge is affected by an Integer Overflow or Wraparound 
vulnerability  ...)
+       TODO: check
+CVE-2026-48341 (Bridge is affected by an out-of-bounds write vulnerability 
that could  ...)
+       TODO: check
+CVE-2026-48340 (Bridge is affected by an Untrusted Pointer Dereference 
vulnerability t ...)
+       TODO: check
+CVE-2026-48339 (Bridge is affected by a Heap-based Buffer Overflow 
vulnerability that  ...)
+       TODO: check
+CVE-2026-48338 (ColdFusion is affected by an Improper Limitation of a Pathname 
to a Re ...)
+       TODO: check
+CVE-2026-48337 (Illustrator is affected by an out-of-bounds write 
vulnerability that c ...)
+       TODO: check
+CVE-2026-48336 (Illustrator is affected by an out-of-bounds write 
vulnerability that c ...)
+       TODO: check
+CVE-2026-48335 (Illustrator is affected by an out-of-bounds write 
vulnerability that c ...)
+       TODO: check
+CVE-2026-48334 (Illustrator is affected by an Improper Input Validation 
vulnerability  ...)
+       TODO: check
+CVE-2026-48332 (ColdFusion is affected by a Server-Side Request Forgery (SSRF) 
vulnera ...)
+       TODO: check
+CVE-2026-48329 (ColdFusion is affected by an Insufficient Session Expiration 
vulnerabi ...)
+       TODO: check
+CVE-2026-48328 (ColdFusion is affected by an Improper Input Validation 
vulnerability t ...)
+       TODO: check
+CVE-2026-48327 (ColdFusion is affected by an Incorrect Authorization 
vulnerability tha ...)
+       TODO: check
+CVE-2026-48325 (ColdFusion is affected by a Missing Authentication for 
Critical Functi ...)
+       TODO: check
+CVE-2026-48324 (ColdFusion is affected by an Improper Neutralization of 
Special Elemen ...)
+       TODO: check
+CVE-2026-48322 (ColdFusion is affected by an Improper Control of Generation of 
Code (' ...)
+       TODO: check
+CVE-2026-48321 (ColdFusion is affected by an Incorrect Authorization 
vulnerability tha ...)
+       TODO: check
+CVE-2026-48320 (ColdFusion is affected by a reflected Cross-Site Scripting 
(XSS) vulne ...)
+       TODO: check
+CVE-2026-48319 (ColdFusion is affected by an Improper Limitation of a Pathname 
to a Re ...)
+       TODO: check
+CVE-2026-48318 (ColdFusion is affected by an Improper Limitation of a Pathname 
to a Re ...)
+       TODO: check
+CVE-2026-48312 (CAI Content Credentials is affected by an Improper Input 
Validation vu ...)
+       TODO: check
+CVE-2026-48311 (Bridge is affected by an out-of-bounds write vulnerability 
that could  ...)
+       TODO: check
+CVE-2026-48310 (Adobe Experience Manager is affected by an Improper Limitation 
of a Pa ...)
+       TODO: check
+CVE-2026-48309 (Audition is affected by an out-of-bounds write vulnerability 
that coul ...)
+       TODO: check
+CVE-2026-48308 (Premiere Pro is affected by an Improper Input Validation 
vulnerability ...)
+       TODO: check
+CVE-2026-48302 (CAI Content Credentials is affected by an Improper Input 
Validation vu ...)
+       TODO: check
+CVE-2026-48298 (CAI Content Credentials is affected by an Integer Underflow 
(Wrap or W ...)
+       TODO: check
+CVE-2026-48296 (CAI Content Credentials is affected by an Integer Underflow 
(Wrap or W ...)
+       TODO: check
+CVE-2026-48295 (CAI Content Credentials is affected by an Insufficiently 
Protected Cre ...)
+       TODO: check
+CVE-2026-48290 (CAI Content Credentials is affected by a Server-Side Request 
Forgery ( ...)
+       TODO: check
+CVE-2026-48287 (CAI Content Credentials is affected by an Untrusted Search 
Path vulner ...)
+       TODO: check
+CVE-2026-48284 (ColdFusion is affected by an Improper Input Validation 
vulnerability t ...)
+       TODO: check
+CVE-2026-48275 (Illustrator is affected by an Untrusted Search Path 
vulnerability that ...)
+       TODO: check
+CVE-2026-48274 (After Effects is affected by an out-of-bounds write 
vulnerability that ...)
+       TODO: check
+CVE-2026-48272 (Creative Cloud Desktop is affected by an Uncontrolled Search 
Path Elem ...)
+       TODO: check
+CVE-2026-48270 (Premiere Pro is affected by an out-of-bounds write 
vulnerability that  ...)
+       TODO: check
+CVE-2026-48269 (Premiere Pro is affected by a Heap-based Buffer Overflow 
vulnerability ...)
+       TODO: check
+CVE-2026-48263 (Adobe Experience Manager is affected by a stored Cross-Site 
Scripting  ...)
+       TODO: check
+CVE-2026-48262 (Adobe Experience Manager is affected by a DOM-based Cross-Site 
Scripti ...)
+       TODO: check
+CVE-2026-48261 (Adobe Experience Manager is affected by a DOM-based Cross-Site 
Scripti ...)
+       TODO: check
+CVE-2026-48260 (Adobe Experience Manager is affected by a DOM-based Cross-Site 
Scripti ...)
+       TODO: check
+CVE-2026-48259 (Adobe Experience Manager is affected by a Server-Side Request 
Forgery  ...)
+       TODO: check
+CVE-2026-48257 (Adobe Experience Manager is affected by a DOM-based Cross-Site 
Scripti ...)
+       TODO: check
+CVE-2026-48255 (Adobe Experience Manager is affected by a DOM-based Cross-Site 
Scripti ...)
+       TODO: check
+CVE-2026-48254 (Adobe Experience Manager is affected by a DOM-based Cross-Site 
Scripti ...)
+       TODO: check
+CVE-2026-48253 (Adobe Experience Manager is affected by a DOM-based Cross-Site 
Scripti ...)
+       TODO: check
+CVE-2026-48252 (Adobe Experience Manager is affected by a Missing 
Authentication for C ...)
+       TODO: check
+CVE-2026-48125 (UAParser.js is a JavaScript library to detect browsers, 
operating syst ...)
+       TODO: check
+CVE-2026-48069 (@grpc/grps-js implements the core functionality of gRPC purely 
in Java ...)
+       TODO: check
+CVE-2026-48068 (@grpc/grps-js implements the core functionality of gRPC purely 
in Java ...)
+       TODO: check
+CVE-2026-48038 (joi is a schema description language and data validator for 
JavaScript ...)
+       TODO: check
+CVE-2026-48001 (Adobe Commerce is affected by an Information Exposure 
vulnerability th ...)
+       TODO: check
+CVE-2026-48000 (Adobe Commerce is affected by an Improper Redirect (Open 
Redirect) vul ...)
+       TODO: check
+CVE-2026-47999 (Adobe Commerce is affected by a stored Cross-Site Scripting 
(XSS) vuln ...)
+       TODO: check
+CVE-2026-47998 (Adobe Commerce is affected by an Incorrect Authorization 
vulnerability ...)
+       TODO: check
+CVE-2026-47997 (Adobe Commerce is affected by an Incorrect Authorization 
vulnerability ...)
+       TODO: check
+CVE-2026-47996 (Adobe Commerce is affected by an Incorrect Authorization 
vulnerability ...)
+       TODO: check
+CVE-2026-47995 (Adobe Commerce is affected by a stored Cross-Site Scripting 
(XSS) vuln ...)
+       TODO: check
+CVE-2026-47994 (Adobe Commerce is affected by a stored Cross-Site Scripting 
(XSS) vuln ...)
+       TODO: check
+CVE-2026-47992 (Adobe Commerce is affected by an Improper Neutralization of 
Special El ...)
+       TODO: check
+CVE-2026-47988 (Adobe Commerce is affected by an Incorrect Authorization 
vulnerability ...)
+       TODO: check
+CVE-2026-47984 (Adobe Commerce is affected by an Incorrect Authorization 
vulnerability ...)
+       TODO: check
+CVE-2026-47979 (Media Encoder is affected by an out-of-bounds read 
vulnerability that  ...)
+       TODO: check
+CVE-2026-47976 (Media Encoder is affected by an out-of-bounds write 
vulnerability that ...)
+       TODO: check
+CVE-2026-47971 (Media Encoder is affected by a Stack-based Buffer Overflow 
vulnerabili ...)
+       TODO: check
+CVE-2026-47969 (Audition is affected by an out-of-bounds read vulnerability 
that could ...)
