[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 22 20:13:22 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c302da7 by security tracker role at 2026-01-22T20:13:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,897 @@
+CVE-2026-24390 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-24389 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24388 (Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpma ...)
+ TODO: check
+CVE-2026-24387 (Missing Authorization vulnerability in Arul Prasad J WP Quick Post Dup ...)
+ TODO: check
+CVE-2026-24386 (Missing Authorization vulnerability in Element Invader Element Invader ...)
+ TODO: check
+CVE-2026-24384 (Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive M ...)
+ TODO: check
+CVE-2026-24383 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24381 (Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe ...)
+ TODO: check
+CVE-2026-24380 (Missing Authorization vulnerability in Metagauss EventPrime eventprime ...)
+ TODO: check
+CVE-2026-24379 (Authorization Bypass Through User-Controlled Key vulnerability in wpjo ...)
+ TODO: check
+CVE-2026-24377 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2026-24374 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrat ...)
+ TODO: check
+CVE-2026-24371 (Missing Authorization vulnerability in bookingalgorithms BA Book Every ...)
+ TODO: check
+CVE-2026-24368 (Missing Authorization vulnerability in Theme-one The Grid the-grid all ...)
+ TODO: check
+CVE-2026-24367 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-24366 (Missing Authorization vulnerability in YITHEMES YITH WooCommerce Reque ...)
+ TODO: check
+CVE-2026-24365 (Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Man ...)
+ TODO: check
+CVE-2026-24361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24360 (Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Serio ...)
+ TODO: check
+CVE-2026-24358 (Missing Authorization vulnerability in ExpressTech Systems Quiz And Su ...)
+ TODO: check
+CVE-2026-24357 (Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recip ...)
+ TODO: check
+CVE-2026-24356 (Missing Authorization vulnerability in Roxnor GetGenie getgenie allows ...)
+ TODO: check
+CVE-2026-24355 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24354 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-24353 (Missing Authorization vulnerability in wpeverest User Registration use ...)
+ TODO: check
+CVE-2026-24332 (Discord through 2026-01-16 allows gathering information about whether ...)
+ TODO: check
+CVE-2026-24055 (Langfuse is an open source large language model engineering platform. ...)
+ TODO: check
+CVE-2026-24049 (wheel is a command line tool for manipulating Python wheel files, as d ...)
+ TODO: check
+CVE-2026-24048 (Backstage is an open framework for building developer portals, and @ba ...)
+ TODO: check
+CVE-2026-24047 (Backstage is an open framework for building developer portals, and @ba ...)
+ TODO: check
+CVE-2026-24046 (Backstage is an open framework for building developer portals. Multipl ...)
+ TODO: check
+CVE-2026-24042 (Appsmith is a platform to build admin panels, internal tools, and dash ...)
+ TODO: check
+CVE-2026-24039 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2026-24038 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2026-24037 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2026-24036 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2026-24035 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2026-24034 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2026-24010 (Horilla is a free and open source Human Resource Management System (HR ...)
+ TODO: check
+CVE-2026-24009 (Docling Core (or docling-core) is a library that defines core data typ ...)
+ TODO: check
+CVE-2026-24006 (Seroval facilitates JS value stringification, including complex struct ...)
+ TODO: check
+CVE-2026-24002 (Grist is spreadsheet software using Python as its formula language. Gr ...)
+ TODO: check
+CVE-2026-24001 (jsdiff is a JavaScript text differencing implementation. Prior to vers ...)
+ TODO: check
+CVE-2026-23996 (FastAPI Api Key provides a backend-agnostic library that provides an A ...)
+ TODO: check
+CVE-2026-23992 (go-tuf is a Go implementation of The Update Framework (TUF). Starting ...)
+ TODO: check
+CVE-2026-23991 (go-tuf is a Go implementation of The Update Framework (TUF). Starting ...)
+ TODO: check
+CVE-2026-23990 (The Flux Operator is a Kubernetes CRD controller that manages the life ...)
+ TODO: check
+CVE-2026-23986 (Copier is a library and CLI app for rendering project templates. Prior ...)
+ TODO: check
+CVE-2026-23978 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-23976 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-23975 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-23974 (Missing Authorization vulnerability in uxper Golo golo allows Exploiti ...)
+ TODO: check
+CVE-2026-23968 (Copier is a library and CLI app for rendering project templates. Prior ...)
+ TODO: check
+CVE-2026-23967 (sm-crypto provides JavaScript implementations of the Chinese cryptogra ...)
+ TODO: check
+CVE-2026-23966 (sm-crypto provides JavaScript implementations of the Chinese cryptogra ...)
+ TODO: check
+CVE-2026-23965 (sm-crypto provides JavaScript implementations of the Chinese cryptogra ...)
+ TODO: check
+CVE-2026-23964 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2026-23963 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2026-23962 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2026-23961 (Mastodon is a free, open-source social network server based on Activit ...)
+ TODO: check
+CVE-2026-23960 (Argo Workflows is an open source container-native workflow engine for ...)
+ TODO: check
+CVE-2026-23959 (CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL ...)
+ TODO: check
+CVE-2026-23958 (Dataease is an open source data visualization analysis tool. Prior to ...)
