[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 18 08:12:59 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3ac004df by security tracker role at 2026-02-18T08:12:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,173 @@
+CVE-2026-2644 (A weakness has been identified in niklasso minisat up to 2.2.0. This i ...)
+ TODO: check
+CVE-2026-2642 (A security vulnerability has been detected in ggreer the_silver_search ...)
+ TODO: check
+CVE-2026-2641 (A weakness has been identified in universal-ctags ctags up to 6.2.1. T ...)
+ TODO: check
+CVE-2026-2633 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vul ...)
+ TODO: check
+CVE-2026-2629 (A weakness has been identified in jishi node-sonos-http-api up to 3776 ...)
+ TODO: check
+CVE-2026-2627 (A security flaw has been discovered in Softland FBackup up to 9.9. Thi ...)
+ TODO: check
+CVE-2026-2623 (A flaw has been found in Blossom up to 1.17.1. This issue affects the ...)
+ TODO: check
+CVE-2026-2622 (A vulnerability was detected in Blossom up to 1.17.1. This vulnerabili ...)
+ TODO: check
+CVE-2026-2621 (A security vulnerability has been detected in Sciyon Koyuan Thermoelec ...)
+ TODO: check
+CVE-2026-2576 (The Business Directory Plugin \u2013 Easy Listing Directories for Word ...)
+ TODO: check
+CVE-2026-2570
+ REJECTED
+CVE-2026-2419 (The WP-DownloadManager plugin for WordPress is vulnerable to Path Trav ...)
+ TODO: check
+CVE-2026-2296 (The Product Addons for Woocommerce \u2013 Product Options with Custom ...)
+ TODO: check
+CVE-2026-2281 (The Private Comment plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2026-2112 (The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2026-2023 (The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2026-2019 (The Cart All In One For WooCommerce plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-27171 (zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32 ...)
+ TODO: check
+CVE-2026-27038
+ REJECTED
+CVE-2026-27037
+ REJECTED
+CVE-2026-27036
+ REJECTED
+CVE-2026-27035
+ REJECTED
+CVE-2026-27034
+ REJECTED
+CVE-2026-27033
+ REJECTED
+CVE-2026-27032
+ REJECTED
+CVE-2026-27031
+ REJECTED
+CVE-2026-26357 (Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Imprope ...)
+ TODO: check
+CVE-2026-26119 (Improper authentication in Windows Admin Center allows an authorized a ...)
+ TODO: check
+CVE-2026-25421
+ REJECTED
+CVE-2026-23599 (A local privilege-escalation vulnerability has been discovered in the ...)
+ TODO: check
+CVE-2026-23598 (Vulnerabilities in the API error handling of an HPE Aruba Networking ...)
+ TODO: check
+CVE-2026-23597 (Vulnerabilities in the API error handling of an HPE Aruba Networking ...)
+ TODO: check
+CVE-2026-23596 (A vulnerability in the management API of the affected product could al ...)
+ TODO: check
+CVE-2026-23595 (An authentication bypass in the application API allows an unauthorized ...)
+ TODO: check
+CVE-2026-22762 (Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 ...)
+ TODO: check
+CVE-2026-22284 (Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains ...)
+ TODO: check
+CVE-2026-22048 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.1 ...)
+ TODO: check
+CVE-2026-1943 (The YayMail \u2013 WooCommerce Email Customizer plugin for WordPress i ...)
+ TODO: check
+CVE-2026-1938 (The YayMail \u2013 WooCommerce Email Customizer plugin for WordPress i ...)
+ TODO: check
+CVE-2026-1937 (The YayMail \u2013 WooCommerce Email Customizer plugin for WordPress i ...)
+ TODO: check
+CVE-2026-1931 (The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-1925 (The EmailKit \u2013 Email Customizer for WooCommerce & WP plugin for W ...)
+ TODO: check
+CVE-2026-1906 (The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress ...)
+ TODO: check
+CVE-2026-1860 (The Kali Forms plugin for WordPress is vulnerable to Insecure Direct O ...)
+ TODO: check
+CVE-2026-1857 (The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vul ...)
+ TODO: check
+CVE-2026-1831 (The YayMail - WooCommerce Email Customizer plugin for WordPress is vul ...)
+ TODO: check
+CVE-2026-1807 (The InteractiveCalculator for WordPress plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2026-1714 (The ShopLentor \u2013 WooCommerce Builder for Elementor & Gutenberg +2 ...)
+ TODO: check
+CVE-2026-1670 (The affected products are vulnerable to an unauthenticated API endpoin ...)
+ TODO: check
+CVE-2026-1666 (The Download Manager plugin for WordPress is vulnerable to Reflected C ...)
+ TODO: check
+CVE-2026-1655 (The EventPrime plugin for WordPress is vulnerable to unauthorized post ...)
+ TODO: check
+CVE-2026-1640 (The Taskbuilder \u2013 WordPress Project Management & Task Management ...)
+ TODO: check
+CVE-2026-1639 (The Taskbuilder \u2013 WordPress Project Management & Task Management ...)
+ TODO: check
+CVE-2026-1368 (The Video Conferencing with Zoom WordPress plugin before 4.6.6 contain ...)
+ TODO: check
+CVE-2026-1344 (Tanium addressed an insecure file permissions vulnerability in Enforce ...)
+ TODO: check
+CVE-2026-1304 (The Membership Plugin \u2013 Restrict Content for WordPress is vulnera ...)
+ TODO: check
+CVE-2026-1296 (The Frontend Post Submission Manager Lite plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2026-1277 (The URL Shortify plugin for WordPress is vulnerable to Open Redirect i ...)
