[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 1 08:14:02 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8e6a7e03 by security tracker role at 2026-04-01T07:13:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,511 @@
+CVE-2026-5258 (A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the fu ...)
+ TODO: check
+CVE-2026-5257 (A vulnerability has been found in code-projects Simple Laundry System ...)
+ TODO: check
+CVE-2026-5256 (A flaw has been found in code-projects Simple Laundry System 1.0. This ...)
+ TODO: check
+CVE-2026-5255 (A vulnerability was detected in code-projects Simple Laundry System 1. ...)
+ TODO: check
+CVE-2026-5254 (A security vulnerability has been detected in welovemedia FFmate up to ...)
+ TODO: check
+CVE-2026-5253 (A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by ...)
+ TODO: check
+CVE-2026-5252 (A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected ...)
+ TODO: check
+CVE-2026-5251 (A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts a ...)
+ TODO: check
+CVE-2026-5249 (A vulnerability was found in gougucms 4.08.18. This impacts an unknown ...)
+ TODO: check
+CVE-2026-5248 (A vulnerability has been found in gougucms 4.08.18. This affects the f ...)
+ TODO: check
+CVE-2026-5240 (A security vulnerability has been detected in code-projects BloodBank ...)
+ TODO: check
+CVE-2026-5238 (A weakness has been identified in itsourcecode Payroll Management Syst ...)
+ TODO: check
+CVE-2026-5237 (A security flaw has been discovered in itsourcecode Payroll Management ...)
+ TODO: check
+CVE-2026-5236 (A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Af ...)
+ TODO: check
+CVE-2026-5235 (A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. Th ...)
+ TODO: check
+CVE-2026-5215 (A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, ...)
+ TODO: check
+CVE-2026-5214 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...)
+ TODO: check
+CVE-2026-5213 (A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, ...)
+ TODO: check
+CVE-2026-5212 (A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, ...)
+ TODO: check
+CVE-2026-5211 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, ...)
+ TODO: check
+CVE-2026-5210 (A vulnerability was detected in SourceCodester Leave Application Syste ...)
+ TODO: check
+CVE-2026-5209 (A security vulnerability has been detected in SourceCodester Leave App ...)
+ TODO: check
+CVE-2026-5206 (A security vulnerability has been detected in code-projects Simple Gym ...)
+ TODO: check
+CVE-2026-5205 (A vulnerability was identified in chatwoot up to 4.11.2. Affected by t ...)
+ TODO: check
+CVE-2026-5204 (A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the ...)
+ TODO: check
+CVE-2026-5203 (A vulnerability was found in CMS Made Simple up to 2.2.22. This impact ...)
+ TODO: check
+CVE-2026-5201 (A flaw was found in the gdk-pixbuf library. This heap-based buffer ove ...)
+ TODO: check
+CVE-2026-5198 (A vulnerability was determined in code-projects Student Membership Sys ...)
+ TODO: check
+CVE-2026-5197 (A vulnerability was found in code-projects Student Membership System 1 ...)
+ TODO: check
+CVE-2026-5196 (A vulnerability has been found in code-projects Student Membership Sys ...)
+ TODO: check
+CVE-2026-5195 (A flaw has been found in code-projects Student Membership System 1.0. ...)
+ TODO: check
+CVE-2026-5190 (Out-of-bounds write in the streaming decoder component in aws-c-event- ...)
+ TODO: check
+CVE-2026-5186 (A weakness has been identified in Nothings stb up to 2.30. This impact ...)
+ TODO: check
+CVE-2026-4947 (Addressed a potential insecure direct object reference (IDOR) vulnerab ...)
+ TODO: check
+CVE-2026-4819 (In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging ...)
+ TODO: check
+CVE-2026-4818 (In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an i ...)
+ TODO: check
+CVE-2026-4800 (Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHS ...)
+ TODO: check
+CVE-2026-4799 (In Search Guard FLX up to version 4.0.1, it is possible to use special ...)
+ TODO: check
+CVE-2026-4748 (A regression in the way hashes were calculated caused rules containing ...)
+ TODO: check
+CVE-2026-4668 (The Booking for Appointments and Events Calendar - Amelia plugin for W ...)
+ TODO: check
+CVE-2026-4400 (Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot M ...)
