[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 27 20:13:23 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e26b442 by security tracker role at 2026-04-27T19:13:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,222 @@
-CVE-2026-7040
+CVE-2026-7148 (A flaw has been found in CodeAstro Online Classroom 1.0. This affects  ...)
+	TODO: check
+CVE-2026-7147 (A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0 ...)
+	TODO: check
+CVE-2026-7146 (A security vulnerability has been detected in AlejandroArciniegas mcp- ...)
+	TODO: check
+CVE-2026-7145 (A weakness has been identified in mettle sendportal up to 3.0.1. Affec ...)
+	TODO: check
+CVE-2026-7144 (A security flaw has been discovered in 1000 Projects Portfolio Managem ...)
+	TODO: check
+CVE-2026-7143 (A vulnerability was identified in 1000 Projects Portfolio Management S ...)
+	TODO: check
+CVE-2026-7142 (A vulnerability was determined in Wooey up to 0.13.2. The impacted ele ...)
+	TODO: check
+CVE-2026-7141 (A vulnerability was found in vllm up to 0.19.0. The affected element i ...)
+	TODO: check
+CVE-2026-7140 (A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521 ...)
+	TODO: check
+CVE-2026-7139 (A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This is ...)
+	TODO: check
+CVE-2026-7138 (A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521.  ...)
+	TODO: check
+CVE-2026-7137 (A security vulnerability has been detected in Totolink A8000RU 7.1cu.6 ...)
+	TODO: check
+CVE-2026-7136 (A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521 ...)
+	TODO: check
+CVE-2026-7135 (A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f ...)
+	TODO: check
+CVE-2026-7134 (A vulnerability was identified in code-projects Online Lot Reservation ...)
+	TODO: check
+CVE-2026-7133 (A vulnerability was determined in code-projects Online Lot Reservation ...)
+	TODO: check
+CVE-2026-7132 (A vulnerability was found in code-projects Online Lot Reservation Syst ...)
+	TODO: check
+CVE-2026-7131 (A vulnerability has been found in code-projects Online Lot Reservation ...)
+	TODO: check
+CVE-2026-7130 (A flaw has been found in SourceCodester Pharmacy Sales and Inventory S ...)
+	TODO: check
+CVE-2026-7129 (A vulnerability was detected in SourceCodester Pharmacy Sales and Inve ...)
+	TODO: check
+CVE-2026-7128 (A security vulnerability has been detected in SourceCodester Pharmacy  ...)
+	TODO: check
+CVE-2026-7127 (A weakness has been identified in SourceCodester Pharmacy Sales and In ...)
+	TODO: check
+CVE-2026-7126 (A security flaw has been discovered in SourceCodester Pharmacy Sales a ...)
+	TODO: check
+CVE-2026-7125 (A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521 ...)
+	TODO: check
+CVE-2026-7124 (A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521 ...)
+	TODO: check
+CVE-2026-7123 (A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Aff ...)
+	TODO: check
+CVE-2026-7122 (A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521 ...)
+	TODO: check
+CVE-2026-7121 (A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This af ...)
+	TODO: check
+CVE-2026-7119 (A vulnerability was detected in Tenda HG3 2.0. The impacted element is ...)
+	TODO: check
+CVE-2026-7118 (A security vulnerability has been detected in code-projects Employee M ...)
+	TODO: check
+CVE-2026-7117 (A weakness has been identified in code-projects Employee Management Sy ...)
+	TODO: check
+CVE-2026-7116 (A security flaw has been discovered in code-projects Employee Manageme ...)
+	TODO: check
+CVE-2026-7115 (A vulnerability was identified in code-projects Employee Management Sy ...)
+	TODO: check
+CVE-2026-7114 (A vulnerability was determined in code-projects Employee Management Sy ...)
+	TODO: check
+CVE-2026-7113 (A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected ...)
+	TODO: check
+CVE-2026-7112 (A vulnerability has been found in NousResearch hermes-agent 0.8.0. Aff ...)
+	TODO: check
+CVE-2026-7110 (A flaw has been found in code-projects Invoice System in Laravel 1.0.  ...)
+	TODO: check
+CVE-2026-7109 (A vulnerability was detected in code-projects Invoice System in Larave ...)
