[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 6 20:13:39 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b65f6efc by security tracker role at 2026-04-06T19:13:30+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,327 @@
-CVE-2026-31410 [ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION]
+CVE-2026-5704 (A flaw was found in tar. A remote attacker could exploit this vulnerab ...)
+	TODO: check
+CVE-2026-5678 (A weakness has been identified in Totolink A7100RU 7.4cu.2313_b2019102 ...)
+	TODO: check
+CVE-2026-5677 (A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20 ...)
+	TODO: check
+CVE-2026-5676 (A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413.  ...)
+	TODO: check
+CVE-2026-5675 (A vulnerability was found in itsourcecode Construction Management Syst ...)
+	TODO: check
+CVE-2026-5673 (A flaw was found in libtheora. This heap-based out-of-bounds read vuln ...)
+	TODO: check
+CVE-2026-5672 (A vulnerability has been found in code-projects Simple IT Discussion F ...)
+	TODO: check
+CVE-2026-5671 (A vulnerability was determined in Cyber-III Student-Management-System  ...)
+	TODO: check
+CVE-2026-5670 (A vulnerability was found in Cyber-III Student-Management-System up to ...)
+	TODO: check
+CVE-2026-5669 (A vulnerability has been found in Cyber-III Student-Management-System  ...)
+	TODO: check
+CVE-2026-5668 (A flaw has been found in Cyber-III Student-Management-System up to 1a9 ...)
+	TODO: check
+CVE-2026-5666 (A vulnerability was detected in code-projects Online FIR System 1.0. A ...)
+	TODO: check
+CVE-2026-5665 (A security vulnerability has been detected in code-projects Online FIR ...)
+	TODO: check
+CVE-2026-5664
+	REJECTED
+CVE-2026-5663 (A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This i ...)
+	TODO: check
+CVE-2026-5661 (A vulnerability was identified in Free5GC 4.2.0. This affects an unkno ...)
+	TODO: check
+CVE-2026-5660 (A vulnerability was determined in itsourcecode Construction Management ...)
+	TODO: check
+CVE-2026-5659 (A vulnerability was found in pytries datrie up to 0.8.3. The affected  ...)
+	TODO: check
+CVE-2026-5650 (A vulnerability was found in code-projects Online Application System f ...)
+	TODO: check
+CVE-2026-5649 (A vulnerability has been found in code-projects Online Application Sys ...)
+	TODO: check
+CVE-2026-5648 (A flaw has been found in code-projects Simple Laundry System 1.0. This ...)
+	TODO: check
+CVE-2026-5647 (A vulnerability was detected in code-projects Online Shoe Store 1.0. T ...)
+	TODO: check
+CVE-2026-5646 (A security vulnerability has been detected in code-projects Easy Blog  ...)
+	TODO: check
+CVE-2026-5645 (A weakness has been identified in projectworlds Car Rental System 1.0. ...)
+	TODO: check
+CVE-2026-5644 (A security flaw has been discovered in Cyber-III Student-Management-Sy ...)
+	TODO: check
+CVE-2026-5643 (A vulnerability was identified in Cyber-III Student-Management-System  ...)
+	TODO: check
+CVE-2026-5642 (A vulnerability was determined in Cyber-III Student-Management-System  ...)
+	TODO: check
+CVE-2026-5641 (A vulnerability was found in PHPGurukul Online Shopping Portal Project ...)
+	TODO: check
+CVE-2026-5640 (A vulnerability has been found in PHPGurukul Online Shopping Portal Pr ...)
+	TODO: check
+CVE-2026-5639 (A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1 ...)
+	TODO: check
+CVE-2026-5638 (A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. T ...)
+	TODO: check
+CVE-2026-5637 (A security vulnerability has been detected in projectworlds Car Rental ...)
+	TODO: check
+CVE-2026-5636 (A weakness has been identified in PHPGurukul Online Shopping Portal Pr ...)
+	TODO: check
+CVE-2026-5635 (A security flaw has been discovered in PHPGurukul Online Shopping Port ...)
+	TODO: check
+CVE-2026-5634 (A vulnerability was identified in projectworlds Car Rental Project 1.0 ...)
+	TODO: check
+CVE-2026-5633 (A vulnerability was determined in assafelovic gpt-researcher up to 3.4 ...)
+	TODO: check
+CVE-2026-3524 (Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request pro ...)
+	TODO: check
+CVE-2026-37977 (A flaw was found in Keycloak. A remote attacker can exploit a Cross-Or ...)
+	TODO: check
+CVE-2026-35470 (OpenSTAManager is an open source management software for technical ass ...)
