[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 6 20:13:32 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c50d3795 by security tracker role at 2026-02-06T20:13:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,212 @@
-CVE-2026-25727
+CVE-2026-2103 (Infor SyteLine ERP uses hard-coded static cryptographic keys to encryp ...)
+	TODO: check
+CVE-2026-2065 (A security flaw has been discovered in Flycatcher Toys smART Pixelator ...)
+	TODO: check
+CVE-2026-2064 (A vulnerability was identified in Portabilis i-Educar up to 2.10. Affe ...)
+	TODO: check
+CVE-2026-2063 (A security flaw has been discovered in D-Link DIR-823X 250416. This vu ...)
+	TODO: check
+CVE-2026-2062 (A vulnerability was identified in Open5GS up to 2.7.6. This affects th ...)
+	TODO: check
+CVE-2026-2061 (A vulnerability was determined in D-Link DIR-823X 250416. Affected by  ...)
+	TODO: check
+CVE-2026-2060 (A vulnerability was found in code-projects Simple Blood Donor Manageme ...)
+	TODO: check
+CVE-2026-2059 (A vulnerability has been found in SourceCodester Medical Center Portal ...)
+	TODO: check
+CVE-2026-2058 (A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to ...)
+	TODO: check
+CVE-2026-2057 (A vulnerability was detected in SourceCodester Medical Center Portal M ...)
+	TODO: check
+CVE-2026-2056 (A security vulnerability has been detected in D-Link DIR-605L and DIR- ...)
+	TODO: check
+CVE-2026-2055 (A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01 ...)
+	TODO: check
+CVE-2026-2054 (A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2. ...)
+	TODO: check
+CVE-2026-2018 (A flaw has been found in itsourcecode School Management System 1.0. Th ...)
+	TODO: check
+CVE-2026-2017 (A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Aff ...)
+	TODO: check
+CVE-2026-2016 (A security vulnerability has been detected in happyfish100 libfastcomm ...)
+	TODO: check
+CVE-2026-2015 (A weakness has been identified in Portabilis i-Educar up to 2.10. Affe ...)
+	TODO: check
+CVE-2026-2014 (A security flaw has been discovered in itsourcecode Student Management ...)
+	TODO: check
+CVE-2026-2013 (A vulnerability was identified in itsourcecode Student Management Syst ...)
+	TODO: check
+CVE-2026-2012 (A vulnerability was determined in itsourcecode Student Management Syst ...)
+	TODO: check
+CVE-2026-2011 (A vulnerability was found in itsourcecode Student Management System 1. ...)
+	TODO: check
+CVE-2026-25753 (PlaciPy is a placement management system designed for educational inst ...)
+	TODO: check
+CVE-2026-25752 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
+	TODO: check
+CVE-2026-25751 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
+	TODO: check
+CVE-2026-25725 (Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude  ...)
+	TODO: check
+CVE-2026-25724 (Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude  ...)
+	TODO: check
+CVE-2026-25723 (Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude ...)
+	TODO: check
+CVE-2026-25722 (Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude ...)
+	TODO: check
+CVE-2026-25651 (client-certificate-auth is middleware for Node.js implementing client  ...)
+	TODO: check
+CVE-2026-25650 (MCP Salesforce Connector is a Model Context Protocol (MCP) server impl ...)
+	TODO: check
+CVE-2026-25647 (Lute is a structured Markdown engine supporting Go and JavaScript. Lut ...)
+	TODO: check
+CVE-2026-25643 (Frigate is a network video recorder (NVR) with realtime local object d ...)
+	TODO: check
+CVE-2026-25642 (HedgeDoc is an open source, real-time, collaborative, markdown notes a ...)
+	TODO: check
+CVE-2026-25641 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there i ...)
+	TODO: check
+CVE-2026-25640 (Pydantic AI is a Python agent framework for building applications and  ...)
+	TODO: check
+CVE-2026-25587 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map  ...)
+	TODO: check
+CVE-2026-25586 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandb ...)
+	TODO: check
+CVE-2026-25556 (MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerabili ...)
