[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 16 08:13:25 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
10766888 by security tracker role at 2026-06-16T07:13:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,28 +1,626 @@
+CVE-2026-9691 (Unauthenticated PHP Object Injection in Integration for ActiveCampaign ...)
+ TODO: check
+CVE-2026-9262 (Use of a non-secure protocol as the default FTP configuration in Canon ...)
+ TODO: check
+CVE-2026-9261 (Use of weak SSH cryptographic algorithms in Canon EOS Network Setting ...)
+ TODO: check
+CVE-2026-9260 (Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool ...)
+ TODO: check
+CVE-2026-9259 (Improper validation of server certificates in Canon EOS Network Settin ...)
+ TODO: check
+CVE-2026-9258 (Improper validation of SSH host keys in Canon EOS Network Setting Tool ...)
+ TODO: check
+CVE-2026-9187 (The Abandoned Contact Form 7 plugin for WordPress is vulnerable to una ...)
+ TODO: check
+CVE-2026-8443 (The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Inj ...)
+ TODO: check
+CVE-2026-7273 (A stack-based buffer overflow vulnerability in the CGI program of Zyxe ...)
+ TODO: check
+CVE-2026-6964 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-6933 (The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote C ...)
+ TODO: check
+CVE-2026-5149 (The RTMKit plugin for WordPress is vulnerable to Incorrect Authorizati ...)
+ TODO: check
+CVE-2026-5064 (Potential security vulnerabilities have been identified in the HP One ...)
+ TODO: check
+CVE-2026-54444
+ REJECTED
+CVE-2026-54296
+ REJECTED
+CVE-2026-54295
+ REJECTED
+CVE-2026-54294
+ REJECTED
+CVE-2026-54292
+ REJECTED
+CVE-2026-53430 (Improper Handling of Highly Compressed Data (Data Amplification) vulne ...)
+ TODO: check
+CVE-2026-52722 (A signed integer overflow vulnerability was found in GStreamer's VMnc ...)
+ TODO: check
+CVE-2026-52721 (Multiple out-of-bounds read vulnerabilities were found in GStreamer's ...)
+ TODO: check
+CVE-2026-52720 (A heap buffer overflow vulnerability was found in GStreamer's librfb ( ...)
+ TODO: check
+CVE-2026-52703 (Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.)
+ TODO: check
+CVE-2026-52702 (Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 ...)
+ TODO: check
+CVE-2026-52700 (Subscriber SQL Injection in WCMultiShipping <= 3.0.2 versions.)
+ TODO: check
+CVE-2026-52699 (Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar ...)
+ TODO: check
+CVE-2026-52697 (Subscriber SQL Injection in Taskbuilder <= 5.0.7 versions.)
+ TODO: check
+CVE-2026-52695 (Unauthenticated Sensitive Data Exposure in ABC Crypto Checkout <= 1.8. ...)
+ TODO: check
+CVE-2026-52694 (Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCom ...)
+ TODO: check
+CVE-2026-52693 (Unauthenticated SQL Injection in eCommerce Product Catalog <= 3.5.5 ve ...)
+ TODO: check
+CVE-2026-52692 (Unauthenticated Sensitive Data Exposure in Affiliates Manager <= 2.9.5 ...)
+ TODO: check
+CVE-2026-50892 (Incorrect access control in the "Let's Encrypt" certificate download e ...)
+ TODO: check
+CVE-2026-50891 (Incorrect access control in the /admin/api/config component of Filesta ...)
+ TODO: check
+CVE-2026-50890 (Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vu ...)
+ TODO: check
+CVE-2026-50889 (An input handling flaw in the HTTP refresh token process of LLDAP v0.6 ...)
+ TODO: check
+CVE-2026-50888 (An authenticated Server-Side Request Forgery (SSRF) in the custom scra ...)
+ TODO: check
+CVE-2026-50887 (A Server-Side Request Forgery (SSRF) in the automatic short URL title ...)
+ TODO: check
+CVE-2026-50886 (Incorrect access control in the webhook management component of Projec ...)
+ TODO: check
+CVE-2026-50885 (Incorrect access control in the share-based read endpoints of Sismics ...)
+ TODO: check
+CVE-2026-50884 (Incorrect access control in statping-ng v0.93.0 allows attackers to es ...)
+ TODO: check
+CVE-2026-50883 (An HTML injection vulnerability in the /src/highlight.rs component of ...)
+ TODO: check
+CVE-2026-50882 (An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 a ...)
+ TODO: check
+CVE-2026-50881 (Incorrect access control in the impworks Bonsai v6.0 allows authentica ...)
+ TODO: check
+CVE-2026-50880 (An issue in the sendmail transport integration component of YouTransfe ...)
+ TODO: check
+CVE-2026-50879 (An issue in the uploadPostHandler component of Andrei Marcu linx-serve ...)
+ TODO: check
+CVE-2026-50878 (An issue in the attachment handling component of Feuerhamster MailForm ...)
+ TODO: check
+CVE-2026-50877 (An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a direc ...)
+ TODO: check
+CVE-2026-50876 (A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allow ...)