+ TODO: check
+CVE-2026-4399 (Prompt injection vulnerability in 1millionbot Millie chatbot that occu ...)
+ TODO: check
+CVE-2026-4374 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
+CVE-2026-4317 (SQL inyection (SQLi) vulnerability in Umami Software web application t ...)
+ TODO: check
+CVE-2026-4267 (The Query Monitor \u2013 The developer tools panel for WordPress plugi ...)
+ TODO: check
+CVE-2026-3831 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...)
+ TODO: check
+CVE-2026-3780 (The application's installer runs with elevated privileges but resolves ...)
+ TODO: check
+CVE-2026-3779 (The application's list box calculate array logic keeps stale reference ...)
+ TODO: check
+CVE-2026-3778 (The application does not detect or guard against cyclic PDF object ref ...)
+ TODO: check
+CVE-2026-3777 (The application does not properly validate the lifetime and validity o ...)
+ TODO: check
+CVE-2026-3776 (The application does not validate the presence of required appearance ...)
+ TODO: check
+CVE-2026-3775 (The application's update service, when checking for updates, loads cer ...)
+ TODO: check
+CVE-2026-3774 (The application allows PDF JavaScript and document/print actions (such ...)
+ TODO: check
+CVE-2026-3470 (A vulnerability exists in the SonicWall Email Security appliance due t ...)
+ TODO: check
+CVE-2026-3469 (A denial-of-service (DoS) vulnerability exists due to improper input v ...)
+ TODO: check
+CVE-2026-3468 (A stored Cross-Site Scripting (XSS) vulnerability has been identified ...)
+ TODO: check
+CVE-2026-3356 (The MS27102A Remote Spectrum Monitor is vulnerable to an authenticatio ...)
+ TODO: check
+CVE-2026-3308 (An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF ...)
+ TODO: check
+CVE-2026-3191 (The Minify HTML plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2026-3139 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...)
+ TODO: check
+CVE-2026-3107 (Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5. ...)
+ TODO: check
+CVE-2026-3106 (Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5. ...)
+ TODO: check
+CVE-2026-35057 (XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross- ...)
+ TODO: check
+CVE-2026-35056 (XenForo before 2.3.9 and before 2.2.18 allows remote code execution (R ...)
+ TODO: check
+CVE-2026-35055 (XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scr ...)
+ TODO: check
+CVE-2026-35054 (XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS ...)
+ TODO: check
+CVE-2026-34887 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-34784 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-34740 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34739 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34738 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34737 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34733 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34732 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34731 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34716 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34613 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34611 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34605 (SiYuan is a personal knowledge management system. From version 3.6.0 t ...)
+ TODO: check
+CVE-2026-34595 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-34586 (PdfDing is a selfhosted PDF manager, viewer and editor offering a seam ...)
+ TODO: check
+CVE-2026-34585 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
+ TODO: check
+CVE-2026-34574 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-34573 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-34556 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34555 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34554 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34553 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34552 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34551 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34550 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34549 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34548 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34547 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34546 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34542 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34541 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34540 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34539 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34537 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34536 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34535 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34534 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34533 (iccDEV provides a set of libraries and tools for working with ICC colo ...)
+ TODO: check
+CVE-2026-34532 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-34509 (OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerabil ...)
+ TODO: check
+CVE-2026-34508 (OpenClaw before 2026.3.12 applies rate limiting only after webhook aut ...)
+ TODO: check
+CVE-2026-34506 (OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerabil ...)
+ TODO: check
+CVE-2026-34505 (OpenClaw before 2026.3.12 applies rate limiting only after successful ...)
+ TODO: check
+CVE-2026-34504 (OpenClaw before 2026.3.28 contains a server-side request forgery vulne ...)
+ TODO: check
+CVE-2026-34503 (OpenClaw before 2026.3.28 fails to disconnect active WebSocket session ...)
+ TODO: check
+CVE-2026-34453 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
+ TODO: check
+CVE-2026-34452 (The Claude SDK for Python provides access to the Claude API from Pytho ...)
+ TODO: check
+CVE-2026-34451 (Claude SDK for TypeScript provides access to the Claude API from serve ...)