+ TODO: check
+CVE-2026-23957 (seroval facilitates JS value stringification, including complex struct ...)
+ TODO: check
+CVE-2026-23956 (seroval facilitates JS value stringification, including complex struct ...)
+ TODO: check
+CVE-2026-23951 (SumatraPDF is a multi-format reader for Windows. All versions contain ...)
+ TODO: check
+CVE-2026-23946 (Tendenci is an open source content management system built for non-pro ...)
+ TODO: check
+CVE-2026-23893 (openCryptoki is a PKCS#11 library and provides tooling for Linux and A ...)
+ TODO: check
+CVE-2026-23887 (Group-Office is an enterprise customer relationship management and gro ...)
+ TODO: check
+CVE-2026-23873 (hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ...)
+ TODO: check
+CVE-2026-23764 (VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (vers ...)
+ TODO: check
+CVE-2026-23763 (VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0 ...)
+ TODO: check
+CVE-2026-23762 (VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (vers ...)
+ TODO: check
+CVE-2026-23761 (VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (vers ...)
+ TODO: check
+CVE-2026-23760 (SmarterTools SmarterMail versions prior to build 9511 contain an authe ...)
+ TODO: check
+CVE-2026-23737 (seroval facilitates JS value stringification, including complex struct ...)
+ TODO: check
+CVE-2026-23736 (seroval facilitates JS value stringification, including complex struct ...)
+ TODO: check
+CVE-2026-23699 (AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 conta ...)
+ TODO: check
+CVE-2026-23630 (Docmost is open-source collaborative wiki and documentation software. ...)
+ TODO: check
+CVE-2026-23526 (CVAT is an open source interactive video and image annotation tool for ...)
+ TODO: check
+CVE-2026-23524 (Laravel Reverb provides a real-time WebSocket communication backend fo ...)
+ TODO: check
+CVE-2026-23518 (Fleet is open source device management software. In versions prior to ...)
+ TODO: check
+CVE-2026-23517 (Fleet is open source device management software. A broken access contr ...)
+ TODO: check
+CVE-2026-23516 (CVAT is an open source interactive video and image annotation tool for ...)
+ TODO: check
+CVE-2026-23499 (Saleor is an e-commerce platform. Starting in version 3.0.0 and prior ...)
+ TODO: check
+CVE-2026-22849 (Saleor is an e-commerce platform. Starting in version 3.0.0 and prior ...)
+ TODO: check
+CVE-2026-22822 (External Secrets Operator reads information from a third-party service ...)
+ TODO: check
+CVE-2026-22808 (fleetdm/fleet is open source device management software. Prior to vers ...)
+ TODO: check
+CVE-2026-22807 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2026-22793 (5ire is a cross-platform desktop artificial intelligence assistant and ...)
+ TODO: check
+CVE-2026-22792 (5ire is a cross-platform desktop artificial intelligence assistant and ...)
+ TODO: check
+CVE-2026-22598 (ManageIQ is an open-source management platform. A flaw was found in th ...)
+ TODO: check
+CVE-2026-22483 (Cross-Site Request Forgery (CSRF) vulnerability in winkm89 teachPress ...)
+ TODO: check
+CVE-2026-22482 (Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspide ...)
+ TODO: check
+CVE-2026-22481 (Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier O ...)
+ TODO: check
+CVE-2026-22472 (Missing Authorization vulnerability in hassantafreshi Easy Form Builde ...)
+ TODO: check
+CVE-2026-22470 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-22469 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2026-22468 (Missing Authorization vulnerability in AbsolutePlugins Absolute Addons ...)
+ TODO: check
+CVE-2026-22466 (Missing Authorization vulnerability in Chandni Patel WP MapIt wp-mapit ...)
+ TODO: check
+CVE-2026-22464 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-22463 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-22462 (Cross-Site Request Forgery (CSRF) vulnerability in richardevcom Add Po ...)
+ TODO: check
+CVE-2026-22461 (Missing Authorization vulnerability in WebAppick CTX Feed webappick-pr ...)
+ TODO: check
+CVE-2026-22458 (Missing Authorization vulnerability in Mikado-Themes Wanderland wander ...)
+ TODO: check
+CVE-2026-22450 (Missing Authorization vulnerability in Select-Themes Don Peppe donpepp ...)
+ TODO: check
+CVE-2026-22447 (Missing Authorization vulnerability in Select-Themes Prowess prowess a ...)
+ TODO: check
+CVE-2026-22445 (Missing Authorization vulnerability in Proptech Plugin Apimo Connector ...)
+ TODO: check
+CVE-2026-22430 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22426 (Authorization Bypass Through User-Controlled Key vulnerability in Elat ...)
+ TODO: check
+CVE-2026-22411 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22409 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22407 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22406 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22404 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22402 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-22401 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-22400 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22398 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22396 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22393 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22391 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
+ TODO: check
+CVE-2026-22388 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-22382 (Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFr ...)
+ TODO: check
+CVE-2026-22360 (Cross-Site Request Forgery (CSRF) vulnerability in AA-Team SearchAzon ...)
+ TODO: check
+CVE-2026-22359 (Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress M ...)
+ TODO: check
+CVE-2026-22358 (Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Elec ...)
