[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 7 08:14:36 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e8519272 by security tracker role at 2026-04-07T07:14:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,185 @@
+CVE-2026-5719 (A flaw has been found in itsourcecode Construction Management System 1 ...)
+ TODO: check
+CVE-2026-5709 (Unsanitized input in the FileBrowser API in AWS Research and Engineeri ...)
+ TODO: check
+CVE-2026-5708 (Unsanitized control of user-modifiable attributes in the session creat ...)
+ TODO: check
+CVE-2026-5707 (Unsanitized input in an OS command in the virtual desktop session name ...)
+ TODO: check
+CVE-2026-5705 (A vulnerability was identified in code-projects Online Hotel Booking 1 ...)
+ TODO: check
+CVE-2026-5692 (A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Th ...)
+ TODO: check
+CVE-2026-5691 (A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b2019102 ...)
+ TODO: check
+CVE-2026-5690 (A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The im ...)
+ TODO: check
+CVE-2026-5689 (A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. ...)
+ TODO: check
+CVE-2026-5688 (A security vulnerability has been detected in Totolink A7100RU 7.4cu.2 ...)
+ TODO: check
+CVE-2026-5687 (A weakness has been identified in Tenda CX12L 16.03.53.12. This issue ...)
+ TODO: check
+CVE-2026-5686 (A security flaw has been discovered in Tenda CX12L 16.03.53.12. This v ...)
+ TODO: check
+CVE-2026-5685 (A vulnerability was identified in Tenda CX12L 16.03.53.12. This affect ...)
+ TODO: check
+CVE-2026-5684 (A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by ...)
+ TODO: check
+CVE-2026-5683 (A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this ...)
+ TODO: check
+CVE-2026-5682 (A vulnerability has been found in Meesho Online Shopping App up to 27. ...)
+ TODO: check
+CVE-2026-5681 (A flaw has been found in itsourcecode sanitize or validate this input ...)
+ TODO: check
+CVE-2026-5679 (A security vulnerability has been detected in Totolink A3300R 17.0.0cu ...)
+ TODO: check
+CVE-2026-5465 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin ...)
+ TODO: check
+CVE-2026-4079 (The SQL Chart Builder WordPress plugin before 2.3.8 does not properly ...)
+ TODO: check
+CVE-2026-35475 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, th ...)
+ TODO: check
+CVE-2026-35474 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, op ...)
+ TODO: check
+CVE-2026-35473 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...)
+ TODO: check
+CVE-2026-35472 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...)
+ TODO: check
+CVE-2026-35471 (goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdel ...)
+ TODO: check
+CVE-2026-35459 (pyLoad is a free and open-source download manager written in Python. I ...)
+ TODO: check
+CVE-2026-35454 (The Code Extension Marketplace is an open-source alternative to the VS ...)
+ TODO: check
+CVE-2026-35452 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-35450 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-35449 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-35448 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-35444 (SDL_image is a library to load images of various formats as SDL surfac ...)
+ TODO: check
+CVE-2026-35442 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2026-35441 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2026-35413 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2026-35412 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2026-35411 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2026-35410 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2026-35409 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2026-35408 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+ TODO: check
+CVE-2026-35404 (Open edX Platform enables the authoring and delivery of online learnin ...)
+ TODO: check
+CVE-2026-35399 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a ...)
+ TODO: check
+CVE-2026-35398 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...)
+ TODO: check
+CVE-2026-35396 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...)
+ TODO: check
+CVE-2026-35395 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, We ...)
+ TODO: check
+CVE-2026-35394 (Mobile Next is an MCP server for mobile development and automation. Pr ...)
+ TODO: check
+CVE-2026-35393 (goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the ...)
+ TODO: check
+CVE-2026-35392 (goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT ...)
+ TODO: check
+CVE-2026-35391 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...)
+ TODO: check
+CVE-2026-35390 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...)
+ TODO: check
+CVE-2026-35389 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...)
+ TODO: check
+CVE-2026-35213 (@hapi/content provided HTTP Content-* headers parsing. All versions of ...)
+ TODO: check
+CVE-2026-35208 (lichess.org is the forever free, adless and open source chess server. ...)
+ TODO: check
+CVE-2026-35203 (ZLMediaKit is a streaming media service framework. the VP9 RTP payload ...)
+ TODO: check
+CVE-2026-35201 (Discount is an implementation of John Gruber's Markdown markup languag ...)
+ TODO: check
+CVE-2026-35200 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-35199 (SymCrypt is the core cryptographic function library currently used by ...)
+ TODO: check
+CVE-2026-35197 (dye is a portable and respectful color library for shell scripts. Prio ...)
+ TODO: check
+CVE-2026-35187 (pyLoad is a free and open-source download manager written in Python. I ...)
+ TODO: check
+CVE-2026-35185 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. P ...)
+ TODO: check
+CVE-2026-35184 (EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, the ...)
+ TODO: check
+CVE-2026-35183 (Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Ob ...)
