[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 19 20:13:18 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b4f1ef7 by security tracker role at 2026-02-19T20:13:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,491 @@
+CVE-2026-2817 (Use of insecure directory in Spring Data Geode snapshot import extract ...)
+ TODO: check
+CVE-2026-2744
+ REJECTED
+CVE-2026-2736 (Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which ...)
+ TODO: check
+CVE-2026-2735 (Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which oc ...)
+ TODO: check
+CVE-2026-2718 (The Dealia \u2013 Request a Quote plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-2716 (The Client Testimonial Slider plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2026-2409 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-2274 (A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Googl ...)
+ TODO: check
+CVE-2026-2243 (A flaw was found in QEMU. A specially crafted VMDK image could trigger ...)
+ TODO: check
+CVE-2026-2232 (The Product Table and List Builder for WooCommerce Lite plugin for Wor ...)
+ TODO: check
+CVE-2026-27475 (SPIP before 4.4.9 allows Insecure Deserialization in the public area t ...)
+ TODO: check
+CVE-2026-27474 (SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private are ...)
+ TODO: check
+CVE-2026-27473 (SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndica ...)
+ TODO: check
+CVE-2026-27472 (SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via ...)
+ TODO: check
+CVE-2026-27094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-27092 (Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadve ...)
+ TODO: check
+CVE-2026-27090 (Cross-Site Request Forgery (CSRF) vulnerability in WP Moose Kenta Comp ...)
+ TODO: check
+CVE-2026-27074 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-27069 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-27066 (Missing Authorization vulnerability in PI Web Solution Live sales noti ...)
+ TODO: check
+CVE-2026-27059 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-27058 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-27057 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-27056 (Missing Authorization vulnerability in StellarWP iThemes Sync ithemes- ...)
+ TODO: check
+CVE-2026-27055 (Missing Authorization vulnerability in PenciDesign Penci AI SmartConte ...)
+ TODO: check
+CVE-2026-27052 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-27050 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress RealPress ...)
+ TODO: check
+CVE-2026-27042 (Missing Authorization vulnerability in WPDeveloper NotificationX notif ...)
+ TODO: check
+CVE-2026-27013 (Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0 ...)
+ TODO: check
+CVE-2026-26362 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Pa ...)
+ TODO: check
+CVE-2026-26361 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External C ...)
+ TODO: check
+CVE-2026-26360 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External C ...)
+ TODO: check
+CVE-2026-26359 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External C ...)
+ TODO: check
+CVE-2026-26358 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Missing Aut ...)
+ TODO: check
+CVE-2026-26345 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the public area ...)
+ TODO: check
+CVE-2026-26339 (Hyland Alfresco Transformation Service allows unauthenticated attacker ...)
+ TODO: check
+CVE-2026-26338 (Hyland Alfresco Transformation Service allows unauthenticated attacker ...)
+ TODO: check
+CVE-2026-26337 (Hyland Alfresco Transformation Service allows unauthenticated attacker ...)
+ TODO: check
+CVE-2026-26336 (Hyland Alfresco allows unauthenticated attackers to read arbitrary fil ...)
+ TODO: check
+CVE-2026-26318 (systeminformation is a System and OS information library for node.js. ...)
+ TODO: check
+CVE-2026-26280 (systeminformation is a System and OS information library for node.js. ...)
+ TODO: check
+CVE-2026-26278 (fast-xml-parser allows users to validate XML, parse XML to JS object, ...)
+ TODO: check
+CVE-2026-26267 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22. ...)
+ TODO: check
+CVE-2026-26223 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the private are ...)
+ TODO: check
+CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versi ...)
+ TODO: check
+CVE-2026-26203 (PJSIP is a free and open source multimedia communication library. Vers ...)
+ TODO: check
+CVE-2026-26202 (Penpot is an open-source design tool for design and code collaboration ...)
+ TODO: check
+CVE-2026-26201 (emp3r0r is a C2 designed by Linux users for Linux environments. Prior ...)