+ TODO: check
+CVE-2026-22355 (Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple X ...)
+ TODO: check
+CVE-2026-22353 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-22349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-22348 (Missing Authorization vulnerability in Tasos Fel Civic Cookie Control ...)
+ TODO: check
+CVE-2026-22347 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-22281 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6. ...)
+ TODO: check
+CVE-2026-22280 (Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6. ...)
+ TODO: check
+CVE-2026-22279 (Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficie ...)
+ TODO: check
+CVE-2026-22278 (Dell PowerScale OneFS versions prior to 9.13.0.0 contains an improper ...)
+ TODO: check
+CVE-2026-21852 (Claude Code is an agentic coding tool. Prior to version 2.0.65, vulner ...)
+ TODO: check
+CVE-2026-1332 (MeetingHub developed by HAMASTAR Technology has a Missing Authenticati ...)
+ TODO: check
+CVE-2026-1331 (MeetingHub developed by HAMASTAR Technology has an Arbitrary File Uplo ...)
+ TODO: check
+CVE-2026-1330 (MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read ...)
+ TODO: check
+CVE-2026-1329 (A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is ...)
+ TODO: check
+CVE-2026-1328 (A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910 ...)
+ TODO: check
+CVE-2026-1327 (A security vulnerability has been detected in Totolink NR1800X 9.1.0u. ...)
+ TODO: check
+CVE-2026-1326 (A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B202109 ...)
+ TODO: check
+CVE-2026-1325 (A security flaw has been discovered in Sangfor Operation and Maintenan ...)
+ TODO: check
+CVE-2026-1324 (A vulnerability was identified in Sangfor Operation and Maintenance Ma ...)
+ TODO: check
+CVE-2026-1260 (Invalid memory access in Sentencepiece versions less than 0.2.1 when u ...)
+ TODO: check
+CVE-2026-1225 (ACE vulnerability in configuration file processing by QOS.CH logback- ...)
+ TODO: check
+CVE-2026-1036 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
+ TODO: check
+CVE-2026-0920 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2026-0535 (A maliciously crafted HTML payload, stored in a component\u2019s descr ...)
+ TODO: check
+CVE-2026-0534 (A maliciously crafted HTML payload, stored in a part\u2019s attribute ...)
+ TODO: check
+CVE-2026-0533 (A maliciously crafted HTML payload in a design name, when displayed du ...)
+ TODO: check
+CVE-2025-71176 (pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytes ...)
+ TODO: check
+CVE-2025-70899 (PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Fo ...)
+ TODO: check
+CVE-2025-69828 (File Upload vulnerability in TMS Global Software TMS Management Consol ...)
+ TODO: check
+CVE-2025-69822 (An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.3 ...)
+ TODO: check
+CVE-2025-69821 (An issue in Beat XP VEGA Smartwatch (Firmware Version - RB303ATV006229 ...)
+ TODO: check
+CVE-2025-69820 (Directory Traversal vulnerability in Beam beta9 v.0.1.552 allows a rem ...)
+ TODO: check
+CVE-2025-69764 (Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow ...)
+ TODO: check
+CVE-2025-69612 (A path traversal vulnerability exists in TMS Management Console (versi ...)
+ TODO: check
+CVE-2025-69321 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69319 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-69318 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69317 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69316 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69315 (Missing Authorization vulnerability in NSquared Simply Schedule Appoin ...)
+ TODO: check
+CVE-2025-69314 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69313 (Missing Authorization vulnerability in WPXPO PostX ultimate-post allow ...)
+ TODO: check
+CVE-2025-69312 (Unrestricted Upload of File with Dangerous Type vulnerability in Xpro ...)
+ TODO: check
+CVE-2025-69311 (Missing Authorization vulnerability in Broadstreet Broadstreet Ads bro ...)
+ TODO: check
+CVE-2025-69300 (Missing Authorization vulnerability in Leap13 Premium Addons for Eleme ...)
+ TODO: check
+CVE-2025-69293 (Incorrect Privilege Assignment vulnerability in e-plugins Final User f ...)
+ TODO: check
+CVE-2025-69292 (Incorrect Privilege Assignment vulnerability in e-plugins WP Membershi ...)
+ TODO: check
+CVE-2025-69285 (SQLBot is an intelligent data query system based on a large language m ...)
+ TODO: check
+CVE-2025-69193 (Missing Authorization vulnerability in e-plugins WP Membership wp-memb ...)
+ TODO: check
+CVE-2025-69192 (Missing Authorization vulnerability in e-plugins Real Estate Pro real- ...)
+ TODO: check
+CVE-2025-69191 (Missing Authorization vulnerability in e-plugins ListingHub listinghub ...)
+ TODO: check
+CVE-2025-69190 (Missing Authorization vulnerability in e-plugins Listihub listihub all ...)
+ TODO: check
+CVE-2025-69188 (Missing Authorization vulnerability in e-plugins fitness-trainer fitne ...)
+ TODO: check
+CVE-2025-69187 (Missing Authorization vulnerability in e-plugins Final User final-user ...)
+ TODO: check
+CVE-2025-69186 (Missing Authorization vulnerability in e-plugins Hospital Doctor Direc ...)