+	TODO: check
+CVE-2026-25520 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The ret ...)
+	TODO: check
+CVE-2026-24931 (Vulnerability of improper criterion security check in the card module. ...)
+	TODO: check
+CVE-2026-24930 (UAF concurrency vulnerability in the graphics module. Impact: Successf ...)
+	TODO: check
+CVE-2026-24929 (Out-of-bounds read vulnerability in the graphics module. Impact: Succe ...)
+	TODO: check
+CVE-2026-24928 (Out-of-bounds write vulnerability in the file system module. Impact: S ...)
+	TODO: check
+CVE-2026-24927 (Out-of-bounds access vulnerability in the frequency modulation module. ...)
+	TODO: check
+CVE-2026-24926 (Out-of-bounds write vulnerability in the camera module. Impact: Succes ...)
+	TODO: check
+CVE-2026-24925 (Heap-based buffer overflow vulnerability in the image module. Impact:  ...)
+	TODO: check
+CVE-2026-24924 (Vulnerability of improper permission control in the print module. Impa ...)
+	TODO: check
+CVE-2026-24923 (Permission control vulnerability in the HDC module. Impact: Successful ...)
+	TODO: check
+CVE-2026-24922 (Buffer overflow vulnerability in the HDC module. Impact: Successful ex ...)
+	TODO: check
+CVE-2026-24921 (Address read vulnerability in the HDC module. Impact: Successful explo ...)
+	TODO: check
+CVE-2026-24920 (Permission control vulnerability in the AMS module. Impact: Successful ...)
+	TODO: check
+CVE-2026-24919 (Out-of-bounds write vulnerability in the DFX module. Impact: Successfu ...)
+	TODO: check
+CVE-2026-24918 (Address read vulnerability in the communication module. Impact: Succes ...)
+	TODO: check
+CVE-2026-24917 (UAF vulnerability in the security module. Impact: Successful exploitat ...)
+	TODO: check
+CVE-2026-24916 (Identity authentication bypass vulnerability in the window module. Imp ...)
+	TODO: check
+CVE-2026-24915 (Out-of-bounds read issue in the media subsystem. Impact: Successful ex ...)
+	TODO: check
+CVE-2026-24914 (Type confusion vulnerability in the camera module. Impact: Successful  ...)
+	TODO: check
+CVE-2026-24903 (OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Sto ...)
+	TODO: check
+CVE-2026-24851 (OpenFGA is a high-performance and flexible authorization/permission en ...)
+	TODO: check
+CVE-2026-24776 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-24419 (OpenSTAManager is an open source management software for technical ass ...)
+	TODO: check
+CVE-2026-24418 (OpenSTAManager is an open source management software for technical ass ...)
+	TODO: check
+CVE-2026-24417 (OpenSTAManager is an open source management software for technical ass ...)
+	TODO: check
+CVE-2026-24416 (OpenSTAManager is an open source management software for technical ass ...)
+	TODO: check
+CVE-2026-24135 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
+	TODO: check
+CVE-2026-24050 (Zulip is an open-source team collaboration tool. From 5.0 to before 11 ...)
+	TODO: check
+CVE-2026-23989 (REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bu ...)
+	TODO: check
+CVE-2026-23741 (Asterisk is an open source private branch exchange and telephony toolk ...)
+	TODO: check
+CVE-2026-23740 (Asterisk is an open source private branch exchange and telephony toolk ...)
+	TODO: check
+CVE-2026-23739 (Asterisk is an open source private branch exchange and telephony toolk ...)
+	TODO: check
+CVE-2026-23738 (Asterisk is an open source private branch exchange and telephony toolk ...)
+	TODO: check
+CVE-2026-23633 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
+	TODO: check
+CVE-2026-23632 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
+	TODO: check
+CVE-2026-22592 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
+	TODO: check
+CVE-2026-22254 (Winter is a free, open-source content management system (CMS) based on ...)
+	TODO: check
+CVE-2026-21643 (An improper neutralization of special elements used in an sql command  ...)
+	TODO: check
+CVE-2026-1785 (The Code Snippets plugin for WordPress is vulnerable to Cross-Site Req ...)
