[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 7 20:13:25 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9dcbf9d by security tracker role at 2026-01-07T20:13:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,260 @@
+CVE-2026-22544 (An attacker with a network connection could detect credentials in clea ...)
+ TODO: check
+CVE-2026-22543 (The credentials required to access the device's web server are sent in ...)
+ TODO: check
+CVE-2026-22542 (An attacker with access to the system's internal network can cause a d ...)
+ TODO: check
+CVE-2026-22541 (The massive sending of ICMP requests causes a denial of service on one ...)
+ TODO: check
+CVE-2026-22540 (The massive sending of ARP requests causes a denial of service on one ...)
+ TODO: check
+CVE-2026-22539 (As the service interaction is performed without authentication, an att ...)
+ TODO: check
+CVE-2026-22537 (The lack of hardening of the system allows the user used to manage and ...)
+ TODO: check
+CVE-2026-22536 (The absence of permissions control for the user XXX allows the current ...)
+ TODO: check
+CVE-2026-22535 (An attacker with the ability to interact through the network and with ...)
+ TODO: check
+CVE-2026-21856 (The Tarkov Data Manager is a tool to manage the Tarkov item data. Prio ...)
+ TODO: check
+CVE-2026-21855 (The Tarkov Data Manager is a tool to manage the Tarkov item data. Prio ...)
+ TODO: check
+CVE-2026-21854 (The Tarkov Data Manager is a tool to manage the Tarkov item data. Prio ...)
+ TODO: check
+CVE-2026-21680 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21679 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21678 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21506 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21505 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21504 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21503 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21502 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21501 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21500 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21499 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21498 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21497 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21496 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-21495 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-20029 (A vulnerability in the licensing features of Cisco Identity Servi ...)
+ TODO: check
+CVE-2026-20027 (Multiple Cisco products are affected by a vulnerability in the process ...)
+ TODO: check
+CVE-2026-20026 (Multiple Cisco products are affected by a vulnerability in the pr ...)
+ TODO: check
+CVE-2026-0670 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2026-0669 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2026-0668 (Inefficient Regular Expression Complexity vulnerability in Wikimedia F ...)
+ TODO: check
+CVE-2026-0618 (Cross-site Scripting vulnerability in Devolutions PowerShell Universal ...)
+ TODO: check
+CVE-2025-6225 (Kieback&Peter Neutrino-GLT product is used for building management. It ...)
+ TODO: check
+CVE-2025-69344 (Missing Authorization vulnerability in ThemeHunk Oneline Lite allows E ...)
+ TODO: check
+CVE-2025-69333 (Missing Authorization vulnerability in Crocoblock JetEngine allows Exp ...)
+ TODO: check
+CVE-2025-69082 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69081 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69080 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-68637 (The Uniffle HTTP client is configured to trust all SSL certificates an ...)
+ TODO: check
+CVE-2025-67366 (@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file c ...)
+ TODO: check
+CVE-2025-67364 (fast-filesystem-mcp version 3.4.0 contains a critical path traversal v ...)
+ TODO: check
+CVE-2025-66838 (In Aris v10.0.23.0.3587512 and before, the file upload functionality d ...)
+ TODO: check
+CVE-2025-66837 (A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers ...)
+ TODO: check
+CVE-2025-66786 (OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when proces ...)
+ TODO: check
+CVE-2025-66686 (A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS ...)
+ TODO: check
+CVE-2025-66560 (Quarkus is a Cloud Native, (Linux) Container First framework for writi ...)
+ TODO: check
+CVE-2025-65805 (OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability ...)
+ TODO: check
+CVE-2025-62327 (In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configur ...)
+ TODO: check
+CVE-2025-61939 (An unused function in MicroServer can start a reverse SSH connection t ...)
+ TODO: check
+CVE-2025-61782 (OpenCTI is an open source platform for managing cyber threat intellige ...)
+ TODO: check
+CVE-2025-61492 (A command injection vulnerability in the execute_command function of t ...)
+ TODO: check
+CVE-2025-61489 (A command injection vulnerability in the shell_exec function of soniri ...)
