[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 10 08:13:22 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
159bad89 by security tracker role at 2026-02-10T08:13:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,205 @@
+CVE-2026-2260 (A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affect ...)
+	TODO: check
+CVE-2026-2259 (A vulnerability has been found in aardappel lobster up to 2025.4. Affe ...)
+	TODO: check
+CVE-2026-2258 (A flaw has been found in aardappel lobster up to 2025.4. Affected by t ...)
+	TODO: check
+CVE-2026-2099 (AgentFlow developed by Flowring has a Stored Cross-Site Scripting vuln ...)
+	TODO: check
+CVE-2026-2098 (AgentFlow developed by Flowring has a Reflected Cross-site Scripting v ...)
+	TODO: check
+CVE-2026-2097 (Agentflow developed by Flowring has an Arbitrary File Upload vulnerabi ...)
+	TODO: check
+CVE-2026-2096 (Agentflow developed by Flowring has a Missing Authentication vulnerabi ...)
+	TODO: check
+CVE-2026-2095 (Agentflow developed by Flowring has an Authentication Bypass vulnerabi ...)
+	TODO: check
+CVE-2026-2094 (Docpedia developed by Flowring has a SQL Injection vulnerability, allo ...)
+	TODO: check
+CVE-2026-2093 (Docpedia developed by Flowring has a SQL Injection vulnerability, allo ...)
+	TODO: check
+CVE-2026-25981
+	REJECTED
+CVE-2026-25980
+	REJECTED
+CVE-2026-25979
+	REJECTED
+CVE-2026-25978
+	REJECTED
+CVE-2026-25977
+	REJECTED
+CVE-2026-25976
+	REJECTED
+CVE-2026-25975
+	REJECTED
+CVE-2026-25974
+	REJECTED
+CVE-2026-25973
+	REJECTED
+CVE-2026-25961 (SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5. ...)
+	TODO: check
+CVE-2026-25958 (Cube is a semantic layer for building data applications. From 0.27.19  ...)
+	TODO: check
+CVE-2026-25957 (Cube is a semantic layer for building data applications. From 1.1.17 t ...)
+	TODO: check
+CVE-2026-25951 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
+	TODO: check
+CVE-2026-25939 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
+	TODO: check
+CVE-2026-25938 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
+	TODO: check
+CVE-2026-25934 (go-git is a highly extensible git implementation library written in pu ...)
+	TODO: check
+CVE-2026-25931 (vscode-spell-checker is a basic spell checker that works well with cod ...)
+	TODO: check
+CVE-2026-25925 (PowerDocu contains a Windows GUI executable to perform technical docum ...)
+	TODO: check
+CVE-2026-25923 (my little forum is a PHP and MySQL based internet forum that displays  ...)
+	TODO: check
+CVE-2026-25920 (SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, ...)
+	TODO: check
+CVE-2026-25918 (unity-cli is a command line utility for the Unity Game Engine. Prior t ...)
+	TODO: check
+CVE-2026-25895 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
+	TODO: check
+CVE-2026-25894 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
+	TODO: check
+CVE-2026-25893 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
+	TODO: check
+CVE-2026-25892 (Adminer is open-source database management software. Adminer v5.4.1 an ...)
+	TODO: check
+CVE-2026-25890 (File Browser provides a file managing interface within a specified dir ...)
+	TODO: check
+CVE-2026-25889 (File Browser provides a file managing interface within a specified dir ...)
+	TODO: check
+CVE-2026-25885 (PolarLearn is a free and open-source learning program. In 0-PRERELEASE ...)
+	TODO: check
+CVE-2026-25881 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandb ...)
+	TODO: check
+CVE-2026-25880 (SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, ...)
+	TODO: check
+CVE-2026-25878 (FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2 ...)
+	TODO: check
+CVE-2026-25876 (PlaciPy is a placement management system designed for educational inst ...)
+	TODO: check
+CVE-2026-25875 (PlaciPy is a placement management system designed for educational inst ...)
+	TODO: check
+CVE-2026-25814 (PlaciPy is a placement management system designed for educational inst ...)