+	TODO: check
+CVE-2026-1769 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2026-1709 (A flaw was found in Keylime. The Keylime registrar, since version 7.12 ...)
+	TODO: check
+CVE-2026-1499 (The WP Duplicate plugin for WordPress is vulnerable to Missing Authori ...)
+	TODO: check
+CVE-2026-1337 (Insufficient escaping of unicode characters in query log in Neo4j Ente ...)
+	TODO: check
+CVE-2026-1293 (The Yoast SEO \u2013 Advanced SEO with real-time guidance and built-in ...)
+	TODO: check
+CVE-2026-1252 (The Events Listing Widget plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2025-70963 (Gophish <=0.12.1 is vulnerable to Incorrect Access Control. The admini ...)
+	TODO: check
+CVE-2025-69216 (OpenSTAManager is an open source management software for technical ass ...)
+	TODO: check
+CVE-2025-69214 (OpenSTAManager is an open source management software for technical ass ...)
+	TODO: check
+CVE-2025-69212 (OpenSTAManager is an open source management software for technical ass ...)
+	TODO: check
+CVE-2025-64175 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
+	TODO: check
+CVE-2025-64111 (Gogs is an open source self-hosted Git service. In version 0.13.3 and  ...)
+	TODO: check
+CVE-2025-15320 (Tanium addressed a denial of service vulnerability in Tanium Client.)
+	TODO: check
+CVE-2025-13818 (Local privilege escalation vulnerability via insecure temporary batch  ...)
+	TODO: check
+CVE-2025-13523 (Mattermost Confluence plugin version <1.7.0 fails to properly escape u ...)
+	TODO: check
+CVE-2019-25305 (JumpStart 0.6.0.0 contains an unquoted service path vulnerability in t ...)
+	TODO: check
+CVE-2019-25304 (SecurOS Enterprise 10.2 contains an unquoted service path vulnerabilit ...)
+	TODO: check
+CVE-2019-25303 (TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnera ...)
+	TODO: check
+CVE-2019-25302 (Acer Launch Manager 6.1.7600.16385 contains an unquoted service path v ...)
+	TODO: check
+CVE-2019-25301 (Millhouse-Project 1.414 contains a persistent cross-site scripting vul ...)
+	TODO: check
+CVE-2019-25300 (thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that  ...)
+	TODO: check
+CVE-2019-25299 (RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the  ...)
+	TODO: check
+CVE-2019-25298 (html5_snmp 1.11 contains multiple SQL injection vulnerabilities that a ...)
+	TODO: check
+CVE-2019-25294 (html5_snmp 1.11 contains a persistent cross-site scripting vulnerabili ...)
+	TODO: check
+CVE-2019-25293 (BlueStacks App Player 2.4.44.62.57 contains an unquoted service path v ...)
+	TODO: check
+CVE-2019-25292 (Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vu ...)
+	TODO: check
+CVE-2019-25266 (Wondershare Application Framework Service 2.4.3.231 contains an unquot ...)
+	TODO: check
+CVE-2026-25727 (time provides date and time handling in Rust. From 0.3.6 to before 0.3 ...)
 	- rust-time 0.3.47-1
 	[trixie] - rust-time <no-dsa> (Minor issue)
 	[bookworm] - rust-time <no-dsa> (Minor issue)
@@ -3229,6 +3437,7 @@ CVE-2026-24778 (Ghost is an open source content management system. In Ghost vers
 CVE-2026-24770 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
 	NOT-FOR-US: RAGFlow
 CVE-2026-24765 (PHPUnit is a testing framework for PHP. A vulnerability has been disco ...)
+	{DLA-4470-1}
 	- phpunit 12.5.8-1
 	[trixie] - phpunit <no-dsa> (Minor issue; can be fixed via point release)
 	[bookworm] - phpunit <no-dsa> (Minor issue; can be fixed via point release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c50d379520cd736e6393f8d650ef167272da5a44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c50d379520cd736e6393f8d650ef167272da5a44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260206/d48b8ea2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list