+ TODO: check
+CVE-2025-58441 (Knowage is an open source analytics and business intelligence suite. P ...)
+ TODO: check
+CVE-2025-4677 (Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card ...)
+ TODO: check
+CVE-2025-4676 (Incorrect Implementation of Authentication Algorithm vulnerability in ...)
+ TODO: check
+CVE-2025-4675 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
+ TODO: check
+CVE-2025-49335 (Server-Side Request Forgery (SSRF) vulnerability in minnur External Me ...)
+ TODO: check
+CVE-2025-47552 (Deserialization of Untrusted Data vulnerability in Digital zoom studio ...)
+ TODO: check
+CVE-2025-46494 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-46434 (Missing Authorization vulnerability in POSIMYTH Innovation The Plus Ad ...)
+ TODO: check
+CVE-2025-46256 (Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Data ...)
+ TODO: check
+CVE-2025-32303 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-32300 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-31643 (Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH ...)
+ TODO: check
+CVE-2025-15479 (Stored cross-site scripting (XSS, CWE-79) in the survey content and ad ...)
+ TODO: check
+CVE-2025-15158 (The WP Enable WebP plugin for WordPress is vulnerable to arbitrary fil ...)
+ TODO: check
+CVE-2025-15058 (The Responsive Pricing Table plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-15018 (The Optional Email plugin for WordPress is vulnerable to Privilege Esc ...)
+ TODO: check
+CVE-2025-15000 (The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-14999 (The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2025-14796 (The My Album Gallery plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-14626 (The QR Code for WooCommerce order emails, PDF invoices, packing slips ...)
+ TODO: check
+CVE-2025-14465 (The Sticky Action Buttons plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2025-14460 (The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is v ...)
+ TODO: check
+CVE-2025-14453 (The My Album Gallery plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-14352 (The Awesome Hotel Booking plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2025-14147 (The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-14145 (The Niche Hero | Beautifully-designed blocks in seconds plugin for Wor ...)
+ TODO: check
+CVE-2025-14144 (The Mstoic Shortcodes plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-14131 (The WP Widget Changer plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2025-14130 (The Post Like Dislike plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2025-14128 (The Stumble! for WordPress plugin for WordPress is vulnerable to Refle ...)
+ TODO: check
+CVE-2025-14127 (The Testimonial Master plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2025-14122 (The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-14121 (The EDD Download Info plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-14118 (The Starred Review plugin for WordPress is vulnerable to Reflected Cro ...)
+ TODO: check
+CVE-2025-14114 (The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-14113 (The Viitor Button Shortcodes plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-14112 (The Snillrik Restaurant plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2025-14110 (The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-14109 (The AH Shortcodes plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-14077 (The Simcast plugin for WordPress is vulnerable to Cross-Site Request F ...)
+ TODO: check
+CVE-2025-14070 (The Reviewify plugin for WordPress is vulnerable to unauthorized modif ...)
+ TODO: check
+CVE-2025-14057 (The Multi-column Tag Map plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-14053 (The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-14028 (The Contact Us Simple Form plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2025-13990 (The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2025-13974 (The Email Customizer for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-13887 (The AI BotKit \u2013 AI Chatbot & Live Support for WordPress plugin fo ...)
+ TODO: check
+CVE-2025-13849 (The Cool YT Player plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-13848 (The STM Gallery 1.9 plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-13847 (The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-13841 (The Smart App Banners plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-13801 (The Yoco Payments plugin for WordPress is vulnerable to Path Traversal ...)
+ TODO: check
+CVE-2025-13722 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Co ...)
+ TODO: check
+CVE-2025-13694 (The AA Block Country plugin for WordPress is vulnerable to IP Address ...)
+ TODO: check
+CVE-2025-13667 (The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-13531 (The Stylish Order Form Builder plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-13529 (The Unify plugin for WordPress is vulnerable to unauthorized modificat ...)
