Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4be6fc90 by security tracker role at 2026-07-18T07:13:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,199 @@
+CVE-2026-9734 (The W3SC Elementor to Zoho CRM plugin for WordPress is 
vulnerable to C ...)
+       TODO: check
+CVE-2026-8861 (IBM Security Verify could allow a remote attacker to obtain 
sensitive  ...)
+       TODO: check
+CVE-2026-8859 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an 
attacker ...)
+       TODO: check
+CVE-2026-8635 (IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated 
users to es ...)
+       TODO: check
+CVE-2026-8505 (IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in 
Langflow' ...)
+       TODO: check
+CVE-2026-8481 (IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote 
code e ...)
+       TODO: check
+CVE-2026-8476 (IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote 
code e ...)
+       TODO: check
+CVE-2026-8056 (IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated 
users to ov ...)
+       TODO: check
+CVE-2026-7872 (IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated 
attacker ...)
+       TODO: check
+CVE-2026-7771 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is 
vulnerable ...)
+       TODO: check
+CVE-2026-7755 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow 
remote code ...)
+       TODO: check
+CVE-2026-7754 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could 
allow serve ...)
+       TODO: check
+CVE-2026-7667 (IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated 
attacker ...)
+       TODO: check
+CVE-2026-7364 (IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security 
Verify ...)
+       TODO: check
+CVE-2026-63030 (WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is 
affected by a R ...)
+       TODO: check
+CVE-2026-60137 (WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x 
before 7.0 ...)
+       TODO: check
+CVE-2026-57980 (Authentication bypass using an alternate path or channel in 
Microsoft  ...)
+       TODO: check
+CVE-2026-56741 (JLine is a Java library for handling console input. Prior to 
3.30.14,  ...)
+       TODO: check
+CVE-2026-56740 (JLine is a Java library for handling console input. Prior to 
3.30.14,  ...)
+       TODO: check
+CVE-2026-56171 (Exposure of private personal information to an unauthorized 
actor in W ...)
+       TODO: check
+CVE-2026-55518 (Avo is a framework to create admin panels for Ruby on Rails 
apps. Prio ...)
+       TODO: check
+CVE-2026-55254 (NCalc is a fast, lightweight expression evaluator for .NET. 
Prior to 6 ...)
+       TODO: check
+CVE-2026-54498 (view_component is a framework for building reusable, testable, 
and enc ...)
+       TODO: check
+CVE-2026-54497 (view_component is a framework for building reusable, testable, 
and enc ...)
+       TODO: check
+CVE-2026-54490 (websocket-driver is a WebSocket protocol handler with 
pluggable I/O. P ...)
+       TODO: check
+CVE-2026-54466 (websocket-driver is a WebSocket protocol handler with 
pluggable I/O. P ...)
+       TODO: check
+CVE-2026-54465 (websocket-driver is a WebSocket protocol handler with 
pluggable I/O. P ...)
+       TODO: check
+CVE-2026-54464 (### Impact  If this library is used in tandem with the 
`permessage-def ...)
+       TODO: check
+CVE-2026-54463 (websocket-driver is a WebSocket protocol handler with 
pluggable I/O. P ...)
+       TODO: check
+CVE-2026-54335 (Feathersjs is a framework for creating web APIs and real-time 
applicat ...)
+       TODO: check
+CVE-2026-54244 (Statamic is a Laravel and Git powered content management 
system (CMS). ...)
+       TODO: check
+CVE-2026-54243 (Statamic is a Laravel and Git powered content management 
system (CMS). ...)
+       TODO: check
+CVE-2026-54242 (Statamic is a Laravel and Git powered content management 
system (CMS). ...)
+       TODO: check
+CVE-2026-54171 (Excon is usable, fast, simple HTTP 1.1 for Ruby. Prior to 
1.5.0, Excon ...)
+       TODO: check
+CVE-2026-54163 (secure_headers manages application of security headers with 
many safe  ...)
