[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 17 20:13:00 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d9add248 by security tracker role at 2026-06-17T19:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,595 @@
+CVE-2026-9697 (Impact: undici's ProxyAgent silently drops the requestTls option when ...)
+ TODO: check
+CVE-2026-9690 (Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4. ...)
+ TODO: check
+CVE-2026-9679 (Impact: undici's cookie parser in parseSetCookie percent-decodes cooki ...)
+ TODO: check
+CVE-2026-9678 (Impact: Undici's cache interceptor incorrectly classifies some respons ...)
+ TODO: check
+CVE-2026-9675 (Impact: The undici WebSocket client enforces maxPayloadSize per-frame ...)
+ TODO: check
+CVE-2026-9591 (Cross-site request forgery (CSRF) in NewsItemApiController in SimplCom ...)
+ TODO: check
+CVE-2026-9570 (The Taskbuilder WordPress plugin before 5.0.8 does not properly sanit ...)
+ TODO: check
+CVE-2026-8607 (The Points Management System For Gamification, Ranks, Badges, and Loya ...)
+ TODO: check
+CVE-2026-8494 (The Permalink Manager Lite plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2026-8383 (The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` ...)
+ TODO: check
+CVE-2026-8089 (The weMail: Email Marketing, Email Automation, Newsletters, Subscriber ...)
+ TODO: check
+CVE-2026-7850 (The WP Magnific Popup WordPress plugin through 1.0 does not properly e ...)
+ TODO: check
+CVE-2026-7300 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
+ TODO: check
+CVE-2026-6734 (Impact: When using Socks5ProxyAgent, undici reuses a single connection ...)
+ TODO: check
+CVE-2026-6733 (Impact: Undici's HTTP/1.1 client is vulnerable to response queue poiso ...)
+ TODO: check
+CVE-2026-5667 (Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Roo ...)
+ TODO: check
+CVE-2026-55743 (The shell tool command allowlist in the SecurityPolicy of OpenHuman de ...)
+ TODO: check
+CVE-2026-55738 (A stack-based buffer overflow exists in the raw_to_header() function i ...)
+ TODO: check
+CVE-2026-55198 (Hermes WebUI before 0.51.443 contains an authorization bypass vulnerab ...)
+ TODO: check
+CVE-2026-55197 (Hermes WebUI before 0.51.443 contains a broken access control vulnerab ...)
+ TODO: check
+CVE-2026-55196 (Hermes WebUI before 0.51.409 contains an authentication bypass vulnera ...)
+ TODO: check
+CVE-2026-54819 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-54818 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-54817 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2026-54816 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2026-54815 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-54814 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-54813 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-54812 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-54811 (Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.)
+ TODO: check
+CVE-2026-54810 (Missing Authorization vulnerability in Nexi Payments Nexi XPay allows ...)
+ TODO: check
+CVE-2026-54809 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-54808 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-54807 (Unauthenticated Privilege Escalation in Registration Form for WooComme ...)
+ TODO: check
+CVE-2026-54806 (Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 ver ...)
+ TODO: check
+CVE-2026-54805 (Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versi ...)
+ TODO: check
+CVE-2026-54804 (Subscriber Broken Authentication in Melhor Envio <= 2.16.3 versions.)
+ TODO: check
+CVE-2026-54803 (Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3. ...)
+ TODO: check
+CVE-2026-54802 (Unauthenticated Broken Authentication in SMS Alert Order Notifications ...)
+ TODO: check
+CVE-2026-54417 (An integer overflow in the mtar_next() function in src/microtar.c in r ...)
+ TODO: check
+CVE-2026-54415 (Missing Authorization in the server management routes (routes/admin.ph ...)
+ TODO: check
+CVE-2026-54196 (Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.)
+ TODO: check
+CVE-2026-54195 (Unauthenticated Cross Site Scripting (XSS) in JetFormBuilder <= 3.6.0. ...)
+ TODO: check
+CVE-2026-54193 (Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versio ...)
+ TODO: check
+CVE-2026-54192 (Unauthenticated Cross Site Scripting (XSS) in Popup box <= 6.2.9 versi ...)
+ TODO: check
+CVE-2026-54189 (Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 vers ...)
+ TODO: check
+CVE-2026-54188 (Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 vers ...)
+ TODO: check
+CVE-2026-54187 (Unauthenticated SQL Injection in JetEngine <= 3.8.10.1 versions.)
+ TODO: check
+CVE-2026-54186 (Unauthenticated SQL Injection in JobSearch <= 3.2.9 versions.)
+ TODO: check
+CVE-2026-54185 (Subscriber SQL Injection in Cornerstone < 7.8.8 versions.)
