[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 25 08:14:03 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2be38d85 by security tracker role at 2026-02-25T08:13:49+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,166 @@
-CVE-2026-27624
+CVE-2026-3179 (The FTP Backup on the ADM does not properly sanitize filenames receive ...)
+ TODO: check
+CVE-2026-3170 (A vulnerability was detected in SourceCodester/Patrick Mvuma Patients ...)
+ TODO: check
+CVE-2026-3169 (A security vulnerability has been detected in Tenda F453 1.0.0.3. This ...)
+ TODO: check
+CVE-2026-3168 (A weakness has been identified in Tenda F453 1.0.0.3. This affects the ...)
+ TODO: check
+CVE-2026-3167 (A security flaw has been discovered in Tenda F453 1.0.0.3. The impacte ...)
+ TODO: check
+CVE-2026-3166 (A vulnerability was identified in Tenda F453 1.0.0.3. The affected ele ...)
+ TODO: check
+CVE-2026-3165 (A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the ...)
+ TODO: check
+CVE-2026-3164 (A vulnerability was found in itsourcecode News Portal Project 1.0. Thi ...)
+ TODO: check
+CVE-2026-3163 (A vulnerability has been found in SourceCodester Website Link Extracto ...)
+ TODO: check
+CVE-2026-3153 (A vulnerability has been found in itsourcecode Document Management Sys ...)
+ TODO: check
+CVE-2026-3152 (A flaw has been found in itsourcecode College Management System 1.0. T ...)
+ TODO: check
+CVE-2026-3151 (A vulnerability was detected in itsourcecode College Management System ...)
+ TODO: check
+CVE-2026-3150 (A security vulnerability has been detected in itsourcecode College Man ...)
+ TODO: check
+CVE-2026-3149 (A weakness has been identified in itsourcecode College Management Syst ...)
+ TODO: check
+CVE-2026-3148 (A vulnerability was determined in SourceCodester Simple and Nice Shopp ...)
+ TODO: check
+CVE-2026-3147 (A vulnerability was found in libvips up to 8.18.0. This affects the fu ...)
+ TODO: check
+CVE-2026-3146 (A vulnerability has been found in libvips up to 8.18.0. The impacted e ...)
+ TODO: check
+CVE-2026-3145 (A flaw has been found in libvips up to 8.18.0. The affected element is ...)
+ TODO: check
+CVE-2026-3137 (A security vulnerability has been detected in CodeAstro Food Ordering ...)
+ TODO: check
+CVE-2026-3135 (A weakness has been identified in itsourcecode News Portal Project 1.0 ...)
+ TODO: check
+CVE-2026-3134 (A security flaw has been discovered in itsourcecode News Portal Projec ...)
+ TODO: check
+CVE-2026-3133 (A vulnerability has been found in itsourcecode Document Management Sys ...)
+ TODO: check
+CVE-2026-3100 (The FTP Backup on the ADM will not properly strictly enforce TLS certi ...)
+ TODO: check
+CVE-2026-2914 (CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower a ...)
+ TODO: check
+CVE-2026-27822 (RustFS is a distributed object storage system built in Rust. Prior to ...)
+ TODO: check
+CVE-2026-27747 (The SPIP interface_traduction_objets plugin versions prior to4.3.3 con ...)
+ TODO: check
+CVE-2026-27746 (The SPIP jeux plugin versions prior to4.1.1 contain a reflected cross- ...)
+ TODO: check
+CVE-2026-27745 (The SPIP interface_traduction_objets plugin versions prior to4.3.3 con ...)
+ TODO: check
+CVE-2026-27744 (The SPIP tickets plugin versions prior to4.3.3 contain an unauthentica ...)
+ TODO: check
+CVE-2026-27743 (The SPIP referer_spam plugin versions prior to1.3.0 contain an unauthe ...)
+ TODO: check
+CVE-2026-27696 (changedetection.io is a free open source web page change detection too ...)
+ TODO: check
+CVE-2026-27645 (changedetection.io is a free open source web page change detection too ...)
+ TODO: check
+CVE-2026-27641 (Flask-Reuploaded provides file uploads for Flask. A critical path trav ...)
+ TODO: check
+CVE-2026-27640 (tfplan2md is software for converting Terraform plan JSON files into hu ...)
+ TODO: check
+CVE-2026-27639 (Mercator is an open source web application designed to enable mapping ...)
+ TODO: check
+CVE-2026-27637 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-27636 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-27632 (Talishar is a fan-made Flesh and Blood project. Prior to commit 6be387 ...)
+ TODO: check
+CVE-2026-27629 (InvenTree is an Open Source Inventory Management System. Prior to vers ...)
+ TODO: check
+CVE-2026-27628 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
+ TODO: check
+CVE-2026-27627 (Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, ...)
+ TODO: check
+CVE-2026-27626 (OliveTin gives access to predefined shell commands from a web interfac ...)
