[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 24 08:13:12 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0c61baf by security tracker role at 2026-04-24T07:13:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,239 @@
+CVE-2026-6947 (DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Prote ...)
+	TODO: check
+CVE-2026-6942 (radare2-mcp version 1.6.0 and earlier contains an os command injection ...)
+	TODO: check
+CVE-2026-6941 (radare2 prior to 6.1.4 contains a path traversal vulnerability in its  ...)
+	TODO: check
+CVE-2026-6940 (radare2 prior to 6.1.4 contains a path traversal vulnerability in proj ...)
+	TODO: check
+CVE-2026-6810 (The Booking Calendar Contact Form plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2026-6732 (A flaw was found in libxml2. This vulnerability occurs when the librar ...)
+	TODO: check
+CVE-2026-6393 (The BetterDocs plugin for WordPress is vulnerable to Missing Authoriza ...)
+	TODO: check
+CVE-2026-6376 (A weakness in SpiceJet\u2019s public booking retrieval page permits fu ...)
+	TODO: check
+CVE-2026-6375 (A vulnerability in SpiceJet\u2019s booking API allows unauthenticated  ...)
+	TODO: check
+CVE-2026-5488 (The ExactMetrics \u2013 Google Analytics Dashboard for WordPress plugi ...)
+	TODO: check
+CVE-2026-5428 (The Royal Elementor Addons plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2026-5364 (The Drag and Drop File Upload for Contact Form 7 plugin for WordPress  ...)
+	TODO: check
+CVE-2026-5347 (The HM Books Gallery plugin for WordPress is vulnerable to Missing Aut ...)
+	TODO: check
+CVE-2026-41485 (Kyverno is a policy engine designed for cloud native platform engineer ...)
+	TODO: check
+CVE-2026-41430 (Press, a Frappe custom app that runs Frappe Cloud, manages infrastruct ...)
+	TODO: check
+CVE-2026-41361 (OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability  ...)
+	TODO: check
+CVE-2026-41360 (OpenClaw before 2026.4.2 contains an approval integrity vulnerability  ...)
+	TODO: check
+CVE-2026-41359 (OpenClaw before 2026.3.28 contains a privilege escalation vulnerabilit ...)
+	TODO: check
+CVE-2026-41358 (OpenClaw before 2026.4.2 fails to filter Slack thread context by sende ...)
+	TODO: check
+CVE-2026-41357 (OpenClaw before 2026.3.31 contains an environment variable leakage vul ...)
+	TODO: check
+CVE-2026-41356 (OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions ...)
+	TODO: check
+CVE-2026-41355 (OpenShell before 2026.3.28 contains an arbitrary code execution vulner ...)
+	TODO: check
+CVE-2026-41354 (OpenClaw before 2026.4.2 contains an insufficient scope vulnerability  ...)
+	TODO: check
+CVE-2026-41353 (OpenClaw before 2026.3.22 contains an access control bypass vulnerabil ...)
+	TODO: check
+CVE-2026-41352 (OpenClaw before 2026.3.31 contains a remote code execution vulnerabili ...)
+	TODO: check
+CVE-2026-41351 (OpenClaw before 2026.3.31 contains a replay detection bypass vulnerabi ...)
+	TODO: check
+CVE-2026-41350 (OpenClaw before 2026.3.31 contains a session visibility bypass vulnera ...)
+	TODO: check
+CVE-2026-41349 (OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerabi ...)
+	TODO: check
+CVE-2026-41348 (OpenClaw before 2026.3.31 contains an authorization bypass vulnerabili ...)
+	TODO: check
+CVE-2026-41347 (OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP oper ...)
+	TODO: check
+CVE-2026-41346 (OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request c ...)
+	TODO: check
+CVE-2026-41345 (OpenClaw before 2026.3.31 contains a credential exposure vulnerability ...)
+	TODO: check
+CVE-2026-41344 (OpenClaw before 2026.3.28 contains a privilege escalation vulnerabilit ...)
+	TODO: check
+CVE-2026-41343 (OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget o ...)
+	TODO: check
+CVE-2026-41342 (OpenClaw before 2026.3.28 contains an authentication bypass vulnerabil ...)
+	TODO: check
+CVE-2026-41341 (OpenClaw before 2026.3.31 contains a logic error in Discord component  ...)
