[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 22 20:14:22 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0083536c by security tracker role at 2026-04-22T19:13:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,87 +1,633 @@
-CVE-2026-33254
+CVE-2026-6862 (A flaw was found in libefiboot, a component of efivar. The device path ...)
+ TODO: check
+CVE-2026-6861 (A flaw was found in GNU Emacs. This vulnerability, a memory corruption ...)
+ TODO: check
+CVE-2026-6859 (A flaw was found in InstructLab. The `linux_train.py` script hardcodes ...)
+ TODO: check
+CVE-2026-6857 (A flaw was found in camel-infinispan. This vulnerability involves unsa ...)
+ TODO: check
+CVE-2026-6855 (A flaw was found in InstructLab. A local attacker could exploit a path ...)
+ TODO: check
+CVE-2026-6848 (A flaw was found in Red Hat Quay. When Red Hat Quay requests password ...)
+ TODO: check
+CVE-2026-6846 (A flaw was found in binutils. A heap-buffer-overflow vulnerability exi ...)
+ TODO: check
+CVE-2026-6845 (A flaw was found in binutils, specifically within the `readelf` utilit ...)
+ TODO: check
+CVE-2026-6844 (A flaw was found in the `readelf` utility of the binutils package. A l ...)
+ TODO: check
+CVE-2026-6843 (A flaw was found in nano. A local user could exploit a format string v ...)
+ TODO: check
+CVE-2026-6842 (A flaw was found in nano. In environments with permissive umask settin ...)
+ TODO: check
+CVE-2026-6515 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-6396 (The Fast & Fancy Filter \u2013 3F plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-6356 (A vulnerability in the web application allows standard users to escala ...)
+ TODO: check
+CVE-2026-6355 (A vulnerability in the web application allows unauthorized users to ac ...)
+ TODO: check
+CVE-2026-6294 (The Google PageRank Display plugin for WordPress is vulnerable to Cros ...)
+ TODO: check
+CVE-2026-6246 (The Simple Random Posts Shortcode plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-6236 (The Posts map plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-6235 (The Sendmachine for WordPress plugin for WordPress is vulnerable to au ...)
+ TODO: check
+CVE-2026-6041 (The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2026-6023 (In Progress\xae Telerik\xae UI for AJAX versions 2024.4.1114 through 2 ...)
+ TODO: check
+CVE-2026-6022 (In Progress\xae Telerik\xae UI for AJAX prior to 2026.1.421, RadAsyncU ...)
+ TODO: check
+CVE-2026-5820 (The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-5816 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-5767 (The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2026-5750 (An insecure direct object reference (IDOR) vulnerability in the Fullst ...)
+ TODO: check
+CVE-2026-5749 (Inadequate access control in the registration process in Fullstep V5, ...)
+ TODO: check
+CVE-2026-5748 (The Text Snippets plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2026-5377 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-5262 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-4922 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-4353 (The CI HUB Connector plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-4280 (The Breaking News WP plugin for WordPress is vulnerable to Local File ...)
+ TODO: check
+CVE-2026-4279 (The Bread & Butter plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-4142 (The Sentence To SEO (keywords, description and tags) plugin for WordPr ...)
+ TODO: check
+CVE-2026-4140 (The Ni WooCommerce Order Export plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-4139 (The mCatFilter plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2026-4138 (The DX Unanswered Comments plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2026-4133 (The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2026-4132 (The HTTP Headers plugin for WordPress is vulnerable to External Contro ...)
+ TODO: check
+CVE-2026-4131 (The WP Responsive Popup + Optin plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-4128 (The TP Restore Categories And Taxonomies plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2026-4126 (The Table Manager plugin for WordPress is vulnerable to Sensitive Info ...)
+ TODO: check
+CVE-2026-4125 (The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-4121 (The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2026-4119 (The Create DB Tables plugin for WordPress is vulnerable to authorizati ...)
+ TODO: check
+CVE-2026-4118 (The Call To Action Plugin plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2026-4117 (The CalJ plugin for WordPress is vulnerable to Missing Authorization i ...)
+ TODO: check
+CVE-2026-4090 (The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Requ ...)
+ TODO: check
+CVE-2026-4089 (The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2026-4088 (The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-4085 (The Easy Social Photos Gallery plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2026-4082 (The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-4076 (The Slider Bootstrap Carousel plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2026-4074 (The Quran Live Multilanguage plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2026-41469 (Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy ...)
+ TODO: check
+CVE-2026-41468 (Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life com ...)
