[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 9 08:13:13 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
426f85df by security tracker role at 2026-01-09T08:13:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2026-22714 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2026-22713 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2026-22712 (Improper Encoding or Escaping of Outputdue to magic word replacement i ...)
+ TODO: check
+CVE-2026-22710 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2026-22636
+ REJECTED
+CVE-2026-22635
+ REJECTED
+CVE-2026-22634
+ REJECTED
+CVE-2026-22633
+ REJECTED
+CVE-2026-22632
+ REJECTED
+CVE-2026-22631
+ REJECTED
+CVE-2026-22630
+ REJECTED
+CVE-2026-22588 (Spree is an open source e-commerce solution built with Ruby on Rails. ...)
+ TODO: check
+CVE-2026-21409 (Improper authorization vulnerability exists in RICOH Streamline NX 3.5 ...)
+ TODO: check
+CVE-2026-20976 (Improper input validation in Galaxy Store prior to version 4.6.02 allo ...)
+ TODO: check
+CVE-2026-20975 (Improper handling of insufficient permission in Samsung Cloud prior to ...)
+ TODO: check
+CVE-2026-20974 (Improper input validation in data related to network restrictions prio ...)
+ TODO: check
+CVE-2026-20973 (Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Rel ...)
+ TODO: check
+CVE-2026-20972 (Improper Export of Android Application Components in UwbTest prior to ...)
+ TODO: check
+CVE-2026-20971 (Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows ...)
+ TODO: check
+CVE-2026-20970 (Improper access control in SLocation prior to SMR Jan-2026 Release 1 a ...)
+ TODO: check
+CVE-2026-20969 (Improper input validation in SecSettings prior to SMR Jan-2026 Release ...)
+ TODO: check
+CVE-2026-20968 (Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local ...)
+ TODO: check
+CVE-2026-0733 (A vulnerability was determined in PHPGurukul Online Course Registratio ...)
+ TODO: check
+CVE-2026-0732 (A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects ...)
+ TODO: check
+CVE-2026-0731 (A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impac ...)
+ TODO: check
+CVE-2026-0730 (A flaw has been found in PHPGurukul Staff Leave Management System 1.0. ...)
+ TODO: check
+CVE-2026-0729 (A vulnerability was detected in code-projects Intern Membership Manage ...)
+ TODO: check
+CVE-2026-0728 (A security vulnerability has been detected in code-projects Intern Mem ...)
+ TODO: check
+CVE-2026-0563 (The WP Google Street View (with 360\xb0 virtual tour) & Google maps + ...)
+ TODO: check
+CVE-2025-70974 (Fastjson before 1.2.48 mishandles autoType because, when an @type key ...)
+ TODO: check
+CVE-2025-68719 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configurati ...)
+ TODO: check
+CVE-2025-68718 (KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET servi ...)
+ TODO: check
+CVE-2025-68717 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication ...)
+ TODO: check
+CVE-2025-68716 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH servic ...)
+ TODO: check
+CVE-2025-66315 (There is a configuration defect vulnerability in the version server of ...)
+ TODO: check
+CVE-2025-15464 (Exported Activity allows external applications to gain application con ...)
+ TODO: check
+CVE-2025-15057 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-15055 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-15019 (The BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast S ...)
+ TODO: check
+CVE-2025-14980 (The BetterDocs plugin for WordPress is vulnerable to Sensitive Informa ...)
+ TODO: check
+CVE-2025-14937 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-14893 (The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2025-14886 (The Japanized for WooCommerce plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2025-14803 (The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and esc ...)
+ TODO: check
+CVE-2025-14782 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
+ TODO: check
+CVE-2025-14741 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-14736 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-14720 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin ...)
+ TODO: check
+CVE-2025-14718 (The Schedule Post Changes With PublishPress Future plugin for WordPres ...)
+ TODO: check
+CVE-2025-14657 (The Eventin \u2013 Event Manager, Events Calendar, Event Tickets and R ...)
+ TODO: check
+CVE-2025-14574 (The weDocs plugin for WordPress is vulnerable to Sensitive Information ...)
+ TODO: check
+CVE-2025-14505 (The ECDSA implementation of the Elliptic package generates incorrect s ...)
+ TODO: check
+CVE-2025-14436 (The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-14146 (The Booking Calendar plugin for WordPress is vulnerable to Sensitive I ...)
+ TODO: check
+CVE-2025-13935 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+ TODO: check
+CVE-2025-13934 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+ TODO: check
+CVE-2025-13753 (The WP Table Builder \u2013 Drag & Drop Table Builder plugin for WordP ...)
+ TODO: check
+CVE-2025-13749 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, C ...)
+ TODO: check
+CVE-2025-13628 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+ TODO: check
CVE-2026-0716
- libsoup3 <unfixed>
- libsoup2.4 <removed>
@@ -111,7 +229,7 @@ CVE-2026-21638 (A malicious actor in Wi-Fi range of the affected product could l
NOT-FOR-US: UBB
CVE-2026-0747 (Exposure of sensitive information in the TeamViewer entry dashboard co ...)
NOT-FOR-US: Devolutions
-CVE-2026-0719 (A flaw was found in libsoup's NTLM (NT LAN Manager) authentication mod ...)
+CVE-2026-0719 (A flaw was identified in the NTLM authentication handling of the libso ...)
