[Git][security-tracker-team/security-tracker][master] automatic update

Mon Jun 15 20:13:39 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e45e440 by security tracker role at 2026-06-15T19:13:32+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,145 @@
+CVE-2026-9863 (Fortra BoKS Manager contains an OS command injection vulnerability in  ...)
+	TODO: check
+CVE-2026-9862 (Fortra's Core Privileged Access Manager (BoKS)contains an OS command i ...)
+	TODO: check
+CVE-2026-9595 (Impact: When a user-configured proxy on webpack-dev-server has a broad ...)
+	TODO: check
+CVE-2026-9278 (The Form Builder CP WordPress plugin before 1.2.47 does not properly s ...)
+	TODO: check
+CVE-2026-8935 (The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthentic ...)
+	TODO: check
+CVE-2026-8683 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for att ...)
+	TODO: check
+CVE-2026-8386 (The WP Go Maps  WordPress plugin before 10.0.10 does not perform any a ...)
+	TODO: check
+CVE-2026-8385 (The WP Go Maps  WordPress plugin before 10.0.10 does not properly enfo ...)
+	TODO: check
+CVE-2026-8358 (LibreOffice Calc can import tracked changes from a spreadsheet documen ...)
+	TODO: check
+CVE-2026-8357 (LibreOffice Calc compiles cell formulas when opening a spreadsheet. A  ...)
+	TODO: check
+CVE-2026-8356 (LibreOffice can import presentations in the legacy binary PPT format.  ...)
+	TODO: check
+CVE-2026-6517 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the al ...)
+	TODO: check
+CVE-2026-6047 (LibreOffice can import documents in the OOXML format (DOCX). A heap bu ...)
+	TODO: check
+CVE-2026-6045 (LibreOffice can import EMF+ graphics, which may be embedded in documen ...)
+	TODO: check
+CVE-2026-6040 (A heap use-after-free existed when importing the blank-width character ...)
+	TODO: check
+CVE-2026-6039 (LibreOffice can import drawings in the DXF format used by CAD software ...)
+	TODO: check
+CVE-2026-5482 (Responsive FileManager's allows an unauthenticatedattacker to upload f ...)
+	TODO: check
+CVE-2026-5242 (Improper neutralization of formula elements in a CSV file vulnerabilit ...)
+	TODO: check
+CVE-2026-5233 (Improper Control of Interaction Frequency vulnerability in MIA Technol ...)
+	TODO: check
+CVE-2026-5230 (Improper Access Control, Missing Authorization vulnerability in MIA Te ...)
+	TODO: check
+CVE-2026-5079 (Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vuln ...)
+	TODO: check
+CVE-2026-5038 (Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1  ...)
+	TODO: check
+CVE-2026-52704 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2026-50100 (Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MI ...)
+	TODO: check
+CVE-2026-49757 (Authentication Bypass by Spoofing vulnerability in team-alembic AshAut ...)
+	TODO: check
+CVE-2026-49294 (Valhalla is an open source routing engine and accompanying libraries f ...)
+	TODO: check
+CVE-2026-49111 (Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - ...)
+	TODO: check
+CVE-2026-49064 (Insertion of Sensitive Information Into Sent Data vulnerability in Sti ...)
+	TODO: check
+CVE-2026-49062 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+	TODO: check
+CVE-2026-48969 (Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 version ...)
+	TODO: check
+CVE-2026-47777 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2026-44188 (A flaw was found in Ansible Lightspeed. This vulnerability, related to ...)
+	TODO: check
+CVE-2026-34030 (TheWertheim SafeController Software, AssemblyVersion 6.15.8328.28014,  ...)
+	TODO: check
+CVE-2026-34029 (TheWertheim SafeController Software, AssemblyVersion 6.15.8328.28014,  ...)
+	TODO: check
+CVE-2026-34028 (The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, ...)
+	TODO: check
+CVE-2026-34027 (The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, ...)
+	TODO: check
+CVE-2026-34026 (Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, con ...)
+	TODO: check
+CVE-2026-34025 (The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, ...)
+	TODO: check
+CVE-2026-34024 (The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, ...)
+	TODO: check
+CVE-2026-34023 (The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, ...)
+	TODO: check
+CVE-2026-34022 (TheWertheim SafeController Family 65000, Controller 65000 - AssemblyVe ...)
+	TODO: check
+CVE-2026-34021 (The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6. ...)
+	TODO: check
+CVE-2026-20262 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, former ...)
+	TODO: check
+CVE-2026-12057 (When the application executes the JavaScript script embedded in the PD ...)
+	TODO: check
+CVE-2026-11860 (Quick.CMS deserializes user-controlled data received over plaintext HT ...)