+ TODO: check
+CVE-2026-50875 (Incorrect access control in the /{form}/webhooks/{webhook} endpoint of ...)
+ TODO: check
+CVE-2026-50874 (An OS command injection vulnerability in the /manage/features/media co ...)
+ TODO: check
+CVE-2026-50873 (An arbitrary file upload vulnerability in the attachment handling comp ...)
+ TODO: check
+CVE-2026-50872 (An issue in the loopback request handling component of fossar selfoss ...)
+ TODO: check
+CVE-2026-50871 (An OS command injection vulnerability in the media archiving and expor ...)
+ TODO: check
+CVE-2026-50870 (An information disclosure vulnerability in the configuration endpoint ...)
+ TODO: check
+CVE-2026-50869 (An issue in the api/plugin.php component of Bludit v3.19.0 allows atta ...)
+ TODO: check
+CVE-2026-50255 (Incorrect default permissions issue exists in Optical Disc Archive Sof ...)
+ TODO: check
+CVE-2026-49954 (Discuz! X5.0 releases 20260320 through 20260610 contain a local file i ...)
+ TODO: check
+CVE-2026-49953 (Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA byp ...)
+ TODO: check
+CVE-2026-49952 (Discuz! X5.0 releases 20260320 through 20260501 contains an authentica ...)
+ TODO: check
+CVE-2026-49781 (Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.)
+ TODO: check
+CVE-2026-49780 (Customer Privilege Escalation in Dokan <= 5.0.2 versions.)
+ TODO: check
+CVE-2026-49776 (Unauthenticated SQL Injection in GPTranslate \u2013 Multilingual AI Tr ...)
+ TODO: check
+CVE-2026-49775 (Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 ...)
+ TODO: check
+CVE-2026-49773 (Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < ...)
+ TODO: check
+CVE-2026-49770 (Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 ver ...)
+ TODO: check
+CVE-2026-49769 (Unauthenticated PHP Object Injection in wpForo Forum <= 3.1.0 versions ...)
+ TODO: check
+CVE-2026-49768 (Unauthenticated PHP Object Injection in Happyforms <= 1.26.13 versions ...)
+ TODO: check
+CVE-2026-49766 (Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versio ...)
+ TODO: check
+CVE-2026-49765 (Unauthenticated PHP Object Injection in Integration for Mailchimp and ...)
+ TODO: check
+CVE-2026-49764 (Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 ...)
+ TODO: check
+CVE-2026-49763 (Unauthenticated PHP Object Injection in Integration for Contact Form 7 ...)
+ TODO: check
+CVE-2026-49112 (Unauthenticated Path Traversal in Shared Files <= 1.7.64 versions.)
+ TODO: check
+CVE-2026-49110 (Unauthenticated Broken Authentication in Upsell Order Bump Offer for W ...)
+ TODO: check
+CVE-2026-49109 (Unauthenticated PHP Object Injection in Integration for Salesforce and ...)
+ TODO: check
+CVE-2026-49106 (Unauthenticated PHP Object Injection in Integration for Contact Form 7 ...)
+ TODO: check
+CVE-2026-49105 (Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, ...)
+ TODO: check
+CVE-2026-49104 (Unauthenticated PHP Object Injection in Integration for Keap/infusions ...)
+ TODO: check
+CVE-2026-49085 (Unauthenticated PHP Object Injection in WP Insightly for Contact Form ...)
+ TODO: check
+CVE-2026-49083 (Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.)
+ TODO: check
+CVE-2026-49082 (Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Cha ...)
+ TODO: check
+CVE-2026-49078 (Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 ...)
+ TODO: check
+CVE-2026-49070 (Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.)
+ TODO: check
+CVE-2026-49068 (Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versi ...)
+ TODO: check
+CVE-2026-49067 (Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6. ...)
+ TODO: check
+CVE-2026-49066 (Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway <= ...)
+ TODO: check
+CVE-2026-49065 (Unauthenticated Broken Access Control in Hippoo Mobile App for WooComm ...)
+ TODO: check
+CVE-2026-49063 (Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.)
+ TODO: check
+CVE-2026-49061 (Unauthenticated Arbitrary File Download in WPC Product Options for Woo ...)
+ TODO: check
+CVE-2026-49056 (Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, P ...)
+ TODO: check
+CVE-2026-49055 (Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple F ...)
+ TODO: check
+CVE-2026-49043 (Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite < ...)
+ TODO: check
+CVE-2026-48970 (Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 v ...)
+ TODO: check
+CVE-2026-48966 (Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by Funnel ...)
+ TODO: check
+CVE-2026-48965 (Subscriber Sensitive Data Exposure in XCloner <= 4.8.6 versions.)
+ TODO: check
+CVE-2026-48964 (Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketi ...)
+ TODO: check
+CVE-2026-48889 (Subscriber Privilege Escalation in Amelia <= 2.3 versions.)
+ TODO: check
+CVE-2026-48887 (Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 version ...)
+ TODO: check
+CVE-2026-48886 (Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.)
+ TODO: check
+CVE-2026-48885 (Unauthenticated Cross Site Scripting (XSS) in HollerBox <= 2.3.10.1 ve ...)