+ TODO: check
+CVE-2026-27621 (TypiCMS is a multilingual content management system based on the Larav ...)
+ TODO: check
+CVE-2026-27615 (ADB Explorer is a fluent UI for ADB on Windows. In versions prior to B ...)
+ TODO: check
+CVE-2026-27614 (Bugsink is a self-hosted error tracking tool. In versions prior to 2.0 ...)
+ TODO: check
+CVE-2026-27612 (Repostat is a React component to fetch and display GitHub repository i ...)
+ TODO: check
+CVE-2026-27611 (FileBrowser Quantum is a free, self-hosted, web-based file manager. Pr ...)
+ TODO: check
+CVE-2026-27610 (Parse Dashboard is a standalone dashboard for managing Parse Server ap ...)
+ TODO: check
+CVE-2026-27609 (Parse Dashboard is a standalone dashboard for managing Parse Server ap ...)
+ TODO: check
+CVE-2026-27608 (Parse Dashboard is a standalone dashboard for managing Parse Server ap ...)
+ TODO: check
+CVE-2026-27607 (RustFS is a distributed object storage system built in Rust. In versio ...)
+ TODO: check
+CVE-2026-27606 (Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3 ...)
+ TODO: check
+CVE-2026-27598 (Dagu is a workflow engine with a built-in Web user interface. In versi ...)
+ TODO: check
+CVE-2026-27597 (Enclave is a secure JavaScript sandbox designed for safe AI agent code ...)
+ TODO: check
+CVE-2026-27595 (Parse Dashboard is a standalone dashboard for managing Parse Server ap ...)
+ TODO: check
+CVE-2026-27593 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
+ TODO: check
+CVE-2026-27117 (bit7z is a cross-platform C++ static library that allows the compressi ...)
+ TODO: check
+CVE-2026-26351 (GetSimpleCMS Community Edition (CE) version 3.3.16 contains a stored c ...)
+ TODO: check
+CVE-2026-25899 (Fiber is an Express inspired web framework written in Go. In versions ...)
+ TODO: check
+CVE-2026-25891 (Fiber is an Express inspired web framework written in Go. A Path Trave ...)
+ TODO: check
+CVE-2026-25882 (Fiber is an Express inspired web framework written in Go. A denial of ...)
+ TODO: check
+CVE-2026-25785 (Path traversal vulnerability exists in Lanscope Endpoint Manager (On-P ...)
+ TODO: check
+CVE-2026-25135 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25131 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25127 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25124 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-24896 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-24849 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-24847 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-24443 (EventSentry versions prior to 6.0.1.20contain an unverified password c ...)
+ TODO: check
+CVE-2026-22553 (All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command ...)
+ TODO: check
+CVE-2026-21443 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-21410 (InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its m ...)
+ TODO: check
+CVE-2026-1614 (The Rise Blocks \u2013 A Complete Gutenberg Page Builder plugin for Wo ...)
+ TODO: check
+CVE-2025-69231 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2025-68277 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2025-67752 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2025-67491 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2025-5781 (Information Exposure Vulnerability in Hitachi Ops Center API Configura ...)
+ TODO: check
+CVE-2025-46320 (A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect cu ...)
+ TODO: check
+CVE-2025-0976 (Information Exposure Vulnerability inHitachi Ops Center API Configurat ...)
+ TODO: check
+CVE-2026-27624 (Coturn is a free open source implementation of TURN and STUN Server. C ...)
- coturn <unfixed>
NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-j8mm-mpf8-gvjg
NOTE: https://github.com/coturn/coturn/commit/b80eb898ba26552600770162c26a8ae7f3661b0b (4.9.0)
@@ -8,15 +170,15 @@ CVE-2026-3099
- libsoup3 <unfixed>
- libsoup2.4 <removed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/495
-CVE-2026-27195
+CVE-2026-27195 (Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, ...)
- rust-wasmtime <not-affected> (Vulnerable code introduced later)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0022.html
NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94
-CVE-2026-27572
+CVE-2026-27572 (Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0. ...)
- rust-wasmtime <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0021.html
NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h
-CVE-2026-27204
+CVE-2026-27204 (Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0. ...)
- rust-wasmtime <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0020.html
NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w
@@ -44495,7 +44657,7 @@ CVE-2025-65073 (OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v
NOTE: https://bugs.launchpad.net/keystone/+bug/2119646
NOTE: src:swift (Bug #1120057) and src:heat (Bug #1120059) require updates along for
NOTE: compatibility with the OSSA-2025-002/keystone update.
-CVE-2025-11563
+CVE-2025-11563 (URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl i ...)
- curl 8.17.0-2
[trixie] - curl 8.14.1-2+deb13u2
[bookworm] - curl <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2be38d856beb668e16a9ac2d4917df6e757f1543
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2be38d856beb668e16a9ac2d4917df6e757f1543
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260225/7a23743c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list