[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 26 20:13:44 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
704a4669 by security tracker role at 2026-02-26T20:13:35+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,103 @@
+CVE-2026-3071 (Deserialization of untrusted data in the LanguageModel class of Flair ...)
+ TODO: check
+CVE-2026-2680 (Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in ...)
+ TODO: check
+CVE-2026-2679 (Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in ...)
+ TODO: check
+CVE-2026-2678 (Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in ...)
+ TODO: check
+CVE-2026-2677 (Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in ...)
+ TODO: check
+CVE-2026-2244 (A vulnerability in Google Cloud Vertex AI Workbench from7/21/2025 to 0 ...)
+ TODO: check
+CVE-2026-28296 (A flaw was found in the FTP GVfs backend. A remote attacker could expl ...)
+ TODO: check
+CVE-2026-28295 (A flaw was found in the FTP GVfs backend. A malicious FTP server can e ...)
+ TODO: check
+CVE-2026-28138 (Deserialization of Untrusted Data vulnerability in Stylemix uListing u ...)
+ TODO: check
+CVE-2026-28136 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-28132 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2026-28131 (Insertion of Sensitive Information Into Sent Data vulnerability in WPV ...)
+ TODO: check
+CVE-2026-28083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-27510 (Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the ...)
+ TODO: check
+CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) ...)
+ TODO: check
+CVE-2026-27141 (Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a ...)
+ TODO: check
+CVE-2026-26979 (Discourse is an open source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-26973 (Discourse is an open source discussion platform. Versions prior to 202 ...)
+ TODO: check
+CVE-2026-26938 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ TODO: check
+CVE-2026-26937 (Uncontrolled Resource Consumption (CWE-400) in the Timelion component ...)
+ TODO: check
+CVE-2026-26936 (Inefficient Regular Expression Complexity (CWE-1333) in the AI Inferen ...)
+ TODO: check
+CVE-2026-26935 (Improper Input Validation (CWE-20) in the internal Content Connectors ...)
+ TODO: check
+CVE-2026-26934 (Improper Validation of Specified Quantity in Input (CWE-1284) in Kiban ...)
+ TODO: check
+CVE-2026-26932 (Improper Validation of Array Index (CWE-129) in the PostgreSQL protoco ...)
+ TODO: check
+CVE-2026-26682 (An issue in fastCMS before v.0.1.6 allows a local attacker to execute ...)
+ TODO: check
+CVE-2026-26265 (Discourse is an open source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-26228 (VideoLAN VLC for Android prior to version 3.7.0 contains a path traver ...)
+ TODO: check
+CVE-2026-26227 (VideoLAN VLC for Android prior to version 3.7.0 contains an authentica ...)
+ TODO: check
+CVE-2026-26207 (Discourse is an open source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-26078 (Discourse is an open source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-26077 (Discourse is an open source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-23939 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2026-23750 (Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap ...)
+ TODO: check
+CVE-2026-23749 (Golioth Firmware SDK version0.19.1prior to 0.22.0, fixed in commit0e78 ...)
+ TODO: check
+CVE-2026-23748 (Golioth Firmware SDK version0.10.0 prior to 0.22.0, fixed in commitd7f ...)
+ TODO: check
+CVE-2026-23747 (Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit48 ...)
+ TODO: check
+CVE-2026-22722 (A malicious actor with authenticated user privileges on a Windows base ...)
+ TODO: check
+CVE-2026-22715 (VMWare Workstation and Fusion contain a logic flaw in the management o ...)
+ TODO: check
+CVE-2026-1565 (The User Frontend: AI Powered Frontend Posting, User Directory, Profil ...)
+ TODO: check
+CVE-2026-1241 (The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to ...)
+ TODO: check
+CVE-2026-1198 (SIMPLE.ERP is vulnerable to the SQL Injection in search functionality ...)
+ TODO: check
+CVE-2025-71057 (Improper session management in D-Link Wireless N 300 ADSL2+ Modem Rout ...)
+ TODO: check
+CVE-2025-64999 (Improper neutralization of input in Checkmk versions 2.4.0 before 2.4. ...)
+ TODO: check
+CVE-2025-56605 (A reflected Cross-Site Scripting (XSS) vulnerability exists in the reg ...)
+ TODO: check
+CVE-2025-50857 (ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Travers ...)
+ TODO: check
+CVE-2025-14343 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-11384
+ REJECTED
+CVE-2025-11383
+ REJECTED
+CVE-2025-11382
+ REJECTED
+CVE-2025-11381
+ REJECTED
CVE-2026-3209 (A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. Thi ...)
NOT-FOR-US: Fossorial fosrl/pangolin
CVE-2026-3200 (A vulnerability was identified in z-9527 admin 1.0/2.0. The affected e ...)
@@ -988,7 +1088,7 @@ CVE-2026-2801 (Incorrect boundary conditions in the JavaScript: WebAssembly comp
- firefox 148.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/#CVE-2026-2801
CVE-2026-2781 (Integer overflow in the Libraries component in NSS. This vulnerability ...)
- {DSA-6148-1}
+ {DSA-6149-1 DSA-6148-1}
- firefox 148.0-1
- firefox-esr 140.8.0esr-1
- nss 2:3.121-1
@@ -179782,7 +179882,7 @@ CVE-2024-8413 (Cross Site Scripting (XSS) vulnerability through the action param
NOT-FOR-US: Bioshox/Raspcontrol
CVE-2024-8412 (A vulnerability, which was classified as problematic, was found in Lin ...)
NOT-FOR-US: LinuxOSsk Shakal-NG
-CVE-2024-8411 (A vulnerability, which was classified as problematic, has been found i ...)
+CVE-2024-8411 (A vulnerability was determined in ABCD ABCD2 up to 2.2.0-beta-1. Impac ...)
NOT-FOR-US: ABCD
CVE-2024-8410 (A vulnerability classified as problematic was found in ABCD ABCD2 up t ...)
NOT-FOR-US: ABCD
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704a4669a3da164b237b12e2ab1443e4d5cf1261
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/704a4669a3da164b237b12e2ab1443e4d5cf1261
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260226/1ca54d6e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list