+ TODO: check
+CVE-2026-41459 (Xerte Online Toolkits versions 3.15 and earlier contain an information ...)
+ TODO: check
+CVE-2026-40542 (Missing critical step in authentication in Apache HttpClient 5.6 allow ...)
+ TODO: check
+CVE-2026-3362 (The Short Comment Filter plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-3254 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-35548 (An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichmen ...)
+ TODO: check
+CVE-2026-35382
+ REJECTED
+CVE-2026-35381 (A logic error in the cut utility of uutils coreutils causes the utilit ...)
+ TODO: check
+CVE-2026-35380 (A logic error in the cut utility of uutils coreutils causes the progra ...)
+ TODO: check
+CVE-2026-35379 (A logic error in the tr utility of uutils coreutils causes the program ...)
+ TODO: check
+CVE-2026-35378 (A logic error in the expr utility of uutils coreutils causes the progr ...)
+ TODO: check
+CVE-2026-35377 (A logic error in the env utility of uutils coreutils causes a failure ...)
+ TODO: check
+CVE-2026-35376 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the ch ...)
+ TODO: check
+CVE-2026-35375 (A logic error in the split utility of uutils coreutils causes the corr ...)
+ TODO: check
+CVE-2026-35374 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the sp ...)
+ TODO: check
+CVE-2026-35373 (A logic error in the ln utility of uutils coreutils causes the program ...)
+ TODO: check
+CVE-2026-35372 (A logic error in the ln utility of uutils coreutils allows the utility ...)
+ TODO: check
+CVE-2026-35371 (The id utility in uutils coreutils exhibits incorrect behavior in its ...)
+ TODO: check
+CVE-2026-35370 (The id utility in uutils coreutils miscalculates the groups= section o ...)
+ TODO: check
+CVE-2026-35369 (An argument parsing error in the kill utility of uutils coreutils inco ...)
+ TODO: check
+CVE-2026-35368 (A vulnerability exists in the chroot utility of uutils coreutils when ...)
+ TODO: check
+CVE-2026-35367 (The nohup utility in uutils coreutils creates its default output file, ...)
+ TODO: check
+CVE-2026-35366 (The printenv utility in uutils coreutils fails to display environment ...)
+ TODO: check
+CVE-2026-35365 (The mv utility in uutils coreutils improperly handles directory trees ...)
+ TODO: check
+CVE-2026-35364 (A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the m ...)
+ TODO: check
+CVE-2026-35363 (A vulnerability in the rm utility of uutils coreutils allows the bypas ...)
+ TODO: check
+CVE-2026-35362 (The safe_traversal module in uutils coreutils, which provides protecti ...)
+ TODO: check
+CVE-2026-35361 (The mknod utility in uutils coreutils fails to handle security labels ...)
+ TODO: check
+CVE-2026-35360 (The touch utility in uutils coreutils is vulnerable to a Time-of-Check ...)
+ TODO: check
+CVE-2026-35359 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utilit ...)
+ TODO: check
+CVE-2026-35358 (The cp utility in uutils coreutils, when performing recursive copies ( ...)
+ TODO: check
+CVE-2026-35357 (The cp utility in uutils coreutils is vulnerable to an information dis ...)
+ TODO: check
+CVE-2026-35356 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the in ...)
+ TODO: check
+CVE-2026-35355 (The install utility in uutils coreutils is vulnerable to a Time-of-Che ...)
+ TODO: check
+CVE-2026-35354 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv ...)
+ TODO: check
+CVE-2026-35353 (The mkdir utility in uutils coreutils incorrectly applies permissions ...)
+ TODO: check
+CVE-2026-35352 (A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the m ...)
+ TODO: check
+CVE-2026-35351 (The mv utility in uutils coreutils fails to preserve file ownership du ...)
+ TODO: check
+CVE-2026-35350 (The cp utility in uutils coreutils fails to properly handle setuid and ...)
+ TODO: check
+CVE-2026-35349 (A vulnerability in the rm utility of uutils coreutils allows a bypass ...)
+ TODO: check
+CVE-2026-35348 (The sort utility in uutils coreutils is vulnerable to a process panic ...)
+ TODO: check
+CVE-2026-35347 (The comm utility in uutils coreutils incorrectly consumes data from no ...)
+ TODO: check
+CVE-2026-35346 (The comm utility in uutils coreutils silently corrupts data by perform ...)
+ TODO: check
+CVE-2026-35345 (A vulnerability in the tail utility of uutils coreutils allows for the ...)
+ TODO: check
+CVE-2026-35344 (The dd utility in uutils coreutils suppresses errors during file trunc ...)