+ TODO: check
+CVE-2025-69185 (Missing Authorization vulnerability in e-plugins Hotel Listing hotel-l ...)
+ TODO: check
+CVE-2025-69184 (Missing Authorization vulnerability in e-plugins Institutions Director ...)
+ TODO: check
+CVE-2025-69183 (Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doc ...)
+ TODO: check
+CVE-2025-69182 (Incorrect Privilege Assignment vulnerability in e-plugins Institutions ...)
+ TODO: check
+CVE-2025-69181 (Missing Authorization vulnerability in e-plugins Lawyer Directory lawy ...)
+ TODO: check
+CVE-2025-69180 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-69102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69101 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-69100 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69099 (Deserialization of Untrusted Data vulnerability in fuelthemes North no ...)
+ TODO: check
+CVE-2025-69098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69097 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-69095 (Missing Authorization vulnerability in designthemes Reservation Plugin ...)
+ TODO: check
+CVE-2025-69079 (Deserialization of Untrusted Data vulnerability in ThemeREX Sound | Mu ...)
+ TODO: check
+CVE-2025-69078 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69077 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69076 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69075 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69074 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69073 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69072 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69071 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69070 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69068 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69067 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69066 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69065 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69064 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69062 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69061 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69060 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69059 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69058 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69057 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69056 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69055 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-69054 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69053 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69052 (Missing Authorization vulnerability in FmeAddons Registration & Login ...)
+ TODO: check
+CVE-2025-69051 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69050 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69049 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69048 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69047 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69046 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-69044 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69043 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69042 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69041 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69040 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69039 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69038 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69037 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69036 (Deserialization of Untrusted Data vulnerability in strongholdthemes Te ...)
+ TODO: check
+CVE-2025-69035 (Deserialization of Untrusted Data vulnerability in strongholdthemes De ...)
+ TODO: check
+CVE-2025-69005 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69004 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-69003 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-69002 (Deserialization of Untrusted Data vulnerability in designthemes OneLif ...)
+ TODO: check
+CVE-2025-69001 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-68999 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-68986 (Unrestricted Upload of File with Dangerous Type vulnerability in zozot ...)
+ TODO: check
+CVE-2025-68913 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-68912 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-68911 (Missing Authorization vulnerability in solacewp Solace solace allows E ...)
+ TODO: check
+CVE-2025-68910 (Unrestricted Upload of File with Dangerous Type vulnerability in blaze ...)
+ TODO: check
+CVE-2025-68909 (Unrestricted Upload of File with Dangerous Type vulnerability in blaze ...)
+ TODO: check
+CVE-2025-68908 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-68907 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-68906 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68905 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-68904 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68903 (Deserialization of Untrusted Data vulnerability in AivahThemes Anona a ...)
+ TODO: check
+CVE-2025-68902 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-68901 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-68900 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68899 (Deserialization of Untrusted Data vulnerability in designthemes Vivagh ...)
+ TODO: check
+CVE-2025-68898 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68896 (Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one- ...)
+ TODO: check
+CVE-2025-68894 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68884 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68883 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68882 (Missing Authorization vulnerability in Scalenut Scalenut scalenut allo ...)
+ TODO: check
+CVE-2025-68881 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-68871 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68869 (Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTas ...)
+ TODO: check
+CVE-2025-68866 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68864 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68859 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68858 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68857 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-68849 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68838 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68835 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68609 (A vulnerability in Palantir's Aries service allowed unauthenticated ac ...)
+ TODO: check
+CVE-2025-68558 (Missing Authorization vulnerability in averta Depicter Slider depicter ...)
+ TODO: check
+CVE-2025-68538 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68520 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68518 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68510 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-68507 (Missing Authorization vulnerability in Icegram Icegram icegram allows ...)
+ TODO: check
+CVE-2025-68073 (Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance ...)
+ TODO: check
+CVE-2025-68072 (Missing Authorization vulnerability in Merv Barrett Easy Property List ...)
+ TODO: check
+CVE-2025-68059 (Missing Authorization vulnerability in e-plugins Hotel Listing hotel-l ...)
+ TODO: check
+CVE-2025-68058 (Missing Authorization vulnerability in e-plugins Institutions Director ...)
+ TODO: check
+CVE-2025-68057 (Missing Authorization vulnerability in e-plugins Hospital Doctor Direc ...)
+ TODO: check
+CVE-2025-68047 (Deserialization of Untrusted Data vulnerability in Arraytics Eventin w ...)
+ TODO: check
+CVE-2025-68046 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-68041 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68039 (Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-ba ...)
+ TODO: check
+CVE-2025-68035 (Insertion of Sensitive Information Into Sent Data vulnerability in tab ...)
+ TODO: check
+CVE-2025-68034 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-68030 (Server-Side Request Forgery (SSRF) vulnerability in WP Messiah Frontis ...)
+ TODO: check
+CVE-2025-68027 (Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking ...)
+ TODO: check
+CVE-2025-68020 (Missing Authorization vulnerability in WANotifier WANotifier notifier ...)
+ TODO: check
+CVE-2025-68019 (Missing Authorization vulnerability in cleverplugins SEO Booster seo-b ...)