+ TODO: check
+CVE-2026-48883 (Unauthenticated Broken Access Control in WPC Product Bundles for WooCo ...)
+ TODO: check
+CVE-2026-48882 (Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versi ...)
+ TODO: check
+CVE-2026-48881 (Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions.)
+ TODO: check
+CVE-2026-48880 (Subscriber Cross Site Scripting (XSS) in WP Job Portal <= 2.5.2 versio ...)
+ TODO: check
+CVE-2026-48878 (Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.4.1 ver ...)
+ TODO: check
+CVE-2026-48876 (Unauthenticated Cross Site Scripting (XSS) in Stop Spammers <= 2026.3 ...)
+ TODO: check
+CVE-2026-48874 (Subscriber SQL Injection in GamiPress <= 7.8.7 versions.)
+ TODO: check
+CVE-2026-48873 (Unauthenticated Broken Access Control in Montonio for WooCommerce <= 1 ...)
+ TODO: check
+CVE-2026-48872 (Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 version ...)
+ TODO: check
+CVE-2026-48871 (Unauthenticated Cross Site Scripting (XSS) in MW WP Form <= 5.1.3 vers ...)
+ TODO: check
+CVE-2026-48870 (Subscriber Cross Site Scripting (XSS) in King Addons for Elementor <= ...)
+ TODO: check
+CVE-2026-48868 (Unauthenticated Insecure Direct Object References (IDOR) in Simple Sho ...)
+ TODO: check
+CVE-2026-48867 (Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master < ...)
+ TODO: check
+CVE-2026-48854 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-48853 (Deserialization of Untrusted Data and Allocation of Resources Without ...)
+ TODO: check
+CVE-2026-48838 (Unauthenticated Cross Site Scripting (XSS) in Post SMTP <= 3.6.2 versi ...)
+ TODO: check
+CVE-2026-48836 (Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 ...)
+ TODO: check
+CVE-2026-48835 (Unauthenticated Broken Access Control in Contact Form by WPForms <= 1. ...)
+ TODO: check
+CVE-2026-48723 (The browserstack-cypress-cli is BrowserStack's CLI which allows users ...)
+ TODO: check
+CVE-2026-48714 (i18next-http-middleware is a middleware to be used with Node.js web fr ...)
+ TODO: check
+CVE-2026-48713 (Versions prior to 2.6.6 are vulnerable to prototype pollution via craf ...)
+ TODO: check
+CVE-2026-48709 (OliveTin gives access to predefined shell commands from a web interfac ...)
+ TODO: check
+CVE-2026-48708 (OliveTin gives access to predefined shell commands from a web interfac ...)
+ TODO: check
+CVE-2026-48599 (Authorization Bypass Through User-Controlled Key vulnerability in elix ...)
+ TODO: check
+CVE-2026-48518 (MultiJuicer is used to run separate Juice Shop instances on a central ...)
+ TODO: check
+CVE-2026-48157 (Slim is a PHP micro framework that enables users to write simple web a ...)
+ TODO: check
+CVE-2026-48124 (Cursor is a code editor built for programming with AI. In versions pri ...)
+ TODO: check
+CVE-2026-48114 (Metacat is data repository software that helps researchers preserve, s ...)
+ TODO: check
+CVE-2026-48017 (DbGate is cross-platform database manager. In versions 7.1.8 and prior ...)
+ TODO: check
+CVE-2026-47835 (In Spring AI Vector Stores, special characters could be used to force ...)
+ TODO: check
+CVE-2026-47825 (Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded ...)
+ TODO: check
+CVE-2026-47261 (Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36 ...)
+ TODO: check
+CVE-2026-45441 (Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 version ...)
+ TODO: check
+CVE-2026-45439 (Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 ...)
+ TODO: check
+CVE-2026-45437 (Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget fo ...)
+ TODO: check
+CVE-2026-45390 (In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in ...)
+ TODO: check
+CVE-2026-45389 (In OCaml-TLS before 2.1.0, the server implementation does insufficient ...)
+ TODO: check
+CVE-2026-45388 (In OCaml-TLS before 2.1.0, the client implementation does insufficient ...)
+ TODO: check
+CVE-2026-42775 (Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.7.2 ver ...)
+ TODO: check
+CVE-2026-42752 (Unauthenticated Bypass Vulnerability in Stripe Payments <= 2.0.98 vers ...)
+ TODO: check
+CVE-2026-42743 (Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 vers ...)
+ TODO: check
+CVE-2026-42688 (Subscriber Cross Site Scripting (XSS) in Modula Image Gallery <= 2.14. ...)
+ TODO: check
+CVE-2026-42687 (Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions ...)
+ TODO: check
+CVE-2026-42686 (Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 version ...)
+ TODO: check
+CVE-2026-42668 (Unauthenticated Broken Authentication in Email Marketing for WooCommer ...)
+ TODO: check
+CVE-2026-42667 (Unauthenticated Sensitive Data Exposure in Bookly <= 27.4 versions.)
+ TODO: check
+CVE-2026-42666 (Unauthenticated Broken Access Control in Salon booking system <= 10.30 ...)