+ TODO: check
+CVE-2026-35343 (The cut utility in uutils coreutils incorrectly handles the -s (only-d ...)
+ TODO: check
+CVE-2026-35342 (The mktemp utility in uutils coreutils fails to properly handle an emp ...)
+ TODO: check
+CVE-2026-35341 (A vulnerability in uutils coreutils mkfifo allows for the unauthorized ...)
+ TODO: check
+CVE-2026-35340 (A flaw in the ChownExecutor used by uutils coreutils chown and chgrp c ...)
+ TODO: check
+CVE-2026-35339 (The recursive mode (-R) of the chmod utility in uutils coreutils incor ...)
+ TODO: check
+CVE-2026-35338 (A vulnerability in the chmod utility of uutils coreutils allows users ...)
+ TODO: check
+CVE-2026-34415 (Xerte Online Toolkits versions 3.15 and earlier contain an incomplete ...)
+ TODO: check
+CVE-2026-34414 (Xerte Online Toolkits versions 3.15 and earlier contain a relative pat ...)
+ TODO: check
+CVE-2026-34413 (Xerte Online Toolkits versions 3.15 and earlier contain a missing auth ...)
+ TODO: check
+CVE-2026-33611 (An operator allowed to use the REST API can cause the Authoritative se ...)
+ TODO: check
+CVE-2026-33610 (A rogue primary server may cause file descriptor exhaustion and eventu ...)
+ TODO: check
+CVE-2026-33609 (Incomplete escaping of LDAP queries when running with 8bit-dns enabled ...)
+ TODO: check
+CVE-2026-33608 (An attacker can send a notify request that causes a new secondary doma ...)
+ TODO: check
+CVE-2026-33601 (If you use the zoneToCache function with a malicious authoritative ser ...)
+ TODO: check
+CVE-2026-33600 (An RPZ sent by a malicious authoritative server can result in a null p ...)
+ TODO: check
+CVE-2026-33262 (An attacker can send replies that result in a null pointer dereference ...)
+ TODO: check
+CVE-2026-33261 (A zone transition from NSEC to NSEC3 might trigger an internal inconsi ...)
+ TODO: check
+CVE-2026-33259 (Having many concurrent transfers of the same RPZ can lead to inconsist ...)
+ TODO: check
+CVE-2026-33258 (By publishing and querying a crafted zone an attacker can cause alloca ...)
+ TODO: check
+CVE-2026-33256 (An attacker can send a web request that causes unlimited memory alloca ...)
+ TODO: check
+CVE-2026-32885 (DDEV is an open-source tool for running local web development environm ...)
+ TODO: check
+CVE-2026-31530 (In the Linux kernel, the following vulnerability has been resolved: c ...)
+ TODO: check
+CVE-2026-31529 (In the Linux kernel, the following vulnerability has been resolved: c ...)
+ TODO: check
+CVE-2026-31528 (In the Linux kernel, the following vulnerability has been resolved: p ...)
+ TODO: check
+CVE-2026-31527 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31526 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2026-31525 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2026-31524 (In the Linux kernel, the following vulnerability has been resolved: H ...)
+ TODO: check
+CVE-2026-31523 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31522 (In the Linux kernel, the following vulnerability has been resolved: H ...)
+ TODO: check
+CVE-2026-31521 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2026-31520 (In the Linux kernel, the following vulnerability has been resolved: H ...)
+ TODO: check
+CVE-2026-31519 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2026-31518 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2026-31517 (In the Linux kernel, the following vulnerability has been resolved: x ...)
+ TODO: check
+CVE-2026-31516 (In the Linux kernel, the following vulnerability has been resolved: x ...)
+ TODO: check
+CVE-2026-31515 (In the Linux kernel, the following vulnerability has been resolved: a ...)
+ TODO: check
+CVE-2026-31514 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2026-31513 (In the Linux kernel, the following vulnerability has been resolved: B ...)
+ TODO: check
+CVE-2026-31512 (In the Linux kernel, the following vulnerability has been resolved: B ...)
+ TODO: check
+CVE-2026-31511 (In the Linux kernel, the following vulnerability has been resolved: B ...)
+ TODO: check
+CVE-2026-31510 (In the Linux kernel, the following vulnerability has been resolved: B ...)
+ TODO: check
+CVE-2026-31509 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31508 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31507 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31506 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31505 (In the Linux kernel, the following vulnerability has been resolved: i ...)
+ TODO: check
+CVE-2026-31504 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31503 (In the Linux kernel, the following vulnerability has been resolved: u ...)
