[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 9 20:13:34 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
819612d5 by security tracker role at 2026-01-09T20:13:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,143 @@
+CVE-2026-22198 (GestSup versions up to and including 3.2.56 contain a pre-authenticati ...)
+ TODO: check
+CVE-2026-22197 (GestSup versions up to and including 3.2.56 contain multiple SQL injec ...)
+ TODO: check
+CVE-2026-22196 (GestSup versions up to and including 3.2.56 contain a SQL injection vu ...)
+ TODO: check
+CVE-2026-22195 (GestSup versions up to and including 3.2.56 contain a SQL injection vu ...)
+ TODO: check
+CVE-2026-22194 (GestSup versions up to and including 3.2.56 contain a cross-site reque ...)
+ TODO: check
+CVE-2026-22082 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless ...)
+ TODO: check
+CVE-2026-22081 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless ...)
+ TODO: check
+CVE-2026-22080 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless ...)
+ TODO: check
+CVE-2026-22079 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless ...)
+ TODO: check
+CVE-2026-0817 (Missing Authorization vulnerability in Wikimedia Foundation MediaWiki ...)
+ TODO: check
+CVE-2026-0803 (A vulnerability was found in PHPGurukul Online Course Registration Sys ...)
+ TODO: check
+CVE-2026-0627 (The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-7072 (The firmware in KAON CG3000TCand CG3000T routers contains hard-coded c ...)
+ TODO: check
+CVE-2025-70161 (EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This aris ...)
+ TODO: check
+CVE-2025-69542 (A Command Injection Vulnerability has been discovered in the DHCP daem ...)
+ TODO: check
+CVE-2025-69426 (The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA ...)
+ TODO: check
+CVE-2025-69425 (The Ruckus vRIoT IoT Controllerfirmware versions prior to 3.0.0.0 (GA) ...)
+ TODO: check
+CVE-2025-67811 (Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints ...)
+ TODO: check
+CVE-2025-67810 (In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the op ...)
+ TODO: check
+CVE-2025-67282 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass ...)
+ TODO: check
+CVE-2025-67281 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulner ...)
+ TODO: check
+CVE-2025-67280 (In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Lang ...)
+ TODO: check
+CVE-2025-67279 (An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 ...)
+ TODO: check
+CVE-2025-67278 (An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 ...)
+ TODO: check
+CVE-2025-67133 (An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to ...)
+ TODO: check
+CVE-2025-67070 (A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB ...)
+ TODO: check
+CVE-2025-67004 (An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin ...)
+ TODO: check
+CVE-2025-66744 (In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the serie ...)
+ TODO: check
+CVE-2025-66715 (A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows at ...)
+ TODO: check
+CVE-2025-66052 (Vivotek IP7137 camera with firmware version 0200a is vulnerable to com ...)
+ TODO: check
+CVE-2025-66051 (Vivotek IP7137 camera with firmware version 0200a is vulnerable to pat ...)
+ TODO: check
+CVE-2025-66050 (Vivotek IP7137 camera with firmware version 0200a by default dos not r ...)
+ TODO: check
+CVE-2025-66049 (VivotekIP7137camera with firmware version0200a is vulnerable to an inf ...)
+ TODO: check
+CVE-2025-64093 (Remote Code Execution vulnerability that allows unauthenticated attack ...)
+ TODO: check
+CVE-2025-64092 (This vulnerability allows unauthenticated attackers to inject an SQL r ...)
+ TODO: check
+CVE-2025-64091 (This vulnerability allows authenticated attackers to execute commands ...)
+ TODO: check
+CVE-2025-64090 (This vulnerability allows authenticated attackers to execute commands ...)
+ TODO: check
+CVE-2025-56225 (fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer de ...)
+ TODO: check
+CVE-2025-46676 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
+ TODO: check
+CVE-2025-46645 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
+ TODO: check
+CVE-2025-46644 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
+ TODO: check
+CVE-2025-46643 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...)
+ TODO: check
+CVE-2025-15496 (A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. ...)
+ TODO: check
+CVE-2025-15495 (A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impac ...)
+ TODO: check
+CVE-2025-15494 (A vulnerability has been found in RainyGao DocSys up to 2.02.37. This ...)
+ TODO: check
+CVE-2025-15493 (A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted e ...)
+ TODO: check
+CVE-2025-15492 (A vulnerability was detected in RainyGao DocSys up to 2.02.36. The aff ...)