+ TODO: check
+CVE-2026-34450 (The Claude SDK for Python provides access to the Claude API from Pytho ...)
+ TODO: check
+CVE-2026-34449 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
+ TODO: check
+CVE-2026-34448 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
+ TODO: check
+CVE-2026-34443 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-34442 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-34441 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+ TODO: check
+CVE-2026-34406 (APTRS (Automated Penetration Testing Reporting System) is a Python and ...)
+ TODO: check
+CVE-2026-34405 (Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to ...)
+ TODO: check
+CVE-2026-34404 (Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to ...)
+ TODO: check
+CVE-2026-34401 (XML Notepad is a Windows program that provides a simple intuitive User ...)
+ TODO: check
+CVE-2026-34400 (Alerta is a monitoring tool. Prior to version 9.1.0, the Query string ...)
+ TODO: check
+CVE-2026-34396 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34395 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34394 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-34384 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-34383 (Admidio is an open-source user management solution. Prior to version 5 ...)
+ TODO: check
+CVE-2026-34382 (Admidio is an open-source user management solution. From version 5.0.0 ...)
+ TODO: check
+CVE-2026-34381 (Admidio is an open-source user management solution. From version 5.0.0 ...)
+ TODO: check
+CVE-2026-34377 (ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad versio ...)
+ TODO: check
+CVE-2026-34373 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-34372 (Sulu is an open-source PHP content management system based on the Symf ...)
+ TODO: check
+CVE-2026-34367 (InvoiceShelf is an open-source web & mobile app that helps track expen ...)
+ TODO: check
+CVE-2026-34366 (InvoiceShelf is an open-source web & mobile app that helps track expen ...)
+ TODO: check
+CVE-2026-34365 (InvoiceShelf is an open-source web & mobile app that helps track expen ...)
+ TODO: check
+CVE-2026-34363 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-34361 (HAPI FHIR is a complete implementation of the HL7 FHIR standard for he ...)
+ TODO: check
+CVE-2026-34360 (HAPI FHIR is a complete implementation of the HL7 FHIR standard for he ...)
+ TODO: check
+CVE-2026-34359 (HAPI FHIR is a complete implementation of the HL7 FHIR standard for he ...)
+ TODO: check
+CVE-2026-34243 (wenxian is a tool to generate BIBTEX files from given identifiers (DOI ...)
+ TODO: check
+CVE-2026-34240 (JOSE is a Javascript Object Signing and Encryption (JOSE) library. Pri ...)
+ TODO: check
+CVE-2026-34237 (MCP Java SDK is the official Java SDK for Model Context Protocol serve ...)
+ TODO: check
+CVE-2026-34235 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
+CVE-2026-34231 (Slippers is a UI component framework for Django. Prior to version 0.6. ...)
+ TODO: check
+CVE-2026-34227 (Sliver is a command and control framework that uses a custom Wireguard ...)
+ TODO: check
+CVE-2026-34224 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-34221 (MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of ...)
+ TODO: check
+CVE-2026-34220 (MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of ...)
+ TODO: check
+CVE-2026-34219 (libp2p-rust is the official rust language Implementation of the libp2p ...)
+ TODO: check
+CVE-2026-34218 (ClearanceKit intercepts file-system access events on macOS and enforce ...)
+ TODO: check
+CVE-2026-34215 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-34214 (Trino is a distributed SQL query engine for big data analytics. From v ...)
+ TODO: check
+CVE-2026-34210 (mppx is a TypeScript interface for machine payments protocol. Prior to ...)
+ TODO: check
+CVE-2026-34209 (mppx is a TypeScript interface for machine payments protocol. Prior to ...)
+ TODO: check
+CVE-2026-34206 (Captcha Protect is a Traefik middleware to add an anti-bot challenge t ...)
+ TODO: check
+CVE-2026-34204 (MinIO is a high-performance object storage system. Prior to version RE ...)
+ TODO: check
+CVE-2026-34203 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
+ TODO: check
+CVE-2026-34202 (ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad versio ...)
+ TODO: check
+CVE-2026-34200 (Nhost is an open source Firebase alternative with GraphQL. Prior to ve ...)
+ TODO: check
+CVE-2026-34172 (Giskard is an open-source Python library for testing and evaluating ag ...)
