[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 13 20:13:33 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0d74fc31 by security tracker role at 2026-06-13T19:13:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2026-9629 (The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2026-6428 (SQL Injection in reports/catalogue_out.pl in Koha Community Koha throu ...)
+ TODO: check
+CVE-2026-5513 (The Online Scheduling and Appointment Booking System \u2013 Bookly plu ...)
+ TODO: check
+CVE-2026-3297 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
+ TODO: check
+CVE-2026-2470 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
+ TODO: check
+CVE-2026-1291 (The Meow Gallery plugin for WordPress is vulnerable to unauthorized mo ...)
+ TODO: check
+CVE-2026-12183 (Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 thro ...)
+ TODO: check
+CVE-2026-11624 (The Model Context Protocol has a security warning advising servers to ...)
+ TODO: check
CVE-2026-9848 (The WP Ticket plugin for WordPress is vulnerable to SQL Injection via ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9134 (The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site ...)
@@ -301,7 +317,7 @@ CVE-2026-54102
REJECTED
CVE-2026-54101
REJECTED
-CVE-2026-53982 (Capgo Console prior to 12.28.2 contains a denial-of-service vulnerabil ...)
+CVE-2026-53982 (Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in ...)
NOT-FOR-US: Capgo Console
CVE-2026-53981 (Cap-go prior to 12.128.2 contains an account takeover vulnerability in ...)
NOT-FOR-US: Cap-go
@@ -722,87 +738,115 @@ CVE-2026-12059 (The SSH service of CelloOS developed by Cellopoint has an Improp
CVE-2026-12038
REJECTED
CVE-2026-12035 (Use after free in Views in Google Chrome on Windows prior to 149.0.782 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12034 (Insufficient validation of untrusted input in Linux Toolkit Theming in ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12033 (Out of bounds read in VideoCapture in Google Chrome prior to 149.0.782 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12032 (Inappropriate implementation in Passwords in Google Chrome on Android ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12031 (Inappropriate implementation in Views in Google Chrome on Windows prio ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12030 (Out of bounds write in GPU in Google Chrome on Android prior to 149.0. ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12029 (Use after free in Video in Google Chrome on Windows prior to 149.0.782 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12028 (Use after free in GPU in Google Chrome on Android prior to 149.0.7827. ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12027 (Inappropriate implementation in Headless in Google Chrome prior to 149 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12026 (Out of bounds read in Video in Google Chrome on ChromeOS prior to 149. ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12025 (Insufficient validation of untrusted input in Network in Google Chrome ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12024 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12023 (Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12022 (Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12020 (Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12019 (Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12018 (Inappropriate implementation in Mojo in Google Chrome on Windows prior ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12017 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12016 (Inappropriate implementation in DevTools in Google Chrome prior to 149 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12015 (Use after free in Autofill in Google Chrome prior to 149.0.7827.115 al ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12014 (Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowe ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12013 (Use after free in Media in Google Chrome on Windows prior to 149.0.782 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12012 (Use after free in Network in Google Chrome prior to 149.0.7827.115 all ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12011 (Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12010 (Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12009 (Insufficient validation of untrusted input in Accessibility in Google ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12008 (Use after free in DigitalCredentials in Google Chrome prior to 149.0.7 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-12007 (Use after free in Core in Google Chrome on Windows prior to 149.0.7827 ...)
+ {DSA-6344-1}
- chromium 149.0.7827.114-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-11933 (A use-after-free vulnerability exists in MongoDB Server's server-side ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d74fc31f34f087b75903f276fbe2f9b3cd731d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d74fc31f34f087b75903f276fbe2f9b3cd731d3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260613/087b8d2a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list