+ TODO: check
+CVE-2026-42665 (Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions.)
+ TODO: check
+CVE-2026-42664 (Unauthenticated Broken Access Control in AI Product Search for WooComm ...)
+ TODO: check
+CVE-2026-42663 (Unauthenticated Cross Site Scripting (XSS) in Simple Membership <= 4.7 ...)
+ TODO: check
+CVE-2026-42662 (Unauthenticated Bypass Vulnerability in Event Tickets <= 5.27.5 versio ...)
+ TODO: check
+CVE-2026-42661 (Custom role Path Traversal in WP Customer Area <= 8.3.4 versions.)
+ TODO: check
+CVE-2026-42660 (Subscriber Sensitive Data Exposure in Contest Gallery <= 28.1.7 versio ...)
+ TODO: check
+CVE-2026-42659 (Subscriber Broken Access Control in Advanced Form Integration <= 1.126 ...)
+ TODO: check
+CVE-2026-42658 (Unauthenticated Cross Site Scripting (XSS) in Classified Listing <= 5. ...)
+ TODO: check
+CVE-2026-42657 (Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 ...)
+ TODO: check
+CVE-2026-42656 (Subscriber Cross Site Scripting (XSS) in Contest Gallery <= 28.1.6 ver ...)
+ TODO: check
+CVE-2026-42655 (Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= ...)
+ TODO: check
+CVE-2026-42651 (Subscriber Broken Access Control in Classified Listing <= 5.3.9 versio ...)
+ TODO: check
+CVE-2026-42650 (Unauthenticated Cross Site Scripting (XSS) in AutomatorWP <= 5.6.7 ver ...)
+ TODO: check
+CVE-2026-42649 (Unauthenticated Cross Site Scripting (XSS) in Favicon Rotator <= 1.2.1 ...)
+ TODO: check
+CVE-2026-42640 (Unauthenticated Broken Access Control in Classified Listing <= 5.3.8 v ...)
+ TODO: check
+CVE-2026-42639 (Unauthenticated SQL Injection in GD Rating System <= 3.6.2 versions.)
+ TODO: check
+CVE-2026-42411 (Unauthenticated Broken Authentication in CloudSecure WP Security <= 1. ...)
+ TODO: check
+CVE-2026-42386 (Unauthenticated SQL Injection in Order Delivery Date for WooCommerce < ...)
+ TODO: check
+CVE-2026-42384 (Unauthenticated Sensitive Data Exposure in Simply Schedule Appointment ...)
+ TODO: check
+CVE-2026-42381 (Unauthenticated SQL Injection in Funnel Builder by FunnelKit <= 3.15.0 ...)
+ TODO: check
+CVE-2026-42378 (Subscriber Broken Authentication in WP Full Stripe Free <= 8.4.1 versi ...)
+ TODO: check
+CVE-2026-41708 (In Spring Cloud Sleuth, it is possible for a user to provide specially ...)
+ TODO: check
+CVE-2026-41556 (Subscriber Cross Site Scripting (XSS) in ProfilePress <= 4.16.13 versi ...)
+ TODO: check
+CVE-2026-40799 (Unauthenticated Broken Authentication in Simple Cloudflare Turnstile < ...)
+ TODO: check
+CVE-2026-40798 (Unauthenticated SQL Injection in wpForo Forum <= 3.0.4 versions.)
+ TODO: check
+CVE-2026-40796 (Subscriber Sensitive Data Exposure in WPPizza <= 3.19.9 versions.)
+ TODO: check
+CVE-2026-40795 (Subscriber Broken Access Control in Amelia <= 2.2 versions.)
+ TODO: check
+CVE-2026-40794 (Subscriber Broken Access Control in myCred <= 3.0.3 versions.)
+ TODO: check
+CVE-2026-40793 (Subscriber Broken Access Control in Groundhogg < 4.4.1 versions.)
+ TODO: check
+CVE-2026-40792 (Subscriber Insecure Direct Object References (IDOR) in KiviCare <= 4.2 ...)
+ TODO: check
+CVE-2026-40791 (Unauthenticated Cross Site Scripting (XSS) in WP Time Slots Booking Fo ...)
+ TODO: check
+CVE-2026-40790 (Subscriber Sensitive Data Exposure in WP SMS <= 7.2.1 versions.)
+ TODO: check
+CVE-2026-40789 (Unauthenticated Sensitive Data Exposure in Amelia <= 2.2 versions.)
+ TODO: check
+CVE-2026-40788 (Subscriber Broken Access Control in ChatBot <= 7.9.7 versions.)
+ TODO: check
+CVE-2026-40787 (Unauthenticated Cross Site Scripting (XSS) in Quiz And Survey Master < ...)
+ TODO: check
+CVE-2026-40785 (Subscriber Broken Authentication in AutomatorWP <= 5.6.7 versions.)
+ TODO: check
+CVE-2026-40782 (Unauthenticated Broken Access Control in WPAdverts <= 2.3.0 versions.)
+ TODO: check
+CVE-2026-40781 (Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.)
+ TODO: check
+CVE-2026-40779 (Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions.)