+ TODO: check
+CVE-2026-54184 (Unauthenticated Insecure Direct Object References (IDOR) in Clean Logi ...)
+ TODO: check
+CVE-2026-53875 (picklescan before 1.0.3 contains a scanning bypass vulnerability in th ...)
+ TODO: check
+CVE-2026-53874 (picklescan before 1.0.1 contains an unsafe deserialization vulnerabili ...)
+ TODO: check
+CVE-2026-53873 (picklescan before 1.0.4 contains an incomplete blocklist for the profi ...)
+ TODO: check
+CVE-2026-53872 (picklescan before 0.0.35 contains an unsafe pickle deserialization vul ...)
+ TODO: check
+CVE-2026-53871 (Hermes WebUI before 0.51.368 contains an authorization bypass vulnerab ...)
+ TODO: check
+CVE-2026-53870 (Hermes Agent before 0.16.0 creates response_store.db and webhook_subsc ...)
+ TODO: check
+CVE-2026-53869 (Hermes Agent before 0.16.0 contains a DNS rebinding vulnerability in W ...)
+ TODO: check
+CVE-2026-53805 (NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthentica ...)
+ TODO: check
+CVE-2026-52716 (Unauthenticated Arbitrary File Deletion in WorkScout-Core <= 1.7.11 ve ...)
+ TODO: check
+CVE-2026-52707 (Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.)
+ TODO: check
+CVE-2026-52706 (Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.)
+ TODO: check
+CVE-2026-52705 (Unauthenticated Arbitrary File Upload in SigmaForms Pro \u2013 AI Gene ...)
+ TODO: check
+CVE-2026-52698 (Subscriber Sensitive Data Exposure in PushEngage \u2013 Web Push Notif ...)
+ TODO: check
+CVE-2026-52696 (Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.)
+ TODO: check
+CVE-2026-49778 (Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 v ...)
+ TODO: check
+CVE-2026-49767 (Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 version ...)
+ TODO: check
+CVE-2026-49502 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper ...)
+ TODO: check
+CVE-2026-49268 (A remote attacker can inject LDAP special characters into the Distingu ...)
+ TODO: check
+CVE-2026-49108 (Unauthenticated PHP Object Injection in Moderno < 1.43 versions.)
+ TODO: check
+CVE-2026-49107 (Unauthenticated PHP Object Injection in Thrive Apprentice < 10.8.10.2 ...)
+ TODO: check
+CVE-2026-49084 (Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.)
+ TODO: check
+CVE-2026-49081 (Unauthenticated Broken Access Control in User Registration Stripe <= 1 ...)
+ TODO: check
+CVE-2026-49079 (Unauthenticated SQL Injection in JetSearch <= 3.5.17 versions.)
+ TODO: check
+CVE-2026-49076 (Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions.)
+ TODO: check
+CVE-2026-49075 (Contributor PHP Object Injection in JetEngine <= 3.8.9.1 versions.)
+ TODO: check
+CVE-2026-49074 (Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 ver ...)
+ TODO: check
+CVE-2026-49072 (Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2 ...)
+ TODO: check
+CVE-2026-49071 (Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5 ...)
+ TODO: check
+CVE-2026-49058 (Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versio ...)
+ TODO: check
+CVE-2026-48967 (Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.)
+ TODO: check
+CVE-2026-48875 (Unauthenticated SQL Injection in JetSmartFilters <= 3.8.1 versions.)
+ TODO: check
+CVE-2026-48818 (Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 a ...)
+ TODO: check
+CVE-2026-48591 (Improper Neutralization of Script in Attributes in a Web Page vulnerab ...)
+ TODO: check
+CVE-2026-48142 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
+ TODO: check
+CVE-2026-48117 (DroneAware is a drone detection platform. The centralized DroneAware s ...)
+ TODO: check
+CVE-2026-47340 (Allow authenticated users to access alert instances associated with al ...)
+ TODO: check
+CVE-2026-47103 (Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code ...)
+ TODO: check
+CVE-2026-45436 (Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 ver ...)
+ TODO: check
+CVE-2026-42629 (Unauthenticated Broken Authentication in PowerPack Pro for Elementor < ...)
+ TODO: check
+CVE-2026-42530 (NGINX Open Source has a vulnerability in the ngx_http_v3_modulemodule. ...)
+ TODO: check
+CVE-2026-42385 (Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3 ...)
+ TODO: check
+CVE-2026-42380 (Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.)
+ TODO: check
+CVE-2026-42357 (Incorrect Authorization vulnerability allows users to access workflow ...)
+ TODO: check
+CVE-2026-42055 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
+ TODO: check
+CVE-2026-41557 (Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.)
