[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 31 08:13:02 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
36ae80fa by security tracker role at 2026-01-31T08:12:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,126 @@
-CVE-2026-25153
+CVE-2026-25156 (HotCRP is conference review software. HotCRP versions from October 202 ...)
+ TODO: check
+CVE-2026-25154 (LocalSend is a free, open-source app that allows users to share files ...)
+ TODO: check
+CVE-2026-25141 (Orval generates type-safe JS clients (TypeScript) from any valid OpenA ...)
+ TODO: check
+CVE-2026-25130 (Cybersecurity AI (CAI) is a framework for AI Security. In versions up ...)
+ TODO: check
+CVE-2026-25129 (PsySH is a runtime developer console, interactive debugger, and REPL f ...)
+ TODO: check
+CVE-2026-1723 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
+ TODO: check
+CVE-2026-1705 (A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Af ...)
+ TODO: check
+CVE-2026-1431 (The Booking Calendar plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2026-1251 (The SupportCandy \u2013 Helpdesk & Customer Support Ticket System plug ...)
+ TODO: check
+CVE-2026-0683 (The SupportCandy \u2013 Helpdesk & Customer Support Ticket System plug ...)
+ TODO: check
+CVE-2025-36442 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36428 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36427 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36424 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36423 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1 ...)
+ TODO: check
+CVE-2025-36407 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)11.5. ...)
+ TODO: check
+CVE-2025-36387 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36384 (IBM Db2 for Windows12.1.0 - 12.1.3 could allow a local user with file ...)
+ TODO: check
+CVE-2025-36366 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36365 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36353 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36184 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)11.5. ...)
+ TODO: check
+CVE-2025-36123 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36098 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36070 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)11.5. ...)
+ TODO: check
+CVE-2025-36009 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36001 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-2668 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)11.5. ...)
+ TODO: check
+CVE-2025-15525 (The Ajax Load More \u2013 Infinite Scroll, Load More, & Lazy Load plug ...)
+ TODO: check
+CVE-2025-15510 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2020-37057 (Online-Exam-System 2015 contains a SQL injection vulnerability in the ...)
+ TODO: check
+CVE-2020-37056 (Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerabil ...)
+ TODO: check
+CVE-2020-37054 (Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability ...)
+ TODO: check
+CVE-2020-37053 (Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerabili ...)
+ TODO: check
+CVE-2020-37052 (AirControl 1.4.2 contains a pre-authentication remote code execution v ...)
+ TODO: check
+CVE-2020-37051 (Online-Exam-System 2015 contains a time-based blind SQL injection vuln ...)
+ TODO: check
+CVE-2020-37050 (Quick Player 1.3 contains a buffer overflow vulnerability that allows ...)
+ TODO: check
+CVE-2020-37049 (Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the ...)
+ TODO: check
+CVE-2020-37046 (Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site ...)
+ TODO: check
+CVE-2020-37044 (OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) ...)
+ TODO: check
+CVE-2020-37043 (10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerabili ...)
+ TODO: check
+CVE-2020-37042 (Frigate Professional 3.36.0.9 contains a local buffer overflow vulnera ...)
+ TODO: check
+CVE-2020-37041 (OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the st ...)
+ TODO: check
+CVE-2020-37040 (Code Blocks 17.12 contains a local buffer overflow vulnerability that ...)
+ TODO: check
+CVE-2020-37039 (Frigate 2.02 contains a denial of service vulnerability that allows at ...)
+ TODO: check
+CVE-2020-37038 (Code Blocks 20.03 contains a denial of service vulnerability that allo ...)
+ TODO: check
+CVE-2020-37036 (RM Downloader 2.50.60 contains a local buffer overflow vulnerability i ...)
+ TODO: check
+CVE-2020-37035 (e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in ...)
+ TODO: check
+CVE-2020-37034 (HelloWeb 2.0 contains an arbitrary file download vulnerability that al ...)
+ TODO: check
+CVE-2020-37033 (Infor Storefront B2B 1.0 contains a SQL injection vulnerability that a ...)
+ TODO: check
+CVE-2020-37032 (Wing FTP Server 6.3.8 contains a remote code execution vulnerability i ...)
+ TODO: check
+CVE-2020-37031 (Simple Startup Manager 1.17 contains a local buffer overflow vulnerabi ...)
+ TODO: check
+CVE-2020-37029 (FTPDummy 4.80 contains a local buffer overflow vulnerability in its pr ...)
+ TODO: check
+CVE-2020-37028 (Socusoft Photo to Video Converter Professional 8.07 contains a local b ...)
+ TODO: check
+CVE-2020-37027 (Sickbeard alpha contains a remote command injection vulnerability that ...)
+ TODO: check
+CVE-2020-37026 (Sickbeard alpha contains a cross-site request forgery vulnerability th ...)
+ TODO: check
+CVE-2020-37025 (Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability ...)
+ TODO: check
+CVE-2020-37024 (Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerabil ...)
+ TODO: check
+CVE-2020-37023 (Koken CMS 0.22.24 contains a file upload vulnerability that allows aut ...)
+ TODO: check
+CVE-2019-25232 (NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Cl ...)
+ TODO: check
+CVE-2026-25153 (Backstage is an open framework for building developer portals, and @ba ...)
NOT-FOR-US: backstage/plugin-techdocs-node
-CVE-2026-25152
+CVE-2026-25152 (Backstage is an open framework for building developer portals, and @ba ...)
NOT-FOR-US: backstage/plugin-techdocs-node
CVE-2026-25128 (fast-xml-parser allows users to validate XML, parse XML to JS object, ...)
- node-webfont <not-affected> (Vulnerable code not present)
@@ -52491,7 +52611,7 @@ CVE-2025-10477 (A vulnerability was identified in kidaze CourseSelectionSystem u
NOT-FOR-US: kidaze CourseSelectionSystem
CVE-2024-12367 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
NOT-FOR-US: Vega Master
-CVE-2025-24293
+CVE-2025-24293 (# Active Storage allowed transformation methods potentially unsafe Ac ...)
{DSA-6090-1 DLA-4416-1}
- rails 2:7.2.2.2+dfsg-1
NOTE: https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36ae80fa5cff087818c97a83c76ae23959fa1fa1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36ae80fa5cff087818c97a83c76ae23959fa1fa1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260131/de1f9664/attachment.htm>
More information about the debian-security-tracker-commits
mailing list