+ TODO: check
+CVE-2026-35182 (Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is ...)
+ TODO: check
+CVE-2026-35181 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-35180 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-35179 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
+ TODO: check
+CVE-2026-35178 (Workbench is a suite of tools for administrators and developers to int ...)
+ TODO: check
+CVE-2026-35176 (openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlie ...)
+ TODO: check
+CVE-2026-35172 (Distribution is a toolkit to pack, ship, store, and deliver container ...)
+ TODO: check
+CVE-2026-35170 (openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlie ...)
+ TODO: check
+CVE-2026-35022 (Anthropic Claude Code CLI and Claude Agent SDK contain an OS command i ...)
+ TODO: check
+CVE-2026-35021 (Anthropic Claude Code CLI and Claude Agent SDK contain an OS command i ...)
+ TODO: check
+CVE-2026-35020 (Anthropic Claude Code CLI and Claude Agent SDK contain an OS command i ...)
+ TODO: check
+CVE-2026-34972 (OpenFGA is a high-performance and flexible authorization/permission en ...)
+ TODO: check
+CVE-2026-22675 (OCS Inventory NG Server version 2.12.3 and prior contain a stored cros ...)
+ TODO: check
+CVE-2026-20446 (In sec boot, there is a possible out of bounds write due to an integer ...)
+ TODO: check
+CVE-2026-20433 (In Modem, there is a possible out of bounds write due to a missing bou ...)
+ TODO: check
+CVE-2026-20432 (In Modem, there is a possible out of bounds write due to a missing bou ...)
+ TODO: check
+CVE-2026-20431 (In Modem, there is a possible system crash due to a logic error. This ...)
+ TODO: check
+CVE-2026-1900 (The Link Whisper Free WordPress plugin before 0.9.1 has a publicly acc ...)
+ TODO: check
+CVE-2026-1839 (A vulnerability in the HuggingFace Transformers library, specifically ...)
+ TODO: check
+CVE-2026-1114 (In parisneo/lollms version 2.1.0, the application's session management ...)
+ TODO: check
+CVE-2026-0740 (The Ninja Forms - File Uploads plugin for WordPress is vulnerable to a ...)
+ TODO: check
+CVE-2025-65116 (Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager ...)
+ TODO: check
+CVE-2025-65115 (Remote Code Execution Vulnerabilityin JP1/IT Desktop Management 2 - Ma ...)
+ TODO: check
+CVE-2025-57834 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
+ TODO: check
+CVE-2025-54602 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-54601 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-54328 (An issue was discovered in SMS in Samsung Mobile Processor, Wearable P ...)
+ TODO: check
+CVE-2025-15611 (The Popup Box WordPress plugin before 5.5.0 does not properly validat ...)
+ TODO: check
+CVE-2025-13044 (IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictab ...)
+ TODO: check
CVE-2026-4878 [Address a potential TOCTOU race condition in cap_set_file()]
- libcap2 1:2.78-1
[trixie] - libcap2 <no-dsa> (Minor issue)
@@ -300,7 +482,7 @@ CVE-2025-57835 (An issue was discovered in RRC in Samsung Mobile Processor, Wear
TODO: check
CVE-2025-54324 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
TODO: check
-CVE-2025-48651 (N/A)
+CVE-2025-48651 (StrongBox in Android before security patch level 2026-04-05 has a vuln ...)
NOT-FOR-US: Android
CVE-2025-47400 (Cryptographic issue while copying data to a destination buffer without ...)
NOT-FOR-US: Qualcomm
@@ -831868,7 +832050,7 @@ CVE-2013-0271 (The MXit protocol plugin in libpurple in Pidgin before 2.10.7 mig
- pidgin 2.10.6-3
[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
NOTE: http://pidgin.im/news/security/?id=65
-CVE-2013-0270 (OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier ...)
+CVE-2013-0270 (A flaw was found in OpenStack Keystone. A remote attacker could exploi ...)
- keystone 2013.1.1-2
[wheezy] - keystone <no-dsa> (Too intrusive to backport)
NOTE: https://bugs.launchpad.net/keystone/+bug/1099025
@@ -834621,7 +834803,7 @@ CVE-2012-5572 (CRLF injection vulnerability in the cookie method (lib/Dancer/Coo
- libdancer-perl 1.3114+dfsg-1 (low; bug #694279)
[wheezy] - libdancer-perl <no-dsa> (Minor issue)
NOTE: https://github.com/PerlDancer/Dancer/issues/859
-CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properl ...)
+CVE-2012-5571 (A flaw was found in OpenStack Keystone. This vulnerability allows remo ...)
- keystone 2012.1.1-11 (bug #694433)
CVE-2012-5570 (The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remo ...)
NOT-FOR-US: Drupal addon
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e851927204d734289ed03e447fb5be1f0269566b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e851927204d734289ed03e447fb5be1f0269566b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/f286d6a6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list