[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 28 08:13:32 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a44dee91 by security tracker role at 2026-01-28T08:13:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,142 @@
-CVE-2026-1504
+CVE-2026-24910 (In Bun before 1.3.5, the default trusted dependencies list (aka trust ...)
+ TODO: check
+CVE-2026-24909 (vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading t ...)
+ TODO: check
+CVE-2026-24867
+ REJECTED
+CVE-2026-24866
+ REJECTED
+CVE-2026-24865
+ REJECTED
+CVE-2026-24864
+ REJECTED
+CVE-2026-24863
+ REJECTED
+CVE-2026-24862
+ REJECTED
+CVE-2026-24861
+ REJECTED
+CVE-2026-24860
+ REJECTED
+CVE-2026-24859
+ REJECTED
+CVE-2026-24852 (iccDEV provides a set of libraries and tools that allow for the intera ...)
+ TODO: check
+CVE-2026-24850 (The ML-DSA crate is a Rust implementation of the Module-Lattice-Based ...)
+ TODO: check
+CVE-2026-24842 (node-tar,a Tar for Node.js, contains a vulnerability in versions prior ...)
+ TODO: check
+CVE-2026-24841 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In vers ...)
+ TODO: check
+CVE-2026-24840 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In vers ...)
+ TODO: check
+CVE-2026-24839 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In vers ...)
+ TODO: check
+CVE-2026-24838 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2026-24837 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2026-24836 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2026-24833 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2026-24785 (Clatter is a no_std compatible, pure Rust implementation of the Noise ...)
+ TODO: check
+CVE-2026-24784 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+ TODO: check
+CVE-2026-24783 (soroban-fixed-point-math is a fixed-point math library for Soroban sma ...)
+ TODO: check
+CVE-2026-24779 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2026-24778 (Ghost is an open source content management system. In Ghost versions 5 ...)
+ TODO: check
+CVE-2026-24770 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
+ TODO: check
+CVE-2026-24765 (PHPUnit is a testing framework for PHP. A vulnerability has been disco ...)
+ TODO: check
+CVE-2026-24748 (Kargo manages and automates the promotion of software artifacts. Prior ...)
+ TODO: check
+CVE-2026-24747 (PyTorch is a Python package that provides tensor computation. Prior to ...)
+ TODO: check
+CVE-2026-24741 (ConvertXis a self-hosted online file converter. In versions prior to 0 ...)
+ TODO: check
+CVE-2026-24740 (Dozzle is a realtime log viewer for docker containers. Prior to versio ...)
+ TODO: check
+CVE-2026-24738 (gmrtd is a Go library for reading Machine Readable Travel Documents (M ...)
+ TODO: check
+CVE-2026-24736 (Squidex is an open source headless content management system and conte ...)
+ TODO: check
+CVE-2026-24134 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
+ TODO: check
+CVE-2026-23830 (SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 ...)
+ TODO: check
+CVE-2026-21569 (This High severity XXE (XML External Entity Injection) vulnerability w ...)
+ TODO: check
+CVE-2026-1514 (Official Document Management System developed by 2100 Technology has a ...)
+ TODO: check
+CVE-2026-1513 (billboard.js before 3.18.0 allows an attacker to execute malicious Jav ...)
+ TODO: check
+CVE-2026-1506 (A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an ...)
+ TODO: check
+CVE-2026-1505 (A vulnerability was found in D-Link DIR-615 4.10. This issue affects s ...)
+ TODO: check
+CVE-2026-1466 (Jirafeau normally prevents browser preview for text files due to the p ...)
+ TODO: check
+CVE-2026-1389 (The Document Embedder \u2013 Embed PDFs, Word, Excel, and Other Files ...)
+ TODO: check
+CVE-2026-1310 (The Simple calendar for Elementor plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-1298 (The Easy Replace Image plugin for WordPress is vulnerable to Missing A ...)
+ TODO: check
+CVE-2026-1295 (The Buy Now Plus \u2013 Buy Now buttons for Stripe plugin for WordPres ...)
+ TODO: check
+CVE-2026-1244 (The Forms Bridge \u2013 Infinite integrations plugin for WordPress is ...)
+ TODO: check
+CVE-2026-1083 (The Appointment Hour Booking \u2013 Booking Calendar plugin for WordPr ...)
+ TODO: check
+CVE-2026-1054 (The RegistrationMagic plugin for WordPress is vulnerable to Missing Au ...)
+ TODO: check
+CVE-2026-0832 (The New User Approve plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2026-0825 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...)
+ TODO: check
+CVE-2026-0818 (CSS-based exfiltration of the content from partially encrypted emails ...)
+ TODO: check
+CVE-2025-9082 (The WPBITS Addons For Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-8072 (The Target Video Easy Publish plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2025-67645 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2025-55292 (Meshtastic is an open source mesh networking solution. In the current ...)
+ TODO: check
+CVE-2025-54373 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2025-40554 (SolarWinds Web Help Desk was found to be susceptible to an authenticat ...)
+ TODO: check
+CVE-2025-40553 (SolarWinds Web Help Desk was found to be susceptible to an untrusted d ...)
+ TODO: check
+CVE-2025-40552 (SolarWinds Web Help Desk was found to be susceptible to an authenticat ...)
+ TODO: check
+CVE-2025-40551 (SolarWinds Web Help Desk was found to be susceptible to an untrusted d ...)
+ TODO: check
+CVE-2025-40537 (SolarWinds Web Help Desk was found to be susceptible to a hardcoded cr ...)
+ TODO: check
+CVE-2025-40536 (SolarWinds Web Help Desk was found to be susceptible to a security con ...)
+ TODO: check
+CVE-2025-21589 (An Authentication Bypass Using an Alternate Path or Channel vulnerabil ...)
+ TODO: check
+CVE-2025-14988 (A security issue has been identified in ibaPDA that could allow unauth ...)
+ TODO: check
+CVE-2025-14610 (The TableMaster for Elementor plugin for WordPress is vulnerable to Se ...)
+ TODO: check
+CVE-2025-14039 (The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-13471 (The User Activity Log WordPress plugin through 2.2 does not properly h ...)
+ TODO: check
+CVE-2025-12709 (The Interactions \u2013 Create Interactive Experiences in the Block Ed ...)
+ TODO: check
+CVE-2026-1504 (Inappropriate implementation in Background Fetch API in Google Chrome ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-XXXX [RUSTSEC-2025-0143]
@@ -77633,7 +77771,7 @@ CVE-2025-34040 (An arbitrary file upload vulnerability exists in the Zhiyuan OA
NOT-FOR-US: Zhiyuan OA
CVE-2025-34039 (A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prio ...)
NOT-FOR-US: Yonyou UFIDA NC
-CVE-2025-34038 (A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the ge ...)
+CVE-2025-34038 (A SQL injection vulnerability exists in Weaver E-cology 8.0 via the ge ...)
NOT-FOR-US: Fanwei e-cology
CVE-2025-34037 (An OS command injection vulnerability exists in various models of E-Se ...)
NOT-FOR-US: Linksys
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a44dee918de1606ce77b4d24de373bf636147c42
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a44dee918de1606ce77b4d24de373bf636147c42
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260128/632a69f1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list