+	TODO: check
+CVE-2026-7108 (A security vulnerability has been detected in code-projects Invoice Sy ...)
+	TODO: check
+CVE-2026-7107 (A weakness has been identified in code-projects Invoice System in Lara ...)
+	TODO: check
+CVE-2026-7103 (A vulnerability was determined in code-projects Chat System 1.0. Affec ...)
+	TODO: check
+CVE-2026-7102 (A vulnerability was found in Tenda F456 1.0.0.5. This impacts the func ...)
+	TODO: check
+CVE-2026-7101 (A vulnerability has been found in Tenda F456 1.0.0.5. This affects the ...)
+	TODO: check
+CVE-2026-7100 (A flaw has been found in Tenda F456 1.0.0.5. The impacted element is t ...)
+	TODO: check
+CVE-2026-7099 (A vulnerability was detected in Tenda F456 1.0.0.5. The affected eleme ...)
+	TODO: check
+CVE-2026-7098 (A security vulnerability has been detected in Tenda F456 1.0.0.5. Impa ...)
+	TODO: check
+CVE-2026-7097 (A weakness has been identified in Tenda F456 1.0.0.5. This issue affec ...)
+	TODO: check
+CVE-2026-7096 (A security flaw has been discovered in Tenda HG3 2.0 300003070. This v ...)
+	TODO: check
+CVE-2026-7095 (A vulnerability was identified in code-projects Employee Management Sy ...)
+	TODO: check
+CVE-2026-6970 (authd prior to version 0.6.4 contains a logic error in primary group I ...)
+	TODO: check
+CVE-2026-6357 (pip prior to version 26.1 would run self-update check functionality af ...)
+	TODO: check
+CVE-2026-6337
+	REJECTED
+CVE-2026-6265 (Insecure preserved inherited permissions vulnerability in Cerberus FTP ...)
+	TODO: check
+CVE-2026-5943 (Document structural anomalies caused inconsistencies between page elem ...)
+	TODO: check
+CVE-2026-5942 (Flaws in page lifecycle management allow document structure changes to ...)
+	TODO: check
+CVE-2026-5941 (Parsing logic flaws cause non-signature data to be misidentified as va ...)
+	TODO: check
+CVE-2026-5940 (Calling a function that triggers a UI refresh after removing comments  ...)
+	TODO: check
+CVE-2026-5939 (A crafted XFA PDF can trigger a use-after-free condition during calcul ...)
+	TODO: check
+CVE-2026-5938 (Improper control flow management allows a crafted document action chai ...)
+	TODO: check
+CVE-2026-5937 (Insufficient parameter verification leads to the occurrence of format  ...)
+	TODO: check
+CVE-2026-42410 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2026-42379 (Insertion of Sensitive Information Into Sent Data vulnerability in WPD ...)
+	TODO: check
+CVE-2026-41635 (Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, o ...)
+	TODO: check
+CVE-2026-41467 (ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scri ...)
+	TODO: check
+CVE-2026-41466 (ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scri ...)
+	TODO: check
+CVE-2026-41465 (ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulner ...)
+	TODO: check
+CVE-2026-41464 (ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization  ...)
+	TODO: check
+CVE-2026-41463 (ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal ...)
+	TODO: check
+CVE-2026-41462 (ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL i ...)
+	TODO: check
+CVE-2026-41409 (The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() ...)
+	TODO: check
+CVE-2026-41081 (Improper Handling of TLS Client Authentication Failure Leading to Anon ...)
+	TODO: check
+CVE-2026-40860 (JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBi ...)
+	TODO: check
+CVE-2026-40858 (The camel-infinispan component's ProtoStream-based remote aggregation  ...)
+	TODO: check
+CVE-2026-40557 (Improper Certificate Validation via Global SSL Context Downgrade in Ap ...)
+	TODO: check
+CVE-2026-40514 (SmarterTools SmarterMail builds prior to 9610 contain a cryptographic  ...)
+	TODO: check
+CVE-2026-40473 (The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type  ...)
+	TODO: check
+CVE-2026-40453 (The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilte ...)
+	TODO: check
+CVE-2026-40048 (The Camel-PQC FileBasedKeyLifecycleManager class deserializes the cont ...)
+	TODO: check
+CVE-2026-40022 (When authentication is enabled on the Apache Camel embedded HTTP serve ...)
+	TODO: check
+CVE-2026-38936 (A reflected cross-site scripting (XSS) vulnerability exists in diskove ...)
+	TODO: check
+CVE-2026-38935 (A reflected cross-site scripting (XSS) vulnerability exists in diskove ...)
+	TODO: check
+CVE-2026-38934 (Cross Site Request Forgery vulnerability in diskoverdata diskover-comm ...)
+	TODO: check
+CVE-2026-35903 (MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an i ...)
+	TODO: check
+CVE-2026-35902 (The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has  ...)
+	TODO: check
+CVE-2026-35901 (A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Bui ...)
+	TODO: check
+CVE-2026-33454 (The Camel-Mail component is vulnerable to Camel message header injecti ...)
+	TODO: check
+CVE-2026-33453 (Improperly Controlled Modification of Dynamically-Determined Object At ...)
+	TODO: check
+CVE-2026-32688 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
+	TODO: check
+CVE-2026-32655 (Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, cont ...)
+	TODO: check
+CVE-2026-31691 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
+	TODO: check
+CVE-2026-31690 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
+	TODO: check
+CVE-2026-31689 (In the Linux kernel, the following vulnerability has been resolved:  E ...)
+	TODO: check
+CVE-2026-31688 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2026-31687 (In the Linux kernel, the following vulnerability has been resolved:  g ...)
+	TODO: check
+CVE-2026-31686 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
+	TODO: check
+CVE-2026-31256 (A null pointer dereference vulnerability exists in the RTSP service of ...)
+	TODO: check
+CVE-2026-31255 (A command injection vulnerability exists in Tenda AC18 V15.03.05.05_mu ...)
+	TODO: check
+CVE-2026-30462 (A path traversal vulnerability in the Blocks module of Daylight Studio ...)
+	TODO: check
+CVE-2026-30352 (A remote code execution (RCE) vulnerability in the /devserver/start en ...)
+	TODO: check
+CVE-2026-30351 (A path traversal vulnerability in the UI/static component of leonvanzy ...)
+	TODO: check
+CVE-2026-30350 (An issue in the /store/items/search endpoint of Agent Protocol server  ...)
+	TODO: check
+CVE-2026-30346 (An open redirect in the /api/google/authorize endpoint of hunvreus Dev ...)
+	TODO: check
+CVE-2026-27172 (The ConsulRegistry in the camel-consul component (class org.apache.cam ...)
+	TODO: check
+CVE-2026-25908 (Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, cont ...)
+	TODO: check
+CVE-2026-22337 (Incorrect Privilege Assignment vulnerability in Directorist Directoris ...)
+	TODO: check
+CVE-2026-22336 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2026-22077 (OPPO Wallet APP contains a trusted domain validation flaw that allows  ...)
+	TODO: check
+CVE-2025-69689 (The Fan Control application V251 contains an improper privilege handli ...)
+	TODO: check
+CVE-2025-15626 (Authenticated user can bypass authorization in Ribblr - Crochet & Knit ...)
+	TODO: check
+CVE-2026-7040 (Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a he ...)
 	NOT-FOR-US: Text::Minify::XS Perl module
 CVE-2026-25710
 	NOT-FOR-US: plasma-login-manager
@@ -4775,7 +4993,7 @@ CVE-2026-1838 (The Hostel plugin for WordPress is vulnerable to Reflected Cross-
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1559 (The Youzify plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-54505
+CVE-2025-54505 (A transient execution vulnerability within AMD CPUs may allow a local  ...)
 	- linux 6.19.13-1
 	- xen <unfixed>
 	[bullseye] - xen <end-of-life> (not supported under bullseye)
@@ -13622,6 +13840,7 @@ CVE-2026-34874 (An issue was discovered in Mbed TLS through 3.6.5 and 4.x throug
 	- mbedtls <unfixed> (bug #1132577)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-null-pointer-dereference-x509/
 CVE-2026-34871 (An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0  ...)
+	{DLA-4551-1}
 	- mbedtls <unfixed> (bug #1132577)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random/
 CVE-2026-34751 (Payload is a free and open source headless content management system.  ...)
@@ -20223,10 +20442,12 @@ CVE-2026-33171 (Statamic is a Laravel and Git powered content management system
 CVE-2026-33166 (Allure 2 is the version 2.x branch of Allure Report, a multi-language  ...)
 	NOT-FOR-US: Allure
 CVE-2026-33165 (libde265 is an open source implementation of the h.265 video codec. Pr ...)
+	{DLA-4550-1}
 	- libde265 1.0.18-1 (bug #1131468)
 	NOTE: https://github.com/strukturag/libde265/security/advisories/GHSA-653q-9f73-8hvg
 	NOTE: Fixed by: https://github.com/strukturag/libde265/commit/c7891e412106130b83f8e8ea8b7f907e9449b658 (v1.0.17)
 CVE-2026-33164 (libde265 is an open source implementation of the h.265 video codec. Pr ...)
+	{DLA-4550-1}
 	- libde265 1.0.18-1 (bug #1131469)
 	NOTE: https://github.com/strukturag/libde265/security/advisories/GHSA-wqrf-6rf5-v78r
 	NOTE: Fixed by: https://github.com/strukturag/libde265/commit/c7891e412106130b83f8e8ea8b7f907e9449b658 (v1.0.17)
@@ -22480,11 +22701,11 @@ CVE-2026-3207 (Configuration issuein Java Management Extensions (JMX) in TIBCO B
 	NOT-FOR-US: TIBCO
 CVE-2026-32981 (A path traversal vulnerability was identified in Ray Dashboard (defaul ...)
 	NOT-FOR-US: Ray Dashboard
-CVE-2026-32837 (miniaudio version 0.11.25 and earlier contain a heap out-of-bounds rea ...)
+CVE-2026-32837 (miniaudio version 0.11.25 and earlier (fixed in commits 1df46ae and 1d ...)
 	- miniaudio <unfixed>
 	[trixie] - miniaudio <no-dsa> (Minor issue)
 	NOTE: https://github.com/mackron/miniaudio/issues/1101
-CVE-2026-32836 (dr_libsdr_flac.h version 0.13.3 and earlier contain an uncontrolled me ...)
+CVE-2026-32836 (dr_libsdr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, ...)
 	TODO: check
 CVE-2026-32586 (Missing Authorization vulnerability in Pluggabl Booster for WooCommerc ...)
 	NOT-FOR-US: WordPress plugin or theme
@@ -81050,6 +81271,7 @@ CVE-2025-60280 (Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 coul
 CVE-2025-5496 (ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508 ...)
 	NOT-FOR-US: Zoho
 CVE-2025-59438 (Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.)
+	{DLA-4551-1}
 	- mbedtls 3.6.5-0.1 (bug #1118752)
 	[trixie] - mbedtls 3.6.5-0.1~deb13u1
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/
@@ -251428,6 +251650,7 @@ CVE-2023-51793 (Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 al
 	NOTE: Fixed in https://github.com/FFmpeg/FFmpeg/commit/0ecc1f0e48930723d7a467761b66850811c23e62 (n7.0)
 	NOTE: https://trac.ffmpeg.org/ticket/10743
 CVE-2023-51792 (Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attac ...)
+	{DLA-4550-1}
 	- libde265 1.0.13-1
 	[bookworm] - libde265 <no-dsa> (Minor issue)
 	[buster] - libde265 <postponed> (Minor issue)
@@ -455426,8 +455649,8 @@ CVE-2021-36440 (Unrestricted File Upload in ShowDoc v2.9.5 allows remote attacke
 	NOT-FOR-US: ShowDoc
 CVE-2021-36439
 	RESERVED
-CVE-2021-36438
-	RESERVED
+CVE-2021-36438 (SQL Injection vulnerability exists in Sourcecodester Online Job Portal ...)
+	TODO: check
 CVE-2021-36437
 	RESERVED
 CVE-2021-36436 (An issue in Mobicint Backend for Credit Unions v3 allows attackers to  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e26b4423fc9b7b51b932d72d2d3a320a48f1ef3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e26b4423fc9b7b51b932d72d2d3a320a48f1ef3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260427/089ac614/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list