+       TODO: check
+CVE-2026-47968 (Audition is affected by an out-of-bounds write vulnerability 
that coul ...)
+       TODO: check
+CVE-2026-47967 (Audition is affected by an out-of-bounds write vulnerability 
that coul ...)
+       TODO: check
+CVE-2026-47767 (Symfony is a PHP framework for web and console applications 
and a set  ...)
+       TODO: check
+CVE-2026-47737 (Puma is a Ruby/Rack web server built for parallelism. From 
5.5.0 until ...)
+       TODO: check
+CVE-2026-47736 (Puma is a Ruby/Rack web server built for parallelism. From 
5.5.0 until ...)
+       TODO: check
+CVE-2026-47642 (Use after free in Microsoft Office Excel allows an 
unauthorized attack ...)
+       TODO: check
+CVE-2026-47632 (Improper certificate validation in Azure Monitor Agent allows 
an unaut ...)
+       TODO: check
+CVE-2026-47482 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
+       TODO: check
+CVE-2026-47481 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
+       TODO: check
+CVE-2026-47480 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
+       TODO: check
+CVE-2026-47479 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
+       TODO: check
+CVE-2026-47478 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
+       TODO: check
+CVE-2026-47477 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
+       TODO: check
+CVE-2026-47476 (NVIDIA Triton Inference Server for Linux contains a 
vulnerability wher ...)
+       TODO: check
+CVE-2026-47475 (NVIDIA TensorRT-LLM contains a vulnerability in the 
OpenAI-compatible  ...)
+       TODO: check
+CVE-2026-47473 (NVIDIA TensorRT-LLM contains a vulnerability where an attacker 
could c ...)
+       TODO: check
+CVE-2026-47472 (NVIDIA TensorRT-LLM contains a vulnerability in its 
inter-process comm ...)
+       TODO: check
+CVE-2026-47471 (NVIDIA TensorRT-LLM for any platform contains a vulnerability 
in tenso ...)
+       TODO: check
+CVE-2026-47470 (NVIDIA TensorRT-LLM for any platform contains a vulnerability 
in the g ...)
+       TODO: check
+CVE-2026-47429 (Vitest is a testing framework powered by Vite. Prior to 3.2.5 
and 4.1. ...)
+       TODO: check
+CVE-2026-47428 (Vitest is a testing framework powered by Vite. From 4.0.17 
until 4.1.6 ...)
+       TODO: check
+CVE-2026-47423 (DOMPurify is a DOM-only cross-site scripting sanitizer for 
HTML, MathM ...)
+       TODO: check
+CVE-2026-47305 (Protection mechanism failure in Visual Studio allows an 
unauthorized a ...)
+       TODO: check
+CVE-2026-47304 (Improper verification of cryptographic signature in .NET 
allows an una ...)
+       TODO: check
+CVE-2026-47303 (Authentication bypass by assumed-immutable data in ASP.NET 
Core allows ...)
+       TODO: check
+CVE-2026-47302 (Allocation of resources without limits or throttling in .NET 
allows an ...)
+       TODO: check
+CVE-2026-47301 (Improper access control in Microsoft Configuration Manager 
allows an a ...)
+       TODO: check
+CVE-2026-47300 (Incorrect implementation of authentication algorithm in 
ASP.NET Core a ...)
+       TODO: check
+CVE-2026-47296 (Improper neutralization of special elements used in an sql 
command ('s ...)
+       TODO: check
+CVE-2026-47295 (Improper neutralization of special elements used in an sql 
command ('s ...)
+       TODO: check
+CVE-2026-47290 (Use after free in Microsoft Office allows an unauthorized 
attacker to  ...)
+       TODO: check
+CVE-2026-47282 (Insufficiently protected credentials in GitHub Copilot and 
Visual Stud ...)
+       TODO: check
+CVE-2026-45646 (Allocation of resources without limits or throttling in 
ASP.NET Core a ...)
+       TODO: check
+CVE-2026-45496 (Improper limitation of a pathname to a restricted directory 
('path tra ...)
+       TODO: check
+CVE-2026-45363 (ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON 
Web Token ...)
+       TODO: check
+CVE-2026-44806 (Missing release of memory after effective lifetime in Windows 
Cryptogr ...)
+       TODO: check
+CVE-2026-44800 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-42990 (Heap-based buffer overflow in SQL Server ODBC driver allows an 
unautho ...)
+       TODO: check
+CVE-2026-42982 (Improper validation of consistency within input in Windows 
Secure Kern ...)
+       TODO: check
+CVE-2026-42975 (Heap-based buffer overflow in Windows Bluetooth Port Driver 
allows an  ...)
+       TODO: check
+CVE-2026-42936 (The installer of HYPER SBI 2 insecurely loads Dynamic Link 
Libraries.  ...)
+       TODO: check
+CVE-2026-42900 (Concurrent execution using shared resource with improper 
synchronizati ...)
+       TODO: check
+CVE-2026-42447 (jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx-gui is 
affected ...)
+       TODO: check
+CVE-2026-42049 (jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx inserts 
the and ...)
+       TODO: check
+CVE-2026-41087 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-40422 (Use of uninitialized resource in Windows File Explorer allows 
an autho ...)
+       TODO: check
+CVE-2026-40400 (Relative path traversal in Windows PowerShell allows an 
authorized att ...)
+       TODO: check
+CVE-2026-40378 (Memory allocation with excessive size value in Windows Local 
Security  ...)
+       TODO: check
+CVE-2026-3014 (Milestone has released a new version of XProtect\xae (and 
several cumu ...)
+       TODO: check
+CVE-2026-38450 (An issue in Aetopia Digital Asset Management DAM v.1.0.0 
allows a remo ...)
+       TODO: check
+CVE-2026-36214 (osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 
1.18.3  ...)
+       TODO: check
+CVE-2026-36035 (Incorrect access control in the /api/License/deactivateOffline 
endpoin ...)
+       TODO: check
+CVE-2026-34349 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-34348 (Protection mechanism failure in Windows Event Logging Service 
allows a ...)
+       TODO: check
+CVE-2026-34346 (Cleartext transmission of sensitive information in Windows 
Ancillary F ...)
+       TODO: check
+CVE-2026-34328 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-33842 (Exposure of sensitive information to an unauthorized actor in 
Windows  ...)
+       TODO: check
+CVE-2026-24272 (NVIDIA TensorRT contains a vulnerability where an attacker 
might cause ...)
+       TODO: check
+CVE-2026-24271 (NVIDIA TensorRT-LLM contains a vulnerability in the 
OpenAI-compatible  ...)
+       TODO: check
+CVE-2026-24268 (NVIDIA TensorRT contains a vulnerability where an attacker 
might cause ...)
+       TODO: check
+CVE-2026-24259 (NVIDIA TensorRT-LLM for Linux contains a vulnerability where 
an attack ...)
+       TODO: check
+CVE-2026-24238 (NVIDIA TensorRT for contains a vulnerability where an attacker 
might c ...)
+       TODO: check
+CVE-2026-24234 (NVIDIA TensorRT-LLM for Linux contains a vulnerability in the 
multimod ...)
+       TODO: check
+CVE-2026-24233 (NVIDIA TensorRT-LLM for Linux contains a vulnerability in the 
restrict ...)
+       TODO: check
+CVE-2026-24229 (NVIDIA TensorRT-LLM for Linux contains a vulnerability in the 
disaggre ...)
+       TODO: check
+CVE-2026-24227 (NVIDIA TensorRT for contains a vulnerability where a user 
might cause  ...)
+       TODO: check
+CVE-2026-24226 (NVIDIA TensorRT-LLM for Linux contains a vulnerability where 
an attack ...)
+       TODO: check
+CVE-2026-24220 (NVIDIA TensorRT-LLM for any platform contains a vulnerability 
in visua ...)
+       TODO: check
+CVE-2026-23573 (An Improper Neutralization of Input During Web Page Generation 
('Cross ...)
+       TODO: check
+CVE-2026-21840 (HCL BigFix Platform is affected by a user enumeration 
vulnerability wh ...)
+       TODO: check
+CVE-2026-15778 (Insufficient validation of untrusted input in Navigation in 
Google Chr ...)
+       TODO: check
+CVE-2026-15777 (Use after free in UI in Google Chrome on Linux prior to 
150.0.7871.125 ...)
+       TODO: check
+CVE-2026-15776 (Inappropriate implementation in V8 in Google Chrome prior to 
150.0.787 ...)
+       TODO: check
+CVE-2026-15775 (Inappropriate implementation in V8 in Google Chrome prior to 
150.0.787 ...)
+       TODO: check
+CVE-2026-15774 (Use after free in Skia in Google Chrome prior to 
150.0.7871.125 allowe ...)