+ TODO: check
+CVE-2026-26200 (HDF5 is software for managing data. Prior to version 1.14.4-2, an atta ...)
+ TODO: check
+CVE-2026-26193 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-26192 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-26189 (Trivy Action runs Trivy as GitHub action to scan a Docker container im ...)
+ TODO: check
+CVE-2026-26063 (CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerabili ...)
+ TODO: check
+CVE-2026-26059 (ChurchCRM is an open-source church management system. In versions prio ...)
+ TODO: check
+CVE-2026-26057 (Skill Scanner is a security scanner for AI Agent Skills that detects p ...)
+ TODO: check
+CVE-2026-26030 (Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote ...)
+ TODO: check
+CVE-2026-26016 (Wings is the server control plane for Pterodactyl, a free, open-source ...)
+ TODO: check
+CVE-2026-25998 (strongMan is a management interface for strongSwan, an OpenSource IPse ...)
+ TODO: check
+CVE-2026-25940 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, use ...)
+ TODO: check
+CVE-2026-25766 (Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows ...)
+ TODO: check
+CVE-2026-25755 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, use ...)
+ TODO: check
+CVE-2026-25739 (Indico is an event management system that uses Flask-Multipass, a mult ...)
+ TODO: check
+CVE-2026-25738 (Indico is an event management system that uses Flask-Multipass, a mult ...)
+ TODO: check
+CVE-2026-25535 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, use ...)
+ TODO: check
+CVE-2026-25527 (changedetection.io is a free open source web page change detection too ...)
+ TODO: check
+CVE-2026-25473 (Missing Authorization vulnerability in AA-Team WZone woozone allows Ex ...)
+ TODO: check
+CVE-2026-25472 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25463 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25459 (Missing Authorization vulnerability in uixthemes Sober sober allows Ex ...)
+ TODO: check
+CVE-2026-25453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25451 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25441 (Missing Authorization vulnerability in LeadConnector LeadConnector lea ...)
+ TODO: check
+CVE-2026-25432 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25428 (Server-Side Request Forgery (SSRF) vulnerability in totalsoft TS Poll ...)
+ TODO: check
+CVE-2026-25423 (Missing Authorization vulnerability in creativeinteractivemedia Real 3 ...)
+ TODO: check
+CVE-2026-25422 (Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis ...)
+ TODO: check
+CVE-2026-25420 (Missing Authorization vulnerability in MailerLite MailerLite official- ...)
+ TODO: check
+CVE-2026-25419 (Missing Authorization vulnerability in flycart UpsellWP checkout-upsel ...)
+ TODO: check
+CVE-2026-25418 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-25416 (Missing Authorization vulnerability in blazethemes News Kit Elementor ...)
+ TODO: check
+CVE-2026-25415 (Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpboo ...)
+ TODO: check
+CVE-2026-25412 (Missing Authorization vulnerability in mdempfle Advanced iFrame advanc ...)
+ TODO: check
+CVE-2026-25411 (Cross-Site Request Forgery (CSRF) vulnerability in themastercut Revisi ...)
+ TODO: check
+CVE-2026-25410 (Missing Authorization vulnerability in tstephenson WP-CORS wp-cors all ...)
+ TODO: check
+CVE-2026-25409 (Missing Authorization vulnerability in crgeary JAMstack Deployments wp ...)
+ TODO: check
+CVE-2026-25408 (Missing Authorization vulnerability in PluginRx Broken Link Notifier b ...)
+ TODO: check
+CVE-2026-25407 (Missing Authorization vulnerability in cookiebot Cookiebot cookiebot a ...)
+ TODO: check
+CVE-2026-25404 (Missing Authorization vulnerability in Automattic WP Job Manager wp-jo ...)
+ TODO: check
+CVE-2026-25402 (Missing Authorization vulnerability in echoplugins Knowledge Base for ...)
+ TODO: check
+CVE-2026-25399 (Missing Authorization vulnerability in CryoutCreations Serious Slider ...)
