[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 3 20:13:18 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a381282 by security tracker role at 2026-02-03T20:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,24 +1,414 @@
-CVE-2026-1312 [Potential SQL injection via QuerySet.order_by and FilteredRelation]
+CVE-2026-25616 (Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka ...)
+ TODO: check
+CVE-2026-25615 (Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE ...)
+ TODO: check
+CVE-2026-25614 (Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE ...)
+ TODO: check
+CVE-2026-25522 (Craft Commerce is an ecommerce platform for Craft CMS. In versions fro ...)
+ TODO: check
+CVE-2026-25503 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-25502 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-25490 (Craft Commerce is an ecommerce platform for Craft CMS. In versions fro ...)
+ TODO: check
+CVE-2026-25489 (Craft Commerce is an ecommerce platform for Craft CMS. In versions fro ...)
+ TODO: check
+CVE-2026-25488 (Craft Commerce is an ecommerce platform for Craft CMS. In versions fro ...)
+ TODO: check
+CVE-2026-25487 (Craft Commerce is an ecommerce platform for Craft CMS. In versions fro ...)
+ TODO: check
+CVE-2026-25486 (Craft Commerce is an ecommerce platform for Craft CMS. From version 5. ...)
+ TODO: check
+CVE-2026-25485 (Craft Commerce is an ecommerce platform for Craft CMS. In versions fro ...)
+ TODO: check
+CVE-2026-25484 (Craft Commerce is an ecommerce platform for Craft CMS. In versions fro ...)
+ TODO: check
+CVE-2026-25483 (Craft Commerce is an ecommerce platform for Craft CMS. In versions fro ...)
+ TODO: check
+CVE-2026-25482 (Craft Commerce is an ecommerce platform for Craft CMS. In versions fro ...)
+ TODO: check
+CVE-2026-25241 (PEAR is a framework and distribution system for reusable PHP component ...)
+ TODO: check
+CVE-2026-25240 (PEAR is a framework and distribution system for reusable PHP component ...)
+ TODO: check
+CVE-2026-25239 (PEAR is a framework and distribution system for reusable PHP component ...)
+ TODO: check
+CVE-2026-25238 (PEAR is a framework and distribution system for reusable PHP component ...)
+ TODO: check
+CVE-2026-25237 (PEAR is a framework and distribution system for reusable PHP component ...)
+ TODO: check
+CVE-2026-25236 (PEAR is a framework and distribution system for reusable PHP component ...)
+ TODO: check
+CVE-2026-25235 (PEAR is a framework and distribution system for reusable PHP component ...)
+ TODO: check
+CVE-2026-25234 (PEAR is a framework and distribution system for reusable PHP component ...)
+ TODO: check
+CVE-2026-25233 (PEAR is a framework and distribution system for reusable PHP component ...)
+ TODO: check
+CVE-2026-25036 (Missing Authorization vulnerability in WP Chill Passster content-prote ...)
+ TODO: check
+CVE-2026-25028 (Missing Authorization vulnerability in Element Invader ElementInvader ...)
+ TODO: check
+CVE-2026-25027 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-25024 (Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams Thir ...)
+ TODO: check
+CVE-2026-25023 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2026-25022 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-25021 (Missing Authorization vulnerability in Mizan Themes Mizan Demo Importe ...)
+ TODO: check
+CVE-2026-25020 (Missing Authorization vulnerability in WP connect WP Sync for Notion w ...)
+ TODO: check
+CVE-2026-25019 (Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual ...)
+ TODO: check
+CVE-2026-25016 (Missing Authorization vulnerability in Nelio Software Nelio Popups nel ...)
+ TODO: check
+CVE-2026-25015 (Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP use ...)
+ TODO: check
+CVE-2026-25014 (Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Ad ...)
+ TODO: check
+CVE-2026-25012 (Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-ba ...)
+ TODO: check
+CVE-2026-25011 (Missing Authorization vulnerability in Northern Beaches Websites WP Cu ...)
+ TODO: check
+CVE-2026-25010 (Missing Authorization vulnerability in ILLID Share This Image share-th ...)