+ TODO: check
+CVE-2026-31502 (In the Linux kernel, the following vulnerability has been resolved: t ...)
+ TODO: check
+CVE-2026-31501 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31500 (In the Linux kernel, the following vulnerability has been resolved: B ...)
+ TODO: check
+CVE-2026-31499 (In the Linux kernel, the following vulnerability has been resolved: B ...)
+ TODO: check
+CVE-2026-31498 (In the Linux kernel, the following vulnerability has been resolved: B ...)
+ TODO: check
+CVE-2026-31497 (In the Linux kernel, the following vulnerability has been resolved: B ...)
+ TODO: check
+CVE-2026-31496 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31495 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31494 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31493 (In the Linux kernel, the following vulnerability has been resolved: R ...)
+ TODO: check
+CVE-2026-31492 (In the Linux kernel, the following vulnerability has been resolved: R ...)
+ TODO: check
+CVE-2026-31491 (In the Linux kernel, the following vulnerability has been resolved: R ...)
+ TODO: check
+CVE-2026-31490 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31489 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2026-31488 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31487 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2026-31486 (In the Linux kernel, the following vulnerability has been resolved: h ...)
+ TODO: check
+CVE-2026-31485 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2026-31484 (In the Linux kernel, the following vulnerability has been resolved: i ...)
+ TODO: check
+CVE-2026-31483 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2026-31482 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2026-31481 (In the Linux kernel, the following vulnerability has been resolved: t ...)
+ TODO: check
+CVE-2026-31480 (In the Linux kernel, the following vulnerability has been resolved: t ...)
+ TODO: check
+CVE-2026-31479 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31478 (In the Linux kernel, the following vulnerability has been resolved: k ...)
+ TODO: check
+CVE-2026-31477 (In the Linux kernel, the following vulnerability has been resolved: k ...)
+ TODO: check
+CVE-2026-31476 (In the Linux kernel, the following vulnerability has been resolved: k ...)
+ TODO: check
+CVE-2026-31475 (In the Linux kernel, the following vulnerability has been resolved: A ...)
+ TODO: check
+CVE-2026-31474 (In the Linux kernel, the following vulnerability has been resolved: c ...)
+ TODO: check
+CVE-2026-31473 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2026-31472 (In the Linux kernel, the following vulnerability has been resolved: x ...)
+ TODO: check
+CVE-2026-31471 (In the Linux kernel, the following vulnerability has been resolved: x ...)
+ TODO: check
+CVE-2026-31470 (In the Linux kernel, the following vulnerability has been resolved: v ...)
+ TODO: check
+CVE-2026-31469 (In the Linux kernel, the following vulnerability has been resolved: v ...)
+ TODO: check
+CVE-2026-31468 (In the Linux kernel, the following vulnerability has been resolved: v ...)
+ TODO: check
+CVE-2026-31467 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2026-31466 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2026-31465 (In the Linux kernel, the following vulnerability has been resolved: w ...)
+ TODO: check
+CVE-2026-31464 (In the Linux kernel, the following vulnerability has been resolved: s ...)
+ TODO: check
+CVE-2026-31463 (In the Linux kernel, the following vulnerability has been resolved: i ...)
+ TODO: check
+CVE-2026-31462 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31461 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31460 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31459 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2026-31458 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2026-31457 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2026-31456 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2026-31455 (In the Linux kernel, the following vulnerability has been resolved: x ...)
+ TODO: check
+CVE-2026-31454 (In the Linux kernel, the following vulnerability has been resolved: x ...)
+ TODO: check
+CVE-2026-31453 (In the Linux kernel, the following vulnerability has been resolved: x ...)
+ TODO: check
+CVE-2026-31452 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2026-31451 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2026-31450 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2026-31449 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2026-31448 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2026-31447 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2026-31446 (In the Linux kernel, the following vulnerability has been resolved: e ...)
+ TODO: check
+CVE-2026-31445 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2026-31444 (In the Linux kernel, the following vulnerability has been resolved: k ...)
+ TODO: check
+CVE-2026-31443 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31442 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31441 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31440 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31439 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31438 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31437 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31436 (In the Linux kernel, the following vulnerability has been resolved: d ...)
+ TODO: check
+CVE-2026-31435 (In the Linux kernel, the following vulnerability has been resolved: n ...)
+ TODO: check
+CVE-2026-31434 (In the Linux kernel, the following vulnerability has been resolved: b ...)
+ TODO: check
+CVE-2026-31433 (In the Linux kernel, the following vulnerability has been resolved: k ...)
