[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 20 20:13:14 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a2de2f44 by security tracker role at 2026-01-20T20:13:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,204 @@
-CVE-2025-15281
+CVE-2026-22844 (A Command Injection vulnerability in Zoom Node Multimedia Routers (MMR ...)
+ TODO: check
+CVE-2026-1245 (A code injection vulnerability in the binary-parser library prior to v ...)
+ TODO: check
+CVE-2026-1183 (HTML injection vulnerability in multiple Botble products such as Trans ...)
+ TODO: check
+CVE-2026-1180 (A flaw was identified in Keycloak\u2019s OpenID Connect Dynamic Client ...)
+ TODO: check
+CVE-2026-0726 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin for WordP ...)
+ TODO: check
+CVE-2026-0690 (The FlatPM \u2013 Ad Manager, AdSense and Custom Code plugin for WordP ...)
+ TODO: check
+CVE-2026-0622 (Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever ...)
+ TODO: check
+CVE-2026-0608 (The Head Meta Data plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-0554 (The NotificationX plugin for WordPress is vulnerable to unauthorized m ...)
+ TODO: check
+CVE-2026-0548 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+ TODO: check
+CVE-2025-9466 (A security issue exists within ArmorStart\xae LT that can result in a ...)
+ TODO: check
+CVE-2025-9465 (A security issue exists within ArmorStart\xae LT that can result in a ...)
+ TODO: check
+CVE-2025-9464 (A security issue exists within ArmorStart\xae LT that can result in a ...)
+ TODO: check
+CVE-2025-9283 (A security issue exists within ArmorStart\xae LT that can result in a ...)
+ TODO: check
+CVE-2025-9282 (A security issue exists within ArmorStart\xae LT that can result in a ...)
+ TODO: check
+CVE-2025-9281 (A security issue exists within ArmorStart\xae LT that can result in a ...)
+ TODO: check
+CVE-2025-9280 (A security issue exists within ArmorStart\xae LT that can result in a ...)
+ TODO: check
+CVE-2025-9279 (A security issue exists within ArmorStart\xae LT that can result in a ...)
+ TODO: check
+CVE-2025-9278 (A security issue exists within ArmorStart\xae LT that can result in a ...)
+ TODO: check
+CVE-2025-67824 (The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before ...)
+ TODO: check
+CVE-2025-67263 (Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-s ...)
+ TODO: check
+CVE-2025-67261 (Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based ...)
+ TODO: check
+CVE-2025-66803 (Race condition in the turbo-frame element handler in Hotwired Turbo be ...)
+ TODO: check
+CVE-2025-65482 (An XML External Entity (XXE) vulnerability in opensagres XDocReport v0 ...)
+ TODO: check
+CVE-2025-64087 (A Server-Side Template Injection (SSTI) vulnerability in the FreeMarke ...)
+ TODO: check
+CVE-2025-58095 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+ TODO: check
+CVE-2025-58094 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+ TODO: check
+CVE-2025-58093 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+ TODO: check
+CVE-2025-58092 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+ TODO: check
+CVE-2025-58091 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+ TODO: check
+CVE-2025-58090 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+ TODO: check
+CVE-2025-58089 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+ TODO: check
+CVE-2025-58088 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+ TODO: check
+CVE-2025-58087 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+ TODO: check
+CVE-2025-58080 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
+ TODO: check
+CVE-2025-57881 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
+ TODO: check
+CVE-2025-57787 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
+ TODO: check
+CVE-2025-57786 (A reflected cross-site scripting (xss) vulnerability exists in the not ...)
+ TODO: check
+CVE-2025-56353 (In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-1 ...)
+ TODO: check
+CVE-2025-56005 (An undocumented and unsafe feature in the PLY (Python Lex-Yacc) librar ...)
+ TODO: check
+CVE-2025-55423 (ipTIME routers A2003NS-MU 10.00.6 to 12.16.2 , N600 10.00.8 to 12.16.2 ...)
+ TODO: check
+CVE-2025-55071 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
+ TODO: check
+CVE-2025-54861 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
+ TODO: check
+CVE-2025-54853 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
+ TODO: check
+CVE-2025-54852 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
+ TODO: check
+CVE-2025-54817 (A reflected cross-site scripting (xss) vulnerability exists in the aut ...)
+ TODO: check
+CVE-2025-54814 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
+ TODO: check
+CVE-2025-54778 (A reflected cross-site scripting (xss) vulnerability exists in the exi ...)
+ TODO: check
+CVE-2025-54495 (A reflected cross-site scripting (xss) vulnerability exists in the ema ...)
+ TODO: check
+CVE-2025-54157 (A reflected cross-site scripting (xss) vulnerability exists in the enc ...)
+ TODO: check
+CVE-2025-53912 (An arbitrary file read vulnerability exists in the encapsulatedDoc fun ...)
+ TODO: check
+CVE-2025-53854 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
+ TODO: check
+CVE-2025-53707 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
+ TODO: check
+CVE-2025-53516 (A reflected cross-site scripting (xss) vulnerability exists in the dow ...)