+ TODO: check
+CVE-2026-34165 (go-git is an extensible git implementation library written in pure Go. ...)
+ TODO: check
+CVE-2026-34163 (FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, F ...)
+ TODO: check
+CVE-2026-34162 (FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, t ...)
+ TODO: check
+CVE-2026-34156 (NocoBase is an AI-powered no-code/low-code platform for building busin ...)
+ TODO: check
+CVE-2026-34155 (RAUC controls the update process on embedded Linux systems. Prior to v ...)
+ TODO: check
+CVE-2026-33762 (go-git is an extensible git implementation library written in pure Go. ...)
+ TODO: check
+CVE-2026-33581 (OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in t ...)
+ TODO: check
+CVE-2026-33580 (OpenClaw before 2026.3.28 contains a missing rate limiting vulnerabili ...)
+ TODO: check
+CVE-2026-33579 (OpenClaw before 2026.3.28 contains a privilege escalation vulnerabilit ...)
+ TODO: check
+CVE-2026-33578 (OpenClaw before 2026.3.28 contains a sender policy bypass vulnerabilit ...)
+ TODO: check
+CVE-2026-33577 (OpenClaw before 2026.3.28 contains an insufficient scope validation vu ...)
+ TODO: check
+CVE-2026-33576 (OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo ...)
+ TODO: check
+CVE-2026-33415 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-33300 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-33276 (Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0 ...)
+ TODO: check
+CVE-2026-33185 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-33074 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-33073 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-32988 (OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerabi ...)
+ TODO: check
+CVE-2026-32982 (OpenClaw before 2026.3.13 contains an information disclosure vulnerabi ...)
+ TODO: check
+CVE-2026-32977 (OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerabi ...)
+ TODO: check
+CVE-2026-32976 (OpenClaw before 2026.3.11 contains an authorization bypass vulnerabili ...)
+ TODO: check
+CVE-2026-32971 (OpenClaw before 2026.3.11 contains an approval-integrity vulnerability ...)
+ TODO: check
+CVE-2026-32970 (OpenClaw before 2026.3.11 contains a credential fallback vulnerability ...)
+ TODO: check
+CVE-2026-32951 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-32921 (OpenClaw before 2026.3.8 contains an approval bypass vulnerability in ...)
+ TODO: check
+CVE-2026-32920 (OpenClaw before 2026.3.12 automatically discovers and loads plugins fr ...)
+ TODO: check
+CVE-2026-32917 (OpenClaw before 2026.3.13 contains a remote command injection vulnerab ...)
+ TODO: check
+CVE-2026-32916 (OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization b ...)
+ TODO: check
+CVE-2026-32726 (SciTokens C++ is a minimal library for creating and using SciTokens fr ...)
+ TODO: check
+CVE-2026-32725 (SciTokens C++ is a minimal library for creating and using SciTokens fr ...)
+ TODO: check
+CVE-2026-32620 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-32619 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-32618 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-32615 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-32607 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-32273 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-32243 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-32143 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-32113 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
+ TODO: check
+CVE-2026-30521 (A Business Logic vulnerability exists in SourceCodester Loan Managemen ...)
+ TODO: check
+CVE-2026-30520 (A Blind SQL Injection vulnerability exists in SourceCodester Loan Mana ...)
+ TODO: check
+CVE-2026-30314 (Ridvay Code's command auto-approval module contains a critical OS comm ...)
+ TODO: check
+CVE-2026-30312 (DSAI-Cline's command auto-approval module contains a critical OS comma ...)
+ TODO: check
+CVE-2026-30311 (Ridvay Code's command auto-approval module contains a critical OS comm ...)
+ TODO: check
+CVE-2026-30310 (In its design for automatic terminal command execution, Sixth offers t ...)
+ TODO: check
+CVE-2026-30309 (InfCode's terminal auto-execution module contains a critical command f ...)
+ TODO: check
+CVE-2026-30290 (An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ...)
+ TODO: check
+CVE-2026-30286 (An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Clo ...)
+ TODO: check
+CVE-2026-30285 (An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn C ...)
+ TODO: check
+CVE-2026-30284 (An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorde ...)
+ TODO: check
+CVE-2026-30283 (An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal ...)