+       TODO: check
+CVE-2026-15773 (Use after free in Core in Google Chrome on Windows prior to 
150.0.7871 ...)
+       TODO: check
+CVE-2026-15772 (Use after free in GPU in Google Chrome on Android prior to 
150.0.7871. ...)
+       TODO: check
+CVE-2026-15771 (Insufficient validation of untrusted input in Media in Google 
Chrome o ...)
+       TODO: check
+CVE-2026-15770 (Uninitialized Use in V8 in Google Chrome prior to 
150.0.7871.125 allow ...)
+       TODO: check
+CVE-2026-15769 (Insufficient validation of untrusted input in Linux Toolkit 
Theming in ...)
+       TODO: check
+CVE-2026-15768 (Insufficient policy enforcement in HTML-in-Canvas in Google 
Chrome pri ...)
+       TODO: check
+CVE-2026-15767 (Heap buffer overflow in libyuv in Google Chrome on Windows 
prior to 15 ...)
+       TODO: check
+CVE-2026-15766 (Uninitialized Use in Skia in Google Chrome prior to 
150.0.7871.125 all ...)
+       TODO: check
+CVE-2026-15765 (Use after free in Ozone in Google Chrome prior to 
150.0.7871.125 allow ...)
+       TODO: check
+CVE-2026-15764 (Use after free in Ozone in Google Chrome on Linux prior to 
150.0.7871. ...)
+       TODO: check
+CVE-2026-15757 (A security flaw was discovered in the NETGEAR DGND3700v1 that 
could al ...)
+       TODO: check
+CVE-2026-15753 (A vulnerability was determined in zhinianboke 
xianyu-auto-reply on Ser ...)
+       TODO: check
+CVE-2026-15752 (A vulnerability was found in zhinianboke xianyu-auto-reply up 
to dcb44 ...)
+       TODO: check
+CVE-2026-15751 (A security vulnerability has been detected in mastergo-design 
mastergo ...)
+       TODO: check
+CVE-2026-15750 (A weakness has been identified in mastergo-design 
mastergo-magic-mcp u ...)
+       TODO: check
+CVE-2026-15749 (A security flaw has been discovered in mastergo-design 
mastergo-magic- ...)
+       TODO: check
+CVE-2026-15738 (Incorrect behavior order in the Gateway API listener-rule 
generation i ...)
+       TODO: check
+CVE-2026-15736 (Snowflake SQLAlchemy versions prior to 1.11.0 contain several 
security ...)
+       TODO: check
+CVE-2026-15720 (InOpen5GS through version 2.7.7 a pre-authenticationheap 
out-of-bounds ...)
+       TODO: check
+CVE-2026-15715 (A vulnerability was identified in SourceCodester Class and 
Exam Timeta ...)
+       TODO: check
+CVE-2026-15714 (An out-of-bounds read vulnerability was found in libsoup's 
multipart p ...)
+       TODO: check
+CVE-2026-15713 (A vulnerability was found in libsoup's HTTP/2 protocol 
implementation. ...)
+       TODO: check
+CVE-2026-15712 (A heap buffer over-read vulnerability was discovered in 
libsoup's (ver ...)
+       TODO: check
+CVE-2026-15711 (A vulnerability was found in libsoup's WebSocket frame parsing 
impleme ...)
+       TODO: check
+CVE-2026-15709 (A flaw was found in libsoup's WebSocket implementation when 
using the  ...)
+       TODO: check
+CVE-2026-15703 (A vulnerability was detected in SourceCodester Simple and Nice 
Shoppin ...)
+       TODO: check
+CVE-2026-15702 (A security vulnerability has been detected in tamagui up to 
2.3.0. Thi ...)
+       TODO: check
+CVE-2026-15701 (A weakness has been identified in Totolink NR1800X 
9.1.0u.6279_B202109 ...)
+       TODO: check
+CVE-2026-15700 (A security flaw has been discovered in DedeCMS 5.7.118. 
Affected by th ...)
+       TODO: check
+CVE-2026-15699 (A vulnerability was identified in spencermountain compromise 
up to 14. ...)
+       TODO: check
+CVE-2026-15698 (A vulnerability was determined in kofrasa mingo up to 7.2.1. 
This impa ...)
+       TODO: check
+CVE-2026-15697 (A vulnerability was found in svgdotjs svg.js up to 3.2.5. This 
affects ...)
+       TODO: check
+CVE-2026-15696 (A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. 
The impa ...)
+       TODO: check
+CVE-2026-15695 (A flaw has been found in Tenda BE12 Pro 16.03.66.23. The 
affected elem ...)
+       TODO: check
+CVE-2026-15694 (A vulnerability was detected in Tenda BE12 Pro 16.03.66.23. 
Impacted i ...)
+       TODO: check
+CVE-2026-15693 (A security vulnerability has been detected in Tenda BE12 Pro 
16.03.66. ...)
+       TODO: check
+CVE-2026-15692 (A weakness has been identified in Tenda BE12 Pro 16.03.66.23. 
This vul ...)
+       TODO: check
+CVE-2026-15691 (A security flaw has been discovered in Tenda BE12 Pro 
16.03.66.23. Thi ...)
+       TODO: check
+CVE-2026-15690 (A vulnerability was identified in open62541 up to 1.5.5. 
Affected by t ...)
+       TODO: check
+CVE-2026-15643 (AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) is a 
Model C ...)
+       TODO: check
+CVE-2026-15642 (Insertion of sensitive information into a file in the Recovery 
Kit res ...)
+       TODO: check
+CVE-2026-15641 (Improper authorization in the access request status endpoint 
in Devolu ...)
+       TODO: check
+CVE-2026-15637 (Improper authorization in the PAM SSH key and certificate 
retrieval  e ...)
+       TODO: check
+CVE-2026-15429 (A privilege escalation vulnerability exists in the HTTP 
authentication ...)
+       TODO: check
+CVE-2026-15428 (An OS command injection vulnerability exists in Archer VX800v 
v1 due t ...)
+       TODO: check
+CVE-2026-15427 (An OS command injection vulnerability exists in the TR-069 / 
CWMP mana ...)
+       TODO: check
+CVE-2026-15416 (A flaw was identified in Argo CD, the GitOps engine used by 
Red Hat Op ...)
+       TODO: check
+CVE-2026-15410 (Post-authentication improper control of generation of code 
('Code Inje ...)
+       TODO: check
+CVE-2026-15409 (A Server-side request forgery (SSRF) vulnerability has been 
identified ...)
+       TODO: check
+CVE-2026-15389 (A vulnerability relating to insufficient access control has 
been ident ...)
+       TODO: check
+CVE-2026-15305 (Users were able to upload files with arbitrary MIME types to 
forms usi ...)
+       TODO: check
+CVE-2026-15265 (A path traversal vulnerability in Tenable Agent 11.2.0 and 
11.1.3 and  ...)
+       TODO: check
+CVE-2026-15183 (Multiple input validation vulnerabilities in the Snowflake 
Spark Conne ...)
+       TODO: check
+CVE-2026-15076 (In versions up to and including 4.5.29 (4.x branch) and 5.1.4 
(5.x bra ...)
+       TODO: check
+CVE-2026-15075 (In Eclipse Vert.x versions up to and including 4.5.29 (4.x 
branch) and ...)
+       TODO: check
+CVE-2026-15058 (Improper authorization in the secure messages deletion 
endpoint in Dev ...)
+       TODO: check
+CVE-2026-15030 (Out-of-bounds Read in ASUS System Control Interface v3, ASUS 
System Co ...)
+       TODO: check
+CVE-2026-15029 (Untrusted Pointer Dereference in ASUS System Control Interface 
v3, ASU ...)
+       TODO: check
+CVE-2026-14903 (Path traversal inIvantiXtractionbeforeversion2026.2.1allows a 
remote a ...)
+       TODO: check
+CVE-2026-14902 (An open redirect in IvantiXtractionbeforeversion2026.2.1allows 
a remot ...)
+       TODO: check
+CVE-2026-14852 (Privilege escalation in Checkmk versions 2.5.0 before 2.5.0p9, 
2.4.0 b ...)
+       TODO: check
+CVE-2026-14646 (Nexus Repository 3 did not apply its existing Server-Side 
Request Forg ...)
+       TODO: check
+CVE-2026-14645 (Nexus Repository 3 does not validate the destination of the 
"Webhook:  ...)
+       TODO: check
+CVE-2026-14504 (An authorization bypass in Nexus Repository 3's component 
upload API a ...)
+       TODO: check
+CVE-2026-13699 (In Eclipse KUKSA Databroker version 0.6.1, 
thekuksa.val.v2.VAL/Publish ...)
+       TODO: check
+CVE-2026-13585 (Allocation of Resources Without Limits and Throttling and 
Sensitive In ...)