+	TODO: check
+CVE-2026-41340 (OpenClaw before 2026.3.31 contains an authentication boundary vulnerab ...)
+	TODO: check
+CVE-2026-41339 (OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in G ...)
+	TODO: check
+CVE-2026-41338 (OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnera ...)
+	TODO: check
+CVE-2026-41337 (OpenClaw before 2026.3.31 contains a callback origin mutation vulnerab ...)
+	TODO: check
+CVE-2026-41336 (OpenClaw before 2026.3.31 allows workspace .env files to override the  ...)
+	TODO: check
+CVE-2026-41335 (OpenClaw before 2026.3.31 contains an information disclosure vulnerabi ...)
+	TODO: check
+CVE-2026-41334 (OpenClaw before 2026.3.31 contains a decompression bomb vulnerability  ...)
+	TODO: check
+CVE-2026-41333 (OpenClaw before 2026.3.31 contains an authentication rate limiting byp ...)
+	TODO: check
+CVE-2026-41332 (OpenClaw before 2026.3.28 contains an environment variable sanitizatio ...)
+	TODO: check
+CVE-2026-41325 (Kirby is an open-source content management system. Kirby's user permis ...)
+	TODO: check
+CVE-2026-41324 (basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vu ...)
+	TODO: check
+CVE-2026-41323 (Kyverno is a policy engine designed for cloud native platform engineer ...)
+	TODO: check
+CVE-2026-41319 (MailKit is a cross-platform mail client library built on top of MimeKi ...)
+	TODO: check
+CVE-2026-41318 (AnythingLLM is an application that turns pieces of content into contex ...)
+	TODO: check
+CVE-2026-41317 (Press, a Frappe custom app that runs Frappe Cloud, manages infrastruct ...)
+	TODO: check
+CVE-2026-41316 (ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was  ...)
+	TODO: check
+CVE-2026-41309 (Open Source Social Network (OSSN) is open-source social networking sof ...)
+	TODO: check
+CVE-2026-41305 (PostCSS takes a CSS file and provides an API to analyze and modify its ...)
+	TODO: check
+CVE-2026-41279 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41278 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41277 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41276 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41275 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41274 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41273 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41272 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41271 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41270 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41269 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41268 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41267 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41266 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41265 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41264 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41138 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41137 (Flowise is a drag & drop user interface to build a customized large la ...)
+	TODO: check
+CVE-2026-41068 (Kyverno is a policy engine designed for cloud native platform engineer ...)
+	TODO: check
+CVE-2026-40630 (A vulnerability in SenseLive   X3050\u2019s web management interface a ...)
+	TODO: check
+CVE-2026-40623 (A vulnerability inSenseLiveX3050's web management interface allows cri ...)
+	TODO: check
+CVE-2026-40620 (A vulnerability inSenseLiveX3050\u2019s embedded management service al ...)
+	TODO: check
+CVE-2026-40431 (A vulnerability exists inSenseLiveX3050\u2019s web management interfac ...)
+	TODO: check
+CVE-2026-40254 (FreeRDP is a free implementation of the Remote Desktop Protocol. Versi ...)
+	TODO: check
+CVE-2026-40099 (Kirby is an open-source content management system. Kirby's user permis ...)
+	TODO: check
+CVE-2026-39462 (A vulnerability exists inSenseLive X3050\u2019s web management interfa ...)
+	TODO: check
+CVE-2026-35503 (A vulnerability inSenseLive X3050\u2019s web management interface allo ...)
+	TODO: check
+CVE-2026-35431 (Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement M ...)
+	TODO: check
+CVE-2026-35064 (A vulnerability inSenseLiveX3050\u2019s management ecosystem allows un ...)
+	TODO: check
+CVE-2026-34587 (Kirby is an open-source content management system. Prior to versions 4 ...)
+	TODO: check
+CVE-2026-33819 (Deserialization of untrusted data in Microsoft Bing allows an unauthor ...)
+	TODO: check
+CVE-2026-33318 (Actual is a local-first personal finance tool. Prior to version 26.4.0 ...)
+	TODO: check
+CVE-2026-33317 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion  ...)
+	TODO: check
+CVE-2026-33208 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
+	TODO: check
+CVE-2026-33102 (Url redirection to untrusted site ('open redirect') in M365 Copilot al ...)