+	TODO: check
+CVE-2026-10634 (Zephyr's native TCP stack iterates the global connection list in net_t ...)
+	TODO: check
+CVE-2025-64215 (Missing Authorization vulnerability in StylemixThemes MasterStudy LMS  ...)
+	TODO: check
+CVE-2025-15659 (Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions ...)
+	TODO: check
+CVE-2025-15658 (Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions ...)
+	TODO: check
+CVE-2019-25746 (WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injectio ...)
+	TODO: check
+CVE-2018-25437 (WordPress CherryFramework Themes 3.1.4 contains an information disclos ...)
+	TODO: check
+CVE-2018-25436 (WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an  ...)
+	TODO: check
+CVE-2016-20084 (WordPress appointment-booking-calendar 1.1.24 contains multiple privil ...)
+	TODO: check
+CVE-2016-20083 (WordPress More Fields Plugin 2.1 contains a cross-site request forgery ...)
+	TODO: check
+CVE-2016-20082 (WordPress Plugin Abtest contains a local file inclusion vulnerability  ...)
+	TODO: check
+CVE-2016-20081 (WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal ...)
+	TODO: check
+CVE-2016-20080 (WordPress Brandfolder plugin version 3.0 and earlier contains a local  ...)
+	TODO: check
+CVE-2016-20079 (WordPress Dharma Booking 2.28.3 and earlier contains a local file incl ...)
+	TODO: check
+CVE-2016-20078 (WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vu ...)
+	TODO: check
+CVE-2016-20077 (WordPress Plugin Photocart Link 1.6 contains a local file inclusion vu ...)
+	TODO: check
+CVE-2016-20076 (WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that  ...)
+	TODO: check
+CVE-2016-20075 (WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file up ...)
+	TODO: check
+CVE-2016-20074 (WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request ...)
+	TODO: check
+CVE-2016-20073 (Answer My Question 1.3 plugin for WordPress contains an SQL injection  ...)
+	TODO: check
+CVE-2016-20072 (BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection v ...)
+	TODO: check
+CVE-2016-20071 (The 404 Redirection Manager plugin version 1.0 for WordPress contains  ...)
+	TODO: check
+CVE-2016-20070 (WordPress Booking Calendar Contact Form 1.0.23 contains privilege esca ...)
+	TODO: check
+CVE-2016-20069 (WordPress Booking Calendar Contact Form 1.0.23 contains an unauthentic ...)
+	TODO: check
+CVE-2016-20068 (WordPress Booking Calendar Contact Form version 1.0.23 contains an una ...)
+	TODO: check
+CVE-2016-20067 (WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnera ...)
+	TODO: check
+CVE-2016-20066 (WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vu ...)
+	TODO: check
 CVE-2026-12205
 	- libcrypt-dsa-perl <unfixed>
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/41004653/
@@ -15898,7 +16040,7 @@ CVE-2026-48849 (In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1,
 	NOTE: https://github.com/roundcube/roundcubemail/commit/a21519187873ce962db029b6ff68e47bd7f3fd8a
 CVE-2026-9359 (A vulnerability was identified in Edimax EW-7438RPn 1.28a. Affected by ...)
 	NOT-FOR-US: Edimax
-CVE-2026-9358 (A vulnerability was determined in postcss up to 7.1.1. Affected is the ...)
+CVE-2026-9358 (A vulnerability was determined in postcss-selector-parser up to 6.1.2/ ...)
 	- node-css-loader <unfixed> (bug #1139161)
 	[trixie] - node-css-loader <no-dsa> (Minor issue)
 	[bookworm] - node-css-loader <no-dsa> (Minor issue)
@@ -28319,9 +28461,9 @@ CVE-2026-32689 (Allocation of Resources Without Limits or Throttling vulnerabili
 	NOT-FOR-US: phoenix
 CVE-2026-31835 (Vaultwarden is a Bitwarden-compatible server written in Rust. In versi ...)
 	- vaultwarden <itp> (bug #1067023)
-CVE-2026-31196 (The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE  ...)
+CVE-2026-31196 (OS command injection vulnerability in the traceroute diagnostic handle ...)
 	NOT-FOR-US: ALTICE
-CVE-2026-31195 (The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / ...)
+CVE-2026-31195 (OS command injection vulnerability in the ping diagnostic handler in / ...)
 	NOT-FOR-US: ALTICE
 CVE-2026-42268 (ModSecurity is an open source, cross platform web application firewall ...)
 	- modsecurity 3.0.15-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e45e440c8333b03bb32d6a301b573867f3de576

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e45e440c8333b03bb32d6a301b573867f3de576
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260615/ea07cee8/attachment.htm>