+ TODO: check
+CVE-2025-46270 (A reflected cross-site scripting (xss) vulnerability exists in the fet ...)
+ TODO: check
+CVE-2025-44000 (A reflected cross-site scripting (xss) vulnerability exists in the sen ...)
+ TODO: check
+CVE-2025-41768 (On an instance of TwinCAT 3 HMI Server running on a device an authenti ...)
+ TODO: check
+CVE-2025-41084 (Stored Cross-Site Scripting (XSS) vulnerability in Sesame web applicat ...)
+ TODO: check
+CVE-2025-41081 (Reflected Cross-Site Scripting (XSS) vulnerability in IsMyGym by Zuinq ...)
+ TODO: check
+CVE-2025-41025 (Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1 ...)
+ TODO: check
+CVE-2025-41024 (Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1 ...)
+ TODO: check
+CVE-2025-40679 (HTML Injection vulnerability in Isshue by Bdtask, consisting os an ...)
+ TODO: check
+CVE-2025-40644 (Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla's QRGe ...)
+ TODO: check
+CVE-2025-36556 (A reflected cross-site scripting (xss) vulnerability exists in the lda ...)
+ TODO: check
+CVE-2025-36419 (IBM ApplinX 11.1 could disclose sensitive information about server arc ...)
+ TODO: check
+CVE-2025-36418 (IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerabi ...)
+ TODO: check
+CVE-2025-36411 (IBM ApplinX 11.1 is vulnerable to cross-site request forgery which cou ...)
+ TODO: check
+CVE-2025-36410 (IBM ApplinX 11.1 could allow an authenticated user to perform unauthor ...)
+ TODO: check
+CVE-2025-36409 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...)
+ TODO: check
+CVE-2025-36408 (IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vu ...)
+ TODO: check
+CVE-2025-36397 (IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML inje ...)
+ TODO: check
+CVE-2025-36396 (IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-sit ...)
+ TODO: check
+CVE-2025-36115 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...)
+ TODO: check
+CVE-2025-36113 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...)
+ TODO: check
+CVE-2025-36066 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...)
+ TODO: check
+CVE-2025-36065 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...)
+ TODO: check
+CVE-2025-36063 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...)
+ TODO: check
+CVE-2025-36059 (IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Inte ...)
+ TODO: check
+CVE-2025-36058 (IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Inte ...)
+ TODO: check
+CVE-2025-33233 (NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerabil ...)
+ TODO: check
+CVE-2025-33231 (NVIDIA Nsight Systems for Windows contains a vulnerability in the appl ...)
+ TODO: check
+CVE-2025-33230 (NVIDIA Nsight Systems for Linux contains a vulnerability in the .run i ...)
+ TODO: check
+CVE-2025-33229 (NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Ns ...)
+ TODO: check
+CVE-2025-33228 (NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot reci ...)
+ TODO: check
+CVE-2025-33015 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload ...)
+ TODO: check
+CVE-2025-1722 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtai ...)
+ TODO: check
+CVE-2025-1719 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtai ...)
+ TODO: check
+CVE-2025-15380 (The NotificationX \u2013 FOMO, Live Sales Notification, WooCommerce Sa ...)
+ TODO: check
+CVE-2025-15347 (The Creator LMS \u2013 The LMS for Creators, Coaches, and Trainers plu ...)
+ TODO: check
+CVE-2025-15043 (The The Events Calendar plugin for WordPress is vulnerable to unauthor ...)
+ TODO: check
+CVE-2025-14883
+ REJECTED
+CVE-2025-14533 (The Advanced Custom Fields: Extended plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-14377 (A security issue was discovered within the legacy Ansible playbook com ...)
+ TODO: check
+CVE-2025-14376 (A security issue was discovered within the legacy ADI server component ...)
+ TODO: check
+CVE-2025-14369 (dr_flac, an audio decoder within the dr_libs toolset, contains an inte ...)
+ TODO: check
+CVE-2025-14115 (IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 ...)
+ TODO: check
+CVE-2025-14027 (Multiple denial-of-service vulnerabilities exist in the affected produ ...)
+ TODO: check
+CVE-2025-13925 (IBM Aspera Console 3.4.7 stores potentially sensitive information in l ...)
+ TODO: check
+CVE-2025-12985 (IBM Licensing Operator incorrectly assigns privileges to security crit ...)
+ TODO: check
+CVE-2025-11743 (A denial-of-service security issue in the affected product. The securi ...)
+ TODO: check
+CVE-2025-15281 (Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the ...)
- glibc <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/01/20/3
NOTE: Inroduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=8f2ece695d8822e9ecc63ecd157e90bf17a6fe65
@@ -3192,7 +3392,7 @@ CVE-2026-22250 (wlc is a Weblate command-line client using Weblate's REST API. P
NOTE: https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh
NOTE: https://github.com/WeblateOrg/wlc/pull/1097
NOTE: Fixed by: https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3 (1.17.0)
-CVE-2026-22200 (Enhancesoft osTicket versions 1.18.3 contain an arbitrary file read vu ...)