+ TODO: check
+CVE-2025-15035 (Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 ( ...)
+ TODO: check
+CVE-2025-14598 (BeeS Software Solutions BET Portal contains an SQL injection vulnerabi ...)
+ TODO: check
+CVE-2025-14172 (The WP Page Permalink Extension plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-13967 (The Woodpecker for WordPress plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-13908 (The The Tooltip plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-13903 (The PullQuote plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-13900 (The WP Popup Magic plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-13897 (The Client Testimonial Slider plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2025-13895 (The Top Position Google Finance plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-13893 (The Lesson Plan Book plugin for WordPress is vulnerable to Reflected C ...)
+ TODO: check
+CVE-2025-13892 (The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2025-13862 (The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-13854 (The Curved Text plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-13853 (The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-13852 (The Debt.com Business in a Box plugin for WordPress is vulnerable to S ...)
+ TODO: check
+CVE-2025-13729 (The Entry Views plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-13717 (The Contact Form vCard Generator plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-13704 (The Autogen Headers Menu plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-13701 (The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cros ...)
+ TODO: check
+CVE-2025-11453 (The Header and Footer Scripts plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2020-36875 (AccessAlly WordPress plugin versions prior to3.3.2 contain an unauthen ...)
+ TODO: check
CVE-2025-14459
NOT-FOR-US: Red Hat virt-cdi-controller
CVE-2025-51602 [vlc MMS out of bounds read]
+ {DSA-6082-1}
- vlc 3.0.22-1
NOTE: https://www.videolan.org/security/sb-vlc3022.html
CVE-2026-22714 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -246,7 +383,8 @@ CVE-2026-0701 (A vulnerability was identified in code-projects Intern Membership
NOT-FOR-US: code-projects
CVE-2026-0676 (Missing Authorization vulnerability in G5Theme Zorka zorka allows Expl ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-0675 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+CVE-2026-0675
+ REJECTED
NOT-FOR-US: WordPress plugin or theme
CVE-2026-0674 (Missing Authorization vulnerability in Campaign Monitor Campaign Monit ...)
NOT-FOR-US: WordPress plugin or theme
@@ -640,19 +778,19 @@ CVE-2017-20212 (FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains
NOT-FOR-US: FLIR Thermal cameras
CVE-2025-69262 (pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Comm ...)
- pnpm <itp> (bug #985669)
-CVE-2025-3950
+CVE-2025-3950 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2025-11246
+CVE-2025-11246 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2025-10569
+CVE-2025-10569 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2025-13781
+CVE-2025-13781 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2025-13772
+CVE-2025-13772 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <not-affected> (Specific to EE)
-CVE-2025-13761
+CVE-2025-13761 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
-CVE-2025-9222
+CVE-2025-9222 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Vulnerable code not present)
CVE-2025-67859
- tlp 1.9.1-1
@@ -174476,13 +174614,13 @@ CVE-2024-28068 (A vulnerability was discovered in SS in Samsung Mobile Processor
NOT-FOR-US: Samsung
CVE-2024-28067 (A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middl ...)
NOT-FOR-US: Samsung
-CVE-2024-27785 (An improper neutralization of formula elements in a CSV File vulnerabi ...)
+CVE-2024-27785 (An improper neutralization of formula elements in a CSV File [CWE-1236 ...)
NOT-FOR-US: FortiGuard
-CVE-2024-27784 (Multiple Exposure of sensitive information to an unauthorized actor vu ...)
+CVE-2024-27784 (Multiple Exposure of sensitive information to an unauthorized actor we ...)
NOT-FOR-US: FortiGuard
-CVE-2024-27783 (Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] ...)
+CVE-2024-27783 (Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulner ...)
NOT-FOR-US: FortiGuard
-CVE-2024-27782 (Multiple insufficient session expiration vulnerabilities [CWE-613] in ...)
+CVE-2024-27782 (Multiple insufficient session expiration weaknesses [CWE-613] vulnerab ...)
NOT-FOR-US: FortiGuard
CVE-2024-27363 (A vulnerability was discovered in Samsung Mobile Processor Exynos 850, ...)
NOT-FOR-US: Samsung
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/819612d511c8e1453453de5ee2330cc0acb86776
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/819612d511c8e1453453de5ee2330cc0acb86776
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260109/96d1362d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list