[Git][security-tracker-team/security-tracker][master] automatic update

Fri Jan 30 08:13:18 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70dd477e by security tracker role at 2026-01-30T08:13:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,82 @@
-CVE-2026-25210 [Improve determination of buffer size bufSize in function doContent]
+CVE-2026-25211 (Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgve ...)
+	TODO: check
+CVE-2026-25126 (PolarLearn is a free and open-source learning program. Prior to versio ...)
+	TODO: check
+CVE-2026-25117 (pwn.college DOJO is an education platform for learning cybersecurity.  ...)
+	TODO: check
+CVE-2026-25116 (Runtipi is a personal homeserver orchestrator. Starting in version 4.5 ...)
+	TODO: check
+CVE-2026-25097
+	REJECTED
+CVE-2026-25096
+	REJECTED
+CVE-2026-25095
+	REJECTED
+CVE-2026-25094
+	REJECTED
+CVE-2026-25093
+	REJECTED
+CVE-2026-25092
+	REJECTED
+CVE-2026-25091
+	REJECTED
+CVE-2026-25090
+	REJECTED
+CVE-2026-25063 (gradle-completion provides Bash and Zsh completion support for Gradle. ...)
+	TODO: check
+CVE-2026-25061 (tcpflow is a TCP/IP packet demultiplexer. In versions up to and includ ...)
+	TODO: check
+CVE-2026-25047 (deepHas provides a test for the existence of a nested object key and o ...)
+	TODO: check
+CVE-2026-25046 (Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi C ...)
+	TODO: check
+CVE-2026-25040 (Budibase is a low code platform for creating internal tools, workflows ...)
+	TODO: check
+CVE-2026-24905 (Inspektor Gadget is a set of tools and framework for data collection a ...)
+	TODO: check
+CVE-2026-24904 (TrustTunnel is an open-source VPN protocol with a rule bypass issue in ...)
+	TODO: check
+CVE-2026-24902 (TrustTunnel is an open-source VPN protocol with a server-side request  ...)
+	TODO: check
+CVE-2026-24846 (malcontent discovers supply-chain compromises through. context, differ ...)
+	TODO: check
+CVE-2026-24845 (malcontent discovers supply-chain compromises through. context, differ ...)
+	TODO: check
+CVE-2026-24729 (An unrestricted upload of file with dangerous type vulnerability in th ...)
+	TODO: check
+CVE-2026-24728 (A missing authentication for critical function vulnerability in the /s ...)
+	TODO: check
+CVE-2026-24714 (Some end of service NETGEAR products provide "TelnetEnable" functional ...)
+	TODO: check
+CVE-2026-1680 (Improper access control in the WCF endpoint in Edgemo (now owned by Da ...)
+	TODO: check
+CVE-2026-1665 (A command injection vulnerability exists in nvm (Node Version Manager) ...)
+	TODO: check
+CVE-2026-1638 (A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.0 ...)
+	TODO: check
+CVE-2026-1637 (A vulnerability was identified in Tenda AC21 16.03.08.16. The affected ...)
+	TODO: check
+CVE-2026-1625 (A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted e ...)
+	TODO: check
+CVE-2026-1624 (A security vulnerability has been detected in D-Link DWR-M961 1.1.47.  ...)
+	TODO: check
+CVE-2026-1623 (A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted ...)
+	TODO: check
+CVE-2026-1340 (A code injection in Ivanti Endpoint Manager Mobile allowing attackers  ...)
+	TODO: check
+CVE-2026-1281 (A code injection in Ivanti Endpoint Manager Mobile allowing attackers  ...)
+	TODO: check
+CVE-2026-0963 (An input neutralization vulnerability in the File Operations API Endpo ...)
+	TODO: check
+CVE-2026-0805 (An input neutralization vulnerability in the Backup Configuration comp ...)
+	TODO: check
+CVE-2025-15322 (Tanium addressed an improper access controls vulnerability in Tanium S ...)
+	TODO: check
+CVE-2025-15288 (Tanium addressed an improper access controls vulnerability in Interact ...)
+	TODO: check
+CVE-2025-12899 (A flaw in Zephyr\u2019s network stack allows an IPv4 packet containing ...)
+	TODO: check
+CVE-2026-25210 (In libexpat before 2.7.4, the doContent function does not properly det ...)
 	- expat <unfixed>
 	NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/7ddea353ad3795f7222441274d4d9a155b523cba
 	NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/8855346359a475c022ec8c28484a76c852f144d9
@@ -30071,7 +30149,7 @@ CVE-2025-64738 (External control of file name or path in Zoom Workplace for macO
 	NOT-FOR-US: Zoom
 CVE-2025-64726 (Socket Firewall is an HTTP/HTTPS proxy server that intercepts package  ...)
 	NOT-FOR-US: Socket Firewall
-CVE-2025-64718 (js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and b ...)
+CVE-2025-64718 (js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1. ...)
 	- node-js-yaml <unfixed> (bug #1120696)
 	[trixie] - node-js-yaml <no-dsa> (Minor issue)
 	[bookworm] - node-js-yaml <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70dd477eb8ca92c8142ee7f3af1bb69a0add7f7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70dd477eb8ca92c8142ee7f3af1bb69a0add7f7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260130/dfd080f6/attachment.htm>