+ TODO: check
+CVE-2026-24998 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2026-24997 (Missing Authorization vulnerability in Wired Impact Wired Impact Volun ...)
+ TODO: check
+CVE-2026-24996 (Missing Authorization vulnerability in wpelemento WPElemento Importer ...)
+ TODO: check
+CVE-2026-24995 (Missing Authorization vulnerability in Iulia Cazan Latest Post Shortco ...)
+ TODO: check
+CVE-2026-24994 (Missing Authorization vulnerability in sunshinephotocart Sunshine Phot ...)
+ TODO: check
+CVE-2026-24992 (Insertion of Sensitive Information Into Sent Data vulnerability in WPF ...)
+ TODO: check
+CVE-2026-24991 (Authorization Bypass Through User-Controlled Key vulnerability in HT P ...)
+ TODO: check
+CVE-2026-24990 (Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs a ...)
+ TODO: check
+CVE-2026-24988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple M ...)
+ TODO: check
+CVE-2026-24985 (Missing Authorization vulnerability in approveme WP Forms Signature Co ...)
+ TODO: check
+CVE-2026-24984 (Missing Authorization vulnerability in Brecht Visual Link Preview visu ...)
+ TODO: check
+CVE-2026-24982 (Missing Authorization vulnerability in Brainstorm Force Spectra ultima ...)
+ TODO: check
+CVE-2026-24967 (Missing Authorization vulnerability in ameliabooking Amelia ameliabook ...)
+ TODO: check
+CVE-2026-24966 (Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape ...)
+ TODO: check
+CVE-2026-24965 (Missing Authorization vulnerability in Wasiliy Strecker / ContestGalle ...)
+ TODO: check
+CVE-2026-24962 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Si ...)
+ TODO: check
+CVE-2026-24961 (Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand B ...)
+ TODO: check
+CVE-2026-24958 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24957 (Missing Authorization vulnerability in WP Chill Strong Testimonials st ...)
+ TODO: check
+CVE-2026-24954 (Deserialization of Untrusted Data vulnerability in magepeopleteam WpEv ...)
+ TODO: check
+CVE-2026-24952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24951 (Missing Authorization vulnerability in Saad Iqbal myCred mycred allows ...)
+ TODO: check
+CVE-2026-24947 (Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit ...)
+ TODO: check
+CVE-2026-24945 (Missing Authorization vulnerability in Themefic Ultimate Addons for Co ...)
+ TODO: check
+CVE-2026-24942 (Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEv ...)
+ TODO: check
+CVE-2026-24940 (Missing Authorization vulnerability in Themefic Travelfic Toolkit trav ...)
+ TODO: check
+CVE-2026-24939 (Missing Authorization vulnerability in WP Chill Modula Image Gallery m ...)
+ TODO: check
+CVE-2026-24938 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24774 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24773 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24762 (RustFS is a distributed object storage system built in Rust. From vers ...)
+ TODO: check
+CVE-2026-24674 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24673 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24672 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24671 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24670 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24669 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24668 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24667 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24666 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24665 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24664 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
+ TODO: check
+CVE-2026-24441 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose a ...)
+ TODO: check
+CVE-2026-24434 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not ...)
+ TODO: check
+CVE-2026-24427 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose s ...)
+ TODO: check
+CVE-2026-24426 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior containa ...)
+ TODO: check
+CVE-2026-24149 (NVIDIA Megatron-LM for all platforms contains a vulnerability in a scr ...)
+ TODO: check
+CVE-2026-23795 (Improper Restriction of XML External Entity Reference vulnerability in ...)
+ TODO: check
+CVE-2026-23794 (Reflected XSS in Apache Syncope's Enduser Login page. An attacker that ...)
+ TODO: check
+CVE-2026-22228 (An authenticated user with high privileges may trigger a denial\u2011o ...)
+ TODO: check
+CVE-2026-22220 (A lack of proper input validation in the HTTP processing path in TP-Li ...)