+ TODO: check
+CVE-2026-31432 (In the Linux kernel, the following vulnerability has been resolved: k ...)
+ TODO: check
+CVE-2026-31431 (In the Linux kernel, the following vulnerability has been resolved: c ...)
+ TODO: check
+CVE-2026-31192 (Insufficient validation of Chrome extension identifiers in Raindrop.io ...)
+ TODO: check
+CVE-2026-30139 (A reflected cross-site scripting (XSS) vulnerability in the AdvancedSe ...)
+ TODO: check
+CVE-2026-2719 (The Private WP suite plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-2717 (The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection ...)
+ TODO: check
+CVE-2026-2714 (The Institute Management plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-28950 (A logging issue was addressed with improved data redaction. This issue ...)
+ TODO: check
+CVE-2026-26354 (Dell PowerProtect Data Domain with Domain Operating System (DD OS) of ...)
+ TODO: check
+CVE-2026-1930 (The Emailchef plugin for WordPress is vulnerable to unauthorized modif ...)
+ TODO: check
+CVE-2026-1913 (The Gallagher Website Design plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2026-1845 (The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2026-1660 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-1395 (The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-1379 (The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2026-0539 (Incorrect Default Permissions in pcvisit service binary on Windows all ...)
+ TODO: check
+CVE-2025-9957 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-6016 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-58922 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada a ...)
+ TODO: check
+CVE-2025-3922 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-0186 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2024-58344 (Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerab ...)
+ TODO: check
+CVE-2018-25272 (ELBA5 5.8.0 contains a remote code execution vulnerability that allows ...)
+ TODO: check
+CVE-2018-25271 (Textpad 8.1.2 contains a denial of service vulnerability that allows l ...)
+ TODO: check
+CVE-2018-25270 (ThinkPHP 5.0.23 contains a remote code execution vulnerability that al ...)
+ TODO: check
+CVE-2018-25269 (ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that al ...)
+ TODO: check
+CVE-2018-25268 (LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that a ...)
+ TODO: check
+CVE-2018-25267 (UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in ...)
+ TODO: check
+CVE-2018-25266 (Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the ...)
+ TODO: check
+CVE-2018-25265 (LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the ...)
+ TODO: check
+CVE-2018-25262 (Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerab ...)
+ TODO: check
+CVE-2018-25261 (Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in ...)
+ TODO: check
+CVE-2018-25260 (MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the ...)
+ TODO: check
+CVE-2018-25259 (Terminal Services Manager 3.1 contains a stack-based buffer overflow v ...)
+ TODO: check
+CVE-2014-125120
+ REJECTED
+CVE-2013-10056
+ REJECTED
+CVE-2013-10045
+ REJECTED
+CVE-2013-10041
+ REJECTED
+CVE-2011-10031
+ REJECTED
+CVE-2010-20124
+ REJECTED
+CVE-2010-20118
+ REJECTED
+CVE-2010-20117
+ REJECTED
+CVE-2010-20116
+ REJECTED
+CVE-2010-20110
+ REJECTED
+CVE-2009-20012
+ REJECTED
+CVE-2008-20003
+ REJECTED
+CVE-2008-20002
+ REJECTED
+CVE-2005-20001
+ REJECTED
+CVE-2000-5001
+ REJECTED
+CVE-2026-33254 (An attacker can create a large number of concurrent DoQ or DoH3 connec ...)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33254-resource-exhaustion-via-doq-doh3-connections
-CVE-2026-33257
+CVE-2026-33257 (An attacker can send a web request that causes unlimited memory alloca ...)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33257-insufficient-input-validation-of-internal-webserver
-CVE-2026-33260
+CVE-2026-33260 (An attacker can send a web request that causes unlimited memory alloca ...)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33260-insufficient-input-validation-of-internal-webserver
-CVE-2026-33593
+CVE-2026-33593 (A client can trigger a divide by zero error leading to crash by sendin ...)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33593-denial-of-service-via-crafted-dnscrypt-query
-CVE-2026-33594
+CVE-2026-33594 (A client can trigger excessive memory allocation by generating a lot o ...)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33594-outgoing-doh-excessive-memory-allocation
-CVE-2026-33595
+CVE-2026-33595 (A client can trigger excessive memory allocation by generating a lot o ...)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33595-doq-doh3-excessive-memory-allocation
-CVE-2026-33596
+CVE-2026-33596 (A client might theoretically be able to cause a mismatch between queri ...)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33596-tcp-backend-stream-id-overflow
-CVE-2026-33597
+CVE-2026-33597 (PRSD detection denial of service)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33597-prsd-detection-denial-of-service
-CVE-2026-33598
+CVE-2026-33598 (A cached crafted response can cause an out-of-bounds read if custom Lu ...)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33598-out-of-bounds-read-in-cache-inspection-via-lua
-CVE-2026-33599
+CVE-2026-33599 (A rogue backend can send a crafted SVCB response to a Discovery of Des ...)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33599-out-of-bounds-read-in-service-discovery
-CVE-2026-33602
+CVE-2026-33602 (A rogue backend can send a crafted UDP response with a query ID off by ...)
