Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4be6fc90 by security tracker role at 2026-07-18T07:13:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,199 @@
+CVE-2026-9734 (The W3SC Elementor to Zoho CRM plugin for WordPress is
vulnerable to C ...)
+ TODO: check
+CVE-2026-8861 (IBM Security Verify could allow a remote attacker to obtain
sensitive ...)
+ TODO: check
+CVE-2026-8859 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an
attacker ...)
+ TODO: check
+CVE-2026-8635 (IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated
users to es ...)
+ TODO: check
+CVE-2026-8505 (IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in
Langflow' ...)
+ TODO: check
+CVE-2026-8481 (IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote
code e ...)
+ TODO: check
+CVE-2026-8476 (IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote
code e ...)
+ TODO: check
+CVE-2026-8056 (IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated
users to ov ...)
+ TODO: check
+CVE-2026-7872 (IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated
attacker ...)
+ TODO: check
+CVE-2026-7771 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
+ TODO: check
+CVE-2026-7755 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow
remote code ...)
+ TODO: check
+CVE-2026-7754 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could
allow serve ...)
+ TODO: check
+CVE-2026-7667 (IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated
attacker ...)
+ TODO: check
+CVE-2026-7364 (IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security
Verify ...)
+ TODO: check
+CVE-2026-63030 (WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is
affected by a R ...)
+ TODO: check
+CVE-2026-60137 (WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x
before 7.0 ...)
+ TODO: check
+CVE-2026-57980 (Authentication bypass using an alternate path or channel in
Microsoft ...)
+ TODO: check
+CVE-2026-56741 (JLine is a Java library for handling console input. Prior to
3.30.14, ...)
+ TODO: check
+CVE-2026-56740 (JLine is a Java library for handling console input. Prior to
3.30.14, ...)
+ TODO: check
+CVE-2026-56171 (Exposure of private personal information to an unauthorized
actor in W ...)
+ TODO: check
+CVE-2026-55518 (Avo is a framework to create admin panels for Ruby on Rails
apps. Prio ...)
+ TODO: check
+CVE-2026-55254 (NCalc is a fast, lightweight expression evaluator for .NET.
Prior to 6 ...)
+ TODO: check
+CVE-2026-54498 (view_component is a framework for building reusable, testable,
and enc ...)
+ TODO: check
+CVE-2026-54497 (view_component is a framework for building reusable, testable,
and enc ...)
+ TODO: check
+CVE-2026-54490 (websocket-driver is a WebSocket protocol handler with
pluggable I/O. P ...)
+ TODO: check
+CVE-2026-54466 (websocket-driver is a WebSocket protocol handler with
pluggable I/O. P ...)
+ TODO: check
+CVE-2026-54465 (websocket-driver is a WebSocket protocol handler with
pluggable I/O. P ...)
+ TODO: check
+CVE-2026-54464 (### Impact If this library is used in tandem with the
`permessage-def ...)
+ TODO: check
+CVE-2026-54463 (websocket-driver is a WebSocket protocol handler with
pluggable I/O. P ...)
+ TODO: check
+CVE-2026-54335 (Feathersjs is a framework for creating web APIs and real-time
applicat ...)
+ TODO: check
+CVE-2026-54244 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
+ TODO: check
+CVE-2026-54243 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
+ TODO: check
+CVE-2026-54242 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
+ TODO: check
+CVE-2026-54171 (Excon is usable, fast, simple HTTP 1.1 for Ruby. Prior to
1.5.0, Excon ...)
+ TODO: check
+CVE-2026-54163 (secure_headers manages application of security headers with
many safe ...)
+ TODO: check
+CVE-2026-54159 (PrestaShop ps_facetedsearch is a module that adds layered
navigation f ...)
+ TODO: check
+CVE-2026-53727 (css_parser is a Ruby CSS parser. From 2.2.0 until 3.0.0,
CssParser::Pa ...)
+ TODO: check
+CVE-2026-52584 (Buffer Overflow vulnerability in libjxl v.0.11.2 and before
allows a l ...)
+ TODO: check
+CVE-2026-52348 (cool-admin-java 8.0.0 has a SQL injection vulnerability in the
order() ...)
+ TODO: check
+CVE-2026-52203 (An issue in MCMS v.6.1.1 allows a remote attacker to obtain
sensitive ...)
+ TODO: check
+CVE-2026-52199 (An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows
a remot ...)
+ TODO: check
+CVE-2026-51833 (Xenforo 2.3.8 is vulnerable to SSRF. Attackers that have
administrator ...)
+ TODO: check
+CVE-2026-50289 (systeminformation is a System and OS information library for
node.js. ...)
+ TODO: check
+CVE-2026-50274 (Datadog dd-trace-go is a Go client library for Datadog
application per ...)
+ TODO: check
+CVE-2026-50272 (dd-trace is the Datadog APM client for Node.js. Prior to
5.100.0, W3C ...)
+ TODO: check
+CVE-2026-50271 (Datadog dd-trace-py is the Datadog Python APM client. Prior to
4.8.2, ...)
+ TODO: check
+CVE-2026-50197 (Skipper is an HTTP router and reverse proxy for service
composition. P ...)
+ TODO: check
+CVE-2026-50163 (oras-go is a Go library for managing OCI artifacts. Prior to
2.6.2, en ...)
+ TODO: check
+CVE-2026-50162 (oras-go is a Go library for managing OCI artifacts. Prior to
2.6.1, re ...)
+ TODO: check
+CVE-2026-50151 (oras-go is a Go library for managing OCI artifacts. Prior to
2.6.1, re ...)
+ TODO: check
+CVE-2026-4942 (IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to
send a s ...)
+ TODO: check
+CVE-2026-4938 (IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security
Verify ...)
