[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 10 08:13:05 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e551a1a by security tracker role at 2026-01-10T08:12:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2026-22777 (ComfyUI-Manager is an extension designed to enhance the usability of C ...)
+	TODO: check
+CVE-2026-22773 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-22705 (RustCrypto: Signatures offers support for digital signatures, which pr ...)
+	TODO: check
+CVE-2026-22704 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. I ...)
+	TODO: check
+CVE-2026-22703 (Cosign provides code signing and transparency for containers and binar ...)
+	TODO: check
+CVE-2026-22702 (virtualenv is a tool for creating isolated virtual python environments ...)
+	TODO: check
+CVE-2026-22701 (filelock is a platform-independent file lock for Python. Prior to vers ...)
+	TODO: check
+CVE-2026-22700 (RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptogr ...)
+	TODO: check
+CVE-2026-22699 (RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptogr ...)
+	TODO: check
+CVE-2026-22698 (RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptogr ...)
+	TODO: check
+CVE-2026-22697 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2026-22693 (HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null poi ...)
+	TODO: check
+CVE-2026-22691 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
+	TODO: check
+CVE-2026-22690 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
+	TODO: check
+CVE-2026-22689 (Mailpit is an email testing tool and API for developers. Prior to vers ...)
+	TODO: check
+CVE-2026-22688 (WeKnora is an LLM-powered framework designed for deep document underst ...)
+	TODO: check
+CVE-2026-22687 (WeKnora is an LLM-powered framework designed for deep document underst ...)
+	TODO: check
+CVE-2026-22685 (DevToys is a desktop app for developers. In versions from 2.0.0.0 to b ...)
+	TODO: check
+CVE-2026-22612 (Fickling is a Python pickling decompiler and static analyzer. Prior to ...)
+	TODO: check
+CVE-2026-22611 (AWS SDK for .NET works with Amazon Web Services to help build scalable ...)
+	TODO: check
+CVE-2026-22610 (Angular is a development platform for building mobile and desktop web  ...)
+	TODO: check
+CVE-2026-22609 (Fickling is a Python pickling decompiler and static analyzer. Prior to ...)
+	TODO: check
+CVE-2026-22608 (Fickling is a Python pickling decompiler and static analyzer. Prior to ...)
+	TODO: check
+CVE-2026-22607 (Fickling is a Python pickling decompiler and static analyzer. Fickling ...)
+	TODO: check
+CVE-2026-22606 (Fickling is a Python pickling decompiler and static analyzer. Fickling ...)
+	TODO: check
+CVE-2026-22605 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-22604 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-22603 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-22602 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-22601 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-22600 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-22597 (Ghost is a Node.js content management system. In versions 5.38.0 throu ...)
+	TODO: check
+CVE-2026-22596 (Ghost is a Node.js content management system. In versions 5.90.0 throu ...)
+	TODO: check
+CVE-2026-22595 (Ghost is a Node.js content management system. In versions 5.121.0 thro ...)
+	TODO: check
+CVE-2026-22594 (Ghost is a Node.js content management system. In versions 5.105.0 thro ...)
+	TODO: check
+CVE-2026-22589 (Spree is an open source e-commerce solution built with Ruby on Rails.  ...)
+	TODO: check
+CVE-2026-22584 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2026-22030 (React Router is a router for React. In @remix-run/server-runtime versi ...)
+	TODO: check
+CVE-2026-22029 (React Router is a router for React. In @remix-run/router version prior ...)
+	TODO: check
+CVE-2026-22027 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2026-22026 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2026-22025 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2026-22024 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2026-22023 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2026-21900 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2026-21899 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2026-21898 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2026-21897 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
+	TODO: check
+CVE-2026-21884 (React Router is a router for React. In @remix-run/react version prior  ...)
+	TODO: check
+CVE-2026-0830 (Processing specially crafted workspace folder names could allow for ar ...)
+	TODO: check
+CVE-2025-68470 (React Router is a router for React. In versions 6.0.0 through 6.30.1 a ...)
+	TODO: check
+CVE-2025-65091 (XWiki Full Calendar Macro displays objects from the wiki on the calend ...)
+	TODO: check
+CVE-2025-65090 (XWiki Full Calendar Macro displays objects from the wiki on the calend ...)
+	TODO: check
+CVE-2025-62487 (### Details On October 1, 2025, Palantir discovered that images upload ...)
+	TODO: check
+CVE-2025-61686 (React Router is a router for React. In @react-router/node versions 7.0 ...)
+	TODO: check
+CVE-2025-61676 (October is a Content Management System (CMS) and web platform. Prior t ...)
+	TODO: check
+CVE-2025-61674 (October is a Content Management System (CMS) and web platform. Prior t ...)
+	TODO: check
+CVE-2025-60538 (A lack of rate limiting in the login page of shiori v1.7.4 and below a ...)
+	TODO: check
+CVE-2025-59057 (React Router is a router for React. In @remix-run/react versions 1.15. ...)
+	TODO: check
+CVE-2025-51626 (SQL injection vulnerability in pss.sale.com 1.0 via the id parameter t ...)
+	TODO: check
+CVE-2025-46299 (A memory initialization issue was addressed with improved memory handl ...)
+	TODO: check
+CVE-2025-46298 (The issue was addressed with improved memory handling. This issue is f ...)
+	TODO: check
+CVE-2025-46297 (A permissions issue was addressed with additional restrictions. This i ...)
+	TODO: check
+CVE-2025-46286 (A logic issue was addressed with improved validation. This issue is fi ...)
+	TODO: check
+CVE-2025-15502 (A vulnerability was identified in Sangfor Operation and Maintenance Ma ...)
+	TODO: check
+CVE-2025-15501 (A vulnerability was determined in Sangfor Operation and Maintenance Ma ...)
+	TODO: check
+CVE-2025-15500 (A vulnerability was found in Sangfor Operation and Maintenance Managem ...)
+	TODO: check
+CVE-2025-15499 (A vulnerability has been found in Sangfor Operation and Maintenance Ma ...)
+	TODO: check
+CVE-2025-14948 (The miniOrange OTP Verification and SMS Notification for WooCommerce p ...)
+	TODO: check
+CVE-2025-14943 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
+	TODO: check
+CVE-2025-13457 (The WooCommerce Square plugin for WordPress is vulnerable to Insecure  ...)
+	TODO: check
 CVE-2026-22198 (GestSup versions up to and including 3.2.56 contain a pre-authenticati ...)
 	NOT-FOR-US: GestSup
 CVE-2026-22197 (GestSup versions up to and including 3.2.56 contain multiple SQL injec ...)
@@ -1269,6 +1411,7 @@ CVE-2025-13034 (When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--p
 	NOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722 (curl-8_8_0)
 	NOTE: Fixed by: https://github.com/curl/curl/commit/3d91ca8cdb3b434226e743946d428b4dd3acf2c9 (rc-8_18_0-1, curl-8_18_0)
 CVE-2026-0628 (Insufficient policy enforcement in WebView tag in Google Chrome prior  ...)
+	{DSA-6097-1}
 	- chromium 143.0.7499.192-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-21494 (iccDEV provides a set of libraries and tools that allow for the intera ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e551a1a5b63fafafb1beff71ce378d4ddeba716

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e551a1a5b63fafafb1beff71ce378d4ddeba716
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260110/308eea2c/attachment.htm>

More information about the debian-security-tracker-commits mailing list