- libsoup3 <unfixed> (bug #1125083)
- libsoup2.4 <removed>
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/477
@@ -379,7 +497,7 @@ CVE-2026-21868 (Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2
NOT-FOR-US: Flag Forge
CVE-2026-21859 (Mailpit is an email testing tool and API for developers. Versions 1.28 ...)
NOT-FOR-US: Mailpit
-CVE-2026-21858 (n8n is an open source workflow automation platform. Versions below 1.1 ...)
+CVE-2026-21858 (n8n is an open source workflow automation platform. Versions starting ...)
NOT-FOR-US: n8n
CVE-2026-21857 (REDAXO is a PHP-based content management system. Prior to version 5.20 ...)
NOT-FOR-US: REDAXO
@@ -3883,13 +4001,13 @@ CVE-2022-50692 (SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an
NOT-FOR-US: SOUND4 IMPACT/FIRST/PULSE/Eco
CVE-2022-50691 (MiniDVBLinux 5.4 contains a remote command execution vulnerability tha ...)
NOT-FOR-US: MiniDVBLinux
-CVE-2025-69195
+CVE-2025-69195 (A flaw was found in GNU Wget2. This vulnerability, a stack-based buffe ...)
- wget2 <unfixed> (bug #1124377)
[bookworm] - wget2 <not-affected> (Vulnerable code introduced later)
[bullseye] - wget2 <not-affected> (Vulnerable code introduced later)
NOTE: Introduced with: https://gitlab.com/gnuwget/wget2/-/commit/3dc30f5f0c6f8feae97f866c537324f821ea05d6 (v2.1.0)
NOTE: Fixed by: https://gitlab.com/gnuwget/wget2/-/commit/fc7fcbc00e0a2c8606d44ab216195afb3f08cc98 (v2.2.1)
-CVE-2025-69194
+CVE-2025-69194 (A security issue was discovered in GNU Wget2 when handling Metalink do ...)
- wget2 <unfixed> (bug #1124378)
[trixie] - wget2 <no-dsa> (Minor issue)
[bookworm] - wget2 <no-dsa> (Minor issue)
@@ -75210,7 +75328,7 @@ CVE-2025-5875 (A vulnerability classified as critical has been found in TP-LINK
NOT-FOR-US: TP-Link
CVE-2025-5874 (A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been r ...)
NOT-FOR-US: Redash
-CVE-2025-5873 (A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It ...)
+CVE-2025-5873 (A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2 ...)
NOT-FOR-US: eCharge Hardy Barth Salia PLCC
CVE-2025-5872 (A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It ha ...)
NOT-FOR-US: eGauge EG3000 Energy Monitor
@@ -136150,13 +136268,13 @@ CVE-2024-XXXX [ruzstd uninit and out-of-bounds memory reads]
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0400.html
NOTE: https://github.com/KillingSpark/zstd-rs/issues/75
NOTE: https://github.com/KillingSpark/zstd-rs/pull/76
-CVE-2024-9852 (Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 al ...)
+CVE-2024-9852 (Uncontrolled Search Path Element vulnerability in Mitsubishi Electric ...)
NOT-FOR-US: Mitsubishi Electric
CVE-2024-9044 (A XML External Entity (XXE) vulnerability has been identified in Easy ...)
NOT-FOR-US: Easy Tax Client Software
-CVE-2024-8300 (Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 ...)
+CVE-2024-8300 (Dead Code vulnerability in Mitsubishi Electric GENESIS64 Version 10.97 ...)
NOT-FOR-US: Mitsubishi Electric
-CVE-2024-8299 (Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 al ...)
+CVE-2024-8299 (Uncontrolled Search Path Element vulnerability in Mitsubishi Electric ...)
NOT-FOR-US: Mitsubishi Electric
CVE-2024-54124 (In Click Studios Passwordstate before build 9920, there is a potential ...)
NOT-FOR-US: Click Studios Passwordstate
@@ -339153,17 +339271,17 @@ CVE-2022-33322 (Cross-site scripting vulnerability in Mitsubishi Electric consum
NOT-FOR-US: Mitsubishi Electric
CVE-2022-33321 (Cleartext Transmission of Sensitive Information vulnerability due to t ...)
NOT-FOR-US: Mitsubishi Electric
-CVE-2022-33320 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
+CVE-2022-33320 (Deserialization of Untrusted Data vulnerability in Mitsubishi Electric ...)
NOT-FOR-US: ICONICS
-CVE-2022-33319 (Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 ...)
+CVE-2022-33319 (Out-of-bounds Read vulnerability in Mitsubishi Electric GENESIS64 vers ...)
NOT-FOR-US: ICONICS
-CVE-2022-33318 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
+CVE-2022-33318 (Deserialization of Untrusted Data vulnerability in Mitsubishi Electric ...)
NOT-FOR-US: ICONICS
CVE-2022-33317 (Inclusion of Functionality from Untrusted Control Sphere vulnerability ...)
NOT-FOR-US: ICONICS
-CVE-2022-33316 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
+CVE-2022-33316 (Deserialization of Untrusted Data vulnerability in Mitsubishi Electric ...)
NOT-FOR-US: ICONICS
-CVE-2022-33315 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...)
+CVE-2022-33315 (Deserialization of Untrusted Data vulnerability in Mitsubishi Electric ...)
NOT-FOR-US: ICONICS
CVE-2022-33314 (Multiple command injection vulnerabilities exist in the web_server act ...)
NOT-FOR-US: Robustel R1510
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/426f85df6f16974fce6caeb3ad6e13329831a521
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/426f85df6f16974fce6caeb3ad6e13329831a521
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260109/ad1dd74a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list