+       TODO: check
+CVE-2026-13385 (An Improper Validation of Integrity Check Value and Improper 
Certifica ...)
+       TODO: check
+CVE-2026-13230 (An information disclosure vulnerability was identified in 
TP-Link Kasa ...)
+       TODO: check
+CVE-2026-13001 (The Podlove Podcast Publisher plugin for WordPress is 
vulnerable to ar ...)
+       TODO: check
+CVE-2026-12707 (Summary    Cloudflare quiche was discovered to be vulnerable 
to memory ...)
+       TODO: check
+CVE-2026-12659 (A denial-of-service security issue exists in the affected 
products. Th ...)
+       TODO: check
+CVE-2026-12606 (Eclipse Grizzly in versions before 5.0.2, cannot properly 
parse the tr ...)
+       TODO: check
+CVE-2026-12588 (An attacker with access to an HX 10.0.0 and previous versions, 
may sen ...)
+       TODO: check
+CVE-2026-12523 (Summary    Cloudflare quiche's HTTP/3 layer was discovered to 
be vulne ...)
+       TODO: check
+CVE-2026-12512 (The Quotes llama WordPress plugin before 3.1.6 does not 
properly sanit ...)
+       TODO: check
+CVE-2026-12478 (The fix for CVE-2026-0716 (commit 6ff7ef0, libsoup 3.6.6) 
placed the i ...)
+       TODO: check
+CVE-2026-12281 (The Shibboleth WordPress plugin before 2.5.4 does not fail 
closed when ...)
+       TODO: check
+CVE-2026-11944 (openSIS Classic 9.3 contains an authenticated path traversal 
vulnerabi ...)
+       TODO: check
+CVE-2026-11917 (A path traversal security issue exists within Rockwell 
AutomationThinM ...)
+       TODO: check
+CVE-2026-11851 (Improper Neutralization of Special Elements used in an SQL 
Command ("S ...)
+       TODO: check
+CVE-2026-11580 (The Kali Forms \u2014 Contact Form & Drag-and-Drop Builder 
WordPress p ...)
+       TODO: check
+CVE-2026-11579 (The Kali Forms \u2014 Contact Form & Drag-and-Drop Builder 
WordPress p ...)
+       TODO: check
+CVE-2026-11403 (A vulnerability in Sonatype Nexus Repository Manager's 
format-specific ...)
+       TODO: check
+CVE-2026-10714 (A security issue exists within FactoryTalk\xae Services 
Platform (FTSP ...)
+       TODO: check
+CVE-2026-10672 (subsys/net/lib/lwm2m/lwm2m_pull_context.c copied the 
firmware-update P ...)
+       TODO: check
+CVE-2026-10671 (In Zephyr's kernel pipe implementation, the userspace syscall 
verifier ...)
+       TODO: check
+CVE-2026-10670 (The CONFIG_USERSPACE verification handler for the 
k_thread_name_copy() ...)
+       TODO: check
+CVE-2026-10669 (On Xtensa SoCs built with CONFIG_XTENSA_MPU and 
CONFIG_USERSPACE, arch ...)
+       TODO: check
+CVE-2026-10577 (A security issue exists within the 1715-AENTR EtherNet/IP 
Adapter. The ...)
+       TODO: check
+CVE-2026-10573 (A denial-of-service security issue exists in 
1734POINTI/O\u2122module. ...)
+       TODO: check
+CVE-2026-10051 (In Eclipse Jetty, a first HTTP/1.1 request with trailers 
causes the se ...)
+       TODO: check
+CVE-2026-0515 (Insufficient Parameter Validation in the SchedGet() system call 
could  ...)
+       TODO: check
+CVE-2025-8412 (A Buffer Copy without Checking Size of Input ('Classic Buffer 
Overflow ...)
+       TODO: check
+CVE-2025-62826 (An Improper Neutralization of CRLF Sequences in HTTP Headers 
('HTTP Re ...)
+       TODO: check
+CVE-2025-62675 (An Improper Neutralization of CRLF Sequences in HTTP Headers 
('HTTP Re ...)
+       TODO: check
+CVE-2025-56365 (A reachable assertion vulnerability exists in the Matter SDK 
(connecte ...)
+       TODO: check
+CVE-2025-56364 (A use of uninitialized value vulnerability exists in the 
Matter SDK (c ...)
+       TODO: check
+CVE-2025-56363 (A null pointer dereference vulnerability exists in the Matter 
SDK (con ...)
+       TODO: check
+CVE-2025-56362 (A reachable assertion vulnerability exists in the Matter SDK 
(connecte ...)
+       TODO: check
+CVE-2025-56361 (A reachable assertion vulnerability exists in the Matter SDK 
(connecte ...)
+       TODO: check
+CVE-2025-53379 (A out-of-bounds read vulnerability in Fortinet 
FortiAuthenticator 6.6. ...)
+       TODO: check
+CVE-2025-43892 (A buffer over-read vulnerability in Fortinet FortiOS 7.6.0 
through 7.6 ...)
+       TODO: check
+CVE-2025-40945 (A vulnerability has been identified in COMOS V10.4.5 (All 
versions < V ...)
+       TODO: check
+CVE-2025-12012 (A denial-of-service issue exists 
in5380/5480/5580controllers.This vuln ...)
+       TODO: check
+CVE-2025-12011 (A denial-of-service issue existsin5370/5570controllers. This 
vulnerabi ...)
+       TODO: check
+CVE-2025-11698 (A denial-of-service issue exists 
in5380/5480/5580controllersbootfirmwa ...)
+       TODO: check
+CVE-2024-7708 (For requests that have a body, but reading the body may end up 
in read ...)
+       TODO: check
+CVE-2026-15719 (We are aware that exploit code for this is public however we 
are not a ...)
        - firefox 152.0.6-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-67/#CVE-2026-15719
-CVE-2026-15718
+CVE-2026-15718 (We are aware that exploit code for this is public however we 
are not a ...)
        - firefox 152.0.6-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2026-67/#CVE-2026-15718
 CVE-2026-42491
        - xen-api <removed>
        NOTE: https://xenbits.xen.org/xsa/advisory-498.html
-CVE-2026-15747
+CVE-2026-15747 (Mojolicious versions from 4.59 before 9.48 for Perl expose a 
stable re ...)
        - libmojolicious-perl <unfixed>
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41816171/
        NOTE: Fixed by: 
https://github.com/mojolicious/mojo/commit/01921fbbbbeca2d1397e082d4a647f9b84c24e27
 (v9.48)
-CVE-2026-15392
+CVE-2026-15392 (DBD::File versions before 1.651 for Perl do not ensure the 
table file  ...)
        - libdbi-perl <unfixed> (bug #1142072)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41813967/
        NOTE: 
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-mh3j-xwf4-jrqw
        NOTE: Fixed by: 
https://github.com/perl5-dbi/dbi/commit/96d62dfe4528bf56fe13f413ed323d4252531728
 (1.651)
-CVE-2026-60082
+CVE-2026-60082 (DBI versions before 1.651 for Perl do not enforce statement 
handle con ...)
        - libdbi-perl <unfixed> (bug #1142072)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41813803/
        NOTE: 
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-rwhc-hhmv-cjvg
        NOTE: Fixed by: 
https://github.com/perl5-dbi/dbi/commit/397868704291bbf0989b97e2c0661189890653e2
 (1.651)
-CVE-2026-60081
+CVE-2026-60081 (DBI::ProfileData versions before 1.651 for Perl do not limit 
the path  ...)
        - libdbi-perl <unfixed> (bug #1142072)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41813962/
        NOTE: 
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ww49-w4mv-jrr4
@@ -30,7 +1864,7 @@ CVE-2026-7640 (The WP Customer Area plugin for WordPress is 
vulnerable to Stored
        NOT-FOR-US: WordPress plugin
 CVE-2026-62328 (9Router through version 0.4.41 contain an unauthenticated 
information  ...)
        NOT-FOR-US: 9Router
-CVE-2026-62327 (9Router through version 0.4.41 contain an unauthenticated 
information  ...)
+CVE-2026-62327 (9Router through version 0.4.41 contains an unauthenticated 
information ...)
        NOT-FOR-US: 9Router
 CVE-2026-62242 (Spring Boot Admin Server before 4.1.2 contains a server-side 
request f ...)
        TODO: check
@@ -38,7 +1872,7 @@ CVE-2026-62240 (CrewAI before 1.15.1 contains a server-side 
request forgery vuln
        NOT-FOR-US: CrewAI
 CVE-2026-62239 (FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, 
contains  ...)
        NOT-FOR-US: FlashAttention
-CVE-2026-62200 (OpenClaw versions before 2026.6.1 contain a flaw in host exec 
environm ...)
