[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Feb 22 20:14:07 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f3f4b5d by security tracker role at 2026-02-22T20:13:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,67 @@
+CVE-2026-2954 (A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the fun ...)
+ TODO: check
+CVE-2026-2953 (A vulnerability has been found in Dromara UJCMS 101.2. This issue affe ...)
+ TODO: check
+CVE-2026-2952 (A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unk ...)
+ TODO: check
+CVE-2026-2947 (A vulnerability was detected in rymcu forest up to 0.0.5. This affects ...)
+ TODO: check
+CVE-2026-2946 (A security vulnerability has been detected in rymcu forest up to 0.0.5 ...)
+ TODO: check
+CVE-2026-2945 (A weakness has been identified in JeecgBoot 3.9.0. Affected by this vu ...)
+ TODO: check
+CVE-2026-2944 (A security flaw has been discovered in Tosei Online Store Management S ...)
+ TODO: check
+CVE-2026-2943 (A vulnerability was identified in SapneshNaik Student Management Syste ...)
+ TODO: check
+CVE-2026-2940 (A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77 ...)
+ TODO: check
+CVE-2026-2939 (A vulnerability was found in itsourcecode Student Management System 1. ...)
+ TODO: check
+CVE-2026-2938 (A vulnerability has been found in SourceCodester Student Result Manage ...)
+ TODO: check
+CVE-2026-2935 (A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. T ...)
+ TODO: check
+CVE-2026-2934 (A security vulnerability has been detected in YiFang CMS up to 2.0.5. ...)
+ TODO: check
+CVE-2026-2385 (The The Plus Addons for Elementor \u2013 Addons for Elementor, Page Te ...)
+ TODO: check
+CVE-2019-25462 (Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that a ...)
+ TODO: check
+CVE-2019-25461 (Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2019-25460 (Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2019-25459 (Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in ...)
+ TODO: check
+CVE-2019-25458 (Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability tha ...)
+ TODO: check
+CVE-2019-25457 (Web Ofisi Firma v13 contains an SQL injection vulnerability that allow ...)
+ TODO: check
+CVE-2019-25456 (Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows ...)
+ TODO: check
+CVE-2019-25455 (Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that al ...)
+ TODO: check
+CVE-2019-25452 (Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the ...)
+ TODO: check
+CVE-2019-25450 (Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilitie ...)
+ TODO: check
+CVE-2019-25446 (DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows ...)
+ TODO: check
+CVE-2019-25443 (Inventory Webapp contains an SQL injection vulnerability that allows u ...)
+ TODO: check
+CVE-2019-25442 (Web Wiz Forums 12.01 contains an SQL injection vulnerability that allo ...)
+ TODO: check
+CVE-2019-25440 (WebIncorp ERP contains an SQL injection vulnerability that allows unau ...)
+ TODO: check
+CVE-2019-25439 (NoviSmart CMS contains an SQL injection vulnerability that allows remo ...)
+ TODO: check
+CVE-2019-25433 (XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows un ...)
+ TODO: check
+CVE-2019-25391 (Ashop Shopping Cart Software contains a time-based blind SQL injection ...)
+ TODO: check
+CVE-2019-25366 (microASP Portal+ CMS contains an SQL injection vulnerability that allo ...)
+ TODO: check
CVE-2026-2597 [Disallow requesting strings with negative lengths]
- libcrypt-sysrandom-xs-perl 0.011-1
NOTE: Fixed by: https://github.com/Leont/crypt-sysrandom-xs/commit/a402e0381a2150799a9ad919f0942f62d0282d2d (v0.010)
@@ -2802,7 +2866,7 @@ CVE-2026-2452 (Emails sent by pretix can utilize placeholders that will be fille
CVE-2026-2451 (Emails sent by pretix can utilize placeholders that will be filled wit ...)
NOT-FOR-US: rami.io products
CVE-2026-2447 (Heap buffer overflow in libvpx. This vulnerability affects Firefox < 1 ...)
- {DSA-6143-1}
+ {DSA-6143-1 DLA-4489-1}
- firefox 147.0.4-1 (unimportant)
- firefox-esr <unfixed> (unimportant)
- libvpx 1.16.0-3 (bug #1128283)
@@ -6127,7 +6191,7 @@ CVE-2026-22613 (The server identity check mechanism for firmware upgrade perform
NOT-FOR-US: Eaton
CVE-2026-1868 (GitLab has remediated a vulnerability in the Duo Workflow Service comp ...)
NOT-FOR-US: GitLab AI Gateway
-CVE-2026-1615 (Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitr ...)
+CVE-2026-1615 (Versions of the package jsonpath from 0.0.0 are vulnerable to Arbitrar ...)
NOT-FOR-US: Node jsonpath
CVE-2026-0870 (MacroHub developed by GIGABYTE has a Local Privilege Escalation vulner ...)
NOT-FOR-US: MacroHub
@@ -14380,7 +14444,7 @@ CVE-2026-22816 (Gradle is a build automation tool, and its native-platform tool
NOTE: Followup: https://github.com/gradle/gradle/commit/905df7b0a3f58cac40efaf430920bd3577c7d4ee (v8.14.4)
NOTE: Documentation: https://github.com/gradle/gradle/commit/4975f20330a3de43478099766827fb9f81cfe9e8 (v8.14.4)
NOTE: Followup: https://github.com/gradle/gradle/commit/df5a15bd5fdb1032cea863518fc004523bab0853 (v8.14.4)
-CVE-2026-21223 (Microsoft Edge Elevation Service exposes a privileged COM interface th ...)
+CVE-2026-21223 (Improper privilege management in Microsoft Edge (Chromium-based) allow ...)
NOT-FOR-US: Microsoft
CVE-2026-20960 (Improper authorization in Microsoft Power Apps allows an authorized at ...)
NOT-FOR-US: Microsoft
@@ -18017,7 +18081,7 @@ CVE-2026-21885 (Miniflux 2 is an open source feed reader. Prior to version 2.2.1
NOTE: https://github.com/miniflux/v2/security/advisories/GHSA-xwh2-742g-w3wp
NOTE: Fixed by: https://github.com/miniflux/v2/commit/6c83e8c477b4d476aee5fbb87e47472c9ded01de (v2.2.16)
CVE-2026-21876 (The OWASP core rule set (CRS) is a set of generic attack detection rul ...)
- {DSA-6105-1}
+ {DSA-6105-1 DLA-4488-1}
- modsecurity-crs 3.3.8-1 (bug #1125084)
NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5
NOTE: Fixed by (merge): https://github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83 (v3.3.8)
@@ -274955,6 +275019,7 @@ CVE-2023-3342 (The User Registration plugin for WordPress is vulnerable to arbit
CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: PlatPlay DSr
CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ...)
+ {DLA-4488-1}
- modsecurity-crs 3.3.5-1 (bug #1041109)
[bookworm] - modsecurity-crs <no-dsa> (Minor issue)
[buster] - modsecurity-crs <postponed> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f3f4b5d8201b386238989741cfc882256bf2f41
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f3f4b5d8201b386238989741cfc882256bf2f41
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260222/dcb67b1c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list