[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 12 20:12:34 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea821c43 by security tracker role at 2026-01-12T20:12:27+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,93 @@
+CVE-2026-22785 (orval generates type-safe JS clients (TypeScript) from any valid OpenA ...)
+	TODO: check
+CVE-2026-22784 (Lychee is a free, open-source photo-management tool. Prior to 7.1.0, a ...)
+	TODO: check
+CVE-2026-22783 (Iris is a web collaborative platform that helps incident responders sh ...)
+	TODO: check
+CVE-2026-22781 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Tin ...)
+	TODO: check
+CVE-2026-22776 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
+	TODO: check
+CVE-2026-22771 (Envoy Gateway is an open source project for managing Envoy Proxy as a  ...)
+	TODO: check
+CVE-2026-22252 (LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2 ...)
+	TODO: check
+CVE-2026-22251 (wlc is a Weblate command-line client using Weblate's REST API. Prior t ...)
+	TODO: check
+CVE-2026-22250 (wlc is a Weblate command-line client using Weblate's REST API. Prior t ...)
+	TODO: check
+CVE-2026-22200 (Enhancesoft osTicket versions up to and including 1.18.2 contain an ar ...)
+	TODO: check
+CVE-2026-22050 (ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 w ...)
+	TODO: check
+CVE-2026-22033 (Label Studio is a multi-type data labeling and annotation tool. In 1.2 ...)
+	TODO: check
+CVE-2025-71063 (Errands before 46.2.10 does not verify TLS certificates for CalDAV ser ...)
+	TODO: check
+CVE-2025-68657 (Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows  ...)
+	TODO: check
+CVE-2025-68656 (Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows  ...)
+	TODO: check
+CVE-2025-68622 (Espressif ESP-IDF USB Host UVC Class Driver allows video streaming fro ...)
+	TODO: check
+CVE-2025-68472 (MindsDB is a platform for building artificial intelligence from enterp ...)
+	TODO: check
+CVE-2025-68471 (Avahi is a system which facilitates service discovery on a local netwo ...)
+	TODO: check
+CVE-2025-68468 (Avahi is a system which facilitates service discovery on a local netwo ...)
+	TODO: check
+CVE-2025-68276 (Avahi is a system which facilitates service discovery on a local netwo ...)
+	TODO: check
+CVE-2025-67813 (Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions o ...)
+	TODO: check
+CVE-2025-66939 (Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 ...)
+	TODO: check
+CVE-2025-66802 (Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RC ...)
+	TODO: check
+CVE-2025-66689 (A path traversal vulnerability exists in Zen MCP Server before 9.8.2 t ...)
+	TODO: check
+CVE-2025-65553 (D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is susceptible to RF jam ...)
+	TODO: check
+CVE-2025-65552 (D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF repla ...)
+	TODO: check
+CVE-2025-63314 (A static password reset token in the password reset function of DDSN I ...)
+	TODO: check
+CVE-2025-51567 (A SQL Injection was found in the /exam/user/profile.php page of kaship ...)
+	TODO: check
+CVE-2025-46070 (An issue in Automai BotManager v.25.2.0 allows a remote attacker to ex ...)
+	TODO: check
+CVE-2025-46068 (An issue in Automai Director v.25.2.0 allows a remote attacker to exec ...)
+	TODO: check
+CVE-2025-46067 (An issue in Automai Director v.25.2.0 allows a remote attacker to esca ...)
+	TODO: check
+CVE-2025-46066 (An issue in Automai Director v.25.2.0 allows a remote attacker to esca ...)
+	TODO: check
+CVE-2025-41078 (Weaknesses in the authorization mechanisms of Viafirma Documents v3.7. ...)
+	TODO: check
+CVE-2025-41077 (IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allow ...)
+	TODO: check
+CVE-2025-41006 (Imaster's MEMS Events CRM contains an SQL injection vulnerability in \ ...)
+	TODO: check
+CVE-2025-41005 (Imaster's MEMS Events CRM contains an SQL injection vulnerability in\u ...)
+	TODO: check
+CVE-2025-41004 (Imaster's Patient Records Management System is vulnerable to SQL Injec ...)
+	TODO: check
+CVE-2025-41003 (Imaster's Patient Record Management System contains a stored Cross-Sit ...)
+	TODO: check
+CVE-2025-40978 (Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceG ...)
+	TODO: check
+CVE-2025-40977 (Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceG ...)
+	TODO: check
+CVE-2025-40976 (Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo,  ...)
+	TODO: check
+CVE-2025-40975 (Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, con ...)
+	TODO: check
+CVE-2025-14470
+	REJECTED
+CVE-2025-14279 (MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebind ...)
+	TODO: check
+CVE-2023-36331 (Incorrect access control in the /member/orderList API of xmall v1.1 al ...)
+	TODO: check
 CVE-2026-0855 (Certain IP Camera models developed by Merit LILIN has a OS Command Inj ...)
 	NOT-FOR-US: Merit LILIN
 CVE-2026-0854 (Certain DVR/NVR models developed by Merit LILIN has a OS Command Injec ...)
@@ -8829,7 +8919,7 @@ CVE-2021-47714 (Hasura GraphQL 1.3.3 contains a local file read vulnerability th
 CVE-2021-47713 (Hasura GraphQL 1.3.3 contains a denial of service vulnerability that a ...)
 	NOT-FOR-US: Hasura
 CVE-2025-68615 (net-snmp is a SNMP application library, tools and daemon. Prior to ver ...)
-	{DLA-4430-1}
+	{DSA-6098-1 DLA-4430-1}
 	- net-snmp 5.9.5.2+dfsg-1 (bug #1123861)
 	NOTE: https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
 	NOTE: https://github.com/net-snmp/net-snmp/issues/1037
@@ -59259,7 +59349,7 @@ CVE-2025-50848 (A file upload vulnerability was discovered in CS Cart 4.18.3, al
 	NOT-FOR-US: CS Cart
 CVE-2025-50847 (Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, all ...)
 	NOT-FOR-US: CS Cart
-CVE-2025-50572 (An issue was discovered in Archer Technology RSA Archer 6.11.00204.100 ...)
+CVE-2025-50572 (Archer 6.11.00204.10014 allows attackers to execute arbitrary code via ...)
 	NOT-FOR-US: RSA Archer
 CVE-2025-50475 (An OS command injection vulnerability exists in Russound MBX-PRE-D67F  ...)
 	NOT-FOR-US: Russound MBX-PRE-D67F firmware



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea821c4360eb52925bc28dc8b9e5986926c5d438

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea821c4360eb52925bc28dc8b9e5986926c5d438
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260112/d544289c/attachment.htm>

More information about the debian-security-tracker-commits mailing list