+ TODO: check
+CVE-2026-25395 (Missing Authorization vulnerability in ikreatethemes Business Roy busi ...)
+ TODO: check
+CVE-2026-25394 (Missing Authorization vulnerability in sparklewpthemes Fitness FSE fit ...)
+ TODO: check
+CVE-2026-25393 (Missing Authorization vulnerability in sparklewpthemes Hello FSE hello ...)
+ TODO: check
+CVE-2026-25392 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in K ...)
+ TODO: check
+CVE-2026-25391 (Missing Authorization vulnerability in WP Grids WP Wand ai-content-gen ...)
+ TODO: check
+CVE-2026-25389 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2026-25388 (Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scri ...)
+ TODO: check
+CVE-2026-25387 (Missing Authorization vulnerability in Elementor Image Optimizer by El ...)
+ TODO: check
+CVE-2026-25386 (Missing Authorization vulnerability in Elementor Ally pojo-accessibili ...)
+ TODO: check
+CVE-2026-25385 (Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL S ...)
+ TODO: check
+CVE-2026-25384 (Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay ...)
+ TODO: check
+CVE-2026-25378 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-25375 (Missing Authorization vulnerability in WP Chill Image Photo Gallery Fi ...)
+ TODO: check
+CVE-2026-25374 (Missing Authorization vulnerability in raratheme Spa and Salon spa-and ...)
+ TODO: check
+CVE-2026-25372 (Missing Authorization vulnerability in Kodezen LLC Academy LMS academy ...)
+ TODO: check
+CVE-2026-25370 (Missing Authorization vulnerability in AresIT WP Compress wp-compress- ...)
+ TODO: check
+CVE-2026-25368 (Missing Authorization vulnerability in codepeople Calculated Fields Fo ...)
+ TODO: check
+CVE-2026-25367 (Missing Authorization vulnerability in NooTheme CitiLights noo-citilig ...)
+ TODO: check
+CVE-2026-25364 (Missing Authorization vulnerability in BoldGrid Client Invoicing by Sp ...)
+ TODO: check
+CVE-2026-25363 (Missing Authorization vulnerability in FooPlugins FooGallery foogaller ...)
+ TODO: check
+CVE-2026-25362 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25348 (Missing Authorization vulnerability in alttextai Download Alt Text AI ...)
+ TODO: check
+CVE-2026-25343 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25338 (Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT ...)
+ TODO: check
+CVE-2026-25337 (Cross-Site Request Forgery (CSRF) vulnerability in wpcoachify Coachify ...)
+ TODO: check
+CVE-2026-25336 (Missing Authorization vulnerability in wpcoachify Coachify coachify al ...)
+ TODO: check
+CVE-2026-25335 (Missing Authorization vulnerability in Ays Pro Secure Copy Content Pro ...)
+ TODO: check
+CVE-2026-25333 (Missing Authorization vulnerability in peregrinethemes Shopwell shopwe ...)
+ TODO: check
+CVE-2026-25332 (Missing Authorization vulnerability in Fahad Mahmood Endless Posts Nav ...)
+ TODO: check
+CVE-2026-25331 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25330 (Missing Authorization vulnerability in PublishPress PublishPress Autho ...)
+ TODO: check
+CVE-2026-25329 (Missing Authorization vulnerability in ExpressTech Systems Quiz And Su ...)
+ TODO: check
+CVE-2026-25326 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-25325 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2026-25324 (Authorization Bypass Through User-Controlled Key vulnerability in Expr ...)
+ TODO: check
+CVE-2026-25323 (Missing Authorization vulnerability in MiKa OSM osm allows Exploiting ...)
+ TODO: check
+CVE-2026-25322 (Cross-Site Request Forgery (CSRF) vulnerability in PublishPress Publis ...)
+ TODO: check
+CVE-2026-25321 (Missing Authorization vulnerability in PSM Plugins SupportCandy suppor ...)
+ TODO: check
+CVE-2026-25320 (Missing Authorization vulnerability in Cool Plugins Elementor Contact ...)
