[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Feb 20 08:13:11 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
018bf855 by security tracker role at 2026-02-20T08:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,213 @@
+CVE-2026-2825 (A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8 ...)
+ TODO: check
+CVE-2026-2824 (A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the funct ...)
+ TODO: check
+CVE-2026-2823 (A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted el ...)
+ TODO: check
+CVE-2026-2822 (A security vulnerability has been detected in JeecgBoot up to 3.9.1. T ...)
+ TODO: check
+CVE-2026-2821 (A weakness has been identified in Fujian Smart Integrated Management P ...)
+ TODO: check
+CVE-2026-2820 (A security flaw has been discovered in Fujian Smart Integrated Managem ...)
+ TODO: check
+CVE-2026-2819 (A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. ...)
+ TODO: check
+CVE-2026-2739 (This affects versions of the package bn.js before 5.2.3. Calling maskn ...)
+ TODO: check
+CVE-2026-2738 (Buffer overflow in ovpn\u2011dco\u2011winversion 2.8.0 allows local at ...)
+ TODO: check
+CVE-2026-2605 (Tanium addressed an insertion of sensitive information into log file v ...)
+ TODO: check
+CVE-2026-2435 (Tanium addressed a SQL injection vulnerability in Asset.)
+ TODO: check
+CVE-2026-2408 (Tanium addressed a use-after-free vulnerability in the Cloud Workloads ...)
+ TODO: check
+CVE-2026-2384 (The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-2350 (Tanium addressed an insertion of sensitive information into log file v ...)
+ TODO: check
+CVE-2026-27476 (RustFly 2.0.0 contains a command injection vulnerability in its remote ...)
+ TODO: check
+CVE-2026-27440 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-27387 (Missing Authorization vulnerability in designinvento DirectoryPress di ...)
+ TODO: check
+CVE-2026-27368 (Missing Authorization vulnerability in SeedProd Coming Soon Page, Unde ...)
+ TODO: check
+CVE-2026-27360 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-27343 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-27328 (Missing Authorization vulnerability in DevsBlink EduBlink edublink all ...)
+ TODO: check
+CVE-2026-27327 (Missing Authorization vulnerability in YayCommerce YayMail \u2013 WooC ...)
+ TODO: check
+CVE-2026-27325
+ REJECTED
+CVE-2026-27324
+ REJECTED
+CVE-2026-27323
+ REJECTED
+CVE-2026-27322
+ REJECTED
+CVE-2026-27321
+ REJECTED
+CVE-2026-27320
+ REJECTED
+CVE-2026-27319
+ REJECTED
+CVE-2026-27318
+ REJECTED
+CVE-2026-27317
+ REJECTED
+CVE-2026-27114 (NanaZip is an open source file archive Starting in version 5.0.1252.0 ...)
+ TODO: check
+CVE-2026-27017 (uTLS is a fork of crypto/tls, created to customize ClientHello for fin ...)
+ TODO: check
+CVE-2026-27016 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+ TODO: check
+CVE-2026-27014 (NanaZip is an open source file archive Starting in version 5.0.1252.0 ...)
+ TODO: check
+CVE-2026-27009 (OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a ato ...)
+ TODO: check
+CVE-2026-27008 (OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a bug ...)
+ TODO: check
+CVE-2026-27007 (OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `norm ...)
+ TODO: check
+CVE-2026-27004 (OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in so ...)
+ TODO: check
+CVE-2026-27003 (OpenClaw is a personal AI assistant. Telegram bot tokens can appear in ...)
+ TODO: check
+CVE-2026-27002 (OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a con ...)
+ TODO: check
+CVE-2026-27001 (OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenC ...)
+ TODO: check
+CVE-2026-26996 (minimatch is a minimal matching utility for converting glob expression ...)
+ TODO: check
+CVE-2026-26995
+ REJECTED
+CVE-2026-26994 (uTLS is a fork of crypto/tls, created to customize ClientHello for fin ...)
+ TODO: check
+CVE-2026-26993 (Flare is a Next.js-based, self-hostable file sharing platform that int ...)
+ TODO: check
+CVE-2026-26992 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+ TODO: check
+CVE-2026-26991 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+ TODO: check
+CVE-2026-26990 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+ TODO: check
+CVE-2026-26989 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+ TODO: check
+CVE-2026-26988 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+ TODO: check
+CVE-2026-26987 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+ TODO: check
+CVE-2026-26980 (Ghost is a Node.js content management system. Versions 3.24.0 through ...)
+ TODO: check
+CVE-2026-26977 (Frappe Learning Management System (LMS) is a learning system that help ...)
+ TODO: check
+CVE-2026-26975 (Music Assistant is an open-source media library manager that integrate ...)
+ TODO: check
+CVE-2026-26974 (Slyde is a program that creates animated presentations from XML. In ve ...)
+ TODO: check
+CVE-2026-26972 (OpenClaw is a personal AI assistant. In versions 2026.1.12 through 202 ...)
+ TODO: check
+CVE-2026-26967 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
+CVE-2026-26964 (Windmill is an open-source developer platform for internal code: APIs, ...)
+ TODO: check
+CVE-2026-26963 (Cilium is a networking, observability, and security solution with an e ...)
+ TODO: check
+CVE-2026-26960 (node-tar is a full-featured Tar for Node.js. When using default option ...)