+ TODO: check
+CVE-2026-40776 (Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 ve ...)
+ TODO: check
+CVE-2026-40775 (Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.)
+ TODO: check
+CVE-2026-40774 (Unauthenticated Broken Access Control in Booking Package <= 1.7.06 ver ...)
+ TODO: check
+CVE-2026-40773 (Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress ...)
+ TODO: check
+CVE-2026-40772 (Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.)
+ TODO: check
+CVE-2026-40771 (Unauthenticated SQL Injection in Contest Gallery <= 28.1.6 versions.)
+ TODO: check
+CVE-2026-40770 (Unauthenticated Cross Site Scripting (XSS) in Coupon Affiliates <= 7.5 ...)
+ TODO: check
+CVE-2026-40769 (Unauthenticated Arbitrary File Deletion in Contact Form Extender for D ...)
+ TODO: check
+CVE-2026-40767 (Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions ...)
+ TODO: check
+CVE-2026-40766 (Subscriber SQL Injection in MasterStudy LMS <= 3.7.25 versions.)
+ TODO: check
+CVE-2026-40762 (Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.)
+ TODO: check
+CVE-2026-40743 (Unauthenticated Broken Access Control in Tutor LMS <= 3.9.7 versions.)
+ TODO: check
+CVE-2026-40741 (Unauthenticated Broken Access Control in Redsys for WooCommerce Light ...)
+ TODO: check
+CVE-2026-40732 (Unauthenticated Cross Site Scripting (XSS) in Notification for Telegra ...)
+ TODO: check
+CVE-2026-40727 (Sales Representative Arbitrary File Deletion in Groundhogg <= 4.4 vers ...)
+ TODO: check
+CVE-2026-39594 (Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 ...)
+ TODO: check
+CVE-2026-39591 (Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 vers ...)
+ TODO: check
+CVE-2026-39587 (Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versi ...)
+ TODO: check
+CVE-2026-39584 (Subscriber Broken Access Control in RepairBuddy <= 4.1132 versions.)
+ TODO: check
+CVE-2026-39583 (Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery ...)
+ TODO: check
+CVE-2026-39579 (Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.)
+ TODO: check
+CVE-2026-39540 (Subscriber Cross Site Scripting (XSS) in Shipment Tracker for Woocomme ...)
+ TODO: check
+CVE-2026-39534 (Unauthenticated Broken Access Control in WP Directory Kit <= 1.5.0 ver ...)
+ TODO: check
+CVE-2026-39533 (Unauthenticated Broken Access Control in AWP Classifieds <= 4.4.4 vers ...)
+ TODO: check
+CVE-2026-39532 (Contributor PHP Object Injection in Events Calendar for GeoDirectory < ...)
+ TODO: check
+CVE-2026-39530 (Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 ve ...)
+ TODO: check
+CVE-2026-39527 (Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.)
+ TODO: check
+CVE-2026-39525 (Unauthenticated Broken Access Control in Booking Activities <= 1.16.48 ...)
+ TODO: check
+CVE-2026-39524 (Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 vers ...)
+ TODO: check
+CVE-2026-39519 (Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.)
+ TODO: check
+CVE-2026-39518 (Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4 ...)
+ TODO: check
+CVE-2026-39515 (Subscriber Broken Access Control in Motors < 1.4.107 versions.)
+ TODO: check
+CVE-2026-39514 (Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscription ...)
+ TODO: check
+CVE-2026-39513 (Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 ...)
+ TODO: check
+CVE-2026-39512 (Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.)
+ TODO: check
+CVE-2026-39511 (Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 ver ...)
+ TODO: check
+CVE-2026-39507 (Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2. ...)
+ TODO: check
+CVE-2026-39503 (Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6 ...)
+ TODO: check
+CVE-2026-39502 (Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versio ...)
+ TODO: check
+CVE-2026-39499 (Shop manager PHP Object Injection in Advanced Product Fields (Product ...)
+ TODO: check
+CVE-2026-39498 (Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.)
+ TODO: check
+CVE-2026-39493 (Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9 ...)
+ TODO: check
+CVE-2026-39492 (Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.)
+ TODO: check
+CVE-2026-39491 (Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versi ...)
+ TODO: check
+CVE-2026-39489 (Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.)
+ TODO: check
+CVE-2026-39481 (Author PHP Object Injection in Modula Image Gallery <= 2.14.18 version ...)
+ TODO: check
+CVE-2026-39480 (Unauthenticated Sensitive Data Exposure in Backup Migration <= 2.1.1 v ...)
+ TODO: check
+CVE-2026-39478 (Contributor PHP Object Injection in Anti-Malware Security and Brute-Fo ...)
+ TODO: check
+CVE-2026-39474 (Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions ...)
+ TODO: check
+CVE-2026-39472 (Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packin ...)
+ TODO: check
+CVE-2026-39471 (Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 ver ...)
+ TODO: check
+CVE-2026-39470 (Shop manager Privilege Escalation in WooCommerce Cart Abandonment Reco ...)
+ TODO: check
+CVE-2026-39468 (Contributor Arbitrary File Deletion in Meta Box \u2013 WordPress Custo ...)