+CVE-2026-22200 (Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior ...)
NOT-FOR-US: osTicket
CVE-2026-22050 (ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 w ...)
NOT-FOR-US: NetApp
@@ -21640,6 +21840,7 @@ CVE-2025-12385 (Allocation of Resources Without Limits or Throttling, Improper V
CVE-2025-12358 (The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPres ...)
NOT-FOR-US: WordPress plugin
CVE-2025-12084 (When building nested elements using xml.dom.minidom methods such as ap ...)
+ {DLA-4445-1}
- python3.14 3.14.2-1
- python3.13 3.13.11-1
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -22335,6 +22536,7 @@ CVE-2025-23417 (A denial of service vulnerability exists in the Modbus RTU over
CVE-2025-20085 (A denial of service vulnerability exists in the Modbus RTU over TCP fu ...)
NOT-FOR-US: Socomec
CVE-2025-13837 (When loading a plist file, the plistlib module reads data in size spec ...)
+ {DLA-4445-1}
- python3.14 3.14.2-1
- python3.13 3.13.11-1
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -22351,6 +22553,7 @@ CVE-2025-13837 (When loading a plist file, the plistlib module reads data in siz
NOTE: https://github.com/python/cpython/commit/71fa8eb8233b37f16c88b6e3e583b461b205d1ba (v3.13.10)
NOTE: Introduced by: https://github.com/python/cpython/commit/065266450ea5519a43bcc199e48d304f1e7038e8 (v3.4.2rc1)
CVE-2025-13836 (When reading an HTTP response from a server, if no read amount is spec ...)
+ {DLA-4445-1}
- python3.14 3.14.2-1
- python3.13 3.13.11-1
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -29967,6 +30170,7 @@ CVE-2025-6176 (Scrapy versions up to 2.13.2 are vulnerable to a denial of servic
NOTE: https://github.com/google/brotli/pull/1234
NOTE: Negligible security impact
CVE-2025-6075 (If the value passed to os.path.expandvars() is user-controlled a perf ...)
+ {DLA-4445-1}
- python3.14 3.14.2-1
- python3.13 3.13.11-1
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -38028,7 +38232,7 @@ CVE-2025-10004 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
CVE-2025-11340 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
- gitlab <not-affected> (Specific to EE)
CVE-2025-8291 (The 'zipfile' module would not check the validity of the ZIP64 End of ...)
- {DLA-4354-1}
+ {DLA-4445-1 DLA-4354-1}
- python3.14 3.14.0-3
- python3.13 3.13.11-1
[trixie] - python3.13 <no-dsa> (Minor issue)
@@ -63456,6 +63660,7 @@ CVE-2025-8266 (A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.
CVE-2025-8265 (A vulnerability classified as critical has been found in 299Ko CMS 2.0 ...)
NOT-FOR-US: 299Ko CMS
CVE-2025-8194 (There is a defect in the CPython \u201ctarfile\u201d module affecting ...)
+ {DLA-4445-1}
- python3.13 3.13.6-1 (bug #1124764)
[trixie] - python3.13 <no-dsa> (Minor issue)
- python3.12 <removed>
@@ -76747,7 +76952,7 @@ CVE-2025-6196 (A flaw was found in libgepub, a library used to read EPUB files.
NOTE: https://gitlab.gnome.org/GNOME/libgepub/-/issues/18
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libgepub/-/commit/70895c45364ef4ee827b39b2ed1c33723410e94c (0.7.2)
CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic complexity w ...)
- {DLA-4354-1}
+ {DLA-4445-1 DLA-4354-1}
- python3.13 3.13.6-1
[trixie] - python3.13 <no-dsa> (Minor issue)
- python3.12 <removed>
@@ -86114,6 +86319,7 @@ CVE-2025-4695 (A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Mana
CVE-2025-4564 (The TicketBAI Facturas para WooCommerce plugin for WordPress is vulner ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4516 (There is an issue in CPython when using `bytes.decode("unicode_escape" ...)
+ {DLA-4445-1}
- python3.13 3.13.3-4
- python3.12 <removed>
- python3.11 <removed>
@@ -331579,7 +331785,7 @@ CVE-2022-37456
CVE-2022-37455
RESERVED
CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...)
- {DSA-5277-1 DSA-5269-1 DSA-5267-1 DLA-3243-1 DLA-3175-1 DLA-3174-1}
+ {DSA-5277-1 DSA-5269-1 DSA-5267-1 DLA-4445-1 DLA-3243-1 DLA-3175-1 DLA-3174-1}
- php8.1 8.1.12-1
- php7.4 <removed>
- php7.3 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2de2f442c0d30a45abc0efd2457a74ff4fdd9da
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2de2f442c0d30a45abc0efd2457a74ff4fdd9da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260120/df3c8f86/attachment.htm>
More information about the debian-security-tracker-commits
mailing list