+	TODO: check
+CVE-2026-35209 (defu is software that allows uers to assign default properties recursi ...)
+	TODO: check
+CVE-2026-35177 (Vim is an open source, command line text editor. Prior to 9.2.0280, a  ...)
+	TODO: check
+CVE-2026-35175 (Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, ...)
+	TODO: check
+CVE-2026-35174 (Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01,  ...)
+	TODO: check
+CVE-2026-35173 (Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01,  ...)
+	TODO: check
+CVE-2026-35171 (Kedro is a toolbox for production-ready data science. Prior to 1.3.0,  ...)
+	TODO: check
+CVE-2026-35167 (Kedro is a toolbox for production-ready data science. Prior to 1.3.0,  ...)
+	TODO: check
+CVE-2026-35166 (Hugo is a static site generator. From 0.60.0 to before 0.159.2, links  ...)
+	TODO: check
+CVE-2026-35164 (Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file  ...)
+	TODO: check
+CVE-2026-35052 (D-Tale is the combination of a Flask back-end and a React front-end to ...)
+	TODO: check
+CVE-2026-35050 (text-generation-webui is an open-source web interface for running Larg ...)
+	TODO: check
+CVE-2026-35047 (Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File  ...)
+	TODO: check
+CVE-2026-35046 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+	TODO: check
+CVE-2026-35045 (Tandoor Recipes is an application for managing recipes, planning meals ...)
+	TODO: check
+CVE-2026-35044 (BentoML is a Python library for building online serving systems optimi ...)
+	TODO: check
+CVE-2026-35043 (BentoML is a Python library for building online serving systems optimi ...)
+	TODO: check
+CVE-2026-35042 (fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 a ...)
+	TODO: check
+CVE-2026-35039 (fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 ...)
+	TODO: check
+CVE-2026-35037 (Ech0 is an open-source, self-hosted publishing platform for personal i ...)
+	TODO: check
+CVE-2026-35036 (Ech0 is an open-source, self-hosted publishing platform for personal i ...)
+	TODO: check
+CVE-2026-35035 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+	TODO: check
+CVE-2026-35030 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or  ...)
+	TODO: check
+CVE-2026-35029 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or  ...)
+	TODO: check
+CVE-2026-34992 (Antrea is a Kubernetes networking solution intended to be Kubernetes n ...)
+	TODO: check
+CVE-2026-34989 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
+	TODO: check
+CVE-2026-34986 (Go JOSE provides an implementation of the Javascript Object Signing an ...)
+	TODO: check
+CVE-2026-34981 (The whisperX API is a tool for enhancing and analyzing audio content.  ...)
+	TODO: check
+CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2. ...)
+	TODO: check
+CVE-2026-34976 (Dgraph is an open source distributed GraphQL database. Prior to 25.3.1 ...)
+	TODO: check
+CVE-2026-34975 (Plunk is an open-source email platform built on top of AWS SES. Prior  ...)
+	TODO: check
+CVE-2026-34969 (Nhost is an open source Firebase alternative with GraphQL. Prior to 0. ...)
+	TODO: check
+CVE-2026-34951 (Workbench is a suite of tools for administrators and developers to int ...)
+	TODO: check
+CVE-2026-34950 (fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 a ...)
+	TODO: check
+CVE-2026-34940 (KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, th ...)
+	TODO: check
+CVE-2026-34897 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2026-34885 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2026-34841 (Bruno is an open source IDE for exploring and testing APIs. Prior to 3 ...)
+	TODO: check
+CVE-2026-34783 (Ferret is a declarative system for working with web data. Prior to 2.0 ...)
+	TODO: check
+CVE-2026-34764 (Electron is a framework for writing cross-platform desktop application ...)
+	TODO: check
+CVE-2026-34756 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-34755 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-34753 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-34589 (OpenEXR provides the specification and reference implementation of the ...)
+	TODO: check
+CVE-2026-34588 (OpenEXR provides the specification and reference implementation of the ...)
+	TODO: check
+CVE-2026-34444 (Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 an ...)
+	TODO: check
+CVE-2026-34402 (ChurchCRM is an open-source church management system. Prior to 7.1.0,  ...)
+	TODO: check
+CVE-2026-34380 (OpenEXR provides the specification and reference implementation of the ...)
+	TODO: check
+CVE-2026-34379 (OpenEXR provides the specification and reference implementation of the ...)
+	TODO: check
+CVE-2026-34378 (OpenEXR provides the specification and reference implementation of the ...)
+	TODO: check
+CVE-2026-34217 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope ...)
+	TODO: check
+CVE-2026-34211 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @ny ...)