+	TODO: check
+CVE-2026-33078 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
+	TODO: check
+CVE-2026-33077 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
+	TODO: check
+CVE-2026-33076 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
+	TODO: check
+CVE-2026-32952 (go-ntlmssp is a Go package that provides NTLM/Negotiate authentication ...)
+	TODO: check
+CVE-2026-32870 (Kirby is an open-source content management system. Kirby's `Xml::value ...)
+	TODO: check
+CVE-2026-32210 (Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online)  ...)
+	TODO: check
+CVE-2026-32172 (Uncontrolled search path element in Microsoft Power Apps allows an una ...)
+	TODO: check
+CVE-2026-31956 (Xibo is an open source digital signage platform with a web content man ...)
+	TODO: check
+CVE-2026-31955 (Xibo is an open source digital signage platform with a web content man ...)
+	TODO: check
+CVE-2026-31953 (Xibo is an open source digital signage platform with a web content man ...)
+	TODO: check
+CVE-2026-31952 (Xibo is an open source digital signage platform with a web content man ...)
+	TODO: check
+CVE-2026-2028 (The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary ...)
+	TODO: check
+CVE-2026-29197 (In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7,  ...)
+	TODO: check
+CVE-2026-29051 (melange allows users to build apk packages using declarative pipelines ...)
+	TODO: check
+CVE-2026-29050 (melange allows users to build apk packages using declarative pipelines ...)
+	TODO: check
+CVE-2026-28525 (SWUpdate contains an integer underflow vulnerability in the multipart  ...)
+	TODO: check
+CVE-2026-27843 (A vulnerability exists inSenseLive X3050's web management interface th ...)
+	TODO: check
+CVE-2026-27841 (A vulnerability inSenseLiveX3050's web management interface allows sta ...)
+	TODO: check
+CVE-2026-26210 (KTransformers through 0.5.3 contains an unsafe deserialization vulnera ...)
+	TODO: check
+CVE-2026-26150 (Server-side request forgery (ssrf) in Microsoft Purview allows an unau ...)
+	TODO: check
+CVE-2026-25874 (LeRobot through 0.5.1 contains an unsafe deserialization vulnerability ...)
+	TODO: check
+CVE-2026-25775 (A vulnerability inSenseLiveX3050\u2019s remote management service allo ...)
+	TODO: check
+CVE-2026-25720 (A vulnerability exists inSenseLive  X3050\u2019s web management interf ...)
+	TODO: check
+CVE-2026-24303 (Improper access control in Microsoft Partner Center allows an authoriz ...)
+	TODO: check
+CVE-2026-1952 (Delta Electronics AS320T has denial of service via the undocumented su ...)
+	TODO: check
+CVE-2026-1951 (Delta Electronics AS320T has no checking of the length of the buffer w ...)
+	TODO: check
+CVE-2026-1950 (Delta Electronics AS320T has  No checking of the length of the buffer  ...)
+	TODO: check
+CVE-2026-1949 (Delta Electronics AS320T has incorrect calculation of the buffer size  ...)
+	TODO: check
+CVE-2026-1789 (A vulnerability in the browser-based remote management interface may a ...)
+	TODO: check
 CVE-2026-6921 (Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowe ...)
 	- chromium <not-affected> (Only affects Google Chrome on Windows)
 CVE-2026-6920 (Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7 ...)
@@ -32231,7 +32467,7 @@ CVE-2025-13672 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: OpenText
 CVE-2025-13671 (Cross-Site Request Forgery (CSRF) vulnerability in OpenText\u2122 Web  ...)
 	NOT-FOR-US: OpenText
-CVE-2026-2708 [libsoup: HTTP/1 request smuggling primitives accepted (CL.CL and TE+CL) in soup_headers_parse()]
+CVE-2026-2708 (A request smuggling vulnerability exists in libsoup's HTTP/1 header pa ...)
 	- libsoup3 <unfixed> (bug #1128582)
 	[trixie] - libsoup3 <no-dsa> (Minor issue)
 	[bookworm] - libsoup3 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0c61bafe7818899e81f2091a85338e99718c122

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0c61bafe7818899e81f2091a85338e99718c122
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260424/c6c36ae5/attachment.htm>

More information about the debian-security-tracker-commits mailing list