+ TODO: check
+CVE-2026-30282 (An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Sc ...)
+ TODO: check
+CVE-2026-30281 (An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allo ...)
+ TODO: check
+CVE-2026-30280 (An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVAT ...)
+ TODO: check
+CVE-2026-30279 (An arbitrary file overwrite vulnerability in Squareapps LLC My Locatio ...)
+ TODO: check
+CVE-2026-30278 (An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navig ...)
+ TODO: check
+CVE-2026-30277 (An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX ...)
+ TODO: check
+CVE-2026-30276 (An arbitrary file overwrite vulnerability in DeftPDF Document Translat ...)
+ TODO: check
+CVE-2026-2950 (Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototy ...)
+ TODO: check
+CVE-2026-2696 (The Export All URLs WordPress plugin before 5.1 generates CSV filename ...)
+ TODO: check
+CVE-2026-2480 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
+ TODO: check
+CVE-2026-2394 (Buffer Over-read vulnerability in RTI Connext Professional (Core Libra ...)
+ TODO: check
+CVE-2026-2123 (A security audit identified a privilege escalation vulnerability in Op ...)
+ TODO: check
+CVE-2026-29870 (A directory traversal vulnerability in the agentic-context-engine proj ...)
+ TODO: check
+CVE-2026-24165 (NVIDIA BioNeMo contains a vulnerability where a user could cause a des ...)
+ TODO: check
+CVE-2026-24164 (NVIDIA BioNeMo contains a vulnerability where a user could cause a des ...)
+ TODO: check
+CVE-2026-24154 (NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged ...)
+ TODO: check
+CVE-2026-24153 (NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks tr ...)
+ TODO: check
+CVE-2026-24148 (NVIDIA Jetson for JetPack contains a vulnerability in the system initi ...)
+ TODO: check
+CVE-2026-22569 (An incorrect startup configuration of affected versions of Zscaler Cli ...)
+ TODO: check
+CVE-2026-22561 (Uncontrolled search path elements in Anthropic Claude for Windows inst ...)
+ TODO: check
+CVE-2026-20915 (Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) befo ...)
+ TODO: check
+CVE-2026-1579 (The MAVLink communication protocol does not require cryptographic aut ...)
+ TODO: check
+CVE-2026-0596 (A command injection vulnerability exists in mlflow/mlflow when serving ...)
+ TODO: check
+CVE-2025-71282 (XenForo before 2.3.7 discloses filesystem paths through exception mess ...)
+ TODO: check
+CVE-2025-71281 (XenForo before 2.3.7 does not properly restrict methods callable from ...)
+ TODO: check
+CVE-2025-71280 (XenForo before 2.3.7 allows information disclosure via local account p ...)
+ TODO: check
+CVE-2025-71279 (XenForo before 2.3.7 contains a security issue affecting Passkeys that ...)
+ TODO: check
+CVE-2025-71278 (XenForo before 2.3.5 allows OAuth2 client applications to request unau ...)
+ TODO: check
+CVE-2025-62184 (Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored C ...)
+ TODO: check
+CVE-2025-41357 (Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Serve ...)
+ TODO: check
+CVE-2025-41356 (Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Serve ...)
+ TODO: check
+CVE-2025-41355 (Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Serve ...)
+ TODO: check
+CVE-2025-15484 (The Order Notification for WooCommerce WordPress plugin before 3.6.3 ...)
+ TODO: check
+CVE-2025-14213 (Cato Networks\u2019 Socket versions prior to 25 contain a command inje ...)
+ TODO: check
+CVE-2025-13855 (IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vu ...)
+ TODO: check
+CVE-2025-10559 (A Path Traversal vulnerability affecting Factory Resource Management i ...)
+ TODO: check
+CVE-2025-10553 (A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Re ...)
+ TODO: check
+CVE-2025-10551 (A Stored Cross-site Scripting (XSS) vulnerability affecting Document M ...)
+ TODO: check
+CVE-2024-58342 (XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially c ...)