+ TODO: check
+CVE-2026-1072 (The Keybase.io Verification plugin for WordPress is vulnerable to Cros ...)
+ TODO: check
+CVE-2025-6460 (The Display During Conditional Shortcode plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2025-67102 (A SQL injection vulnerability in the alldayoffs feature in Jorani up t ...)
+ TODO: check
+CVE-2025-62183 (Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored C ...)
+ TODO: check
+CVE-2025-36379 (IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses ...)
+ TODO: check
+CVE-2025-36377 (IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate sessi ...)
+ TODO: check
+CVE-2025-36376 (IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate sessi ...)
+ TODO: check
+CVE-2025-36348 (IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0. ...)
+ TODO: check
+CVE-2025-36183 (IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privile ...)
+ TODO: check
+CVE-2025-33135 (IBM Financial Transaction Manager for ACH Services and Check Services ...)
+ TODO: check
+CVE-2025-33088 (IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific ...)
+ TODO: check
+CVE-2025-27900 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remo ...)
+ TODO: check
+CVE-2025-27899 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitiv ...)
+ TODO: check
+CVE-2025-27898 (IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidat ...)
+ TODO: check
+CVE-2025-14289 (IBM webMethods Integration Server 12.0 is vulnerable to HTML injection ...)
+ TODO: check
+CVE-2025-13959 (The Filestack plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-13691 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensit ...)
+ TODO: check
+CVE-2025-13689 (IBM DataStage on Cloud Pak for Data could allow an authenticated user ...)
+ TODO: check
+CVE-2025-13333 (IBM WebSphere Application Server 9.0, and 8.5 could provide weaker tha ...)
+ TODO: check
+CVE-2025-12356 (The Tickera \u2013 Sell Tickets & Manage Events plugin for WordPress i ...)
+ TODO: check
+CVE-2025-12122 (The Popup Box \u2013 Easily Create WordPress Popups plugin for WordPre ...)
+ TODO: check
+CVE-2025-12075 (The Order Splitter for WooCommerce plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-12074 (The Context Blog theme for WordPress is vulnerable to Information Expo ...)
+ TODO: check
+CVE-2025-12071 (The Frontend User Notes plugin for WordPress is vulnerable to Insecure ...)
+ TODO: check
+CVE-2025-12037 (The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2025-11737 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2023-38005 (IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 c ...)
+ TODO: check
CVE-2026-2630 (A Command Injection vulnerability exists where an authenticated, remot ...)
NOT-FOR-US: Tenable
CVE-2026-2620 (A weakness has been identified in Huace Monitoring and Early Warning S ...)
@@ -23,12 +193,14 @@ CVE-2026-26731 (TOTOLINK A3002RU V2.1.1-B20211108.1455 was discovered to contain
CVE-2026-25903 (Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updatin ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-24734 (Improper Input Validation vulnerability in Apache Tomcat Native, Apach ...)
+ {DSA-6120-1}
- tomcat11 11.0.18-1
- tomcat10 10.1.52-1
- tomcat9 9.0.70-2
NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
NOTE: https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml
CVE-2026-24733 (Improper Input Validation vulnerability in Apache Tomcat. Tomcat did ...)
+ {DSA-6121-1 DSA-6120-1}
- tomcat11 11.0.15-1
- tomcat10 10.1.52-1
- tomcat9 9.0.70-2
@@ -72,6 +244,7 @@ CVE-2025-70397 (jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteA
CVE-2025-67905 (Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and perfo ...)
NOT-FOR-US: Malwarebytes AdwCleaner
CVE-2025-66614 (Improper Input Validation vulnerability. This issue affects Apache To ...)
+ {DSA-6121-1 DSA-6120-1}
- tomcat11 11.0.15-1
- tomcat10 10.1.52-1
- tomcat9 9.0.70-2
@@ -3248,7 +3421,7 @@ CVE-2026-1609
CVE-2025-11537 (A flaw was found in Keycloak. When the logging format is configured to ...)
- keycloak <itp> (bug #1088287)
CVE-2026-25646 (LIBPNG is a reference library for use in applications that read, creat ...)
- {DLA-4481-1}
+ {DSA-6138-1 DLA-4481-1}
- libpng1.6 1.6.55-1 (bug #1127566)
NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 (v1.6.55)
@@ -6689,7 +6862,7 @@ CVE-2026-21418 (Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper N
NOT-FOR-US: Dell / EMC
CVE-2026-1702 (A vulnerability was detected in SourceCodester Pet Grooming Management ...)
NOT-FOR-US: SourceCodester
-CVE-2026-1701 (A security vulnerability has been detected in itsourcecode Student Man ...)
+CVE-2026-1701 (A security vulnerability has been detected in itsourcecode School Mana ...)
NOT-FOR-US: itsourcecode System
CVE-2026-1700 (A weakness has been identified in projectworlds House Rental and Prope ...)
NOT-FOR-US: projectworlds House Rental and Property Listing
@@ -10424,6 +10597,7 @@ CVE-2026-23953 (Incus is a system container and virtual machine manager. In vers
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32
CVE-2024-31884
+ {DLA-4482-1}
- ceph <unfixed> (bug #1126573)
NOTE: https://www.openwall.com/lists/oss-security/2026/01/21/6
NOTE: https://github.com/ceph/ceph/security/advisories/GHSA-xj9f-7g59-m4jx
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ac004dfccdf6e2729e8892c15141fa492302998
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ac004dfccdf6e2729e8892c15141fa492302998
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260218/ece195ab/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list