+ TODO: check
+CVE-2026-41280 (Incorrect Authorization vulnerability allows users with system login p ...)
+ TODO: check
+CVE-2026-40783 (Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2. ...)
+ TODO: check
+CVE-2026-40768 (Unauthenticated Insecure Direct Object References (IDOR) in Salon book ...)
+ TODO: check
+CVE-2026-40765 (Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 ver ...)
+ TODO: check
+CVE-2026-40757 (Unauthenticated PHP Object Injection in Ch\xe2teau <= 1.2.1 versions.)
+ TODO: check
+CVE-2026-40756 (Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.)
+ TODO: check
+CVE-2026-40753 (Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.)
+ TODO: check
+CVE-2026-40752 (Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 ...)
+ TODO: check
+CVE-2026-40749 (Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.)
+ TODO: check
+CVE-2026-40748 (Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.)
+ TODO: check
+CVE-2026-40747 (Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.)
+ TODO: check
+CVE-2026-40746 (Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.)
+ TODO: check
+CVE-2026-40738 (Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.)
+ TODO: check
+CVE-2026-40735 (Unauthenticated PHP Object Injection in Reina <= 2.1 versions.)
+ TODO: check
+CVE-2026-40733 (Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.)
+ TODO: check
+CVE-2026-40731 (Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.)
+ TODO: check
+CVE-2026-40726 (Unauthenticated Broken Access Control in User Registration Stripe <= 1 ...)
+ TODO: check
+CVE-2026-40725 (Unauthenticated PHP Object Injection in WooCommerce Product Filters < ...)
+ TODO: check
+CVE-2026-40724 (CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 vers ...)
+ TODO: check
+CVE-2026-40723 (Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.)
+ TODO: check
+CVE-2026-40722 (Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allo ...)
+ TODO: check
+CVE-2026-40721 (Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions ...)
+ TODO: check
+CVE-2026-40720 (Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons P ...)
+ TODO: check
+CVE-2026-40641 (Dell PowerFlex Manager, version(s) 4.6.0.1, contain(s) an Use of a Bro ...)
+ TODO: check
+CVE-2026-3894 (Out-of-bounds Read vulnerability in RTI Connext Professional (Core Lib ...)
+ TODO: check
+CVE-2026-3490 (picklescan before 1.0.4 fails to block pkgutil.resolve_name, allowing ...)
+ TODO: check
+CVE-2026-39597 (Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elemen ...)
+ TODO: check
+CVE-2026-39596 (Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versio ...)
+ TODO: check
+CVE-2026-39595 (Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.)
+ TODO: check
+CVE-2026-39590 (Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions.)
+ TODO: check
+CVE-2026-39589 (Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.)
+ TODO: check
+CVE-2026-39582 (Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.)
+ TODO: check
+CVE-2026-39576 (Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.)
+ TODO: check
+CVE-2026-39573 (Unauthenticated PHP Object Injection in Mildhill <= 1.5 versions.)
+ TODO: check
+CVE-2026-39560 (Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.)
+ TODO: check
+CVE-2026-39559 (Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.)
+ TODO: check
+CVE-2026-39558 (Unauthenticated Local File Inclusion in Malm\xf6 <= 2.2 versions.)
+ TODO: check
+CVE-2026-39556 (Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.)
+ TODO: check
+CVE-2026-39546 (Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.)
+ TODO: check
+CVE-2026-39545 (Unauthenticated PHP Object Injection in Zermatt <= 1.6.1 versions.)
+ TODO: check
+CVE-2026-39537 (Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.)
+ TODO: check
+CVE-2026-39523 (Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.)
+ TODO: check
+CVE-2026-39445 (Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.)
+ TODO: check
+CVE-2026-39442 (Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.)
+ TODO: check
+CVE-2026-39199 (snes9x 1.63 allows an out-of-bounds write and denial of service via a ...)
+ TODO: check
+CVE-2026-36418 (JimuReport versions 2.3.4 and below are vulnerable to remote code exec ...)
+ TODO: check
+CVE-2026-35162 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper ...)
+ TODO: check
+CVE-2026-35069 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper ...)
+ TODO: check
+CVE-2026-35068 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper ...)
+ TODO: check
+CVE-2026-35067 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper ...)
+ TODO: check
+CVE-2026-35066 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper ...)
+ TODO: check
+CVE-2026-35065 (Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Au ...)
+ TODO: check
+CVE-2026-34888 (Unauthenticated Sensitive Data Exposure in Bricksforge <= 3.1.8.4 vers ...)
+ TODO: check
+CVE-2026-32967 (Incorrect Authorization vulnerability of `/v2` experimental interface ...)