+ TODO: check
+CVE-2025-13527 (The xShare plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
+ TODO: check
+CVE-2025-13521 (The WP Status Notifier plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2025-13520 (The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2025-13519 (The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2025-13497 (The Recras WordPress plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-13496 (The Moosend Landing Pages plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2025-13493 (The Latest Registered Users plugin for WordPress is vulnerable to unau ...)
+ TODO: check
+CVE-2025-13419 (The Guest posting / Frontend Posting / Front Editor \u2013 WP Front Us ...)
+ TODO: check
+CVE-2025-13418 (The Responsive Pricing Table plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-12958 (The Rankology SEO and Analytics Tool plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-12543 (A flaw was found in the Undertow HTTP server core, which is used in Wi ...)
+ TODO: check
+CVE-2025-12540 (The ShareThis Dashboard for Google Analytics plugin for WordPress is v ...)
+ TODO: check
+CVE-2025-12030 (The ACF to REST API plugin for WordPress is vulnerable to Insecure Dir ...)
+ TODO: check
+CVE-2025-11877 (The User Activity Log plugin is vulnerable to a limited options update ...)
+ TODO: check
CVE-2025-67603 [Add PolicyKit authorization to D-Bus methods]
+ {DSA-6095-1}
- foomuuri 0.31-1
NOTE: Fixed by: https://github.com/FoobarOy/foomuuri/commit/5944a428f53a132fc343ff6792b1b7539f1c990e (v0.31)
NOTE: https://www.openwall.com/lists/oss-security/2026/01/07/9
CVE-2025-67858 [Verify interface input parameter on D-Bus methods]
+ {DSA-6095-1}
- foomuuri 0.31-1
NOTE: Fixed by: https://github.com/FoobarOy/foomuuri/commit/d1961f420600d133e5f1d3125deb17445e7745ac (v0.31)
NOTE: https://www.openwall.com/lists/oss-security/2026/01/07/9
@@ -2902,7 +3154,7 @@ CVE-2020-36903 (Selea CarPlateServer 4.0.1.6 contains an unquoted service path v
CVE-2019-25262 (A security vulnerability has been detected in elinicksic Razgover up t ...)
NOT-FOR-US: elinicksic Razgover
CVE-2025-69277 (libsodium before ad3004e, in atypical use cases involving certain cust ...)
- {DSA-6094-1}
+ {DSA-6094-1 DLA-4435-1}
- libsodium 1.0.18-2 (bug #1124374)
NOTE: https://00f.net/2025/12/30/libsodium-vulnerability/
NOTE: Fixed by: https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae
@@ -3064,7 +3316,8 @@ CVE-2022-50800 (H3C SSL VPN contains a user enumeration vulnerability that allow
NOT-FOR-US: H3C
CVE-2022-50799 (Fetch FTP Client 5.8.2 contains a denial of service vulnerability that ...)
NOT-FOR-US: Fetch FTP Client
-CVE-2022-50798 (SoX 14.4.2 contains a division by zero vulnerability when handling WAV ...)
+CVE-2022-50798
+ REJECTED
- sox 14.4.2-2
NOTE: https://www.exploit-db.com/exploits/51034
NOTE: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5712.php
@@ -179137,7 +179390,7 @@ CVE-2024-37182 (Mattermost Desktop App versions <=5.7.0 fail to correctly prompt
- mattermost-desktop <itp> (bug #831861)
CVE-2024-36656 (In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript c ...)
NOT-FOR-US: MintHCM
-CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to ...)
+CVE-2024-36600 (Buffer Overflow Vulnerability in libcdio in commit 4c840665 allows an ...)
- libcdio <not-affected> (Vulnerable code introduced later in development version)
NOTE: https://github.com/gashasbi/My-Reports/tree/main/CVE-2024-36600
NOTE: Introduced by: https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=4c840665c6d9cf2ff1cf0cd12f91b25030776c74 (master)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9dcbf9d5c4f0ae93179f22d8f530672451f6f6d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9dcbf9d5c4f0ae93179f22d8f530672451f6f6d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260107/ac46b711/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list