[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 14 08:13:22 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
acb7b5f7 by security tracker role at 2026-01-14T08:13:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,343 @@
+CVE-2026-23478 (Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7 ...)
+ TODO: check
+CVE-2026-22871 (GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2 ...)
+ TODO: check
+CVE-2026-22870 (GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2 ...)
+ TODO: check
+CVE-2026-22869 (Eigent is a multi-agent Workforce. A critical security vulnerability i ...)
+ TODO: check
+CVE-2026-22868 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
+ TODO: check
+CVE-2026-22862 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
+ TODO: check
+CVE-2026-22861 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-22718 (The VSCode extension for Spring CLI are vulnerable to command injectio ...)
+ TODO: check
+CVE-2026-22686 (Enclave is a secure JavaScript sandbox designed for safe AI agent code ...)
+ TODO: check
+CVE-2026-21308 (Substance3D - Designer versions 15.0.3 and earlier are affected by an ...)
+ TODO: check
+CVE-2026-21307 (Substance3D - Designer versions 15.0.3 and earlier are affected by an ...)
+ TODO: check
+CVE-2026-21303 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an O ...)
+ TODO: check
+CVE-2026-21302 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an O ...)
+ TODO: check
+CVE-2026-21301 (Substance3D - Modeler versions 1.22.4 and earlier are affected by a NU ...)
+ TODO: check
+CVE-2026-21300 (Substance3D - Modeler versions 1.22.4 and earlier are affected by a NU ...)
+ TODO: check
+CVE-2026-21299 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an o ...)
+ TODO: check
+CVE-2026-21298 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an o ...)
+ TODO: check
+CVE-2026-0813 (The Short Link plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-0812 (The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2026-0741 (The Electric Studio Download Counter plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2026-0739 (The WMF Mobile Redirector plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-0734 (The WP Allowed Hosts plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-0717 (The LottieFiles \u2013 Lottie block for Gutenberg plugin for WordPress ...)
+ TODO: check
+CVE-2026-0694 (The SearchWiz plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-0680 (The Real Post Slider Lite plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-0678 (The Flat Shipping Rate by City for WooCommerce plugin for WordPress is ...)
+ TODO: check
+CVE-2026-0635 (The Responsive Accordion Slider plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-0594 (The List Site Contributors plugin for WordPress is vulnerable to Refle ...)
+ TODO: check
+CVE-2026-0543 (Improper Input Validation (CWE-20) in Kibana's Email Connector can all ...)
+ TODO: check
+CVE-2026-0531 (Allocation of Resources Without Limits or Throttling (CWE-770) in Kiba ...)
+ TODO: check
+CVE-2026-0530 (Allocation of Resources Without Limits or Throttling (CWE-770) in Kiba ...)
+ TODO: check
+CVE-2026-0528 (Improper Validation of Array Index (CWE-129) exists in Metricbeat can ...)
+ TODO: check
+CVE-2025-68970 (Permission verification bypass vulnerability in the media library modu ...)
+ TODO: check
+CVE-2025-68969 (Multi-thread race condition vulnerability in the thermal management mo ...)
+ TODO: check
+CVE-2025-68968 (Double free vulnerability in the multi-mode input module. Impact: Succ ...)
+ TODO: check
+CVE-2025-68967 (Vulnerability of improper permission control in the print module. Impa ...)
+ TODO: check
+CVE-2025-68966 (Permission control vulnerability in the Notepad module. Impact: Succes ...)
+ TODO: check
+CVE-2025-68965 (Permission control vulnerability in the Notepad module. Impact: Succes ...)
+ TODO: check
+CVE-2025-68964 (Data verification vulnerability in the HiView module. Impact: Successf ...)
+ TODO: check
+CVE-2025-68963 (Man-in-the-middle attack vulnerability in the Clone module. Impact: Su ...)
+ TODO: check
+CVE-2025-68962 (Multi-thread race condition vulnerability in the camera framework modu ...)
+ TODO: check
+CVE-2025-68961 (Multi-thread race condition vulnerability in the camera framework modu ...)
+ TODO: check
+CVE-2025-68960 (Multi-thread race condition vulnerability in the video framework modul ...)
+ TODO: check
+CVE-2025-68959 (Permission verification bypass vulnerability in the media library modu ...)
+ TODO: check
+CVE-2025-68958 (Multi-thread race condition vulnerability in the card framework module ...)
+ TODO: check
+CVE-2025-68957 (Multi-thread race condition vulnerability in the card framework module ...)
+ TODO: check
+CVE-2025-68956 (Multi-thread race condition vulnerability in the card framework module ...)
+ TODO: check
+CVE-2025-68955 (Multi-thread race condition vulnerability in the card framework module ...)