- dnsdist 2.0.4-1
[bookworm] - dnsdist <end-of-life> (See #1119290)
[bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33602-off-by-one-access-when-processing-crafted-udp-responses
CVE-2026-35328 [strongswan: libtls infinite loop]
+ {DSA-6227-1}
- strongswan <unfixed>
NOTE: https://github.com/strongswan/strongswan/releases/tag/6.0.6
NOTE: https://www.strongswan.org/blog/2026/04/22/strongswan-vulnerability-(cve-2026-35328).html
CVE-2026-35329 [strongswan: pkcs7 crash]
+ {DSA-6227-1}
- strongswan <unfixed>
NOTE: https://github.com/strongswan/strongswan/releases/tag/6.0.6
NOTE: https://www.strongswan.org/blog/2026/04/22/strongswan-vulnerability-(cve-2026-35329).html
CVE-2026-35330 [strongswan: libsimaka infinite loop]
+ {DSA-6227-1}
- strongswan <unfixed>
NOTE: https://github.com/strongswan/strongswan/releases/tag/6.0.6
NOTE: https://www.strongswan.org/blog/2026/04/22/strongswan-vulnerability-(cve-2026-35330).html
CVE-2026-35331 [strongswan: constraints plugin]
+ {DSA-6227-1}
- strongswan <unfixed>
NOTE: https://github.com/strongswan/strongswan/releases/tag/6.0.6
NOTE: https://www.strongswan.org/blog/2026/04/22/strongswan-vulnerability-(cve-2026-35331).html
CVE-2026-35332 [strongswan: libtls ECDH crash]
+ {DSA-6227-1}
- strongswan <unfixed>
NOTE: https://github.com/strongswan/strongswan/releases/tag/6.0.6
NOTE: https://www.strongswan.org/blog/2026/04/22/strongswan-vulnerability-(cve-2026-35332).html
CVE-2026-35333 [strongswan: libradius infinite loop]
+ {DSA-6227-1}
- strongswan <unfixed>
NOTE: https://github.com/strongswan/strongswan/releases/tag/6.0.6
NOTE: https://www.strongswan.org/blog/2026/04/22/strongswan-vulnerability-(cve-2026-35333).html
CVE-2026-35334 [strongswan: gmp plugin crash]
+ {DSA-6227-1}
- strongswan <unfixed>
NOTE: https://github.com/strongswan/strongswan/releases/tag/6.0.6
NOTE: https://www.strongswan.org/blog/2026/04/22/strongswan-vulnerability-(cve-2026-35334).html
-CVE-2026-41651 [packagekit toctou]
+CVE-2026-41651 (PackageKit is a a D-Bus abstraction layer that allows the user to mana ...)
+ {DSA-6226-1}
- packagekit 1.3.5-1
NOTE: https://lists.freedesktop.org/archives/packagekit/2026-April/026513.html
NOTE: https://github.com/PackageKit/PackageKit/security/advisories/GHSA-f55j-vvr9-69xv
@@ -950,7 +1496,7 @@ CVE-2026-21571 (This Critical severity OS Command Injection vulnerability was in
NOT-FOR-US: Atlassian
CVE-2026-1089 (User\u2011Controlled HTTP Header in Fortra's GoAnywhere MFT prior to v ...)
NOT-FOR-US: Fortra
-CVE-2026-0972 (The login limit is not enforced on theSFTP service of Fortra's GoAnywh ...)
+CVE-2026-0972 (HTML injection is possible in system generated emails in Fortra's GoAn ...)
NOT-FOR-US: Fortra
CVE-2026-0971 (An improper session timeout issue in Fortra's GoAnywhere MFT prior to ...)
NOT-FOR-US: Fortra
@@ -979,11 +1525,13 @@ CVE-2019-25714 (Seeyon OA A8 contains an unauthenticated arbitrary file write vu
CVE-2017-20230 (Storable versions before 3.05 for Perl has a stack overflow. The retr ...)