+ TODO: check
+CVE-2026-25319 (Cross-Site Request Forgery (CSRF) vulnerability in wpzita Zita Element ...)
+ TODO: check
+CVE-2026-25318 (Missing Authorization vulnerability in Wisernotify team WiserReview Pr ...)
+ TODO: check
+CVE-2026-25316 (Deserialization of Untrusted Data vulnerability in Brainstorm Force Ca ...)
+ TODO: check
+CVE-2026-25315 (Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptc ...)
+ TODO: check
+CVE-2026-25314 (Missing Authorization vulnerability in WP Messiah TOP Table Of Content ...)
+ TODO: check
+CVE-2026-25313 (Missing Authorization vulnerability in Shahjahan Jewel FluentForm flue ...)
+ TODO: check
+CVE-2026-25311 (Missing Authorization vulnerability in 10up Autoshare for Twitter auto ...)
+ TODO: check
+CVE-2026-25310 (Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Li ...)
+ TODO: check
+CVE-2026-25308 (Missing Authorization vulnerability in wp.insider Simple Membership si ...)
+ TODO: check
+CVE-2026-25307 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25305 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25008 (Insertion of Sensitive Information Into Sent Data vulnerability in Sha ...)
+ TODO: check
+CVE-2026-25006 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2026-25005 (Authorization Bypass Through User-Controlled Key vulnerability in N-Me ...)
+ TODO: check
+CVE-2026-25004 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25003 (Missing Authorization vulnerability in madalin.ungureanu Client Portal ...)
+ TODO: check
+CVE-2026-25000 (Missing Authorization vulnerability in Kraft Plugins Wheel of Life whe ...)
+ TODO: check
+CVE-2026-24999 (Missing Authorization vulnerability in Alma Alma alma-gateway-for-wooc ...)
+ TODO: check
+CVE-2026-24834 (Kata Containers is an open source project focusing on a standard imple ...)
+ TODO: check
+CVE-2026-24392 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24375 (Missing Authorization vulnerability in WP Swings Ultimate Gift Cards F ...)
+ TODO: check
+CVE-2026-23805 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-23804 (Missing Authorization vulnerability in BBR Plugins Better Business Rev ...)
+ TODO: check
+CVE-2026-23803 (Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart ...)
+ TODO: check
+CVE-2026-23621 (GFI MailEssentials AI versions prior to22.4 contain an arbitrary direc ...)
+ TODO: check
+CVE-2026-23620 (GFI MailEssentials AI versions prior to22.4 contain an arbitrary file ...)
+ TODO: check
+CVE-2026-23619 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23618 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23617 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23616 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23615 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23614 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23613 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23612 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23611 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23610 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23609 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23608 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23607 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23606 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23605 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23604 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
+ TODO: check
+CVE-2026-23549 (Deserialization of Untrusted Data vulnerability in magepeopleteam WpEv ...)
+ TODO: check
+CVE-2026-23548 (Missing Authorization vulnerability in designinvento DirectoryPress di ...)
+ TODO: check
+CVE-2026-23547 (Missing Authorization vulnerability in cmsmasters CMSMasters Content C ...)
+ TODO: check
+CVE-2026-23545 (Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cach ...)
+ TODO: check
+CVE-2026-23544 (Deserialization of Untrusted Data vulnerability in codetipi Valenti va ...)
+ TODO: check
+CVE-2026-23543 (Missing Authorization vulnerability in WPDeveloper Essential Addons fo ...)
+ TODO: check
+CVE-2026-23542 (Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Re ...)
+ TODO: check
+CVE-2026-23541 (Missing Authorization vulnerability in WPFunnels Mail Mint mail-mint a ...)
+ TODO: check
+CVE-2026-22422 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2026-22333 (Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCo ...)
+ TODO: check
+CVE-2026-22269 (Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) ...)
+ TODO: check
+CVE-2026-22268 (Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) ...)