+ TODO: check
+CVE-2025-68018 (Missing Authorization vulnerability in ilmosys Order Listener for WooC ...)
+ TODO: check
+CVE-2025-68017 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-68016 (Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment ...)
+ TODO: check
+CVE-2025-68015 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-68013 (Missing Authorization vulnerability in cardpaysolutions Payment Gatewa ...)
+ TODO: check
+CVE-2025-68012 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68010 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68009 (Missing Authorization vulnerability in Codeless Slider Templates slide ...)
+ TODO: check
+CVE-2025-68008 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68007 (Missing Authorization vulnerability in Event Espresso Event Espresso 4 ...)
+ TODO: check
+CVE-2025-68006 (Insertion of Sensitive Information Into Sent Data vulnerability in Dee ...)
+ TODO: check
+CVE-2025-68004 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68003 (Missing Authorization vulnerability in renatoatshown Shown Connector s ...)
+ TODO: check
+CVE-2025-68001 (Unrestricted Upload of File with Dangerous Type vulnerability in garid ...)
+ TODO: check
+CVE-2025-67968 (Unrestricted Upload of File with Dangerous Type vulnerability in Inspi ...)
+ TODO: check
+CVE-2025-67967 (Missing Authorization vulnerability in e-plugins Lawyer Directory lawy ...)
+ TODO: check
+CVE-2025-67966 (Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Direc ...)
+ TODO: check
+CVE-2025-67964 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67963 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-67961 (Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren W ...)
+ TODO: check
+CVE-2025-67960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67959 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67958 (Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommer ...)
+ TODO: check
+CVE-2025-67957 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67956 (Missing Authorization vulnerability in wpeverest User Registration use ...)
+ TODO: check
+CVE-2025-67955 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67954 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-67953 (Incorrect Privilege Assignment vulnerability in Booking Activities Tea ...)
+ TODO: check
+CVE-2025-67952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67949 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67947 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67946 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67945 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-67944 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-67943 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67942 (Missing Authorization vulnerability in peachpayments Peach Payments Ga ...)
+ TODO: check
+CVE-2025-67941 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67940 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67939 (Missing Authorization vulnerability in Tickera Tickera tickera-event-t ...)
+ TODO: check
+CVE-2025-67938 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67684 (Quick.Cart is vulnerable to Local File Inclusion and Path Traversal is ...)
+ TODO: check
+CVE-2025-67683 (Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An ...)
+ TODO: check
+CVE-2025-67626 (Cross-Site Request Forgery (CSRF) vulnerability in Angel Costa WP SEO ...)
+ TODO: check
+CVE-2025-67620 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67619 (Deserialization of Untrusted Data vulnerability in designthemes Kids H ...)
+ TODO: check
+CVE-2025-67617 (Deserialization of Untrusted Data vulnerability in themeton Consult Ai ...)
+ TODO: check
+CVE-2025-67616 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67615 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67221 (The orjson.dumps function in orjson thru 3.11.4 does not limit recursi ...)
+ TODO: check
+CVE-2025-66428 (An issue with WordPress directory names in WebPros WordPress Toolkit b ...)
+ TODO: check
+CVE-2025-66143 (Missing Authorization vulnerability in merkulove Crumber crumber-eleme ...)
+ TODO: check
+CVE-2025-66142 (Missing Authorization vulnerability in merkulove Comparimager for Elem ...)
+ TODO: check
+CVE-2025-66141 (Missing Authorization vulnerability in merkulove Scroller scroller all ...)
+ TODO: check
+CVE-2025-66140 (Missing Authorization vulnerability in merkulove Uper for Elementor up ...)
+ TODO: check
+CVE-2025-66139 (Missing Authorization vulnerability in merkulove Audier For Elementor ...)
+ TODO: check
+CVE-2025-66138 (Missing Authorization vulnerability in merkulove Motionger for Element ...)
+ TODO: check
+CVE-2025-66137 (Missing Authorization vulnerability in merkulove Searcher for Elemento ...)
+ TODO: check
+CVE-2025-66136 (Missing Authorization vulnerability in merkulove Carter for Elementor ...)
+ TODO: check
+CVE-2025-66135 (Missing Authorization vulnerability in merkulove Imager for Elementor ...)
+ TODO: check
+CVE-2025-65098 (Typebot is an open-source chatbot builder. In versions prior to 3.13.2 ...)
+ TODO: check
+CVE-2025-64252 (Server-Side Request Forgery (SSRF) vulnerability in Marco Milesi ANAC ...)
+ TODO: check
+CVE-2025-64097 (NervesHub is a web service that allows users to manage over-the-air (O ...)
+ TODO: check
+CVE-2025-63051 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-63026 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63019 (Insertion of Sensitive Information Into Sent Data vulnerability in Joh ...)
+ TODO: check
+CVE-2025-63018 (Missing Authorization vulnerability in wproyal Bard bard allows Exploi ...)
+ TODO: check
+CVE-2025-63017 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-62754 (Missing Authorization vulnerability in Kapil Paul Payment Gateway bKas ...)
+ TODO: check
+CVE-2025-62741 (Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool ...)
+ TODO: check
+CVE-2025-62106 (Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-c ...)