+ TODO: check
+CVE-2026-39465 (Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider ...)
+ TODO: check
+CVE-2026-39463 (Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.3 ...)
+ TODO: check
+CVE-2026-39451 (Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider ...)
+ TODO: check
+CVE-2026-39450 (Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 ver ...)
+ TODO: check
+CVE-2026-39449 (Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API ...)
+ TODO: check
+CVE-2026-39447 (Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointm ...)
+ TODO: check
+CVE-2026-39441 (Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce \u20 ...)
+ TODO: check
+CVE-2026-39435 (Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versi ...)
+ TODO: check
+CVE-2026-39434 (Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.)
+ TODO: check
+CVE-2026-39197 (An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector ...)
+ TODO: check
+CVE-2026-39196 (Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection ...)
+ TODO: check
+CVE-2026-39118 (An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local ...)
+ TODO: check
+CVE-2026-39007 (An issue in Observeinc's Observe v.2026-01-28 and before allows a remo ...)
+ TODO: check
+CVE-2026-39006 (An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arb ...)
+ TODO: check
+CVE-2026-38812 (RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTa ...)
+ TODO: check
+CVE-2026-38329 (Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) vi ...)
+ TODO: check
+CVE-2026-38065 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
+ TODO: check
+CVE-2026-38064 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
+ TODO: check
+CVE-2026-38063 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
+ TODO: check
+CVE-2026-38062 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
+ TODO: check
+CVE-2026-38061 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
+ TODO: check
+CVE-2026-38060 (Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injecti ...)
+ TODO: check
+CVE-2026-37216 (Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interfa ...)
+ TODO: check
+CVE-2026-36933 (An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physical ...)
+ TODO: check
+CVE-2026-36670 (A Time-Based Blind SQL Injection vulnerability in the alias_management ...)
+ TODO: check
+CVE-2026-36537 (ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during ...)
+ TODO: check
+CVE-2026-36521 (PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability i ...)
+ TODO: check
+CVE-2026-36213 (An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local att ...)
+ TODO: check
+CVE-2026-34902 (Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Tabl ...)
+ TODO: check
+CVE-2026-34901 (Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.)
+ TODO: check
+CVE-2026-34900 (Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 version ...)
+ TODO: check
+CVE-2026-34898 (Unauthenticated Broken Access Control in Event Tickets Manager for Woo ...)
+ TODO: check
+CVE-2026-34892 (Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.)
+ TODO: check
+CVE-2026-34891 (Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for W ...)
+ TODO: check
+CVE-2026-34886 (Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 ve ...)
+ TODO: check
+CVE-2026-30121 (remotion-dev remotion v4.0.409 was discovered to contain an arbitrary ...)
+ TODO: check
+CVE-2026-30120 (remotion-dev remotion v4.0.409 was discovered to contain a remote code ...)
+ TODO: check
+CVE-2026-27407 (Editor Privilege Escalation in AI Engine <= 3.4.9 versions.)
+ TODO: check
+CVE-2026-27333 (Unauthenticated Deserialization of untrusted data in Paid Videochat Tu ...)
+ TODO: check
+CVE-2026-27089 (Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.)
+ TODO: check
+CVE-2026-27053 (Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 v ...)
+ TODO: check
+CVE-2026-25440 (Unauthenticated Broken Access Control in Essential Addons for Elemento ...)
+ TODO: check
+CVE-2026-25425 (Unauthenticated Broken Access Control in User Registration <= 5.1.2 ve ...)
+ TODO: check
+CVE-2026-24637 (Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 version ...)
+ TODO: check
+CVE-2026-23970 (Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact ...)
+ TODO: check
+CVE-2026-12162 (Improper host validation in the social login autofill feature in Devo ...)
+ TODO: check
+CVE-2026-12161 (Improper input validation in the SSH Elevate Shell feature in Devolut ...)
+ TODO: check
+CVE-2026-11931 (Incorrect default permissions in Kiro IDE on macOS and Linux before ve ...)
+ TODO: check
+CVE-2026-10780 (The Static Block plugin for WordPress is vulnerable to Insecure Direct ...)
+ TODO: check
+CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the pag ...)
+ TODO: check
+CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/ ...)
+ TODO: check
+CVE-2025-69332 (Subscriber Broken Access Control in Bookify <= 1.1.1 versions.)
+ TODO: check
+CVE-2025-68872 (Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adS ...)
+ TODO: check
+CVE-2025-68851 (Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 vers ...)
+ TODO: check
+CVE-2025-68840 (Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 ...)
+ TODO: check
+CVE-2025-68713 (An issue was discovered in Rakuten Send Anywhere (File Transfer) for A ...)
+ TODO: check
+CVE-2025-68049 (Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.)
+ TODO: check
+CVE-2025-60175 (Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 ver ...)
+ TODO: check
+CVE-2025-59133 (Custom role Insecure Direct Object References (IDOR) in Projectopia <= ...)
+ TODO: check
+CVE-2025-56814 (A code injection vulnerability in the wxExecute() function of OpenCPN ...)
+ TODO: check
+CVE-2025-10262 (Nokia SR Linux is vulnerable to local privilege escalation vulnerabili ...)