+	TODO: check
+CVE-2026-34208 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, Sandbox ...)
+	TODO: check
+CVE-2026-34148 (Fedify is a TypeScript library for building federated server apps powe ...)
+	TODO: check
+CVE-2026-33817 (Index out-of-range when encountering a branch page with zero elements  ...)
+	TODO: check
+CVE-2026-33752 (curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi ...)
+	TODO: check
+CVE-2026-33727 (Pi-hole is a Linux network-level advertisement and Internet tracker bl ...)
+	TODO: check
+CVE-2026-33540 (Distribution is a toolkit to pack, ship, store, and deliver container  ...)
+	TODO: check
+CVE-2026-33510 (Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross ...)
+	TODO: check
+CVE-2026-33406 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
+	TODO: check
+CVE-2026-33405 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
+	TODO: check
+CVE-2026-33404 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
+	TODO: check
+CVE-2026-33403 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
+	TODO: check
+CVE-2026-32602 (Homarr is an open-source dashboard. Prior to 1.57.0, the user registra ...)
+	TODO: check
+CVE-2026-31354 (Multiple authenticated stored cross-site scripting (XSS) vulnerabiliti ...)
+	TODO: check
+CVE-2026-31353 (An authenticated stored cross-site scripting (XSS) vulnerability in th ...)
+	TODO: check
+CVE-2026-31352 (An authenticated stored cross-site scripting (XSS) vulnerability in th ...)
+	TODO: check
+CVE-2026-31351 (An authenticated stored cross-site scripting (XSS) vulnerability in th ...)
+	TODO: check
+CVE-2026-31350 (An authenticated stored cross-site scripting (XSS) vulnerability in Fe ...)
+	TODO: check
+CVE-2026-31313 (An authenticated stored cross-site scripting (XSS) vulnerability in th ...)
+	TODO: check
+CVE-2026-31153 (A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 a ...)
+	TODO: check
+CVE-2026-31151 (An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attacke ...)
+	TODO: check
+CVE-2026-31150 (Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated  ...)
+	TODO: check
+CVE-2026-31067 (A remote command execution (RCE) vulnerability in the /goform/formRele ...)
+	TODO: check
+CVE-2026-31066 (UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a  ...)
+	TODO: check
+CVE-2026-31065 (UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer ...)
+	TODO: check
+CVE-2026-31063 (UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a  ...)
+	TODO: check
+CVE-2026-31062 (UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer ...)
+	TODO: check
+CVE-2026-31061 (UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a  ...)
+	TODO: check
+CVE-2026-31060 (UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a  ...)
+	TODO: check
+CVE-2026-31059 (A remote command execution (RCE) vulnerability in the /goform/formDia  ...)
+	TODO: check
+CVE-2026-31058 (UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a  ...)
+	TODO: check
+CVE-2026-31053 (A double free vulnerability exists in librz/bin/format/le/le.c in the  ...)
+	TODO: check
+CVE-2026-30613 (An information disclosure vulnerability exists in AZIOT 1 Node Smart S ...)
+	TODO: check
+CVE-2026-30078 (OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message w ...)
+	TODO: check
+CVE-2026-29047 (GLPI is a free asset and IT management software package. From 10.0.0 t ...)
+	TODO: check
+CVE-2026-26263 (GLPI is a free asset and IT management software package. From 11.0.0 t ...)
+	TODO: check
+CVE-2026-26027 (GLPI is a free asset and IT management software package. From 11.0.0 t ...)
+	TODO: check
+CVE-2026-26026 (GLPI is a free asset and IT management software package. From 11.0.0 t ...)
+	TODO: check
+CVE-2026-25932 (GLPI is a Free Asset and IT Management Software package. From 0.60 to  ...)
+	TODO: check
+CVE-2026-21382 (Memory Corruption when handling power management requests with imprope ...)
+	TODO: check
+CVE-2026-21381 (Transient DOS when receiving a service data frame with excessive lengt ...)
+	TODO: check
+CVE-2026-21380 (Memory Corruption when using deprecated DMABUF IOCTL calls to manage v ...)
+	TODO: check
+CVE-2026-21378 (Memory Corruption when accessing an output buffer without validating i ...)
+	TODO: check
+CVE-2026-21376 (Memory Corruption when accessing an output buffer without validating i ...)
+	TODO: check
+CVE-2026-21375 (Memory Corruption when accessing an output buffer without validating i ...)
+	TODO: check
+CVE-2026-21374 (Memory Corruption when processing auxiliary sensor input/output contro ...)
+	TODO: check
+CVE-2026-21373 (Memory Corruption when accessing an output buffer without validating i ...)