+       TODO: check
+CVE-2026-54159 (PrestaShop ps_facetedsearch is a module that adds layered 
navigation f ...)
+       TODO: check
+CVE-2026-53727 (css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0, 
CssParser::Pa ...)
+       TODO: check
+CVE-2026-52584 (Buffer Overflow vulnerability in libjxl v.0.11.2 and before 
allows a l ...)
+       TODO: check
+CVE-2026-52348 (cool-admin-java 8.0.0 has a SQL injection vulnerability in the 
order() ...)
+       TODO: check
+CVE-2026-52203 (An issue in MCMS v.6.1.1 allows a remote attacker to obtain 
sensitive  ...)
+       TODO: check
+CVE-2026-52199 (An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows 
a remot ...)
+       TODO: check
+CVE-2026-51833 (Xenforo 2.3.8 is vulnerable to SSRF. Attackers that have 
administrator ...)
+       TODO: check
+CVE-2026-50289 (systeminformation is a System and OS information library for 
node.js.  ...)
+       TODO: check
+CVE-2026-50274 (Datadog dd-trace-go is a Go client library for Datadog 
application per ...)
+       TODO: check
+CVE-2026-50272 (dd-trace is the Datadog APM client for Node.js. Prior to 
5.100.0, W3C  ...)
+       TODO: check
+CVE-2026-50271 (Datadog dd-trace-py is the Datadog Python APM client. Prior to 
4.8.2,  ...)
+       TODO: check
+CVE-2026-50197 (Skipper is an HTTP router and reverse proxy for service 
composition. P ...)
+       TODO: check
+CVE-2026-50163 (oras-go is a Go library for managing OCI artifacts. Prior to 
2.6.2, en ...)
+       TODO: check
+CVE-2026-50162 (oras-go is a Go library for managing OCI artifacts. Prior to 
2.6.1, re ...)
+       TODO: check
+CVE-2026-50151 (oras-go is a Go library for managing OCI artifacts. Prior to 
2.6.1, re ...)
+       TODO: check
+CVE-2026-4942 (IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to 
send a s ...)
+       TODO: check
+CVE-2026-4938 (IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security 
Verify ...)
+       TODO: check
+CVE-2026-49977 (tarteaucitron.js is a compliant and accessible cookie banner. 
Prior to ...)
+       TODO: check
+CVE-2026-49852 (joserfc is a Python library that provides an implementation of 
several ...)
+       TODO: check
+CVE-2026-49834 (sigstore-go is a Go library for Sigstore signing and 
verification. Pri ...)
+       TODO: check
+CVE-2026-49485 (HAPI FHIR is a complete implementation of the HL7 FHIR 
standard for he ...)
+       TODO: check
+CVE-2026-49284 (SimpleSAMLphp versions before 1.18.6 contain an information 
disclosure ...)
+       TODO: check
+CVE-2026-48978 (oras-go is a Go library for managing OCI artifacts. Prior to 
2.6.1, au ...)
+       TODO: check
+CVE-2026-48819 (Hey API is an ecosystem for turning API specifications into 
production ...)
+       TODO: check
+CVE-2026-48504 (OpenTelemetry Rust is the Rust OpenTelemetry implementation. 
In 0.32.0 ...)
+       TODO: check
+CVE-2026-48373 (Acrobat Reader is affected by a Heap-based Buffer Overflow 
vulnerabili ...)
+       TODO: check
+CVE-2026-48062 (CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3, 
the ext ...)
+       TODO: check
+CVE-2026-48049 (@hapi/inert provides static file and directory handlers for 
hapi.js. F ...)
+       TODO: check
+CVE-2026-48022 (@hapi/wreck is an HTTP client utility. Prior to 18.1.2, Wreck 
strips c ...)
+       TODO: check
+CVE-2026-46420 (setup-php is a GitHub action to set up PHP with extensions, 
php.ini co ...)
+       TODO: check
+CVE-2026-45799 (Wire provides gRPC and protocol buffers for Android, Kotlin, 
Swift, an ...)