+CVE-2026-62200 (OpenClaw versions before 2026.6.6 contain a flaw in host exec 
environm ...)
        NOT-FOR-US: OpenClaw
 CVE-2026-62199 (OpenClaw versions before 2026.6.6 contain a flaw in host exec 
environm ...)
        NOT-FOR-US: OpenClaw
@@ -1655,7 +3489,7 @@ CVE-2026-3907 (The Hostel plugin for WordPress is 
vulnerable to Stored Cross-Sit
        NOT-FOR-US: WordPress plugin
 CVE-2026-3251 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: Webremium Istanbul Web Design Mezunum Satiyorum
-CVE-2026-39903 (Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 
Alpha 5  ...)
+CVE-2026-39903 (Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 
prior to com ...)
        NOT-FOR-US: Simple Machines Forum
 CVE-2026-39244 (adm-zip before 0.5.18 is vulnerable to denial of service via a 
crafted ...)
        NOT-FOR-US: Node adm-zip module
@@ -2404,7 +4238,7 @@ CVE-2026-0279 (Multiple cross site scripting 
vulnerabilities in the User-ID\u212
 CVE-2025-63579 (Unauthorized use of Kyocera printers, allows all information 
stored in ...)
        NOT-FOR-US: Kyocera
 CVE-2026-57825
-       {DSA-6386-1}
+       {DSA-6386-1 DLA-4684-1}
        - opam 2.5.2-1
        NOTE: 
https://github.com/ocaml/security-advisories/blob/main/advisories/2026/OSEC-2026-10.md
        NOTE: https://github.com/ocaml/opam/pull/7005
@@ -3281,7 +5115,7 @@ CVE-2026-15053 (Tanium addressed a denial of service 
vulnerability in Tanium Ser
        NOT-FOR-US: Tanium
 CVE-2026-15044 (A flaw was found in the TrustyAI Service Operator. When 
deploying serv ...)
        NOT-FOR-US: TrustyAI Service Operator
-CVE-2026-15043
+CVE-2026-15043 (DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have 
inverted  ...)
        - libdbi-perl <unfixed> (bug #1142072)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41805128/
        NOTE: 
https://github.com/perl5-dbi/dbi/security/advisories/GHSA-mv45-ff6j-x9jp
@@ -3754,17 +5588,17 @@ CVE-2026-10570 (The Sympl Repeater for ACF and 
Elementor plugin for WordPress is
 CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site 
Scripti ...)
        NOT-FOR-US: Jastow
 CVE-2026-56003 (A heap buffer overflow due to missing size checking in the 
property bu ...)
-       {DLA-4678-1}
+       {DSA-6388-1 DLA-4678-1}
        - libxfont 1:2.0.8-1 (bug #1141702)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939
 (libXfont2-2.0.8)
 CVE-2026-56002 (A heap bufferflow in pcfReadFont() due to missing glyph bounds 
checkin ...)
-       {DLA-4678-1}
+       {DSA-6388-1 DLA-4678-1}
        - libxfont 1:2.0.8-1 (bug #1141702)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674
 (libXfont2-2.0.8)
 CVE-2026-56001 (A heap buffer overflow in BitmapScaleBitmaps in libXfont2 
before 2.0.8 ...)
-       {DLA-4678-1}
+       {DSA-6388-1 DLA-4678-1}
        - libxfont 1:2.0.8-1 (bug #1141702)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
 (libXfont2-2.0.8)
@@ -3971,7 +5805,7 @@ CVE-2026-XXXX [InspIRCd Security Advisory 2026-01]
        NOTE: 
https://github.com/inspircd/inspircd/commit/6319ae4fb8c10dabc9464ad49faec532096fbcb5
 (v4.11.0)
 CVE-2026-33264 (A bug in `BaseSerialization.deserialize()` allowed 
unrestricted `impor ...)
        - airflow <itp> (bug #819700)
-CVE-2026-49488
+CVE-2026-49488 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        NOT-FOR-US: Apache OpenMeetings
 CVE-2026-49487 (In Apache Airflow before 3.3.0, the REST API task-instance 
detail and  ...)
        - airflow <itp> (bug #819700)
@@ -4009,7 +5843,7 @@ CVE-2026-58402 (Hugo is a static site generator. From 
0.60.0 until 0.163.3, Hugo
        NOTE: 
https://github.com/gohugoio/hugo/security/advisories/GHSA-q76j-gcg9-vxc6
        NOTE: https://github.com/gohugoio/hugo/pull/15051
        NOTE: Fixed by: 
https://github.com/gohugoio/hugo/commit/ce1a7e0bce3713af40496ded3c2c0ceeed49231d
 (v0.163.3)
-CVE-2026-58319
+CVE-2026-58319 (Certain Apache Doris FE HTTP REST administrative APIs were 
accessible  ...)
        NOT-FOR-US: Apache Doris
 CVE-2026-58315 (Cross-site request forgery vulnerability exists in SEIKO EPSON 
Web Con ...)
        NOT-FOR-US: SEIKO
@@ -4791,23 +6625,23 @@ CVE-2026-12386 (Improper null termination vulnerability 
in TUBITAK BILGEM Softwa
        NOT-FOR-US: TUBITAK BILGEM
 CVE-2026-12250 (Invocation of process using visible sensitive information 
vulnerabilit ...)
        NOT-FOR-US: TUBITAK BILGEM
-CVE-2026-62641 [DoS via crafted compressed-RTF size in the TNEF (winmail.dat) 
file]
+CVE-2026-62641 (In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the 
TNEF de ...)
        - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/bf253c72d4293c93fda511b8464fe9cb34b522c1
 (1.6.17)
-CVE-2026-54433
+CVE-2026-54433 (In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, 
there is St ...)
        - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/63e42e233c6e8b5100e2e61a4d13addcd1a45bd5
 (1.6.17)
-CVE-2026-62643 [SSRF bypass via specific local address URLs]
+CVE-2026-62643 (In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, 
insufficien ...)
        - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/294c7da6e7284166f040cef8607b677d459e0786
 (1.6.17)
-CVE-2026-54432
+CVE-2026-54432 (Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2 allows 
Stored C ...)
        - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/a3a4482cc9bd5569107e4393d32abb157cb2a568
 (1.6.17)
-CVE-2026-62644 [Various vulnerabilities in the password plugin using 
session-injected username]
+CVE-2026-62644 (In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the 
passwor ...)
        - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/83150ce04d689a70f92d511bcae40adba8d55476
 (1.6.17)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/5cdc6a48b40beabff7f0bf5d9035f4491e877e4c
 (1.6.17)
-CVE-2026-62642 [Infinite loop in TNEF (winmail.dat) decoder]
+CVE-2026-62642 (In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an 
infinite ...)
        - roundcube 1.6.17+dfsg-1 (bug #1141495)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/a007321346380136b3de2bd75b486b04f63c0d38
 (1.6.17)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/132ac8dd5a55c8466be12de1daf84355697ffa89
 (1.6.17)
@@ -5540,7 +7374,8 @@ CVE-2026-38971 (ardupilot through Plane-4.6.3 was found 
to contain an out-of-bou
        NOT-FOR-US: ardupilot
 CVE-2026-38970 (pdfcpu through v0.11.1 contains an uncontrolled-recursion 
denial-of-se ...)
        NOT-FOR-US: pdfcpu
-CVE-2026-38969 (ruby webrick through v1.9.2 WEBrick reparses trailer 
Content-Length in ...)
+CVE-2026-38969
+       REJECTED
        - ruby-webrick 1.9.2-2 (bug #1141497)
        [trixie] - ruby-webrick <no-dsa> (Minor issue)
        NOTE: https://github.com/ruby/webrick/issues/198
@@ -10217,7 +12052,7 @@ CVE-2026-58054 (MyBB 1.8.40 does not restrict which 
usergroup a limited Admin Co
        NOT-FOR-US: MyBB
 CVE-2026-58053 (Gitea act_runner with the Docker backend (through act 0.262.0) 
passes  ...)
        - gitea <removed>
-CVE-2026-58052 (7-Zip for Windows through 26.02 fails to preserve the 
Mark-of-the-Web  ...)
+CVE-2026-58052 (7-Zip for Windows through 26.01 fails to preserve the 
Mark-of-the-Web  ...)