+ TODO: check
+CVE-2025-62077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-62056 (Unrestricted Upload of File with Dangerous Type vulnerability in blaze ...)
+ TODO: check
+CVE-2025-62050 (Unrestricted Upload of File with Dangerous Type vulnerability in blaze ...)
+ TODO: check
+CVE-2025-5805 (Missing Authorization vulnerability in Ninetheme Electron electron all ...)
+ TODO: check
+CVE-2025-56590 (An issue was discovered in the InsertFromURL() function of the Apryse ...)
+ TODO: check
+CVE-2025-56589 (A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) ...)
+ TODO: check
+CVE-2025-54003 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-54002 (Missing Authorization vulnerability in Jthemes xSmart xsmart allows Ex ...)
+ TODO: check
+CVE-2025-53240 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52762 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-52746 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50007 (Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart ...)
+ TODO: check
+CVE-2025-50006 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50005 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-50004 (Deserialization of Untrusted Data vulnerability in artbees JupiterX Co ...)
+ TODO: check
+CVE-2025-50003 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-50002 (Unrestricted Upload of File with Dangerous Type vulnerability in Faros ...)
+ TODO: check
+CVE-2025-4764 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-4763 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-49994 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49375 (Missing Authorization vulnerability in cozythemes HomeLancer homelance ...)
+ TODO: check
+CVE-2025-49336 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49249 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49066 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49055 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-49050 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-49049 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-49046 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49045 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49043 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48094 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47666 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47600 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-47555 (Authorization Bypass Through User-Controlled Key vulnerability in Them ...)
+ TODO: check
+CVE-2025-47500 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-47474 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-36588 (Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improp ...)
+ TODO: check
+CVE-2025-32123 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-32057 (The Infotainment ECU manufactured by Bosch which is installed in Nissa ...)
+ TODO: check
+CVE-2025-32056 (The anti-theft protection mechanism can be bypassed by attackers due t ...)
+ TODO: check
+CVE-2025-31413 (Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pa ...)
+ TODO: check
+CVE-2025-27380 (HTML injection in Project Release in Altium Enterprise Server (AES) 7. ...)
+ TODO: check
+CVE-2025-27379 (A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in ...)
+ TODO: check
+CVE-2025-27378 (AES contains a SQL injection vulnerability due to an inactive configur ...)
+ TODO: check
+CVE-2025-27377 (Altium Designer version 24.9.0 does not validate self-signed server ce ...)
+ TODO: check
+CVE-2025-27005 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-15523 (MacOS version of Inkscape bundles a Python interpreter that inherits t ...)
+ TODO: check
+CVE-2025-14295 (Storing Passwords in a Recoverable Format vulnerability in Automated L ...)
+ TODO: check
+CVE-2025-12738 (Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are v ...)
+ TODO: check
+CVE-2025-10856 (Unrestricted Upload of File with Dangerous Type vulnerability in Solve ...)
+ TODO: check
+CVE-2025-10855 (Authorization Bypass Through User-Controlled Key vulnerability in Solv ...)
+ TODO: check
+CVE-2025-10024 (Authorization Bypass Through User-Controlled Key vulnerability in EXER ...)
+ TODO: check
+CVE-2024-53252
+ REJECTED
+CVE-2024-53251
+ REJECTED
+CVE-2024-53250
+ REJECTED
+CVE-2024-53249
+ REJECTED
+CVE-2024-53248
+ REJECTED
+CVE-2024-45743
+ REJECTED
+CVE-2024-45742
+ REJECTED
+CVE-2024-45730
+ REJECTED
+CVE-2024-45729
+ REJECTED
+CVE-2024-45728
+ REJECTED
+CVE-2024-45727
+ REJECTED
+CVE-2024-45726
+ REJECTED
+CVE-2024-45725
+ REJECTED
+CVE-2024-45724
+ REJECTED
+CVE-2024-36998
+ REJECTED
+CVE-2024-36988
+ REJECTED
+CVE-2024-22166
+ REJECTED
+CVE-2023-7335 (EduSoho versions prior to 22.4.7 contain an arbitrary file read vulner ...)
+ TODO: check
+CVE-2023-32720
+ REJECTED
+CVE-2023-32719
+ REJECTED
+CVE-2023-32718
+ REJECTED
CVE-2026-23954 [Container image templating arbitrary host file read and write]
- incus <unfixed>
- lxd <removed>
@@ -83,6 +977,7 @@ CVE-2025-66959 (An issue in ollama v.0.12.10 allows a remote attacker to cause a
CVE-2025-57681 (The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before ...)
NOT-FOR-US: WorklogPRO Timesheets for Jira plugin
CVE-2025-13878 (Malformed BRID/HHIT records can cause `named` to terminate unexpectedl ...)