+       TODO: check
+CVE-2026-45785 (OpenMcdf is a fully .NET / C# library to manipulate Compound 
File Bina ...)
+       TODO: check
+CVE-2026-45784 (rust-openssl provides OpenSSL bindings for the Rust 
programming langua ...)
+       TODO: check
+CVE-2026-45704 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
+       TODO: check
+CVE-2026-45260 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
+       TODO: check
+CVE-2026-44979 (@hapi/wreck is an HTTP client utility. Prior to 18.1.1, when 
@hapi/wre ...)
+       TODO: check
+CVE-2026-44974 (@hapi/content provided HTTP Content-* headers parsing. Prior 
to 6.0.2, ...)
+       TODO: check
+CVE-2026-44891 (Netty is a network application framework for development of 
protocol s ...)
+       TODO: check
+CVE-2026-44739 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
+       TODO: check
+CVE-2026-43636
+       REJECTED
+CVE-2026-42168 (django-pyas2 through 1.2.3 is vulnerable to OS command 
injection via t ...)
+       TODO: check
+CVE-2026-36669 (An unauthenticated arbitrary file upload vulnerability in 
ck_upload_ha ...)
+       TODO: check
+CVE-2026-16118 (A flaw was found in xdgmime. A heap-based buffer overflow can 
be trigg ...)
+       TODO: check
+CVE-2026-16076 (A vulnerability has been found in AstrBotDevs AstrBot up to 
4.25.5. Th ...)
+       TODO: check
+CVE-2026-16075 (A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. 
This vulner ...)
+       TODO: check
+CVE-2026-16074 (A vulnerability was detected in AstrBotDevs AstrBot up to 
4.25.2. This ...)
+       TODO: check
+CVE-2026-15995 (IBM Cognos Analytics 12.1.3 GA Version with build number 
through 12.1. ...)
+       TODO: check
+CVE-2026-15415 (AWS HealthOmics is a HIPAA-eligible service that fully manages 
the com ...)
+       TODO: check
+CVE-2026-15322 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a 
remote at ...)
+       TODO: check
+CVE-2026-15093 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a 
remote at ...)
+       TODO: check
+CVE-2026-15091 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a 
remote at ...)
+       TODO: check
+CVE-2026-15069 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a 
remote at ...)
+       TODO: check
+CVE-2026-14979 (IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001 
through ) ...)
+       TODO: check
+CVE-2026-14971 (IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and 
2.3.02.3.0.12.3.12.3.2 IBM ...)
+       TODO: check
+CVE-2026-14501 (IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 
could allow  ...)
+       TODO: check
+CVE-2026-14499 (IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an 
authenti ...)
+       TODO: check
+CVE-2026-13473 (IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, 
and 8.2 ...)
+       TODO: check
+CVE-2026-13448 (IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an 
unauthen ...)
+       TODO: check
+CVE-2026-13446 (IBM Langflow OSS 1.0.0 through 1.10.1 containshard-coded 
credentials,  ...)
+       TODO: check
+CVE-2026-13445 (IBM Langflow OSS 1.0.0 through 1.10.1 can allow an 
authenticated attac ...)
+       TODO: check
+CVE-2026-12283 (Amazon Athena is a serverless, interactive query service that 
lets you ...)
+       TODO: check
+CVE-2025-51678 (An issue was discovered in RISC-V PicoRV32 commit 87c89a. A 
mismatch i ...)
+       TODO: check
+CVE-2025-51677 (An issue was discovered in openRISC OR1200 commit 83ac6b. An 
output mi ...)
+       TODO: check
 CVE-2026-9762 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is 
vulnerable ...)
        NOT-FOR-US: IBM
 CVE-2026-9656 (The HubSpot All-In-One Marketing \u2013 Forms, Popups, Live 
Chat plugi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4be6fc90068c43b79622d5dd4ccde0cfa8a2e1cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4be6fc90068c43b79622d5dd4ccde0cfa8a2e1cf
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to