+ TODO: check
+CVE-2026-21862 (RustFS is a distributed object storage system built in Rust. Prior to ...)
+ TODO: check
+CVE-2026-1846
+ REJECTED
+CVE-2026-1814 (Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insuffic ...)
+ TODO: check
+CVE-2026-1803 (A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted ...)
+ TODO: check
+CVE-2026-1802 (A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. Thi ...)
+ TODO: check
+CVE-2026-1664 (Summary An Insecure Direct Object Reference has been found to exist i ...)
+ TODO: check
+CVE-2026-1568 (Rapid7 InsightVM versions before8.34.0 contain a signature verificatio ...)
+ TODO: check
+CVE-2026-1432 (SQL injection vulnerability in the Buroweb platform version 2505.0.12, ...)
+ TODO: check
+CVE-2026-0620 (When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept c ...)
+ TODO: check
+CVE-2025-8461 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-8456 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-7760 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-71179 (Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting ( ...)
+ TODO: check
+CVE-2025-70849 (Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated att ...)
+ TODO: check
+CVE-2025-70841 (Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauth ...)
+ TODO: check
+CVE-2025-70758 (chetans9 core-php-admin-panel through commit a94a780d6 contains an aut ...)
+ TODO: check
+CVE-2025-70560 (Boltz 2.0.0 contains an insecure deserialization vulnerability in its ...)
+ TODO: check
+CVE-2025-70559 (pdfminer.six before 20251230 contains an insecure deserialization vuln ...)
+ TODO: check
+CVE-2025-70311 (JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malici ...)
+ TODO: check
+CVE-2025-6397 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-69983 (FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import ...)
+ TODO: check
+CVE-2025-69981 (FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the ...)
+ TODO: check
+CVE-2025-69971 (FUXA v1.2.7 contains a hard-coded credential vulnerability in server/a ...)
+ TODO: check
+CVE-2025-69970 (FUXA v1.2.7 contains an insecure default configuration vulnerability i ...)
+ TODO: check
+CVE-2025-69875 (A vulnerability exists in Quick Heal Total Security 23.0.0 in the quar ...)
+ TODO: check
+CVE-2025-69848 (NetBox is an open-source infrastructure resource modeling and IP addre ...)
+ TODO: check
+CVE-2025-69431 (The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbo ...)
+ TODO: check
+CVE-2025-69430 (An Incorrect Symlink Follow vulnerability exists in multiple Yottamast ...)
+ TODO: check
+CVE-2025-69429 (The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect ...)
+ TODO: check
+CVE-2025-67857 (A flaw was found in moodle. During anonymous assignment submissions, u ...)
+ TODO: check
+CVE-2025-67856 (A flaw was found in Moodle. An authorization logic flaw, specifically ...)
+ TODO: check
+CVE-2025-67855 (A flaw was found in mooodle. A remote attacker could exploit a reflect ...)
+ TODO: check
+CVE-2025-67853 (A flaw was found in Moodle. A remote attacker could exploit a lack of ...)
+ TODO: check
+CVE-2025-67852 (A flaw was found in Moodle. An open redirect vulnerability in the OAut ...)
+ TODO: check
+CVE-2025-67851 (A flaw was found in moodle. This formula injection vulnerability occur ...)
+ TODO: check
+CVE-2025-67850 (A flaw was found in moodle. This vulnerability, known as Cross-Site Sc ...)
+ TODO: check
+CVE-2025-67849 (A flaw was found in Moodle. This cross-site scripting (XSS) vulnerabil ...)
+ TODO: check
+CVE-2025-67848 (A flaw was found in Moodle. This authentication bypass vulnerability a ...)
+ TODO: check
+CVE-2025-67189 (A buffer overflow vulnerability exists in the setParentalRules interfa ...)
+ TODO: check
+CVE-2025-67188 (A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.520 ...)
+ TODO: check
+CVE-2025-67187 (A stack-based buffer overflow vulnerability was identified in TOTOLINK ...)
+ TODO: check
+CVE-2025-67186 (TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vul ...)