TODO: check
CVE-2026-6786 (Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9 ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6786
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6786
CVE-2026-6785 (Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, T ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6785
@@ -1013,6 +1561,7 @@ CVE-2026-6777 (Other issue in the Networking: DNS component. This vulnerability
- firefox 150.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6777
CVE-2026-6776 (Incorrect boundary conditions in the WebRTC: Networking component. Thi ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6776
@@ -1027,22 +1576,26 @@ CVE-2026-6773 (Denial-of-service due to integer overflow in the Graphics: WebGPU
- firefox 150.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6773
CVE-2026-6772 (Incorrect boundary conditions in the Libraries component in NSS. This ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
- nss 2:3.123-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6772
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6772
CVE-2026-6771 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6771
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6771
CVE-2026-6770 (Other issue in the Storage: IndexedDB component. This vulnerability wa ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6770
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6770
CVE-2026-6769 (Privilege escalation in the Debugger component. This vulnerability was ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6769
@@ -1051,38 +1604,45 @@ CVE-2026-6768 (Mitigation bypass in the Networking: Cookies component. This vuln
- firefox 150.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6768
CVE-2026-6767 (Other issue in the Libraries component in NSS. This vulnerability was ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
- nss 2:3.123-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6767
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6767
CVE-2026-6766 (Incorrect boundary conditions in the Libraries component in NSS. This ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
- nss 2:3.123-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6766
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6766
CVE-2026-6765 (Information disclosure in the Form Autofill component. This vulnerabil ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6765
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6765
CVE-2026-6764 (Incorrect boundary conditions in the DOM: Device Interfaces component. ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6764
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6764
CVE-2026-6763 (Mitigation bypass in the File Handling component. This vulnerability w ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6763
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6763
CVE-2026-6762 (Spoofing issue in the DOM: Core & HTML component. This vulnerability w ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6762
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6762
CVE-2026-6761 (Privilege escalation in the Networking component. This vulnerability w ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6761
@@ -1099,6 +1659,7 @@ CVE-2026-6758 (Use-after-free in the JavaScript: WebAssembly component. This vul
- firefox 150.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6758
CVE-2026-6757 (Invalid pointer in the JavaScript: WebAssembly component. This vulnera ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6757
@@ -1110,46 +1671,55 @@ CVE-2026-6755 (Mitigation bypass in the DOM: postMessage component. This vulnera
- firefox 150.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6755
CVE-2026-6754 (Use-after-free in the JavaScript Engine component. This vulnerability ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6754
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6754
CVE-2026-6753 (Incorrect boundary conditions in the WebRTC component. This vulnerabil ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6753
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6753
CVE-2026-6752 (Incorrect boundary conditions in the WebRTC component. This vulnerabil ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6752
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6752
CVE-2026-6751 (Uninitialized memory in the Audio/Video: Web Codecs component. This vu ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6751
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6751
CVE-2026-6750 (Privilege escalation in the Graphics: WebRender component. This vulner ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6750
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6750
CVE-2026-6749 (Information disclosure due to uninitialized memory in the Graphics: Ca ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6749
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6749
CVE-2026-6748 (Uninitialized memory in the Audio/Video: Web Codecs component. This vu ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6748
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6748
CVE-2026-6747 (Use-after-free in the WebRTC component. This vulnerability was fixed i ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6747
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6747
CVE-2026-6746 (Use-after-free in the DOM: Core & HTML component. This vulnerability w ...)
+ {DSA-6225-1}
- firefox 150.0-1
- firefox-esr 140.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/#CVE-2026-6746
@@ -1159,7 +1729,8 @@ CVE-2026-40706 (In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow ex
- ntfs-3g 1:2026.2.25-1
NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-4cwv-5285-63v9
NOTE: Fixed by: https://github.com/tuxera/ntfs-3g/commit/e48e1ef2a1fcff13a590c2224ec21c5bd5d3e92e (2026.2.25)
-CVE-2026-5358 (The obsolete nis_local_principal function in the GNU C Library version ...)
+CVE-2026-5358
+ REJECTED
- glibc <unfixed> (bug #1134542)
[trixie] - glibc <no-dsa> (Minor issue)
[bookworm] - glibc <no-dsa> (Minor issue)
@@ -7411,11 +7982,11 @@ CVE-2026-XXXX [GHSA-89xm-3m96-w3jg: cross-user CancelPull orphans another user's
[trixie] - flatpak 1.16.6-1~deb13u1
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-89xm-3m96-w3jg
CVE-2026-34079 (Flatpak is a Linux application sandboxing and distribution framework. ...)