+	TODO: check
+CVE-2026-25813 (PlaciPy is a placement management system designed for educational inst ...)
+	TODO: check
+CVE-2026-25812 (PlaciPy is a placement management system designed for educational inst ...)
+	TODO: check
+CVE-2026-25811 (PlaciPy is a placement management system designed for educational inst ...)
+	TODO: check
+CVE-2026-25810 (PlaciPy is a placement management system designed for educational inst ...)
+	TODO: check
+CVE-2026-25809 (PlaciPy is a placement management system designed for educational inst ...)
+	TODO: check
+CVE-2026-25808 (Hollo is a federated single-user microblogging software designed to be ...)
+	TODO: check
+CVE-2026-25807 (ZAI Shell is an autonomous SysOps agent designed to navigate, repair,  ...)
+	TODO: check
+CVE-2026-25806 (PlaciPy is a placement management system designed for educational inst ...)
+	TODO: check
+CVE-2026-25791 (Sliver is a command and control framework that uses a custom Wireguard ...)
+	TODO: check
+CVE-2026-25765 (Faraday is an HTTP client library abstraction layer that provides a co ...)
+	TODO: check
+CVE-2026-25761 (Super-linter is a combination of multiple linters to run as a GitHub A ...)
+	TODO: check
+CVE-2026-25740 (captive browser, a dedicated Chrome instance to log into captive porta ...)
+	TODO: check
+CVE-2026-25639 (Axios is a promise based HTTP client for the browser and Node.js. Prio ...)
+	TODO: check
+CVE-2026-25528 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...)
+	TODO: check
+CVE-2026-24328 (SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticate ...)
+	TODO: check
+CVE-2026-24327 (Due to missing authorization check in SAP Strategic Enterprise Managem ...)
+	TODO: check
+CVE-2026-24326 (Due to a missing authorization check in the Disconnected Operations of ...)
+	TODO: check
+CVE-2026-24325 (SAP BusinessObjects Enterprise does not sufficiently encode user-contr ...)
+	TODO: check
+CVE-2026-24324 (SAP BusinessObjects Business Intelligence Platform (AdminTools) allows ...)
+	TODO: check
+CVE-2026-24323 (The BSP applications allow an unauthenticated user to inject malicious ...)
+	TODO: check
+CVE-2026-24322 (SAP Solution Tools Plug-In (ST-PI) contains a function module that doe ...)
+	TODO: check
+CVE-2026-24321 (SAP Commerce Cloud exposes multiple API endpoints to unauthenticated u ...)
+	TODO: check
+CVE-2026-24320 (Due to improper memory management in SAP NetWeaver and ABAP Platform ( ...)
+	TODO: check
+CVE-2026-24319 (In SAP Business One, sensitive information is written to the applicati ...)
+	TODO: check
+CVE-2026-24312 (An erroneous authorization check in SAP Business Workflow leads to pri ...)
+	TODO: check
+CVE-2026-23689 (Due to an uncontrolled resource consumption (Denial of Service) vulner ...)
+	TODO: check
+CVE-2026-23688 (SAP Fiori App Manage Service Entry Sheets does not perform necessary a ...)
+	TODO: check
+CVE-2026-23687 (SAP NetWeaver Application Server ABAP and ABAP Platform allows an auth ...)
+	TODO: check
+CVE-2026-23686 (Due to a CRLF Injection vulnerability in SAP NetWeaver Application Ser ...)
+	TODO: check
+CVE-2026-23685 (Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), ...)
+	TODO: check
+CVE-2026-23684 (A race condition vulnerability exists in the SAP Commerce cloud. Becau ...)
+	TODO: check
+CVE-2026-23681 (Due to missing authorization check in a function module in SAP Support ...)
+	TODO: check
+CVE-2026-1722 (The WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce pl ...)
+	TODO: check
+CVE-2026-0996 (The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Si ...)
+	TODO: check
+CVE-2026-0845 (The WCFM \u2013 Frontend Manager for WooCommerce along with Bookings S ...)