+	TODO: check
+CVE-2026-21372 (Memory Corruption when sending IOCTL requests with invalid buffer size ...)
+	TODO: check
+CVE-2026-21371 (Memory Corruption when retrieving output buffer with insufficient size ...)
+	TODO: check
+CVE-2026-21367 (Transient DOS when processing nonstandard FILS Discovery Frames with o ...)
+	TODO: check
+CVE-2026-0049 (In onHeaderDecoded of LocalImageResolver.java, there is a possible per ...)
+	TODO: check
+CVE-2025-61166 (An open redirect in Ascertia SigningHub User v10.0 allows attackers to ...)
+	TODO: check
+CVE-2025-59440 (An issue was discovered in USIM in Samsung Mobile Processor, Wearable  ...)
+	TODO: check
+CVE-2025-58349 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)
+	TODO: check
+CVE-2025-57835 (An issue was discovered in RRC in Samsung Mobile Processor, Wearable P ...)
+	TODO: check
+CVE-2025-54324 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
+	TODO: check
+CVE-2025-48651 (N/A)
+	TODO: check
+CVE-2025-47400 (Cryptographic issue while copying data to a destination buffer without ...)
+	TODO: check
+CVE-2025-47392 (Memory corruption when decoding corrupted satellite data files with in ...)
+	TODO: check
+CVE-2025-47391 (Memory corruption while processing a frame request from user.)
+	TODO: check
+CVE-2025-47390 (Memory corruption while preprocessing IOCTL request in JPEG driver.)
+	TODO: check
+CVE-2025-47389 (Memory corruption when buffer copy operation fails due to integer over ...)
+	TODO: check
+CVE-2025-47374 (Memory Corruption when accessing freed memory due to concurrent fence  ...)
+	TODO: check
+CVE-2024-14032 (Twitch Studio version 0.114.8 and prior contain a privilege escalation ...)
+	TODO: check
+CVE-2026-31410 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.19.10-1
 	NOTE: https://git.kernel.org/linus/3a64125730cabc34fccfbc230c2667c2e14f7308 (7.0-rc5)
-CVE-2026-31409 [ksmbd: unset conn->binding on failed binding request]
+CVE-2026-31409 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux 6.19.10-1
 	NOTE: https://git.kernel.org/linus/282343cf8a4a5a3603b1cb0e17a7083e4a593b03 (7.0-rc5)
-CVE-2026-31408 [Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold]
+CVE-2026-31408 (In the Linux kernel, the following vulnerability has been resolved:  B ...)
 	- linux 6.19.11-1
 	NOTE: https://git.kernel.org/linus/598dbba9919c5e36c54fe1709b557d64120cb94b (7.0-rc6)
-CVE-2026-31407 [netfilter: conntrack: add missing netlink policy validations]
+CVE-2026-31407 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.19.10-1
 	NOTE: https://git.kernel.org/linus/f900e1d77ee0ef87bfb5ab3fe60f0b3d8ad5ba05 (7.0-rc5)
-CVE-2026-31406 [xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini()]
+CVE-2026-31406 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
 	- linux 6.19.11-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/daf8e3b253aa760ff9e96c7768a464bc1d6b3c90 (7.0-rc6)
-CVE-2026-31405 [media: dvb-net: fix OOB access in ULE extension header tables]
+CVE-2026-31405 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.19.10-1
 	NOTE: https://git.kernel.org/linus/24d87712727a5017ad142d63940589a36cd25647 (7.0-rc3)
 CVE-2026-5632 (A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. T ...)
@@ -2295,7 +2601,7 @@ CVE-2026-23401 (In the Linux kernel, the following vulnerability has been resolv
 	- linux 6.19.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/aad885e774966e97b675dfe928da164214a71605 (7.0-rc6)
-CVE-2026-34982
+CVE-2026-34982 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
 	- vim <unfixed> (bug #1132450)
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9
 	NOTE: Fixed by: https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615f13a7de44c0587 (v9.2.0276)
@@ -79790,7 +80096,8 @@ CVE-2025-57960 (Cross-Site Request Forgery (CSRF) vulnerability in TravelMap Tra
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-57959 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
-CVE-2025-57958 (Missing Authorization vulnerability in WPXPO WowAddons product-addons  ...)
+CVE-2025-57958
+	REJECTED
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-57957 (Missing Authorization vulnerability in wpcraft WooMS wooms allows Expl ...)
 	NOT-FOR-US: WordPress plugin or theme



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65f6efcd3a541919c8e4047323c23d8723b3a6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b65f6efcd3a541919c8e4047323c23d8723b3a6d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260406/6c25d043/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list