+ TODO: check
+CVE-2026-22267 (Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) ...)
+ TODO: check
+CVE-2026-22266 (Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) ...)
+ TODO: check
+CVE-2026-1581 (The wpForo Forum plugin for WordPress is vulnerable to time-based SQL ...)
+ TODO: check
+CVE-2026-1461 (The Simple Membership plugin for WordPress is vulnerable to Improper H ...)
+ TODO: check
+CVE-2026-1219 (The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by So ...)
+ TODO: check
+CVE-2025-9953 (Authorization Bypass Through User-Controlled SQL Primary Key vulnerabi ...)
+ TODO: check
+CVE-2025-9062 (Authorization Bypass Through User-Controlled Key vulnerability in MeCO ...)
+ TODO: check
+CVE-2025-8350 (Execution After Redirect (EAR), Missing Authentication for Critical Fu ...)
+ TODO: check
+CVE-2025-71250
+ REJECTED
+CVE-2025-71249
+ REJECTED
+CVE-2025-71248
+ REJECTED
+CVE-2025-71247
+ REJECTED
+CVE-2025-71246
+ REJECTED
+CVE-2025-71245
+ REJECTED
+CVE-2025-71244 (SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form ...)
+ TODO: check
+CVE-2025-71243 (The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 ...)
+ TODO: check
+CVE-2025-71242 (SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disc ...)
+ TODO: check
+CVE-2025-71241 (SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS ...)
+ TODO: check
+CVE-2025-71240 (SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted conte ...)
+ TODO: check
+CVE-2025-69725 (An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlash ...)
+ TODO: check
+CVE-2025-69674 (Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (B ...)
+ TODO: check
+CVE-2025-67304 (In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contain ...)
+ TODO: check
+CVE-2025-55853 (SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request F ...)
+ TODO: check
+CVE-2025-41023 (An authentication bypass vulnerability has been found in Thesamur's Au ...)
+ TODO: check
+CVE-2025-40697 (Reflected Cross-Site Scripting (XSS) vulnerability in '/index.php' in ...)
+ TODO: check
+CVE-2025-15563 (Any unauthenticated user can reset the WorkTime on-prem database confi ...)
+ TODO: check
+CVE-2025-15562 (The server API endpoint/report/internet/urls reflects received data in ...)
+ TODO: check
+CVE-2025-15561 (An attacker can exploit the update behavior of the WorkTime monitoring ...)
+ TODO: check
+CVE-2025-15560 (An authenticated attacker with minimal permissions can exploit a SQL i ...)
+ TODO: check
+CVE-2025-15559 (An unauthenticated attacker can inject OS commands when calling a serv ...)
+ TODO: check
+CVE-2025-13590 (A malicious actor with administrative privileges can upload an arbitra ...)
+ TODO: check
+CVE-2025-12107 (Due to the use of a vulnerable third-party Velocity template engine, a ...)
+ TODO: check
+CVE-2019-25430 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25429 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25428 (Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scri ...)
+ TODO: check
+CVE-2019-25427 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25426 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25425 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25424 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25423 (Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scri ...)
+ TODO: check
+CVE-2019-25422 (Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabiliti ...)
+ TODO: check
+CVE-2019-25421 (Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vuln ...)
+ TODO: check
+CVE-2019-25420 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25419 (Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vuln ...)
+ TODO: check
+CVE-2019-25418 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25417 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25416 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25415 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25414 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25413 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25412 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25411 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25410 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25409 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25408 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25407 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25406 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
+CVE-2019-25405 (Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vuln ...)
+ TODO: check
+CVE-2019-25404 (Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vuln ...)
+ TODO: check
+CVE-2019-25403 (Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vuln ...)
+ TODO: check
+CVE-2019-25402 (Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting v ...)
+ TODO: check
CVE-2026-XXXX [RUSTSEC-2026-0013]
- rust-pyo3 <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0013.html
@@ -1148,11 +1636,13 @@ CVE-2019-25379 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored
CVE-2019-25378 (Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cros ...)