+ TODO: check
+CVE-2025-68947 (NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authentic ...)
+ TODO: check
+CVE-2025-68658 (Open Source Point of Sale (opensourcepos) is a web based point of sale ...)
+ TODO: check
+CVE-2025-68492 (Chainlit versions prior to 2.8.5 contain an authorization bypass throu ...)
+ TODO: check
+CVE-2025-37186 (A local privilege-escalation vulnerability has been discovered in the ...)
+ TODO: check
+CVE-2025-37179 (Multiple out-of-bounds read vulnerabilities were identified in a syste ...)
+ TODO: check
+CVE-2025-37178 (Multiple out-of-bounds read vulnerabilities were identified in a syste ...)
+ TODO: check
+CVE-2025-37177 (An arbitrary file deletion vulnerability has been identified in the co ...)
+ TODO: check
+CVE-2025-37176 (A command injection vulnerability in AOS-8 allows an authenticated pri ...)
+ TODO: check
+CVE-2025-37175 (Arbitrary file upload vulnerability exists in the web-based management ...)
+ TODO: check
+CVE-2025-37174 (Authenticated arbitrary file write vulnerability exists in the web-bas ...)
+ TODO: check
+CVE-2025-37173 (An improper input handling vulnerability exists in the web-based manag ...)
+ TODO: check
+CVE-2025-37172 (Authenticated command injection vulnerabilities exist in the web-based ...)
+ TODO: check
+CVE-2025-37171 (Authenticated command injection vulnerabilities exist in the web-based ...)
+ TODO: check
+CVE-2025-37170 (Authenticated command injection vulnerabilities exist in the web-based ...)
+ TODO: check
+CVE-2025-15513 (The Float Payment Gateway plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2025-15512 (The Aplazo Payment Gateway plugin for WordPress is vulnerable to unaut ...)
+ TODO: check
+CVE-2025-15486 (The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-15475 (The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPres ...)
+ TODO: check
+CVE-2025-15378 (The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-15377 (The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2025-15376 (The Stopwords for comments plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2025-15283 (The Name Directory plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-15266 (The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot and Le ...)
+ TODO: check
+CVE-2025-15056 (A lack of data validation vulnerability in the HTML export feature in ...)
+ TODO: check
+CVE-2025-15021 (The Gotham Block Extra Light plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-15020 (The Gotham Block Extra Light plugin for WordPress is vulnerable to Arb ...)
+ TODO: check
+CVE-2025-14880 (The Netcash WooCommerce Payment Gateway plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-14854 (The WP-CRM System plugin for WordPress is vulnerable to unauthorized a ...)
+ TODO: check
+CVE-2025-14846 (The SocialChamp with WordPress plugin for WordPress is vulnerable to C ...)
+ TODO: check
+CVE-2025-14770 (The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL ...)
+ TODO: check
+CVE-2025-14725 (The Internal Link Builder plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-14615 (The DASHBOARD BUILDER \u2013 WordPress plugin for Charts and Graphs pl ...)
+ TODO: check
+CVE-2025-14613 (The GetContentFromURL plugin for WordPress is vulnerable to Server-Sid ...)
+ TODO: check
+CVE-2025-14502 (The News and Blog Designer Bundle plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-14482 (The Crush.pics Image Optimizer - Image Compression and Optimization pl ...)
+ TODO: check
+CVE-2025-14464 (The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive ...)
+ TODO: check
+CVE-2025-14389 (The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2025-14379 (The Testimonials Creator plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-14301 (The Integration Opvius AI for WooCommerce plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2025-14173 (The Perfit WooCommerce plugin for WordPress is vulnerable to Missing A ...)
+ TODO: check
+CVE-2025-13627 (The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-12178 (The SpiceForms Form Builder plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-12053 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to ...)
+ TODO: check
+CVE-2025-12052 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to ...)
+ TODO: check
+CVE-2025-12051 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to ...)
+ TODO: check
+CVE-2025-12050 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to ...)
+ TODO: check
+CVE-2023-54341 (Webgrind 1.1 and before contains a reflected cross-site scripting vuln ...)
+ TODO: check
+CVE-2023-54340 (WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows ...)
+ TODO: check
+CVE-2023-54339 (Webgrind 1.1 contains a remote command execution vulnerability that al ...)
+ TODO: check
+CVE-2023-54338 (Tftpd32 SE 4.60 contains an unquoted service path vulnerability that a ...)
+ TODO: check
+CVE-2023-54337 (Sysax Multi Server 6.95 contains a denial of service vulnerability in ...)
+ TODO: check
+CVE-2023-54336 (Mediconta 3.7.27 contains an unquoted service path vulnerability in th ...)