+ TODO: check
+CVE-2025-66374 (CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a loc ...)
+ TODO: check
+CVE-2025-65924 (ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags spe ...)
+ TODO: check
+CVE-2025-65923 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered withi ...)
+ TODO: check
+CVE-2025-65875 (An arbitrary file upload vulnerability in the AddFont() function of FP ...)
+ TODO: check
+CVE-2025-65017 (Decidim is a participatory democracy framework. In versions from 0.30. ...)
+ TODO: check
+CVE-2025-63624 (SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT ...)
+ TODO: check
+CVE-2025-63372 (Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Direc ...)
+ TODO: check
+CVE-2025-62673 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-62501 (SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 ...)
+ TODO: check
+CVE-2025-62405 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-62404 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-61983 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-61944 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-61506 (An issue was discovered in MediaCrush thru 1.0.1 allowing remote unaut ...)
+ TODO: check
+CVE-2025-60865 (Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.5 ...)
+ TODO: check
+CVE-2025-5319 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-59902 (HTML injection vulnerability in NICE Chat. This vulnerability allows a ...)
+ TODO: check
+CVE-2025-59487 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-59482 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-59439 (An issue was discovered in Samsung Modem Exynos through 2025-08-29. In ...)
+ TODO: check
+CVE-2025-58455 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-58348 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-58347 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-58346 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-58345 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-58344 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-58343 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-58342 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-58341 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-58340 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
+ TODO: check
+CVE-2025-58077 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
+ TODO: check
+CVE-2025-57529 (YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL In ...)
+ TODO: check
+CVE-2025-52633 (HCL AION is affected by a Permanent Cookie Containing Sensitive Sessio ...)
+ TODO: check
+CVE-2025-52631 (HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Se ...)
+ TODO: check
+CVE-2025-52629 (HCL AION is susceptible to Missing Content-Security-Policy. An The ab ...)
+ TODO: check
+CVE-2025-52628 (HCL AION is affected by a Cookie with Insecure, Improper, or Missing S ...)
+ TODO: check
+CVE-2025-52627 (Root File System Not Mounted as Read-Only configuration vulnerability. ...)
+ TODO: check
+CVE-2025-52626 (A Potential Command Injection vulnerability in HCL AION. An This can ...)
+ TODO: check
+CVE-2025-52623 (HCL AION is affected by an Autocomplete HTML Attribute Not Disabled fo ...)
+ TODO: check
+CVE-2025-46651 (Tiny File Manager through 2.6 contains a server-side request forgery ( ...)
+ TODO: check
+CVE-2025-41065 (Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software ...)
+ TODO: check
+CVE-2025-11598 (In mObywatel iOS applicationan unauthorized user can use the App Switc ...)
+ TODO: check
+CVE-2025-10878 (A SQL injection vulnerability exists in the login functionality of Fik ...)
+ TODO: check
+CVE-2020-37116 (GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which ...)
+ TODO: check
+CVE-2020-37115 (GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing ...)
+ TODO: check
+CVE-2020-37114 (GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users ...)
+ TODO: check
+CVE-2020-37113 (GUnet OpenEclass 1.7.3 allows authenticated users to bypass file exten ...)
+ TODO: check
+CVE-2020-37112 (GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities ...)
+ TODO: check
+CVE-2020-37111 (60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2020-37110 (60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php a ...)
+ TODO: check
+CVE-2020-37108 (PhpIX 2012 Professional contains a SQL injection vulnerability in the ...)
+ TODO: check
+CVE-2020-37105 (PMB 5.6 contains a SQL injection vulnerability in the administration d ...)
+ TODO: check
+CVE-2020-37103 (DotNetNuke 9.5 contains a persistent cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2020-37102 (Adaware Web Companion 4.9.2159 contains an unquoted service path vulne ...)
+ TODO: check
+CVE-2020-37101 (VPN Unlimited 6.1 contains an unquoted service path vulnerability that ...)
+ TODO: check
+CVE-2020-37100 (Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulne ...)