+ TODO: check
CVE-2026-34956
- openvswitch <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/03/31/15
@@ -8,68 +516,68 @@ CVE-2026-34956
NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/1291c22c8ba59d40843502e97b37537bc53dfc53 (v3.6.3)
NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/a9785c7e1df73fc3dd5f9ca3816a884e63f2f9e0 (v3.7.1)
NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2026-March/431425.html
-CVE-2026-5273
- - chromium <unfixed>
+CVE-2026-5273 (Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5272
- - chromium <unfixed>
+CVE-2026-5272 (Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 a ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5274
- - chromium <unfixed>
+CVE-2026-5274 (Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 al ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5275
- - chromium <unfixed>
+CVE-2026-5275 (Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7 ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5276
- - chromium <unfixed>
+CVE-2026-5276 (Insufficient policy enforcement in WebUSB in Google Chrome prior to 14 ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5277
- - chromium <unfixed>
+CVE-2026-5277 (Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7 ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5278
- - chromium <unfixed>
+CVE-2026-5278 (Use after free in Web MIDI in Google Chrome on Android prior to 146.0. ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5279
- - chromium <unfixed>
+CVE-2026-5279 (Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allow ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5280
- - chromium <unfixed>
+CVE-2026-5280 (Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 a ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5281
- - chromium <unfixed>
+CVE-2026-5281 (Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowe ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5282
- - chromium <unfixed>
+CVE-2026-5282 (Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.1 ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5283
- - chromium <unfixed>
+CVE-2026-5283 (Inappropriate implementation in ANGLE in Google Chrome prior to 146.0. ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5284
- - chromium <unfixed>
+CVE-2026-5284 (Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowe ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5285
- - chromium <unfixed>
+CVE-2026-5285 (Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allow ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5286
- - chromium <unfixed>
+CVE-2026-5286 (Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowe ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5287
- - chromium <unfixed>
+CVE-2026-5287 (Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5288
- - chromium <unfixed>
+CVE-2026-5288 (Use after free in WebView in Google Chrome on Android prior to 146.0.7 ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5289
- - chromium <unfixed>
+CVE-2026-5289 (Use after free in Navigation in Google Chrome prior to 146.0.7680.178 ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5290
- - chromium <unfixed>
+CVE-2026-5290 (Use after free in Compositing in Google Chrome prior to 146.0.7680.178 ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5291
- - chromium <unfixed>
+CVE-2026-5291 (Inappropriate implementation in WebGL in Google Chrome prior to 146.0. ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-5292
- - chromium <unfixed>
+CVE-2026-5292 (Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.1 ...)
+ - chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-34743 [liblzma: Fix a buffer overflow in lzma_index_append()]
- xz-utils <unfixed>
@@ -77,57 +585,57 @@ CVE-2026-34743 [liblzma: Fix a buffer overflow in lzma_index_append()]
[bookworm] - xz-utils <no-dsa> (Minor issue)
NOTE: https://tukaani.org/xz/index-append-overflow.html
NOTE: Fixed by: https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 (v5.8.3)
-CVE-2026-5087
+CVE-2026-5087 (PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for ...)
NOT-FOR-US: PAGI::Middleware::Session::Store::Cookie Perl module
-CVE-2024-14031
+CVE-2024-14031 (Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vuln ...)
- libsereal-encoder-perl <not-affected> (Vulnerable code never present in packaged versions)
NOTE: Since 4.004+ds-1 the packaging excludes embedded zstd/ and before this version
NOTE: does not embed a Zstandard (zstd) library
NOTE: https://lists.security.metacpan.org/cve-announce/msg/38450207/
-CVE-2024-14030
+CVE-2024-14030 (Sereal::Decoder versions from 4.000 through 4.009_002 for Perl is vuln ...)
- libsereal-encoder-perl <not-affected> (Vulnerable code never present in packaged versions)
NOTE: Since 4.004+ds-1 the packaging excludes embedded zstd/ and before this version
NOTE: does not embed a Zstandard (zstd) library
NOTE: https://lists.security.metacpan.org/cve-announce/msg/38450209/
-CVE-2025-15618
+CVE-2025-15618 (Business::OnlinePayment::StoredTransaction versions through 0.01 for P ...)
NOT-FOR-US: Business::OnlinePayment::StoredTransaction Perl module
-CVE-2026-0396
+CVE-2026-0396 (An attacker might be able to inject HTML content into the internal web ...)
- dnsdist 2.0.3-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
NOTE: https://downloads.powerdns.com/patches/2026-02/
-CVE-2026-0397
+CVE-2026-0397 (When the internal webserver is enabled (default is disabled), an attac ...)