+ TODO: check
+CVE-2023-54335 (eXtplorer 2.1.14 contains an authentication bypass vulnerability that ...)
+ TODO: check
+CVE-2023-54334 (Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Str ...)
+ TODO: check
+CVE-2023-54333 (Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerabi ...)
+ TODO: check
+CVE-2023-54332 (Jetpack 11.4 contains a cross-site scripting vulnerability in the cont ...)
+ TODO: check
+CVE-2023-54331 (Outline 1.6.0 contains an unquoted service path vulnerability that all ...)
+ TODO: check
+CVE-2023-54330 (Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based b ...)
+ TODO: check
+CVE-2023-54329 (Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vuln ...)
+ TODO: check
+CVE-2023-54328 (AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulne ...)
+ TODO: check
+CVE-2023-53985 (Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross ...)
+ TODO: check
+CVE-2023-53984 (Clevo HotKey Clipboard 2.1.0.6 contains an unquoted service path vulne ...)
+ TODO: check
+CVE-2022-50939 (e107 CMS version 3.2.1 contains a critical file upload vulnerability t ...)
+ TODO: check
+CVE-2022-50938 (CONTPAQi AdminPAQ 14.0.0 contains an unquoted service path vulnerabili ...)
+ TODO: check
+CVE-2022-50937 (Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerabi ...)
+ TODO: check
+CVE-2022-50936 (WBCE CMS version 1.5.2 contains an authenticated remote code execution ...)
+ TODO: check
+CVE-2022-50935 (Flame II HSPA USB Modem contains an unquoted service path vulnerabilit ...)
+ TODO: check
+CVE-2022-50934 (Wing FTP Server versions 4.3.8 and below contain an authenticated remo ...)
+ TODO: check
+CVE-2022-50933 (Cain & Abel 4.9.56 contains an unquoted service path vulnerability tha ...)
+ TODO: check
+CVE-2022-50932 (Kyocera Command Center RX ECOSYS M2035dn contains a directory traversa ...)
+ TODO: check
+CVE-2022-50931 (TeamSpeak 3.5.6 contains an insecure file permissions vulnerability th ...)
+ TODO: check
+CVE-2022-50930 (Emerson PAC Machine Edition 9.80 contains an unquoted service path vul ...)
+ TODO: check
+CVE-2022-50929 (Connectify Hotspot 2018 contains an unquoted service path vulnerabilit ...)
+ TODO: check
+CVE-2022-50928 (BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability i ...)
+ TODO: check
+CVE-2022-50927 (Cyclades Serial Console Server 3.3.0 contains a local privilege escala ...)
+ TODO: check
+CVE-2022-50926 (WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalati ...)
+ TODO: check
+CVE-2022-50925 (Prowise Reflect version 1.0.9 contains a remote keystroke injection vu ...)
+ TODO: check
+CVE-2022-50924 (Private Internet Access 3.3 contains an unquoted service path vulnerab ...)
+ TODO: check
+CVE-2022-50923 (Cobian Backup 0.9 contains an unquoted service path vulnerability that ...)
+ TODO: check
+CVE-2022-50922 (Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability ...)
+ TODO: check
+CVE-2022-50921 (WOW21 5.0.1.9 contains an unquoted service path vulnerability that all ...)
+ TODO: check
+CVE-2022-50920 (Sandboxie-Plus 5.50.2 contains an unquoted service path vulnerability ...)
+ TODO: check
+CVE-2022-50919 (Tdarr 2.00.15 contains an unauthenticated remote code execution vulner ...)
+ TODO: check
+CVE-2022-50918 (VIVE Runtime Service 1.0.0.4 contains an unquoted service path vulnera ...)
+ TODO: check
+CVE-2022-50917 (ProtonVPN 1.26.0 contains an unquoted service path vulnerability in it ...)
+ TODO: check
+CVE-2022-50916 (e107 CMS version 3.2.1 contains a file upload vulnerability that allow ...)
+ TODO: check
+CVE-2022-50915 (PTPublisher 2.3.4 contains an unquoted service path vulnerability in t ...)
+ TODO: check
+CVE-2022-50914 (EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulner ...)
+ TODO: check
+CVE-2022-50913 (ITeC ITeCProteccioAppServer contains an unquoted service path vulnerab ...)
+ TODO: check
+CVE-2022-50912 (ImpressCMS 1.4.4 contains a file upload vulnerability with weak extens ...)
+ TODO: check
+CVE-2022-50911 (Bitrix24 contains an authenticated remote code execution vulnerability ...)
+ TODO: check
+CVE-2022-50910 (Beehive Forum 1.5.2 contains a host header injection vulnerability in ...)