NOT-FOR-US: Smoothwall Express
CVE-2026-2050 [ZDI-CAN-28266: New Vulnerability Report at rgbe.c]
+ {DSA-6142-1}
- gegl 1:0.4.66-1
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/446
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/d32f1badb4bde1d6e8137f687d9ee1195768d4ed
CVE-2026-2049 [ZDI-CAN-28618: New Vulnerability Report at rgbe.c]
+ {DSA-6142-1}
- gegl 1:0.4.66-1
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/issues/450
NOTE: https://gitlab.gnome.org/GNOME/gegl/-/merge_requests/241
@@ -3491,7 +3981,7 @@ CVE-2026-21531 (Deserialization of untrusted data in Azure SDK allows an unautho
NOT-FOR-US: Microsoft
CVE-2026-21529 (Improper neutralization of input during web page generation ('cross-si ...)
NOT-FOR-US: Microsoft
-CVE-2026-21528 (Binding to an unrestricted ip address in Azure IoT SDK allows an unaut ...)
+CVE-2026-21528 (Binding to an unrestricted ip address in Azure IoT Explorer allows an ...)
NOT-FOR-US: Microsoft
CVE-2026-21527 (User interface (ui) misrepresentation of critical information in Micro ...)
NOT-FOR-US: Microsoft
@@ -6696,18 +7186,22 @@ CVE-2019-25263 (Zendesk SweetHawk Survey 1.6 contains a persistent cross-site sc
CVE-2019-25261 (AnyDesk 5.4.0 contains an unquoted service path vulnerability in its W ...)
NOT-FOR-US: AnyDesk
CVE-2026-1312 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
+ {DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/90f5b10784ba5bf369caed87640e2b4394ea3314 (4.2.28)
CVE-2026-1287 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
+ {DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/f75f8f3597e1ce351d5ac08b6ba7ebd9dadd9b5d (4.2.28)
CVE-2026-1285 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
+ {DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/b40cfc6052ced26dcd8166a58ea6f841d0d2cac8 (4.2.28)
CVE-2026-1207 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
+ {DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/a14363102d98fa29b8cced578eb3a0fadaa5bcb7 (4.2.28)
@@ -6717,6 +7211,7 @@ CVE-2025-14550 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/f578acc8c54530fffabd52d2db654c8669b011af (4.2.28)
CVE-2025-13473 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4. ...)
+ {DLA-4484-1}
- python-django 3:4.2.28-1 (bug #1126914)
NOTE: https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/6dc23508f3395e1254c315084c7334ef81c4c09a (4.2.28)
@@ -19997,11 +20492,11 @@ CVE-2025-15223 (A vulnerability was found in Philipinho Simple-PHP-Blog up to 94
NOT-FOR-US: Philipinho Simple-PHP-Blog
CVE-2025-15114 (Ksenia Security lares (legacy model) Home Automation version 1.6 conta ...)
NOT-FOR-US: Ksenia Security Lares
-CVE-2025-15113 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unpr ...)
+CVE-2025-15113 (Ksenia Security lares (legacy model) Home Automation version 1.6 conta ...)
NOT-FOR-US: Ksenia Security Lares
-CVE-2025-15112 (Ksenia Security Lares 4.0 version 1.6 contains a URL redirection vulne ...)
+CVE-2025-15112 (Ksenia Security lares (legacy model)version 1.6 contains a URL redirec ...)
NOT-FOR-US: Ksenia Security Lares
-CVE-2025-15111 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains a defau ...)
+CVE-2025-15111 (Ksenia Security lares (legacy model)version 1.6 contains a default cre ...)
NOT-FOR-US: Ksenia Security Lares
CVE-2025-15017 (A vulnerability exists in serial device servers where active debug cod ...)
NOT-FOR-US: Moxa
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4f1ef7749359a8f0a99d4a306a0a30d6d3bf36
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b4f1ef7749359a8f0a99d4a306a0a30d6d3bf36
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260219/0a89f3ca/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list