+ {DSA-6107-1}
- bind9 <unfixed>
[bullseye] - bind9 <not-affected> (BRID/HHIT rdata types introduced later)
NOTE: https://kb.isc.org/docs/cve-2025-13878
@@ -193,15 +1088,15 @@ CVE-2026-1190
- keycloak <itp> (bug #1088287)
CVE-2026-0603
NOT-FOR-US: Hibernate Core
-CVE-2026-1102
+CVE-2026-1102 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2025-13335
+CVE-2025-13335 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2026-0723
+CVE-2026-0723 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Only affects 18.x)
-CVE-2025-13928
+CVE-2025-13928 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
-CVE-2025-13927
+CVE-2025-13927 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2026-24026
REJECTED
@@ -396,7 +1291,6 @@ CVE-2026-0865 (User-controlled header names and values containing newlines can a
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
- pypy3 <unfixed>
- - python2.7 <removed>
- jython <unfixed>
NOTE: https://github.com/python/cpython/pull/143917
NOTE: https://github.com/python/cpython/issues/143916
@@ -494,6 +1388,7 @@ CVE-2025-11468 (When folding a long comment in an email header containing exclus
NOTE: https://github.com/python/cpython/pull/143936
NOTE: Fixed by: https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2 (main)
CVE-2026-24061 (telnetd in GNU Inetutils through 2.7 allows remote authentication bypa ...)
+ {DSA-6106-1}
- inetutils 2:2.7-2 (bug #1126047)
NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
NOTE: Introduced with: https://codeberg.org/inetutils/inetutils/commit/fa3245ac8c288b87139a0da8249d0a408c4dfb87 (inetutils-1_9_3)
@@ -727,7 +1622,7 @@ CVE-2026-22022 (Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Sol
- lucene-solr <not-affected> (Vulnerable code introduced later)
CVE-2026-22444 (The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficie ...)
- lucene-solr <not-affected> (Vulnerable code introduced later)
-CVE-2026-23952
+CVE-2026-23952 (ImageMagick is free and open-source software used for editing and mani ...)
- imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126077)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d (7.1.2-13)
@@ -914,7 +1809,7 @@ CVE-2026-21696 (Wings is the server control plane for Pterodactyl, a free, open-
NOT-FOR-US: Wings
CVE-2026-21618 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: hexpm
-CVE-2026-1181 (A stored cross-site scripting (XSS) vulnerability exists in the Altium ...)
+CVE-2026-1181 (Altium 365 workspace endpoints were configured with an overly permissi ...)
NOT-FOR-US: Altium
CVE-2026-1174 (A vulnerability was determined in birkir prime up to 0.4.0.beta.0. Thi ...)
NOT-FOR-US: birkir prime
@@ -1893,19 +2788,26 @@ CVE-2026-22645 (The application discloses all used components, versions and lice
NOT-FOR-US: SICK AG
CVE-2026-22644 (Certain requests pass the authentication token in the URL as string qu ...)
NOT-FOR-US: SICK AG
-CVE-2026-22643 (In Grafana, an excessively long dashboard title or panel name will cau ...)
+CVE-2026-22643
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22642 (An open redirect vulnerability has been identified in Grafana OSS orga ...)
+CVE-2026-22642
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22641 (This vulnerability in Grafana's datasource proxy API allows authorizat ...)
+CVE-2026-22641
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22640 (An access control vulnerability was discovered in Grafana OSS where an ...)
+CVE-2026-22640
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22639 (Grafana is an open-source platform for monitoring and observability. T ...)
+CVE-2026-22639
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22638 (A cross-site scripting (XSS) vulnerability exists in Grafana caused by ...)
+CVE-2026-22638
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-22637 (The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. ...)
+CVE-2026-22637
+ REJECTED
NOT-FOR-US: SICK AG
CVE-2026-22265 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
NOT-FOR-US: Roxy-WI
@@ -1942,9 +2844,11 @@ CVE-2026-0897 (Allocation of Resources Without Limits or Throttling in the HDF5
- keras <removed>
[bullseye] - keras <end-of-life> (EOL in bullseye LTS)
NOTE: https://github.com/keras-team/keras/pull/21880
-CVE-2026-0713 (A security vulnerability in the /apis/dashboard.grafana.app/* endpoint ...)
+CVE-2026-0713
+ REJECTED
NOT-FOR-US: SICK AG
-CVE-2026-0712 (An open redirect vulnerability has been identified in Grafana OSS that ...)
+CVE-2026-0712
+ REJECTED
NOT-FOR-US: SICK AG
CVE-2026-0227 (A vulnerability in Palo Alto Networks PAN-OS software enables an unaut ...)
NOT-FOR-US: Palo Alto Networks
@@ -4703,6 +5607,7 @@ CVE-2026-21885 (Miniflux 2 is an open source feed reader. Prior to version 2.2.1
NOTE: https://github.com/miniflux/v2/security/advisories/GHSA-xwh2-742g-w3wp
NOTE: Fixed by: https://github.com/miniflux/v2/commit/6c83e8c477b4d476aee5fbb87e47472c9ded01de (v2.2.16)
CVE-2026-21876 (The OWASP core rule set (CRS) is a set of generic attack detection rul ...)
+ {DSA-6105-1}
- modsecurity-crs 3.3.8-1 (bug #1125084)
NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5
NOTE: Fixed by (merge): https://github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83 (v3.3.8)
@@ -294832,7 +295737,7 @@ CVE-2023-22946 (In Apache Spark versions prior to 3.4.0, applications using spar
CVE-2023-22945 (In the GrowthExperiments extension for MediaWiki through 1.39, the gro ...)