- {DSA-6207-1}
+ {DSA-6223-1 DSA-6207-1}
- flatpak 1.16.4-1 (bug #1132944)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-p29x-r292-46pp
CVE-2026-34078 (Flatpak is a Linux application sandboxing and distribution framework. ...)
- {DSA-6207-1}
+ {DSA-6223-1 DSA-6207-1}
- flatpak 1.16.4-1 (bug #1132943)
NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-cc2q-qc34-jprg
NOTE: Causes regression: https://bugs.debian.org/1132960
@@ -7426,7 +7997,7 @@ CVE-2026-40354 (Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.
[bullseye] - xdg-desktop-portal <postponed> (Minor issue)
NOTE: https://github.com/flatpak/xdg-desktop-portal/security/advisories/GHSA-rqr9-jwwf-wxgj
CVE-2026-34080 (xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0. ...)
- {DSA-6209-1 DLA-4542-1}
+ {DSA-6224-1 DSA-6209-1 DLA-4542-1}
- xdg-dbus-proxy 0.1.7-1 (bug #1132939)
NOTE: https://github.com/flatpak/xdg-dbus-proxy/security/advisories/GHSA-vjp5-hjfm-7677
NOTE: Fixed by: https://github.com/flatpak/xdg-dbus-proxy/commit/4d0d1d74d4f40260a79161163b4b2f7276bce0b0 (0.1.7)
@@ -20957,13 +21528,13 @@ CVE-2026-22202 (wpDiscuz before 7.6.47 contains a cross-site request forgery vul
NOT-FOR-US: wpDiscuz
CVE-2026-22201 (wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the ge ...)
NOT-FOR-US: wpDiscuz
-CVE-2026-22199 (wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that ...)
+CVE-2026-22199 (Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication ...)
NOT-FOR-US: wpDiscuz
CVE-2026-22193 (wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the ...)
NOT-FOR-US: wpDiscuz
-CVE-2026-22192 (wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerab ...)
+CVE-2026-22192 (Voltronic Power SNMP Web Pro version 1.1 contains an authentication by ...)
NOT-FOR-US: wpDiscuz
-CVE-2026-22191 (wpDiscuz before 7.6.47 contains a shortcode injection vulnerability th ...)
+CVE-2026-22191 (Beghelli Sicuro24 SicuroWeb contains a template injection vulnerabilit ...)
NOT-FOR-US: wpDiscuz
CVE-2026-22183 (wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerab ...)
NOT-FOR-US: wpDiscuz
@@ -28000,7 +28571,7 @@ CVE-2026-21902 (An Incorrect Permission Assignment for Critical Resource vulnera
NOT-FOR-US: Juniper
CVE-2026-21725 (A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently d ...)
- grafana <removed>
-CVE-2026-20133 (A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauth ...)
+CVE-2026-20133 (A vulnerability in Cisco Catalyst SD-WAN Software could allow an unaut ...)
NOT-FOR-US: Cisco
CVE-2026-20129 (A vulnerability in the API user authentication of Cisco Catalyst SD-WA ...)
NOT-FOR-US: Cisco
@@ -112422,6 +112993,7 @@ CVE-2025-53630 (llama.cpp is an inference of several LLM models in C/C++. Intege
NOTE: Fixed by: https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579 (b5854)
NOTE: llama.cpp builts embedded ggml but does not use it, rather Debian uses standalone src:ggml
CVE-2025-53629 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+ {DSA-6228-1}
[experimental] - cpp-httplib 0.25.0+ds-1
- cpp-httplib 0.25.0+ds-3 (bug #1109340)
NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w
@@ -133710,6 +134282,7 @@ CVE-2025-47297
CVE-2025-47296
REJECTED
CVE-2025-46728 (cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. ...)
+ {DSA-6228-1}
[experimental] - cpp-httplib 0.20.1+ds-3
- cpp-httplib 0.25.0+ds-3 (bug #1104926)
NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-px83-72rx-v57c
@@ -155994,7 +156567,7 @@ CVE-2024-5848 (A reflected cross-site scripting (XSS) vulnerability exists in mu
NOT-FOR-US: WSO2 API Manager
CVE-2024-57423 (A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1. ...)
NOT-FOR-US: CloudClassroom-PHP
-CVE-2024-57040 (TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to ...)
+CVE-2024-57040 (TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL ...)
NOT-FOR-US: TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219
CVE-2024-55581 (When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default ...)
{DLA-4080-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0083536c3abea6495a07e2fa97ac8fc61f110607
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0083536c3abea6495a07e2fa97ac8fc61f110607
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260422/eae87a6e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list