+ TODO: check
+CVE-2020-37099 (Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulner ...)
+ TODO: check
+CVE-2020-37098 (Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulne ...)
+ TODO: check
+CVE-2019-25265 (Online Inventory Manager 3.2 contains a stored cross-site scripting vu ...)
+ TODO: check
+CVE-2019-25264 (Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerabilit ...)
+ TODO: check
+CVE-2019-25263 (Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scriptin ...)
+ TODO: check
+CVE-2019-25261 (AnyDesk 5.4.0 contains an unquoted service path vulnerability in its W ...)
+ TODO: check
+CVE-2026-1312 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314 (4.2.28)
-CVE-2026-1287 [Potential SQL injection in column aliases via control characters]
+CVE-2026-1287 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/f75f8f3597e1ce351d5ac08b6ba7ebd9dadd9b5d (4.2.28)
-CVE-2026-1285 [Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods]
+CVE-2026-1285 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/b40cfc6052ced26dcd8166a58ea6f841d0d2cac8 (4.2.28)
-CVE-2026-1207 [Potential SQL injection via raster lookups on PostGIS]
+CVE-2026-1207 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/a14363102d98fa29b8cced578eb3a0fadaa5bcb7 (4.2.28)
-CVE-2025-14550 [Potential denial-of-service vulnerability via repeated headers when using ASGI]
+CVE-2025-14550 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/f578acc8c54530fffabd52d2db654c8669b011af (4.2.28)
-CVE-2025-13473 [Username enumeration through timing difference in mod_wsgi authentication handler]
+CVE-2025-13473 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/6dc23508f3395e1254c315084c7334ef81c4c09a (4.2.28)
@@ -705,7 +1095,7 @@ CVE-2025-36387 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server
NOT-FOR-US: IBM
CVE-2025-36384 (IBM Db2 for Windows12.1.0 - 12.1.3 could allow a local user with file ...)
NOT-FOR-US: IBM
-CVE-2025-36366 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+CVE-2025-36366 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) coul ...)
NOT-FOR-US: IBM
CVE-2025-36365 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
NOT-FOR-US: IBM
@@ -1731,6 +2121,7 @@ CVE-2026-0832 (The New User Approve plugin for WordPress is vulnerable to unauth
CVE-2026-0825 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0818 (When a user explicitly requested Thunderbird to decrypt an inline Open ...)
+ {DSA-6118-1}
- thunderbird 1:140.7.1esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-08/#CVE-2026-0818
CVE-2025-9082 (The WPBITS Addons For Elementor plugin for WordPress is vulnerable to ...)
@@ -30133,49 +30524,49 @@ CVE-2025-13086 (Improper validation of source IP addresses in OpenVPN version 2.
NOTE: Prerequisite: https://github.com/OpenVPN/openvpn/commit/68c01720eecc1772b3f648b9e043e396d943f632 (v2.6.15)
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/18c483dd6031d86eb393527855734e8cd62fea19 (v2.7_rc2)
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/fa6a1824b0f37bff137204156a74ca28cf5b6f83 (v2.6.16)
-CVE-2025-64438
+CVE-2025-64438 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
- fastdds <unfixed> (bug #1121096)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7 (v3.4.1)
-CVE-2025-62799
+CVE-2025-62799 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
- fastdds <unfixed> (bug #1121097)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/d6dd58f4ecd28cd1c3bc4ef0467be9110fa94659 (v3.4.1)
-CVE-2025-62599
+CVE-2025-62599 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
-CVE-2025-62600
+CVE-2025-62600 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
-CVE-2025-62601
+CVE-2025-62601 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
-CVE-2025-62602
+CVE-2025-62602 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
-CVE-2025-62603
+CVE-2025-62603 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
[bullseye] - fastdds <postponed> (Minor issue)
NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
-CVE-2025-64098
+CVE-2025-64098 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...)
- fastdds <unfixed> (bug #1121094)
[trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a38128254ea42f75ce60038417d838fecfa196f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a38128254ea42f75ce60038417d838fecfa196f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260203/64a3cd19/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list