+ TODO: check
CVE-2026-XXXX [NTLM client: Avoid use-of-unitialized-value inside libntlm]
- gsasl 2.2.4-1
NOTE: https://lists.gnu.org/archive/html/help-gsasl/2026-06/msg00000.html
-CVE-2026-53704
+CVE-2026-53704 (A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-u ...)
- gst-plugins-ugly1.0 1.28.4-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0042.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11825
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11826 (1.28.4)
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11831 (1.26 branch)
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11832 (1.24 branch)
-CVE-2026-53703
+CVE-2026-53703 (A vulnerability was found in the GStreamer RealMedia demuxer (gst-plug ...)
- gst-plugins-ugly1.0 1.28.4-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0042.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11825
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11826 (1.28.4)
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11831 (1.26 branch)
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11832 (1.24 branch)
-CVE-2026-52719
+CVE-2026-52719 (An out-of-bounds read vulnerability was found in the VA JPEG decoder i ...)
- gst-plugins-bad1.0 <unfixed>
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0040.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11805
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/35a7895274f5f7b38aaab9ceeec4af48e699e3ee (1.28.4)
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/987278d3b2c01c5bf387181a120bec5856aba82c (1.26 branch)
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c5f9c5bee5f2139157c0ce0a160f0a1173b7ce94 (1.24 branch)
-CVE-2026-52718
+CVE-2026-52718 (A denial of service vulnerability was found in GStreamer's AV1 codec p ...)
- gst-libav1.0 1.28.4-1
- gst-plugins-bad1.0 <unfixed>
- gst-plugins-good1.0 1.28.4-1
@@ -40,7 +638,7 @@ CVE-2026-52717
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11820 (1.28.4)
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11822 (1.26 branch)
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11819 (1.24 branch)
-CVE-2026-53705
+CVE-2026-53705 (A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-g ...)
- gst-plugins-good1.0 1.28.4-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0035.html
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5069
@@ -50,12 +648,12 @@ CVE-2026-53705
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e9ded43316bfe6c381a17f971c7097421a4ae201 (1.28.4)
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9326c636a22a678952a6cae6518465d35d441a87 (1.28.4)
NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f7cb3e0288627cce919e656584b852ac8605c922 (1.28.4)
-CVE-2026-12087
+CVE-2026-12087 (Socket versions before 2.041 for Perl have an out-of-bounds heap read. ...)
- libsocket-perl 2.041-1
- perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41020451/
NOTE: Fixed by: https://github.com/Perl/perl5/commit/de19a0b0ad1900fef976c5c1400bd8f11ec6c6cb (v5.43.11)
-CVE-2026-11832
+CVE-2026-11832 (Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to ...)
NOT-FOR-US: Dancer2::Plugin::Auth::OAuth Perl module
CVE-2026-9863 (Fortra BoKS Manager contains an OS command injection vulnerability in ...)
NOT-FOR-US: Fortra
@@ -74,12 +672,15 @@ CVE-2026-8386 (The WP Go Maps WordPress plugin before 10.0.10 does not perform
CVE-2026-8385 (The WP Go Maps WordPress plugin before 10.0.10 does not properly enfo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8358 (LibreOffice Calc can import tracked changes from a spreadsheet documen ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.4.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-8358
CVE-2026-8357 (LibreOffice Calc compiles cell formulas when opening a spreadsheet. A ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.4.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-8357
CVE-2026-8356 (LibreOffice can import presentations in the legacy binary PPT format. ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.4.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-8356
CVE-2026-6517 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the al ...)
@@ -90,13 +691,16 @@ CVE-2026-6047 (LibreOffice can import documents in the OOXML format (DOCX). A he
[bookworm] - libreoffice <not-affected> (Vulnerable code not present)
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6047
CVE-2026-6045 (LibreOffice can import EMF+ graphics, which may be embedded in documen ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.3.2-2
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6045
CVE-2026-6040 (A heap use-after-free existed when importing the blank-width character ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.3.2-2
[bookworm] - libreoffice <not-affected> (Vulnerable code not present)
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6040
CVE-2026-6039 (LibreOffice can import drawings in the DXF format used by CAD software ...)
+ {DSA-6346-1}
- libreoffice 4:26.2.3.2-2
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6039
CVE-2026-5482 (Responsive FileManager's allows an unauthenticatedattacker to upload f ...)
@@ -209,7 +813,7 @@ CVE-2016-20067 (WordPress CP Polls 1.0.8 contains a cross-site request forgery v
NOT-FOR-US: WordPress plugin
CVE-2016-20066 (WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vu ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-12205
+CVE-2026-12205 (Crypt::DSA versions before 1.21 for Perl reused the nonce across signa ...)
- libcrypt-dsa-perl 1.21-1 (bug #1140105)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41004653/
CVE-2026-XXXX [SSLMate go-pkcs12: Authentication bypass in Decode functions]
@@ -326,43 +930,43 @@ CVE-2026-12174 (A security vulnerability has been detected in D-Link DCS-935L 1.
CVE-2025-55662
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55660
+CVE-2025-55660 (A stack overflow in the gf_opus_read_length function (media_tools/av_p ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55663
+CVE-2025-55663 (A segmentation violation in the Track_SetStreamDescriptor function (is ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55661
+CVE-2025-55661 (A heap buffer overflow in the Opus audio stream parser component of GP ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55650
+CVE-2025-55650 (A heap use-after-free in the gf_node_get_tag function (scenegraph/base ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55649
+CVE-2025-55649 (A NULL pointer dereference in the gf_media_map_esd function (media_too ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55648
+CVE-2025-55648 (A heap buffer overflow in the gf_opus_parse_packet_header function (me ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55641
+CVE-2025-55641 (A NULL pointer dereference in the gf_isom_copy_sample_info function (i ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55642
+CVE-2025-55642 (GPAC MP4Box v2.4 was discovered to contain a floating point exception ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55647
+CVE-2025-55647 (An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55645
+CVE-2025-55645 (A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_ ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55643
+CVE-2025-55643 (A NULL pointer dereference in the TrackWriter handling component (filt ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55644
+CVE-2025-55644 (A heap use-after-free in the gf_node_get_tag function (scenegraph/base ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
-CVE-2025-55652
+CVE-2025-55652 (A heap buffer overflow in the gf_isom_vp_config_new function (isomedia ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (out of LTS support)
CVE-2026-XXXX [RUSTSEC-2026-0174]
@@ -1959,7 +2563,7 @@ CVE-2026-20255 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and
NOT-FOR-US: Cisco
CVE-2026-20254 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13 ...)
NOT-FOR-US: Cisco
-CVE-2026-20253 (In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Clou ...)
+CVE-2026-20253 (In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below ...)
NOT-FOR-US: Cisco
CVE-2026-20252 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13 ...)
NOT-FOR-US: Cisco
@@ -2369,6 +2973,7 @@ CVE-2025-59382 (QTS, QuTS hero, QuTScloud are not affected. We have already fix
CVE-2025-58468 (A cross-site request forgery (CSRF) vulnerability has been reported to ...)
NOT-FOR-US: QNAP
CVE-2026-11526 (GD versions before 2.86 for Perl allow OS command injection and file o ...)
+ {DSA-6345-1}
- libgd-perl 2.84-3
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41004664/
NOTE: Fixed by: https://github.com/lstein/Perl-GD/commit/67b163713c6c78dfeb693da0978ae934e5cd8210 (v2.86)
@@ -31441,7 +32046,7 @@ CVE-2026-5260 (A flaw was found in libgnutls. A remote attacker, by sending an e
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/77228f2d1ac207d2f894e5a168fbb47e5378e42f (3.8.13)
NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/cf6bdc5e4df49e5583d3fb4d2296779785f10683 (3.8.13)
NOTE: Introduced with: https://gitlab.com/gnutls/gnutls/-/commit/4804febddc2ed958e5ae774de2a8f85edeeff538 (gnutls_3_6_5)
-CVE-2026-42014
+CVE-2026-42014 (A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function ...)
{DSA-6281-1 DLA-4595-1}
- gnutls28 3.8.13-1 (bug #1135319)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9
@@ -75151,7 +75756,7 @@ CVE-2026-24512 (A security issue was discovered in ingress-nginx where the `rule
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2026-1580 (A security issue was discovered in ingress-nginxwhere the `nginx.ingre ...)
NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2026-1767 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
+CVE-2026-1767 (A flaw was found in the GNOME localsearch (previously known as tracker ...)
- localsearch 3.8.2-12 (bug #1126910)
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
@@ -75159,7 +75764,7 @@ CVE-2026-1767 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
[bullseye] - tracker-miners <not-affected> (support for performer tags was added in v2.99.4)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/429
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/localsearch/-/commit/2897ca48b7ae79db7dcfe7e66cdd5d75cb641466
-CVE-2026-1766 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor (ID3v2.3 COMM Tags)]
+CVE-2026-1766 (A flaw was found in GNOME localsearch (previously known as tracker-min ...)
- localsearch 3.8.2-12 (bug #1126910)
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
@@ -75167,7 +75772,7 @@ CVE-2026-1766 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor (ID3v2.3
[bullseye] - tracker-miners <postponed> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/428
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/localsearch/-/commit/9cc562cc126c408efb2a8220fcd67f006902412c
-CVE-2026-1765 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX Tags)]
+CVE-2026-1765 (A flaw was found in the `tracker-extract-mp3` component of GNOME local ...)
- localsearch 3.8.2-12 (bug #1126910)
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
@@ -75175,7 +75780,7 @@ CVE-2026-1765 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX Tag
[bullseye] - tracker-miners <postponed> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/427
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/localsearch/-/commit/79f47309bad068ff0c19c1431abab6766edc687f
-CVE-2026-1764 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
+CVE-2026-1764 (A flaw was found in GNOME localsearch (previously known as tracker-min ...)
- localsearch 3.8.2-12 (bug #1126910)
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10766888513e8788afa0f0076e702b1201b9f8db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/10766888513e8788afa0f0076e702b1201b9f8db
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260616/0d4712f9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list