- dnsdist 2.0.3-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
NOTE: https://downloads.powerdns.com/patches/2026-02/
-CVE-2026-24028
+CVE-2026-24028 (An attacker might be able to trigger an out-of-bounds read by sending ...)
- dnsdist 2.0.3-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
NOTE: https://downloads.powerdns.com/patches/2026-02/
-CVE-2026-24029
+CVE-2026-24029 (When the early_acl_drop (earlyACLDrop in Lua) option is disabled (defa ...)
- dnsdist 2.0.3-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
NOTE: https://downloads.powerdns.com/patches/2026-02/
-CVE-2026-24030
+CVE-2026-24030 (An attacker might be able to trick DNSdist into allocating too much me ...)
- dnsdist 2.0.3-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
NOTE: https://downloads.powerdns.com/patches/2026-02/
-CVE-2026-27853
+CVE-2026-27853 (An attacker might be able to trigger an out-of-bounds write by sending ...)
- dnsdist 2.0.3-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
NOTE: https://downloads.powerdns.com/patches/2026-02/
-CVE-2026-27854
+CVE-2026-27854 (An attacker might be able to trigger a use-after-free by sending craft ...)
- dnsdist 2.0.3-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
@@ -299,7 +807,8 @@ CVE-2026-5164 (A flaw was found in virtio-win. The `RhelDoUnMap()` function does
NOT-FOR-US: virtio Windows drivers
CVE-2026-5147 (A security flaw has been discovered in YunaiV yudao-cloud up to 2026.0 ...)
NOT-FOR-US: YunaiV yudao-cloud
-CVE-2026-5128 (A sensitive information exposure vulnerability exists in ArthurFiorett ...)
+CVE-2026-5128
+ REJECTED
NOT-FOR-US: ArthurFiorette steam-trader
CVE-2026-5126 (A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected ...)
NOT-FOR-US: SourceCodester
@@ -1468,7 +1977,7 @@ CVE-2026-3650 (A memory leak exists in the Grassroots DICOM library (GDCM). The
CVE-2026-1556 (Information disclosure in the file URI processing of File (Field) Path ...)
- drupal7 <removed>
CVE-2026-33542 (Incus is a system container and virtual machine manager. Prior to vers ...)
- {DSA-6184-1}
+ {DSA-6188-1 DSA-6184-1}
- incus 6.0.6-2
- lxd <removed>
NOTE: https://github.com/lxc/incus/pull/3092
@@ -1486,7 +1995,7 @@ CVE-2026-33743 (Incus is a system container and virtual machine manager. Prior t
NOTE: https://github.com/lxc/incus/pull/3092
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-vg76-xmhg-j5x3
CVE-2026-33897 (Incus is a system container and virtual machine manager. Prior to vers ...)
- {DSA-6184-1}
+ {DSA-6188-1 DSA-6184-1}
- incus 6.0.6-2
- lxd <removed>
NOTE: https://github.com/lxc/incus/pull/3092
@@ -1856,6 +2365,7 @@ CVE-2026-23396 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/c73bb9a2d33bf81f6eecaa0f474b6c6dbe9855bd (7.0-rc5)
CVE-2026-33416 (LIBPNG is a reference library for use in applications that read, creat ...)
+ {DSA-6189-1}
- libpng1.6 1.6.56-1 (bug #1132012)
NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j
NOTE: https://github.com/pnggroup/libpng/pull/824
@@ -1864,6 +2374,7 @@ CVE-2026-33416 (LIBPNG is a reference library for use in applications that read,
NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 (v1.6.56)
NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 (v1.6.56)
CVE-2026-33636 (LIBPNG is a reference library for use in applications that read, creat ...)
+ {DSA-6189-1}
- libpng1.6 1.6.56-1 (bug #1132013)
NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2
NOTE: Introduced with: https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 (v1.6.36)
@@ -6665,7 +7176,7 @@ CVE-2026-4439 (Out of bounds memory access in WebGL in Google Chrome on Android
{DSA-6171-1}
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-34881 [OSSA-2026-004: Server-Side Request Forgery (SSRF) vulnerabilities inOpenStack Glance image import functionality]
+CVE-2026-34881 (OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Se ...)