+ TODO: check
+CVE-2026-49977 (tarteaucitron.js is a compliant and accessible cookie banner.
Prior to ...)
+ TODO: check
+CVE-2026-49852 (joserfc is a Python library that provides an implementation of
several ...)
+ TODO: check
+CVE-2026-49834 (sigstore-go is a Go library for Sigstore signing and
verification. Pri ...)
+ TODO: check
+CVE-2026-49485 (HAPI FHIR is a complete implementation of the HL7 FHIR
standard for he ...)
+ TODO: check
+CVE-2026-49284 (SimpleSAMLphp versions before 1.18.6 contain an information
disclosure ...)
+ TODO: check
+CVE-2026-48978 (oras-go is a Go library for managing OCI artifacts. Prior to
2.6.1, au ...)
+ TODO: check
+CVE-2026-48819 (Hey API is an ecosystem for turning API specifications into
production ...)
+ TODO: check
+CVE-2026-48504 (OpenTelemetry Rust is the Rust OpenTelemetry implementation.
In 0.32.0 ...)
+ TODO: check
+CVE-2026-48373 (Acrobat Reader is affected by a Heap-based Buffer Overflow
vulnerabili ...)
+ TODO: check
+CVE-2026-48062 (CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3,
the ext ...)
+ TODO: check
+CVE-2026-48049 (@hapi/inert provides static file and directory handlers for
hapi.js. F ...)
+ TODO: check
+CVE-2026-48022 (@hapi/wreck is an HTTP client utility. Prior to 18.1.2, Wreck
strips c ...)
+ TODO: check
+CVE-2026-46420 (setup-php is a GitHub action to set up PHP with extensions,
php.ini co ...)
+ TODO: check
+CVE-2026-45799 (Wire provides gRPC and protocol buffers for Android, Kotlin,
Swift, an ...)
+ TODO: check
+CVE-2026-45785 (OpenMcdf is a fully .NET / C# library to manipulate Compound
File Bina ...)
+ TODO: check
+CVE-2026-45784 (rust-openssl provides OpenSSL bindings for the Rust
programming langua ...)
+ TODO: check
+CVE-2026-45704 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
+ TODO: check
+CVE-2026-45260 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
+ TODO: check
+CVE-2026-44979 (@hapi/wreck is an HTTP client utility. Prior to 18.1.1, when
@hapi/wre ...)
+ TODO: check
+CVE-2026-44974 (@hapi/content provided HTTP Content-* headers parsing. Prior
to 6.0.2, ...)
+ TODO: check
+CVE-2026-44891 (Netty is a network application framework for development of
protocol s ...)
+ TODO: check
+CVE-2026-44739 (Pimcore is an Open Source Data & Experience Management
Platform. Prior ...)
+ TODO: check
+CVE-2026-43636
+ REJECTED
+CVE-2026-42168 (django-pyas2 through 1.2.3 is vulnerable to OS command
injection via t ...)
+ TODO: check
+CVE-2026-36669 (An unauthenticated arbitrary file upload vulnerability in
ck_upload_ha ...)
+ TODO: check
+CVE-2026-16118 (A flaw was found in xdgmime. A heap-based buffer overflow can
be trigg ...)
+ TODO: check
+CVE-2026-16076 (A vulnerability has been found in AstrBotDevs AstrBot up to
4.25.5. Th ...)
+ TODO: check
+CVE-2026-16075 (A flaw has been found in AstrBotDevs AstrBot up to 4.25.5.
This vulner ...)
+ TODO: check
+CVE-2026-16074 (A vulnerability was detected in AstrBotDevs AstrBot up to
4.25.2. This ...)
+ TODO: check
+CVE-2026-15995 (IBM Cognos Analytics 12.1.3 GA Version with build number
through 12.1. ...)
+ TODO: check
+CVE-2026-15415 (AWS HealthOmics is a HIPAA-eligible service that fully manages
the com ...)
+ TODO: check
+CVE-2026-15322 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a
remote at ...)
+ TODO: check
+CVE-2026-15093 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a
remote at ...)
+ TODO: check
+CVE-2026-15091 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a
remote at ...)
+ TODO: check
+CVE-2026-15069 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a
remote at ...)
+ TODO: check
+CVE-2026-14979 (IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001
through ) ...)
+ TODO: check
+CVE-2026-14971 (IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and
2.3.02.3.0.12.3.12.3.2 IBM ...)
+ TODO: check
+CVE-2026-14501 (IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0
could allow ...)
+ TODO: check
+CVE-2026-14499 (IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an
authenti ...)
+ TODO: check
+CVE-2026-13473 (IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1,
and 8.2 ...)
+ TODO: check
+CVE-2026-13448 (IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an
unauthen ...)
+ TODO: check
+CVE-2026-13446 (IBM Langflow OSS 1.0.0 through 1.10.1 containshard-coded
credentials, ...)
+ TODO: check
+CVE-2026-13445 (IBM Langflow OSS 1.0.0 through 1.10.1 can allow an
authenticated attac ...)
+ TODO: check
+CVE-2026-12283 (Amazon Athena is a serverless, interactive query service that
lets you ...)
+ TODO: check
+CVE-2025-51678 (An issue was discovered in RISC-V PicoRV32 commit 87c89a. A
mismatch i ...)
+ TODO: check
+CVE-2025-51677 (An issue was discovered in openRISC OR1200 commit 83ac6b. An
output mi ...)
+ TODO: check
CVE-2026-9762 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
NOT-FOR-US: IBM
CVE-2026-9656 (The HubSpot All-In-One Marketing \u2013 Forms, Popups, Live
Chat plugi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4be6fc90068c43b79622d5dd4ccde0cfa8a2e1cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4be6fc90068c43b79622d5dd4ccde0cfa8a2e1cf
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits