[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 28 08:13:10 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
edf2230e by security tracker role at 2026-04-28T07:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,181 @@
+CVE-2026-7234 (A weakness has been identified in BrowserOperator browser-operator-cor ...)
+ TODO: check
+CVE-2026-7233 (A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impa ...)
+ TODO: check
+CVE-2026-7230 (A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The ...)
+ TODO: check
+CVE-2026-7229 (A vulnerability was found in code-projects Coaching Management System ...)
+ TODO: check
+CVE-2026-7228 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. ...)
+ TODO: check
+CVE-2026-7227 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...)
+ TODO: check
+CVE-2026-7226 (A security vulnerability has been detected in SourceCodester Pizzafy E ...)
+ TODO: check
+CVE-2026-7225 (A weakness has been identified in SourceCodester Pizzafy Ecommerce Sys ...)
+ TODO: check
+CVE-2026-7224 (A security flaw has been discovered in SourceCodester Pizzafy Ecommerc ...)
+ TODO: check
+CVE-2026-7223 (A vulnerability was identified in BigSweetPotatoStudio HyperChat up to ...)
+ TODO: check
+CVE-2026-7222 (A vulnerability was determined in code-projects Coaching Management Sy ...)
+ TODO: check
+CVE-2026-7221 (A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17 ...)
+ TODO: check
+CVE-2026-7220 (A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b ...)
+ TODO: check
+CVE-2026-7219 (A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects ...)
+ TODO: check
+CVE-2026-7218 (A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The i ...)
+ TODO: check
+CVE-2026-7217 (A security vulnerability has been detected in Deepractice PromptX up t ...)
+ TODO: check
+CVE-2026-7216 (A weakness has been identified in donchelo processing-claude-mcp-bridg ...)
+ TODO: check
+CVE-2026-7215 (A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. ...)
+ TODO: check
+CVE-2026-7214 (A vulnerability was identified in eghuzefa engineer-your-data up to 0. ...)
+ TODO: check
+CVE-2026-7213 (A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts ...)
+ TODO: check
+CVE-2026-7212 (A security vulnerability has been detected in edvardlindelof notes-mcp ...)
+ TODO: check
+CVE-2026-7211 (A weakness has been identified in dvladimirov MCP up to 0.1.0. The imp ...)
+ TODO: check
+CVE-2026-7206 (A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. ...)
+ TODO: check
+CVE-2026-7205 (A vulnerability was identified in duartium papers-mcp-server 9ceb3812a ...)
+ TODO: check
+CVE-2026-7204 (A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521 ...)
+ TODO: check
+CVE-2026-7203 (A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Thi ...)
+ TODO: check
+CVE-2026-7202 (A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521 ...)
+ TODO: check
+CVE-2026-7200 (A flaw has been found in SourceCodester Pharmacy Sales and Inventory S ...)
+ TODO: check
+CVE-2026-7199 (A vulnerability was detected in SourceCodester Pharmacy Sales and Inve ...)
+ TODO: check
+CVE-2026-7196 (A security vulnerability has been detected in CodeAstro Online Classro ...)
+ TODO: check
+CVE-2026-7194 (A weakness has been identified in SourceCodester Pharmacy Sales and In ...)
+ TODO: check
+CVE-2026-7191 (Improper use of the static-eval npm package in the open source solutio ...)
+ TODO: check
+CVE-2026-7183 (A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The a ...)
+ TODO: check
+CVE-2026-7179 (A security vulnerability has been detected in OSPG binwalk up to 2.4.3 ...)
+ TODO: check
+CVE-2026-7178 (A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1 ...)
+ TODO: check
+CVE-2026-7177 (A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2 ...)
+ TODO: check
+CVE-2026-7160 (A vulnerability was determined in Tenda HG3 2.0. This vulnerability af ...)
+ TODO: check
+CVE-2026-7159 (A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. Thi ...)
+ TODO: check
+CVE-2026-7158 (A vulnerability has been found in dmitryglhf mcp-url-downloader up to ...)
+ TODO: check
+CVE-2026-7157 (A flaw has been found in disler aider-mcp-server up to b2516fa466d0d85 ...)
+ TODO: check
+CVE-2026-7156 (A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. ...)
+ TODO: check
+CVE-2026-7155 (A security vulnerability has been detected in Totolink A8000RU 7.1cu.6 ...)
+ TODO: check
+CVE-2026-7154 (A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521 ...)
+ TODO: check
+CVE-2026-7153 (A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b202 ...)
+ TODO: check
+CVE-2026-7152 (A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521 ...)
+ TODO: check
+CVE-2026-7151 (A vulnerability was determined in Tenda HG3 2.0. Impacted is the funct ...)
+ TODO: check
+CVE-2026-7150 (A vulnerability was found in dh1011 auto-favicon up to f189116a9259950 ...)
+ TODO: check
+CVE-2026-7149 (A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffc ...)
+ TODO: check
+CVE-2026-6809 (The Social Post Embed plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2026-6741 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
+ TODO: check
+CVE-2026-6725 (The WPC Smart Messages for WooCommerce plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2026-6551 (The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-5394 (An authenticated administrative user who can import or save DataObject ...)
+ TODO: check
+CVE-2026-5362 (An authenticated attacker with permission to edit document content can ...)
+ TODO: check
+CVE-2026-5306 (The Check & Log Email WordPress plugin before 2.0.13 does not properl ...)
+ TODO: check
+CVE-2026-42510 (OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-defa ...)
+ TODO: check
+CVE-2026-41372 (OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hos ...)
+ TODO: check
+CVE-2026-41371 (OpenClaw before 2026.3.28 contains a privilege escalation vulnerabilit ...)
+ TODO: check
+CVE-2026-41370 (OpenClaw before 2026.3.31 contains a path traversal vulnerability in A ...)
+ TODO: check
+CVE-2026-41369 (OpenClaw before 2026.3.31 contains insufficient environment variable s ...)
+ TODO: check
+CVE-2026-41368 (OpenClaw before 2026.3.28 contains an environment variable disclosure ...)
+ TODO: check
+CVE-2026-41367 (OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently app ...)
+ TODO: check
+CVE-2026-41366 (OpenClaw before 2026.3.31 contains a local roots self-whitelisting vul ...)
+ TODO: check
+CVE-2026-41365 (OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerabi ...)
+ TODO: check
+CVE-2026-41364 (OpenClaw before 2026.3.31 contains a symlink following vulnerability i ...)
+ TODO: check
+CVE-2026-41363 (OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal ...)
+ TODO: check
+CVE-2026-41362 (OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache ...)
+ TODO: check
+CVE-2026-40977 (When an application is configured to use `ApplicationPidFileWriter`, a ...)
+ TODO: check
+CVE-2026-40976 (In certain circumstances, Spring Boot's default web security is ineffe ...)
+ TODO: check
+CVE-2026-40975 (Values produced by ${random.value} are not suitable for use as secrets ...)
+ TODO: check
+CVE-2026-40974 (Spring Boot's Cassandra auto-configuration does not perform hostname v ...)
+ TODO: check
+CVE-2026-40973 (A local attacker on the same host as the application may be able to ta ...)
+ TODO: check
+CVE-2026-40972 (An attacker on the same network as the remote application may be able ...)
+ TODO: check
+CVE-2026-40971 (When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-conf ...)
+ TODO: check
+CVE-2026-40970 (When configured to use an SSL bundle, Spring Boot's Elasticsearch auto ...)
+ TODO: check
+CVE-2026-40967 (In Spring AI, various FilterExpressionConverter implementations accept ...)
+ TODO: check
+CVE-2026-40356 (In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underf ...)
+ TODO: check
+CVE-2026-40355 (In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer de ...)
+ TODO: check
+CVE-2026-3087 (If `shutil.unpack_archive()` is given a ZIP archive with an absolute W ...)
+ TODO: check
+CVE-2026-32649 (A command injection vulnerability exists in the web server of specific ...)
+ TODO: check
+CVE-2026-32644 (Specific firmware versions of Milesight AIOT cameras use SSL certifica ...)
+ TODO: check
+CVE-2026-29971 (A reflected cross-site scripting (XSS) vulnerability exists in WebFile ...)
+ TODO: check
+CVE-2026-28747 (A weak key generation vulnerability exists in specific firmware versio ...)
+ TODO: check
+CVE-2026-27785 (Specific firmware versions of Milesight AIOT camera firmware contain h ...)
+ TODO: check
+CVE-2026-20766 (An out-of-bounds memory access vulnerability exists in specific firmwa ...)
+ TODO: check
+CVE-2026-1460 (A post-authentication command injection vulnerability in the \u201cDom ...)
+ TODO: check
+CVE-2026-0711 (A post-authentication command injection vulnerability in the EasyMesh- ...)
+ TODO: check
+CVE-2025-69428 (An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to ...)
+ TODO: check
+CVE-2024-46636 (NASA Earth Observing System Data and Information System (EOSDIS) MODAP ...)
+ TODO: check
CVE-2026-42167 [SQL injection possible via mod_sql because of is_escaped_text() logic]
- proftpd-dfsg <unfixed> (bug #1135119)
NOTE: https://github.com/proftpd/proftpd/issues/2052
@@ -3557,6 +3735,7 @@ CVE-2026-34284 (Vulnerability in the Oracle Business Process Management Suite pr
CVE-2026-34283 (Vulnerability in the Oracle Identity Manager product of Oracle Fusion ...)
NOT-FOR-US: Oracle
CVE-2026-34282 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DSA-6231-1}
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
- openjdk-21 21.0.11+10-1
@@ -3589,6 +3768,7 @@ CVE-2026-34270 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2026-34269 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
NOT-FOR-US: Oracle
CVE-2026-34268 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -3631,6 +3811,7 @@ CVE-2026-22746 (Vulnerability in Spring Spring Security. If an application is us
- libspring-security-2.0-java <removed>
NOTE: https://spring.io/security/cve-2026-22746
CVE-2026-22021 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -3640,6 +3821,7 @@ CVE-2026-22021 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
CVE-2026-22019 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components produ ...)
NOT-FOR-US: Oracle
CVE-2026-22018 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -3649,6 +3831,7 @@ CVE-2026-22018 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora
CVE-2026-22017 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.46-1 (bug #1134614)
CVE-2026-22016 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -3660,6 +3843,7 @@ CVE-2026-22015 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2026-22014 (Vulnerability in the Oracle User Management product of Oracle E-Busine ...)
NOT-FOR-US: Oracle
CVE-2026-22013 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
@@ -3676,6 +3860,7 @@ CVE-2026-22008 (Vulnerability in Oracle Java SE (component: Libraries). The su
- openjdk-25 25.0.3+9-1
NOTE: https://openjdk.org/groups/vulnerability/advisories/2026-04-21
CVE-2026-22007 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
+ {DSA-6231-1}
- openjdk-8 <unfixed> (bug #1134894)
- openjdk-11 11.0.31+11-1
- openjdk-17 17.0.19+10-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edf2230e691561e9b5aade20a078a18c098fa9cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/edf2230e691561e9b5aade20a078a18c098fa9cc
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/ef6c6c38/attachment.htm>
More information about the debian-security-tracker-commits
mailing list