[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 28 08:13:09 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e02ca329 by security tracker role at 2026-02-28T08:13:01+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,14 +1,90 @@
-CVE-2026-28418
+CVE-2026-2647
+	REJECTED
+CVE-2026-2471 (The WP Mail Logging plugin for WordPress is vulnerable to PHP Object I ...)
+	TODO: check
+CVE-2026-28517 (openDCIM version 23.04, through commit 4467e9c4, contains an OS comman ...)
+	TODO: check
+CVE-2026-28516 (openDCIM version 23.04, through commit 4467e9c4, contains a SQL inject ...)
+	TODO: check
+CVE-2026-28515 (openDCIM version 23.04, through commit 4467e9c4, contains a missing au ...)
+	TODO: check
+CVE-2026-28426 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
+	TODO: check
+CVE-2026-28425 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
+	TODO: check
+CVE-2026-28424 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
+	TODO: check
+CVE-2026-28423 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
+	TODO: check
+CVE-2026-28422 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
+	TODO: check
+CVE-2026-28421 (Vim is an open source, command line text editor. Versions prior to 9.2 ...)
+	TODO: check
+CVE-2026-28420 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
+	TODO: check
+CVE-2026-28419 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
+	TODO: check
+CVE-2026-28416 (Gradio is an open-source Python package designed for quick prototyping ...)
+	TODO: check
+CVE-2026-28415 (Gradio is an open-source Python package designed for quick prototyping ...)
+	TODO: check
+CVE-2026-28414 (Gradio is an open-source Python package designed for quick prototyping ...)
+	TODO: check
+CVE-2026-28411 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...)
+	TODO: check
+CVE-2026-28409 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...)
+	TODO: check
+CVE-2026-28408 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...)
+	TODO: check
+CVE-2026-28407 (malcontent is software for discovering supply-chain compromises throug ...)
+	TODO: check
+CVE-2026-28406 (kaniko is a tool to build container images from a Dockerfile, inside a ...)
+	TODO: check
+CVE-2026-28402 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
+	TODO: check
+CVE-2026-28400 (Docker Model Runner (DMR) is software used to manage, run, and deploy  ...)
+	TODO: check
+CVE-2026-28355 (Canarytokens help track activity and actions on a network. Versions pr ...)
+	TODO: check
+CVE-2026-28352 (Indico is an event management system that uses Flask-Multipass, a mult ...)
+	TODO: check
+CVE-2026-28351 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
+	TODO: check
+CVE-2026-28338 (PMD is an extensible multilanguage static code analyzer. Prior to vers ...)
+	TODO: check
+CVE-2026-28288 (Dify is an open-source LLM app development platform. Prior to 1.9.0, r ...)
+	TODO: check
+CVE-2026-28272 (Kiteworks is a private data network (PDN). Prior to version 9.2.0, a v ...)
+	TODO: check
+CVE-2026-28271 (Kiteworks is a private data network (PDN). Prior to version 9.2.0, a v ...)
+	TODO: check
+CVE-2026-28270 (Kiteworks is a private data network (PDN). Prior to version 9.2.0, a v ...)
+	TODO: check
+CVE-2026-28268 (Vikunja is an open-source self-hosted task management platform. Versio ...)
+	TODO: check
+CVE-2026-28231 (pillow_heif is a Python library for working with HEIF images and plugi ...)
+	TODO: check
+CVE-2026-27939 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
+	TODO: check
+CVE-2026-27759 (Featured Image from Content (featured-image-from-content) WordPress pl ...)
+	TODO: check
+CVE-2026-27167 (Gradio is an open-source Python package designed for quick prototyping ...)
+	TODO: check
+CVE-2026-1542 (The Super Stage WP WordPress plugin through 1.0.1 unserializes user in ...)
+	TODO: check
+CVE-2025-13673 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+	TODO: check
+CVE-2026-28418 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
 	- vim <unfixed>
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-h4mf-vg97-hj8j
 	NOTE: Fixed by: https://github.com/vim/vim/commit/f6a7f469a9c0d09e84cd6cb46c3a9e76f684da2d (v9.2.0074)
-CVE-2026-28417
+CVE-2026-28417 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
 	- vim <unfixed>
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336
 	NOTE: Fixed by: https://github.com/vim/vim/commit/79348dbbc09332130f4c86045e1541d68514fcc1 (v9.2.0073)
-CVE-2026-3255
+CVE-2026-3255 (HTTP::Session2 versions before 1.12 for Perl for Perl may generate wea ...)
 	NOT-FOR-US: HTTP-Session2 Perl module
-CVE-2018-25160
+CVE-2018-25160 (HTTP::Session2 versions through 1.09 for Perl does not validate the fo ...)
 	NOT-FOR-US: HTTP-Session2 Perl module
 CVE-2026-3327 (Authenticated Iframe Injection in Dato CMS Web Previews plugin. This v ...)
 	NOT-FOR-US: Dato CMS Web Previews plugin
@@ -6539,7 +6615,7 @@ CVE-2025-15520 (The RegistrationMagic  WordPress plugin before 6.0.7.2 checks no
 	NOT-FOR-US: WordPress plugin
 CVE-2024-21961 (Improper restriction of operations within the bounds of a memory buffe ...)
 	NOT-FOR-US: AMD
-CVE-2020-37167 (ClamAV versions prior to 0.102.0, fixed in 0.103.0-rc, ClamBC bytecode ...)
+CVE-2020-37167 (ClamAV versions prior to 0.103.0-rc contain a vulnerability in functio ...)
 	- clamav <undetermined>
 	NOTE: https://www.exploit-db.com/exploits/47687
 	TODO: check upstream status



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e02ca3297dfc6dae5158f01524043e5492659633

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e02ca3297dfc6dae5158f01524043e5492659633
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260228/9bc4adf0/attachment.htm>

More information about the debian-security-tracker-commits mailing list