+ TODO: check
+CVE-2022-50909 (Algo 8028 Control Panel version 3.3.3 contains a command injection vul ...)
+ TODO: check
+CVE-2022-50908 (Mailhog 1.0.1 contains a stored cross-site scripting vulnerability tha ...)
+ TODO: check
+CVE-2022-50907 (e107 CMS version 3.2.1 contains a file upload vulnerability that allow ...)
+ TODO: check
+CVE-2022-50906 (e107 CMS 3.2.1 contains an upload restriction bypass vulnerability tha ...)
+ TODO: check
+CVE-2022-50905 (e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cr ...)
+ TODO: check
+CVE-2022-50904 (Wondershare UBackit 2.0.5 contains an unquoted service path vulnerabil ...)
+ TODO: check
+CVE-2022-50903 (Wondershare MobileTrans 3.5.9 contains an unquoted service path vulner ...)
+ TODO: check
+CVE-2022-50902 (Wondershare FamiSafe 1.0 contains an unquoted service path vulnerabili ...)
+ TODO: check
+CVE-2022-50901 (Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerabi ...)
+ TODO: check
+CVE-2022-50900 (Wondershare Dr.Fone 12.0.18 contains an unquoted service path vulnerab ...)
+ TODO: check
+CVE-2022-50899 (Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerab ...)
+ TODO: check
+CVE-2022-50898 (NanoCMS 0.4 contains an authenticated file upload vulnerability that a ...)
+ TODO: check
+CVE-2022-50897 (mPDF 7.0 contains a local file inclusion vulnerability that allows att ...)
+ TODO: check
+CVE-2022-50896 (Testa 3.5.1 contains a reflected cross-site scripting vulnerability in ...)
+ TODO: check
+CVE-2022-50895 (Aero CMS 0.0.1 contains a SQL injection vulnerability in the author pa ...)
+ TODO: check
+CVE-2022-50894 (VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability t ...)
+ TODO: check
+CVE-2022-50893 (VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code e ...)
+ TODO: check
+CVE-2022-50892 (VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability th ...)
+ TODO: check
+CVE-2022-50891 (Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerabi ...)
+ TODO: check
+CVE-2022-50890 (Owlfiles File Manager 12.0.1 contains a path traversal vulnerability i ...)
+ TODO: check
+CVE-2022-50808 (CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulner ...)
+ TODO: check
+CVE-2022-50807 (Concrete5 CMS version 9.1.3 contains an XPath injection vulnerability ...)
+ TODO: check
+CVE-2022-50806 (4images 1.9 contains a remote command execution vulnerability that all ...)
+ TODO: check
+CVE-2022-50805 (Senayan Library Management System 9.0.0 contains a SQL injection vulne ...)
+ TODO: check
+CVE-2022-50693 (Splashtop 8.71.12001.0 contains an unquoted service path vulnerability ...)
+ TODO: check
+CVE-2021-47751 (CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains ...)
+ TODO: check
+CVE-2021-47750 (YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that a ...)
+ TODO: check
+CVE-2021-47749 (YouPHPTube <= 7.8 contains a local file inclusion vulnerability that a ...)
+ TODO: check
+CVE-2020-36919 (WPForms 1.7.8 contains a cross-site scripting vulnerability in the sli ...)
+ TODO: check
+CVE-2020-36911 (Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability th ...)
+ TODO: check
CVE-2025-55132 [fs.futimes() Bypasses Read-Only Permission Model]
- nodejs 22.22.0+dfsg+~cs22.19.6-1
NOTE: https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#fsfutimes-bypasses-read-only-permission-model-cve-2025-55132---low
@@ -1663,7 +2003,7 @@ CVE-2025-13749 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify H
NOT-FOR-US: WordPress plugin
CVE-2025-13628 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-0716
+CVE-2026-0716 (A flaw was found in libsoup\u2019s WebSocket frame processing when han ...)
- libsoup3 <unfixed> (bug #1125156)
[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
@@ -1749,6 +2089,7 @@ CVE-2026-21895 (The `rsa` crate is an RSA implementation written in rust. Prior
CVE-2026-21894 (n8n is an open source workflow automation platform. In versions from 0 ...)
NOT-FOR-US: n8n
CVE-2026-21892 (Parsl is a Python parallel scripting library. A SQL Injection vulnerab ...)
+ {DSA-6099-1}
- python-parsl 2026.01.05+ds-1 (bug #1125085)
NOTE: https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58
NOTE: Fixed by: https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974 (2026.01.05)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acb7b5f72b04f56933700f79b821ba3a7969d643
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acb7b5f72b04f56933700f79b821ba3a7969d643
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260114/812439b3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list