        - 7zip 26.02+dfsg-2
        [bookworm] - 7zip <ignored> (Only affects Windows NTFS with transparent 
ADS and :$DATA canonicalization, i.e. not the current ntfs-3g)
        - p7zip 16.02+transitional.1
@@ -11338,16 +13173,19 @@ CVE-2026-7531 (Use-after-free in PQC hybrid key-share 
handling. This is an incom
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10327 (v5.9.2-stable)
 CVE-2026-7511 (PKCS7_verify signer confusion allows forged signatures, where 
the sign ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140815)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10203 (v5.9.2-stable)
 CVE-2026-6731 (X.509 name constraint bypass via the Subject Common Name when 
treated  ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140815)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10223 (v5.9.2-stable)
 CVE-2026-6681 (The PKCS#7 decode path ignores the caller-supplied output 
buffer size  ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
@@ -11359,11 +13197,13 @@ CVE-2026-6679 (A heap buffer overflow could occur in 
the DTLS 1.3 ACK serializat
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10116 (v5.9.1-stable)
 CVE-2026-6678 (Integer underflow in wc_PKCS7_DecryptOri when handling crafted 
Other R ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140815)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10203 (v5.9.2-stable)
 CVE-2026-6450 (A CRL critical extension bypass exists in ParseCRL_Extensions 
where cr ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140815)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
@@ -11375,6 +13215,7 @@ CVE-2026-6412 (Certificate policy and RFC 8446 
compliance concerns regarding the
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10222 (v5.9.2-stable)
 CVE-2026-6331 (HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a 
zero-le ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140815)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
@@ -11386,16 +13227,19 @@ CVE-2026-6330 (The ML-KEM ARM64 NEON ciphertext 
comparison only compares half of
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10192 (v5.9.2-stable)
 CVE-2026-6329 (PKCS#12 MAC verification uses an attacker-controlled comparison 
length ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140815)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10192 (v5.9.2-stable)
 CVE-2026-6325 (Out-of-bounds write in SetSuitesHashSigAlgo when processing an 
oversiz ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140815)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10204 (v5.9.2-stable)
 CVE-2026-6092 (When HAVE_ENCRYPT_THEN_MAC is configured, the implementation 
could fal ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140815)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
@@ -11415,6 +13259,7 @@ CVE-2026-55964 (Chain intermediate CA:TRUE without 
keyCertSign accepted as a sig
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10702 (v5.9.2-stable)
 CVE-2026-55962 (TLS 1.3 post-handshake authentication (PHA) issue where a 
server could ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140815)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
@@ -11691,6 +13536,7 @@ CVE-2026-6291 (Bleichenbacher padding oracle in PKCS#7 
KTRI decryption. When dec
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10203 (v5.9.2-stable)
 CVE-2026-6094 (Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when 
parsing craf ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140765)
        [trixie] - wolfssl <no-dsa> (Can be fixed in point release)
        [bullseye] - wolfssl <postponed> (Minor issue)
@@ -11886,11 +13732,13 @@ CVE-2026-56006 (Unauthenticated Cross Site Scripting 
(XSS) in H5P <= 1.17.6 vers
 CVE-2026-56005 (Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 
5.6.3.1 ve ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-55967 (AES-GCM encryption/decryption with extremely large cumulative 
single m ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140765)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10709 (v5.9.2-stable)
 CVE-2026-55961 (wolfSSL_PKCS7_verify() returning success for a degenerate 
(certs-only) ...)
+       {DLA-4683-1}
        - wolfssl 5.9.2-1 (bug #1140765)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)
@@ -15988,11 +17836,11 @@ CVE-2026-11833 (Overview:  A vulnerability has been 
found in FAST/TOOLS and CI S
        NOT-FOR-US: Yokogawa
 CVE-2026-10852 (IBM WebSphere Application Server and IBM WebSphere Application 
Server  ...)
        NOT-FOR-US: IBM
-CVE-2026-10658 (A missing length validation in the Zephyr Bluetooth Host ISO 
receive p ...)
+CVE-2026-10658 (bt_iso_recv() in subsys/bluetooth/host/iso.c pulled the ISO 
SDU header ...)
        NOT-FOR-US: Zephyr, different from src:zephyr
-CVE-2026-10651 (A malformed Bluetooth Classic SDP attribute can trigger a 
reachable as ...)
+CVE-2026-10651 (bt_sdp_parse_attribute() in 
subsys/bluetooth/host/classic/sdp.c valida ...)
        NOT-FOR-US: Zephyr, different from src:zephyr
-CVE-2026-10645 (Zephyr's ext2 directory-entry parser does not fully validate 
on-disk d ...)
+CVE-2026-10645 (The Zephyr ext2 filesystem driver (subsys/fs/ext2) trusted the 
on-disk ...)
        NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-71358 (picklescan before 0.0.29 fails to detect malicious pickle 
files that e ...)
        NOT-FOR-US: picklescan
@@ -25573,11 +27421,11 @@ CVE-2026-6241 (An authenticated format string 
vulnerability is present in the ON
        NOT-FOR-US: TPLink
 CVE-2026-6240 (A stack-based buffer overflow vulnerability exists in Tapo 
C520WS v2 i ...)
        NOT-FOR-US: TPLink
-CVE-2026-62393
+CVE-2026-62393 (Improper Handling of Insufficient Permissions or Privileges 
vulnerabil ...)
        NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
-CVE-2026-62392
+CVE-2026-62392 (Improper Neutralization of Special Elements used in an OS 
Command ('OS ...)
        NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
-CVE-2026-62390
+CVE-2026-62390 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
 CVE-2026-6239 (A stack\u2011based buffer overflow vulnerability exists in Tapo 
C520WS ...)
        NOT-FOR-US: TPLink
@@ -34011,39 +35859,39 @@ CVE-2024-11399 (Files or directories accessible to 
external parties vulnerabilit
        NOT-FOR-US: Synology
 CVE-2023-52945 (Uncontrolled search path element vulnerability in OpenSSL DLL 
componen ...)
        NOT-FOR-US: Synology
-CVE-2026-48736
+CVE-2026-48736 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.13+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-48736-iputils-private-subnets-omits-ipv6-transition-forms-ssrf-bypass-in-noprivatenetworkhttpclient
        NOTE: 
https://github.com/symfony/symfony/commit/85b831555be8ea1f43bf01078afe87bc4c92f65e
 (v6.4.41)
        NOTE: 
https://github.com/symfony/symfony/commit/82765368cf74177c36613575182f168a2eb765b2
 (v5.4.53)
-CVE-2026-48747
+CVE-2026-48747 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        - symfony 7.4.13+dfsg-1
        [trixie] - symfony <not-affected> (Vulnerable code not present)
        [bookworm] - symfony <not-affected> (Vulnerable code not present)
        [bullseye] - symfony <not-affected> (Vulnerable code not present)
        NOTE: 
https://symfony.com/blog/cve-2026-48747-mailomat-webhook-parser-reads-the-hmac-algorithm-from-the-request-signature-algorithm-downgrade
        NOTE: 
https://github.com/symfony/symfony/commit/bdfe9fe0d94d33dfaca0bc2fe0b00b54767b0c88
 (v7.4.13)
-CVE-2026-48760
+CVE-2026-48760 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6312-1}
        - symfony 7.4.13+dfsg-1
        [bookworm] - symfony <not-affected> (Vulnerable code not present)
        [bullseye] - symfony <not-affected> (Vulnerable code not present)
        NOTE: 
https://symfony.com/blog/cve-2026-48760-htmlsanitizer-url-parser-underinclusive-percent-encoded-bidi-marks-and-unicode-whitespace-bypass
        NOTE: 
https://github.com/symfony/symfony/commit/b21a626fd90f5c12d2db432c629eed3e780ba2f8
 (v6.4.41)
-CVE-2026-48761
+CVE-2026-48761 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6312-1}
        - symfony 7.4.13+dfsg-1
        [bookworm] - symfony <not-affected> (Vulnerable code not present)
        [bullseye] - symfony <not-affected> (Vulnerable code not present)
        NOTE: 
https://symfony.com/blog/cve-2026-48761-htmlsanitizer-misses-url-attributes-on-object-applet-iframe-img-and-meta-refresh
        NOTE: 
https://github.com/symfony/symfony/commit/069a70f9f26e61e9de3b7f9a864a86ed24b36bd0
 (v6.4.41)
-CVE-2026-48784
+CVE-2026-48784 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.13+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-48784-urlgenerator-encoding-skips-every-other-chained-or-generated-url-collapses-off-route
        NOTE: 
https://github.com/symfony/symfony/commit/4b63c3a3f7af04ecd79c89a594b0b02a01990b1d
 (v5.4.53)
-CVE-2026-48489
+CVE-2026-48489 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.13+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-48489-security-firewall-bypass-via-failure-forward-subrequest
@@ -34053,25 +35901,25 @@ CVE-2026-46636
        - php-twig 3.27.0-1
        [bookworm] - php-twig <ignored> (Minor issue, too intrusive to backport)
        NOTE: 
https://symfony.com/blog/cve-2026-46636-sandbox-filter-tag-and-function-allow-list-bypass-when-sandbox-state-changes-between-renders
-CVE-2026-48806
+CVE-2026-48806 (Twig is a template language for PHP. Prior to 3.27.0, 
ArrayExpression  ...)