+	TODO: check
+CVE-2026-0509 (SAP NetWeaver Application Server ABAP and ABAP Platform allows an auth ...)
+	TODO: check
+CVE-2026-0508 (The SAP BusinessObjects Business Intelligence Platform allows an authe ...)
+	TODO: check
+CVE-2026-0505 (The BSP applications allow an unauthenticated user to manipulate user- ...)
+	TODO: check
+CVE-2026-0490 (SAP BusinessObjects BI Platform allows an unauthenticated attacker to  ...)
+	TODO: check
+CVE-2026-0488 (An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor ...)
+	TODO: check
+CVE-2026-0486 (In ABAP based SAP systems a remote enabled function module does not pe ...)
+	TODO: check
+CVE-2026-0485 (SAP BusinessObjects BI Platform allows an unauthenticated attacker to  ...)
+	TODO: check
+CVE-2026-0484 (Due to missing authorization check in SAP NetWeaver Application Server ...)
+	TODO: check
+CVE-2025-15319 (Tanium addressed a local privilege escalation vulnerability in Patch E ...)
+	TODO: check
+CVE-2025-15318 (Tanium addressed an arbitrary file deletion vulnerability in End-User  ...)
+	TODO: check
+CVE-2025-15317 (Tanium addressed an uncontrolled resource consumption vulnerability in ...)
+	TODO: check
+CVE-2025-15316 (Tanium addressed a local privilege escalation vulnerability in Tanium  ...)
+	TODO: check
+CVE-2025-15315 (Tanium addressed a local privilege escalation vulnerability in Tanium  ...)
+	TODO: check
+CVE-2025-15314 (Tanium addressed an arbitrary file deletion vulnerability in end-user- ...)
+	TODO: check
+CVE-2025-15313 (Tanium addressed an arbitrary file deletion vulnerability in Tanium EU ...)
+	TODO: check
+CVE-2025-15310 (Tanium addressed a local privilege escalation vulnerability in Patch E ...)
+	TODO: check
+CVE-2025-15147 (The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Mar ...)
+	TODO: check
+CVE-2025-13064 (A server-side injection was possible for a malicious admin to manipula ...)
+	TODO: check
+CVE-2025-12757 (An AXIS Camera Station Pro feature can be exploited in a way that allo ...)
+	TODO: check
+CVE-2025-12063 (An insecure direct object reference allowed a non-admin user to modify ...)
+	TODO: check
+CVE-2025-11547 (AXIS Camera Station Pro contained a flaw toperform a privilege escalat ...)
+	TODO: check
+CVE-2025-11142 (The VAPIX API mediaclip.cgi that did not have a sufficient input valid ...)
+	TODO: check
 CVE-2026-2239 [PSD loader: heap-buffer-overflow in fread_pascal_string() (no null terminator)]
 	- gimp <unfixed>
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
@@ -147,7 +349,7 @@ CVE-2026-23901 [shiro: Brute force attack possible to determine valid user names
 	[trixie] - shiro <no-dsa> (Minor issue)
 	[bookworm] - shiro <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/02/08/2
-CVE-2026-25916 [remote image blocking bypass via SVG content]
+CVE-2026-25916 (Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block rem ...)
 	- roundcube 1.6.13+dfsg-1 (bug #1127447)
 	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/036e851b683333205813f70acda2dc047b4891c8 (1.6.13)
 	NOTE: https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
@@ -75716,7 +75918,7 @@ CVE-2025-30483 (Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0
 	NOT-FOR-US: Dell / EMC
 CVE-2025-26186 (SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker  ...)
 	NOT-FOR-US: openSIS
-CVE-2025-24477 (A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.2,  ...)
+CVE-2025-24477 (A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 t ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-0831 (Out-Of-Bounds Read vulnerability exists in the JT file reading procedu ...)
 	NOT-FOR-US: Dassault Systemes



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/159bad89c9809b9b2f0d3a1b1dcc8f253c1aa141

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/159bad89c9809b9b2f0d3a1b1dcc8f253c1aa141
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260210/64bdb9bf/attachment.htm>

More information about the debian-security-tracker-commits mailing list