+ TODO: check
+CVE-2026-26959 (ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and ...)
+ TODO: check
+CVE-2026-26958 (filippo.io/edwards25519 is a Go library implementing the edwards25519 ...)
+ TODO: check
+CVE-2026-26957 (Libredesk is a self-hosted customer support desk application. Versions ...)
+ TODO: check
+CVE-2026-26953 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
+ TODO: check
+CVE-2026-26952 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
+ TODO: check
+CVE-2026-26744 (A user enumeration vulnerability exists in FormaLMS 4.1.18 and below i ...)
+ TODO: check
+CVE-2026-26370 (WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a c ...)
+ TODO: check
+CVE-2026-26329 (OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authe ...)
+ TODO: check
+CVE-2026-26328 (OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under ...)
+ TODO: check
+CVE-2026-26327 (OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS a ...)
+ TODO: check
+CVE-2026-26326 (OpenClaw is a personal AI assistant. Prior to version 2026.2.14, `skil ...)
+ TODO: check
+CVE-2026-26325 (OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mis ...)
+ TODO: check
+CVE-2026-26324 (OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenC ...)
+ TODO: check
+CVE-2026-26323 (OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2. ...)
+ TODO: check
+CVE-2026-26322 (OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2. ...)
+ TODO: check
+CVE-2026-26321 (OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2. ...)
+ TODO: check
+CVE-2026-26320 (OpenClaw is a personal AI assistant. OpenClaw macOS desktop client reg ...)
+ TODO: check
+CVE-2026-26319 (OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allo ...)
+ TODO: check
+CVE-2026-26317 (OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facin ...)
+ TODO: check
+CVE-2026-26316 (OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional ...)
+ TODO: check
+CVE-2026-26315 (go-ethereum (Geth) is a golang execution layer implementation of the E ...)
+ TODO: check
+CVE-2026-26314 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
+ TODO: check
+CVE-2026-26313 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
+ TODO: check
+CVE-2026-26312 (Stalwart is a mail and collaboration server. A denial-of-service vulne ...)
+ TODO: check
+CVE-2026-26286 (SillyTavern is a locally installed user interface that allows users to ...)
+ TODO: check
+CVE-2026-26282 (NanaZip is an open source file archive Starting in version 5.0.1252.0 ...)
+ TODO: check
+CVE-2026-26275 (httpsig-hyper is a hyper extension for http message signatures. An iss ...)
+ TODO: check
+CVE-2026-26065 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
+ TODO: check
+CVE-2026-26064 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
+ TODO: check
+CVE-2026-24122 (Cosign provides code signing and transparency for containers and binar ...)
+ TODO: check
+CVE-2026-21535 (Improper access control in Microsoft Teams allows an unauthorized atta ...)
+ TODO: check
+CVE-2026-1658 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ TODO: check
+CVE-2026-1292 (Tanium addressed an insertion of sensitive information into log file v ...)
+ TODO: check
+CVE-2025-9208 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-8055 (Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM ...)
+ TODO: check
+CVE-2025-8054 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-67305 (In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contain ...)
+ TODO: check
+CVE-2025-59819 (This vulnerability allows authenticated attackers to read an arbitrary ...)
+ TODO: check
+CVE-2025-30416 (Sensitive data disclosure and manipulation due to missing authorizatio ...)
+ TODO: check
+CVE-2025-30412 (Sensitive data disclosure and manipulation due to improper authenticat ...)
+ TODO: check
+CVE-2025-30411 (Sensitive data disclosure and manipulation due to improper authenticat ...)
+ TODO: check
+CVE-2025-30410 (Sensitive data disclosure and manipulation due to missing authenticati ...)
+ TODO: check
+CVE-2025-13672 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-13671 (Cross-Site Request Forgery (CSRF) vulnerability in OpenText\u2122 Web ...)
+ TODO: check
CVE-2026-2708 [libsoup: HTTP/1 request smuggling primitives accepted (CL.CL and TE+CL) in soup_headers_parse()]
- libsoup3 <unfixed>
- libsoup2.4 <removed>
@@ -1490,6 +1700,7 @@ CVE-2026-25087 (Use After Free vulnerability in Apache Arrow C++. This issue af
NOTE: https://github.com/apache/arrow/pull/48925
NOTE: https://www.openwall.com/lists/oss-security/2026/02/17/4
CVE-2026-24708 (An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31. ...)
+ {DSA-6145-1}
- nova 2:32.1.0-7 (bug #1128294)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/17/7
NOTE: https://review.opendev.org/977100
@@ -1573,6 +1784,7 @@ CVE-2026-2452 (Emails sent by pretix can utilize placeholders that will be fille
CVE-2026-2451 (Emails sent by pretix can utilize placeholders that will be filled wit ...)
NOT-FOR-US: rami.io products
CVE-2026-2447 (Heap buffer overflow in libvpx. This vulnerability affects Firefox < 1 ...)
+ {DSA-6143-1}
- firefox 147.0.4-1 (unimportant)
- firefox-esr <unfixed> (unimportant)
- libvpx 1.16.0-3 (bug #1128283)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/018bf855a02926c5e989b4a05a91fbb6867e1feb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/018bf855a02926c5e989b4a05a91fbb6867e1feb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260220/65739231/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list