        - php-twig 3.27.0-1
        [trixie] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet 
shipped)
        [bookworm] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet 
shipped)
        [bullseye] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet 
shipped)
        NOTE: 
https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys
-CVE-2026-48807
+CVE-2026-48807 (Twig is a template language for PHP. Prior to 3.27.0, the 
sandbox __to ...)
        - php-twig 3.27.0-1
        [trixie] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet 
shipped)
        [bookworm] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet 
shipped)
        [bullseye] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet 
shipped)
        NOTE: 
https://symfony.com/blog/cve-2026-48807-sandbox-tostring-policy-bypass-via-traversable-in-join-replace-and-in-not-in-operators
-CVE-2026-48808
+CVE-2026-48808 (Twig is a template language for PHP. Prior to 3.27.0, the 
column filte ...)
        - php-twig 3.27.0-1
        [trixie] - php-twig <not-affected> (Fix for CVE-2026-46635 not yet 
shipped)
        [bookworm] - php-twig <not-affected> (Fix for CVE-2026-46635 not yet 
shipped)
        [bullseye] - php-twig <not-affected> (Fix for CVE-2026-46635 not yet 
shipped)
        NOTE: 
https://symfony.com/blog/cve-2026-48808-sandbox-property-allowlist-bypass-via-the-column-filter-under-sourcepolicyinterface
-CVE-2026-48805
+CVE-2026-48805 (Twig is a template language for PHP. Prior to 3.27.0, 
deprecated inter ...)
        {DSA-6311-1}
        - php-twig 3.27.0-1
        [bookworm] - php-twig <ignored> (Minor issue, too intrusive to backport)
@@ -35904,7 +37752,7 @@ CVE-2025-14481 (The Yoast SEO plugin for WordPress is 
vulnerable to Insecure Dir
        NOT-FOR-US: WordPress plugin
 CVE-2025-14361 (Missing Authorization vulnerability in AA-Team Woocommerce 
Envato Affi ...)
        NOT-FOR-US: WordPress plugin or theme
-CVE-2026-46644 [insecure equivalence in symfony/polyfill-intl-idn for 
ASCII-only xn-- labels]
+CVE-2026-46644 (Symfony Polyfill backports PHP features and provides 
compatibility lay ...)
        - php-symfony-polyfill 1.38.1-1
        [bookworm] - php-symfony-polyfill <no-dsa> (Minor issue)
        [bullseye] - php-symfony-polyfill <postponed> (Minor issue; can be 
fixed with next upload)
@@ -38061,64 +39909,64 @@ CVE-2026-43494 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 7.0.10-1
        NOTE: 
https://git.kernel.org/linus/e174929793195e0cd6a4adb0cad731b39f9019b4 (7.1-rc4)
        NOTE: https://github.com/v12-security/pocs/tree/main/pintheft
-CVE-2026-47732
+CVE-2026-47732 (Twig is a template language for PHP. Prior to 3.26.0, several 
Twig lan ...)
        {DSA-6311-1}
        - php-twig 3.26.0-1
        [bookworm] - php-twig <ignored> (Too intrusive to backport)
        NOTE: 
https://github.com/twigphp/Twig/security/advisories/GHSA-pr2w-4gpj-cpq4
        NOTE: 
https://symfony.com/blog/cve-2026-47732-sandbox-multiple-tostring-policy-bypasses-via-unguarded-string-coercion-points
-CVE-2026-46634
+CVE-2026-46634 (Twig is a template language for PHP. From 3.9.0 until 3.26.0, 
template ...)
        {DSA-6311-1}
        - php-twig 3.26.0-1 (unimportant)
        [bookworm] - php-twig <not-affected> (Vulnerable code not present, 
introduced in 3.9.0)
        [bullseye] - php-twig <not-affected> (Vulnerable code not present, 
introduced in 3.9.0)
        NOTE: 
https://symfony.com/blog/cve-2026-46634-template-from-string-escapes-a-sourcepolicy-driven-sandbox-via-synthesized-template-name
        NOTE: Upstream change only clarifies the documentation
-CVE-2026-46627
+CVE-2026-46627 (Twig is a template language for PHP. Prior to 3.26.0, the Twig 
sandbox ...)
        {DSA-6311-1}
        - php-twig 3.26.0-1 (unimportant)
        NOTE: 
https://symfony.com/blog/cve-2026-46627-sandbox-does-not-protect-against-resource-exhaustion
        NOTE: Upstream change only clarifies the documentation
-CVE-2026-46635
+CVE-2026-46635 (Twig is a template language for PHP. Prior to 3.26.0, the 
column filte ...)
        {DSA-6311-1}
        - php-twig 3.26.0-1
        [bookworm] - php-twig <ignored> (Minor issue, too intrusive to backport)
        NOTE: 
https://symfony.com/blog/cve-2026-46635-sandbox-property-allowlist-bypass-via-the-column-filter-array-column-on-objects
        NOTE: 
https://github.com/twigphp/Twig/security/advisories/GHSA-vcc8-phrv-43wj
        NOTE: Variant of CVE-2024-51755
-CVE-2026-46628
+CVE-2026-46628 (Twig is a template language for PHP. Prior to 3.26.0, the 
deprecated s ...)
        {DSA-6320-1 DSA-6311-1}
        - php-twig 3.26.0-1
        NOTE: 
https://symfony.com/blog/cve-2026-46628-the-spaceless-filter-implicitly-marks-its-output-as-safe
-CVE-2026-46629
+CVE-2026-46629 (Twig is a template language for PHP. Prior to 3.26.0, 
twig/intl-extra  ...)
        {DSA-6320-1 DSA-6311-1}
        - php-twig 3.26.0-1
        NOTE: 
https://symfony.com/blog/cve-2026-46629-unbounded-formatter-memoisation-in-twig-intl-extra-keyed-on-template-controlled-arguments
-CVE-2026-46633
+CVE-2026-46633 (Twig is a template language for PHP. Prior to 3.26.0, 
Compiler::string ...)
        {DSA-6320-1 DSA-6311-1}
        - php-twig 3.26.0-1
        NOTE: 
https://symfony.com/blog/cve-2026-46633-php-code-injection-via-use-template-name
-CVE-2026-47730
+CVE-2026-47730 (Twig is a template language for PHP. From 3.0.0 until 3.26.0, 
Twig\Pro ...)
        {DSA-6320-1 DSA-6311-1}
        - php-twig 3.26.0-1
        [bullseye] - php-twig <not-affected> (Vulnerable code not present, 
introduced in 3.0.0)
        NOTE: 
https://symfony.com/blog/cve-2026-47730-xss-in-profiler-htmldumper-via-unescaped-template-and-profile-names
-CVE-2026-46637
+CVE-2026-46637 (Twig is a template language for PHP. Prior to 3.26.0, several 
filters  ...)
        {DSA-6320-1 DSA-6311-1}
        - php-twig 3.26.0-1
        NOTE: 
https://symfony.com/blog/cve-2026-46637-html-output-filters-in-twig-extras-incorrectly-declared-is-safe-all
-CVE-2026-46638
+CVE-2026-46638 (Twig is a template language for PHP. Prior to 3.26.0, {% 
sandbox %}{%  ...)
        {DSA-6311-1}
        - php-twig 3.26.0-1
        [bookworm] - php-twig <ignored> (Minor issue, too intrusive to backport)
        NOTE: 
https://symfony.com/blog/cve-2026-46638-sandbox-include-skips-checksecurity-on-cached-templates-incomplete-fix-for-cve-2024-45411
-CVE-2026-46639
+CVE-2026-46639 (Twig is a template language for PHP. From 3.24.0 until 3.26.0, 
object- ...)
        - php-twig 3.26.0-1
        [trixie] - php-twig <not-affected> (Vulnerable code not present, 
introduced in 3.24)
        [bookworm] - php-twig <not-affected> (Vulnerable code not present, 
introduced in 3.24)
        [bullseye] - php-twig <not-affected> (Vulnerable code not present, 
introduced in 3.24)
        NOTE: 
https://symfony.com/blog/cve-2026-46639-sandbox-property-and-method-bypass-via-object-destructuring-assignment
-CVE-2026-46640
+CVE-2026-46640 (Twig is a template language for PHP. From 3.15.0 until 3.26.0, 
_self.( ...)