NOT-FOR-US: GrowthExperiments extension for MediaWiki
CVE-2023-22944
- RESERVED
+ REJECTED
CVE-2023-22943 (In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk Clo ...)
NOT-FOR-US: Splunk
CVE-2023-22942 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross ...)
@@ -294860,17 +295765,17 @@ CVE-2023-22932 (In Splunk Enterprise 9.0 versions before 9.0.4, a View allows fo
CVE-2023-22931 (In Splunk Enterprise versions below 8.1.13 and 8.2.10, the \u2018creat ...)
NOT-FOR-US: Splunk
CVE-2023-22930
- RESERVED
+ REJECTED
CVE-2023-22929
- RESERVED
+ REJECTED
CVE-2023-22928
- RESERVED
+ REJECTED
CVE-2023-22927
- RESERVED
+ REJECTED
CVE-2023-22926
- RESERVED
+ REJECTED
CVE-2023-22925
- RESERVED
+ REJECTED
CVE-2023-22656 (Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL soft ...)
- intel-mediasdk <removed> (bug #1082866)
[bookworm] - intel-mediasdk <ignored> (No specific details published, development stalled and scheduled for removal from Debian)
@@ -315617,11 +316522,11 @@ CVE-2022-43562 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Sp
CVE-2022-43561 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote ...)
NOT-FOR-US: Splunk Enterprise
CVE-2022-43560
- RESERVED
+ REJECTED
CVE-2022-43559
- RESERVED
+ REJECTED
CVE-2022-43558
- RESERVED
+ REJECTED
CVE-2022-43557 (The BD BodyGuard\u2122 infusion pumps specified allow for access throu ...)
NOT-FOR-US: BD BodyGuard
CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
@@ -341592,7 +342497,7 @@ CVE-2022-34216 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005
CVE-2022-34215 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...)
NOT-FOR-US: Adobe
CVE-2022-34214
- RESERVED
+ REJECTED
CVE-2022-34213 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...)
NOT-FOR-US: Jenkins plugin
CVE-2022-34212 (A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 ...)
@@ -347035,7 +347940,7 @@ CVE-2022-32152 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0
CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped with Splun ...)
NOT-FOR-US: Splunk
CVE-2022-32150
- RESERVED
+ REJECTED
CVE-2022-32149 (An attacker may cause a denial of service by crafting an Accept-Langua ...)
- golang-golang-x-text 0.3.8-1 (bug #1021785)
[bullseye] - golang-golang-x-text <no-dsa> (Minor issue)
@@ -368635,7 +369540,7 @@ CVE-2022-24917 (An authenticated user can create a link with reflected Javascrip
NOTE: https://support.zabbix.com/browse/ZBX-20680
NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1)
CVE-2022-24911
- RESERVED
+ REJECTED
CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow an rem ...)
NOT-FOR-US: Qlik Sense Enterprise
CVE-2022-24916 (Optimism before @eth-optimism/l2geth at 0.5.11 allows economic griefing b ...)
@@ -370209,11 +371114,11 @@ CVE-2022-24410 (Dell BIOS contains an information exposure vulnerability. An una
CVE-2022-24409 (Dell BSAFE SSL-J contains remediation for a covert timing channel vuln ...)
NOT-FOR-US: Dell
CVE-2022-24380
- RESERVED
+ REJECTED
CVE-2022-22147
- RESERVED
+ REJECTED
CVE-2022-21130
- RESERVED
+ REJECTED
CVE-2022-0515 (Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/ ...)
NOT-FOR-US: Crater
CVE-2022-0514 (Business Logic Errors in GitHub repository crater-invoice/crater prior ...)
@@ -388964,7 +389869,7 @@ CVE-2021-43337 (SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Contro
CVE-2021-42743 (A misconfiguration in the node default path allows for local privilege ...)
NOT-FOR-US: Splunk
CVE-2021-3926
- RESERVED
+ REJECTED
CVE-2021-3925
RESERVED
CVE-2021-33845 (The Splunk Enterprise REST API allows enumeration of usernames via the ...)
@@ -511525,25 +512430,25 @@ CVE-2020-8462 (A cross-site scripting (XSS) vulnerability in Trend Micro InterSc
CVE-2020-8461 (A CSRF protection bypass vulnerability in Trend Micro InterScan Web Se ...)
NOT-FOR-US: Trend Micro
CVE-2020-8460
- RESERVED
+ REJECTED
CVE-2020-8459
- RESERVED
+ REJECTED
CVE-2020-8458
- RESERVED
+ REJECTED
CVE-2020-8457
- RESERVED
+ REJECTED
CVE-2020-8456
- RESERVED
+ REJECTED
CVE-2020-8455
- RESERVED
+ REJECTED
CVE-2020-8454
- RESERVED
+ REJECTED
CVE-2020-8453
- RESERVED
+ REJECTED
CVE-2020-8452
- RESERVED
+ REJECTED
CVE-2020-8451
- RESERVED
+ REJECTED
CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer ...)
{DSA-4682-1 DLA-2278-1}
- squid 4.10-1 (bug #950802)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c302da7c69449b9c072276bd0d3dd737a6866ca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c302da7c69449b9c072276bd0d3dd737a6866ca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260122/790e8057/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list