- glance 2:31.0.0-3 (bug #1131274)
[trixie] - glance <no-dsa> (Minor issue)
[bookworm] - glance <no-dsa> (Minor issue)
@@ -9308,7 +9819,7 @@ CVE-2026-28792 (Tina is a headless content management system. Prior to 2.1.8 , t
CVE-2026-28791 (Tina is a headless content management system. Prior to 2.1.7, a path t ...)
NOT-FOR-US: Tina CMS (different from src:tina)
CVE-2026-28384 (An improper sanitization of the compression_algorithm parameter in Can ...)
- {DSA-6184-1}
+ {DSA-6188-1 DSA-6184-1}
- incus 6.0.6-1
- lxd <removed>
NOTE: https://github.com/canonical/lxd/security/advisories/GHSA-4rmf-rcp8-2r9g
@@ -46933,7 +47444,7 @@ CVE-2025-67744 (DeepChat is an open-source artificial intelligence agent platfor
CVE-2025-67736 (The FreePBX module tts (Text to Speech) for FreePBX, an open-source we ...)
NOT-FOR-US: FreePBX module tts (Text to Speech) for FreePBX
CVE-2025-67735 (Netty is an asynchronous, event-driven network application framework. ...)
- {DSA-6160-1}
+ {DSA-6160-1 DLA-4519-1}
[experimental] - netty 1:4.1.48-15
- netty 1:4.1.48-16 (bug #1123606)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4
@@ -67237,7 +67748,7 @@ CVE-2025-59481 (A vulnerability exists in an undisclosed iControl REST and BIG-I
CVE-2025-59478 (When a BIG-IP AFM denial-of-service (DoS) protection profile is config ...)
NOT-FOR-US: F5
CVE-2025-59419 (Netty is an asynchronous, event-driven network application framework. ...)
- {DSA-6160-1}
+ {DSA-6160-1 DLA-4519-1}
- netty 1:4.1.48-11 (bug #1118282)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86
NOTE: https://github.com/netty/netty/commit/1782e8c2060a244c4d4e6f9d9112d5517ca05120 (netty-4.2.7.Final)
@@ -84738,14 +85249,14 @@ CVE-2025-58171
CVE-2025-58064 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...)
TODO: check
CVE-2025-58057 (Netty is an asynchronous event-driven network application framework fo ...)
- {DSA-6160-1}
+ {DSA-6160-1 DLA-4519-1}
- netty 1:4.1.48-12 (bug #1113994)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-3p8m-j85q-pgmj
NOTE: https://github.com/netty/netty/pull/15612
NOTE: Fixed by: https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d (netty-4.2.5.Final)
NOTE: Fixed by: https://github.com/netty/netty/commit/34894ac73b02efefeacd9c0972780b32dc3de04f (netty-4.1.125.Final)
CVE-2025-58056 (Netty is an asynchronous event-driven network application framework fo ...)
- {DSA-6160-1}
+ {DSA-6160-1 DLA-4519-1}
- netty 1:4.1.48-13 (bug #1113995)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49
NOTE: https://github.com/netty/netty/issues/15522
@@ -91412,7 +91923,7 @@ CVE-2025-55280 (This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi
CVE-2025-55279 (This vulnerability exists in ZKTeco WL20 due to hard-coded private key ...)
NOT-FOR-US: ZKTeco
CVE-2025-55163 (Netty is an asynchronous, event-driven network application framework. ...)
- {DSA-6160-1}
+ {DSA-6160-1 DLA-4519-1}
- netty 1:4.1.48-11 (bug #1111105)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4
NOTE: Fixed by [1/2]: https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1 (netty-4.1.124.Final)
@@ -245719,7 +246230,7 @@ CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote at
CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...)
NOT-FOR-US: Lepton CMS
CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...)
- {DLA-3834-1}
+ {DLA-4519-1 DLA-3834-1}
- netty 1:4.1.48-10 (bug #1068110)
[bookworm] - netty 1:4.1.48-7+deb12u2
NOTE: https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6a7e03e5eec7b44abf1f97204b2e040046288f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6a7e03e5eec7b44abf1f97204b2e040046288f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260401/67490236/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list