        {DSA-6311-1}
        - php-twig 3.26.0-1
        [bookworm] - php-twig <not-affected> (Vulnerable code not present, 
introduced in 3.15)
@@ -38319,110 +40167,110 @@ CVE-2026-46626
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-46626-symfonyruntime-cve-2024-50340-patch-bypass-via-parse-str-sapi-argv-mismatch
-CVE-2026-45070
+CVE-2026-45070 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45070-email-header-injection-via-non-token-characters-in-mime-parameter-names
-CVE-2026-45065
+CVE-2026-45065 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45065-urlgenerator-route-requirement-bypass-via-unanchored-regex-alternation-off-site-host-url-injection
-CVE-2026-45071
+CVE-2026-45071 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45071-xxe-local-file-disclosure-in-domcrawler-addxmlcontent-via-validateonparse-true
-CVE-2026-45066
+CVE-2026-45066 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        [bookworm] - symfony <not-affected> (Vulnerable code not present, 
introduced in 6.1)
        [bullseye] - symfony <not-affected> (Vulnerable code not present, 
introduced in 6.1)
        NOTE: 
https://symfony.com/blog/cve-2026-45066-htmlsanitizer-allowlinkhosts-allowmediahosts-bypass-via-url-parser-differentials-and-area-misclassification
-CVE-2026-45069
+CVE-2026-45069 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        [bookworm] - symfony <not-affected> (Vulnerable code not present, 
introduced in 6.3)
        NOTE: 
https://symfony.com/blog/cve-2026-45069-oidctokenhandler-accepts-jwts-missing-aud-iss-exp-claims
-CVE-2026-45063
+CVE-2026-45063 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45063-identity-spoofing-via-unanchored-dn-regex-in-x509authenticator
-CVE-2026-45067
+CVE-2026-45067 (### Description  `Symfony\Component\Mime\Address` is the 
value-object  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45067-email-header-smtp-command-injection-via-crlf-in-symfony-component-mime-address
-CVE-2026-45068
+CVE-2026-45068 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45068-argument-injection-in-sendmailtransport-via-dash-prefixed-recipient-address
-CVE-2026-45756
+CVE-2026-45756 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        - symfony 7.4.12+dfsg-1
        [trixie] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.3)
        [bookworm] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.3)
        [bullseye] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.3)
        NOTE: 
https://symfony.com/blog/cve-2026-45756-jsonpath-evaluates-attacker-controlled-regular-expressions-in-match-search-without-limits-redos
-CVE-2026-45755
+CVE-2026-45755 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        - symfony 7.4.12+dfsg-1
        [trixie] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.2)
        [bookworm] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.2)
        [bullseye] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.2)
        NOTE: 
https://symfony.com/blog/cve-2026-45755-mailtrap-mailer-webhook-parser-never-verifies-the-x-mt-signature-hmac-unauthenticated-webhook-event-injection
-CVE-2026-45064
+CVE-2026-45064 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        [bookworm] - symfony <not-affected> (Vulnerable code not present, 
introduced in 6.1)
        [bullseye] - symfony <not-affected> (Vulnerable code not present, 
introduced in 6.1)
        NOTE: 
https://symfony.com/blog/cve-2026-45064-htmlsanitizer-url-attributes-pass-through-bidi-override-characters-visual-href-spoofing
-CVE-2026-45077
+CVE-2026-45077 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45077-unauthenticated-php-object-deserialization-in-monologbridge-server-log-listener
-CVE-2026-45075
+CVE-2026-45075 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        - symfony 7.4.12+dfsg-1
        [trixie] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.4)
        [bookworm] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.4)
        [bullseye] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.4)
        NOTE: 
https://symfony.com/blog/cve-2026-45075-head-request-bypasses-methods-get-filter-in-isgranted-issignaturevalid-iscsrftokenvalid
-CVE-2026-45133
+CVE-2026-45133 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45133-yaml-parser-stack-exhaustion-via-unbounded-recursion-in-nested-blocks-sequences-and-mappings
-CVE-2026-45072
+CVE-2026-45072 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        [bookworm] - symfony <not-affected> (Vulnerable code not present)
        [bullseye] - symfony <not-affected> (Vulnerable code not present)
        NOTE: 
https://symfony.com/blog/cve-2026-45072-stored-xss-in-webprofiler-codeextension-fileexcerpt-unescaped-non-php-file-rendering
-CVE-2026-45073
+CVE-2026-45073 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45073-sql-injection-in-pdoadapter-doclear-via-unsanitized-prefix
-CVE-2026-45304
+CVE-2026-45304 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45304-yaml-parser-exponential-memory-allocation-via-recursive-collection-alias-expansion-billion-laughs
-CVE-2026-45305
+CVE-2026-45305 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6317-1 DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        NOTE: 
https://symfony.com/blog/cve-2026-45305-yaml-parser-redos-via-catastrophic-backtracking-in-parser-cleanup-regex
-CVE-2026-45074
+CVE-2026-45074 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        - symfony 7.4.12+dfsg-1
        [trixie] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.1)
        [bookworm] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.1)
        [bullseye] - symfony <not-affected> (Vulnerable code not present, 
introduced in 7.1)
        NOTE: 
https://symfony.com/blog/cve-2026-45074-cas2handler-derives-cas-service-url-from-client-host-header-cross-service-ticket-replay
-CVE-2026-45754
+CVE-2026-45754 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        [bookworm] - symfony <not-affected> (Vulnerable code not present, 
introduced in 6.4)
        [bullseye] - symfony <not-affected> (Vulnerable code not present, 
introduced in 6.4)
        NOTE: 
https://symfony.com/blog/cve-2026-45754-mailjet-and-lox24-webhook-parsers-never-verify-the-configured-secret-unauthenticated-event-injection
-CVE-2026-47212
+CVE-2026-47212 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        [bookworm] - symfony <not-affected> (Vulnerable code not present, 
introduced in 6.4)
        [bullseye] - symfony <not-affected> (Vulnerable code not present, 
introduced in 6.4)
        NOTE: 
https://symfony.com/blog/cve-2026-47212-twilio-notifier-webhook-parser-never-verifies-the-x-twilio-signature-hmac-unauthenticated-webhook-event-injection
-CVE-2026-45753
+CVE-2026-45753 (Symfony is a PHP framework for web and console applications 
and a set  ...)
        {DSA-6312-1}
        - symfony 7.4.12+dfsg-1
        [bookworm] - symfony <not-affected> (Vulnerable code not present, 
introduced in 6.1)
@@ -42637,7 +44485,7 @@ CVE-2026-35555 (PowerSYSTEM Center feature for device 
project groups allows an a
        NOT-FOR-US: PowerSYSTEM Center
 CVE-2026-35504 (PowerSYSTEM Center email notification service is affected by a 
CRLF in ...)
        NOT-FOR-US: PowerSYSTEM Center
-CVE-2026-34690 (After Effects versions 26.0, 25.6.4 and earlier are affected 
by a Stac ...)
+CVE-2026-34690 (After Effects is affected by a Stack-based Buffer Overflow 
vulnerabili ...)
        NOT-FOR-US: Adobe
 CVE-2026-34688 (CAI Content Credentials versions [email protected], c2pa-v0.78.2 
and earl ...)
        NOT-FOR-US: Adobe
@@ -46595,7 +48443,7 @@ CVE-2026-8069 (PredatorSense version 3.00.3136 to 
3.00.3196 contain Local Privil
        NOT-FOR-US: PredatorSense
 CVE-2026-8034 (A server-side request forgery (SSRF) vulnerability was 
identified in t ...)
        NOT-FOR-US: Github Enterprise Server
-CVE-2026-7891 (The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 
Beta all ...)
+CVE-2026-7891 (A vulnerability has been identified in Mendix Runtime (All 
versions).  ...)
        NOT-FOR-US: VerySecureApp
 CVE-2026-7541 (A denial of service vulnerability was identified in GitHub 
Enterprise  ...)
        NOT-FOR-US: Github Enterprise Server
@@ -62704,6 +64552,7 @@ CVE-2026-5263 (URI nameConstraints from constrained 
intermediate CAs are parsed
        NOTE: https://github.com/wolfSSL/wolfssl/pull/10048
        NOTE: Fixed by: 
https://github.com/wolfSSL/wolfssl/commit/ce74def87775dbcf5e221f0361b43d0746ea5710
 (v5.9.1-stable)
 CVE-2026-5194 (Missing hash/digest size and OID checks allow digests smaller 
than all ...)
+       {DLA-4683-1}
        - wolfssl 5.9.1-0.1 (bug #1133835)
        [trixie] - wolfssl <no-dsa> (Minor issue)
        [bullseye] - wolfssl <postponed> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ab0f0f3d64f006461a10dd9a2bd5e5de5f98055

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ab0f0f3d64f006461a10dd9a2bd5e5de5f98055
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to