+ TODO: check
+CVE-2026-32966 (DataSource API Missing Authorization Check Leads to Arbitrary Data Sou ...)
+ TODO: check
+CVE-2026-32804 (Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper ...)
+ TODO: check
+CVE-2026-32652 (Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Defaul ...)
+ TODO: check
+CVE-2026-30803 (Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Mi ...)
+ TODO: check
+CVE-2026-30802 (Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) ...)
+ TODO: check
+CVE-2026-30799 (Missing Authentication for Critical Function vulnerability in RTI Conn ...)
+ TODO: check
+CVE-2026-2675 (Missing Authentication for Critical Function vulnerability in RTI Conn ...)
+ TODO: check
+CVE-2026-2674 (Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerab ...)
+ TODO: check
+CVE-2026-2467 (Heap-based Buffer Overflow vulnerability in RTI Connext Professional ( ...)
+ TODO: check
+CVE-2026-28615 (In Telecomm, there is a possible way to initiate an unauthorized phone ...)
+ TODO: check
+CVE-2026-28587 (In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to r ...)
+ TODO: check
+CVE-2026-28576 (In Contacts Provider, there is a possible way to access the contacts d ...)
+ TODO: check
+CVE-2026-28575 (In PackageInstaller.Session#transfer of frameworks/base/services/core/ ...)
+ TODO: check
+CVE-2026-27870 (An attacker with access via network to the Regesta Smart HD-PLC of the ...)
+ TODO: check
+CVE-2026-27869 (An attacker with access via network to the Regesta Smart HD-PLC of the ...)
+ TODO: check
+CVE-2026-27868 (An attacker with access via network to the Regesta Smart HD-PLC of the ...)
+ TODO: check
+CVE-2026-27410 (Unauthenticated Deserialization of untrusted data in Slimstat Analytic ...)
+ TODO: check
+CVE-2026-27400 (Unauthenticated Arbitrary File Deletion in BookPro <= 1.1.0 versions.)
+ TODO: check
+CVE-2026-27041 (Contributor Arbitrary File Upload in Unlimited Elements for Elementor ...)
+ TODO: check
+CVE-2026-25446 (Subscriber Arbitrary File Upload in WishList Member X <= 3.29.0 versio ...)
+ TODO: check
+CVE-2026-25439 (Unauthenticated Broken Authentication in Booknetic <= 4.8.5 versions.)
+ TODO: check
+CVE-2026-24611 (Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions ...)
+ TODO: check
+CVE-2026-24610 (Subscriber Broken Access Control in MetForm Pro <= 3.9.1 versions.)
+ TODO: check
+CVE-2026-24575 (Subscriber Broken Access Control in WishList Member X <= 3.29.0 versio ...)
+ TODO: check
+CVE-2026-22343 (Unauthenticated Broken Access Control in WordPress Dating Theme <= 11. ...)
+ TODO: check
+CVE-2026-22342 (Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating ...)
+ TODO: check
+CVE-2026-22340 (Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions.)
+ TODO: check
+CVE-2026-22339 (Unauthenticated Cross Site Scripting (XSS) in WPJobster <= 6.3.5 versi ...)
+ TODO: check
+CVE-2026-22338 (Unauthenticated Local File Inclusion in EcoBlue <= 1.15 versions.)
+ TODO: check
+CVE-2026-22335 (Subscriber SQL Injection in WooCommerce Frontend Manager \u2013 Ultima ...)
+ TODO: check
+CVE-2026-22334 (Subscriber Arbitrary File Download in Woocommerce Book Price <= 1.3 ve ...)
+ TODO: check
+CVE-2026-22332 (Unauthenticated SQL Injection in Tutor LMS Pro <= 3.9.6 versions.)
+ TODO: check
+CVE-2026-22331 (Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions.)
+ TODO: check
+CVE-2026-22330 (Unauthenticated Local File Inclusion in Right Way <= 4.0 versions.)
+ TODO: check
+CVE-2026-22329 (Unauthenticated Cross Site Scripting (XSS) in Skillate <= 1.2.10 versi ...)
+ TODO: check
+CVE-2026-22328 (Unauthenticated Cross Site Scripting (XSS) in Auto Repair <= 22.6 vers ...)
+ TODO: check
+CVE-2026-22327 (Subscriber Arbitrary File Upload in Restaurt <= 1.0.4 versions.)
+ TODO: check
+CVE-2026-22326 (Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.)
+ TODO: check
+CVE-2026-22325 (Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions.)
+ TODO: check
+CVE-2026-22283 (Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an ...)
+ TODO: check
+CVE-2026-20266 (In Splunk AI Toolkit versions below 5.7.4, a user who holds the "admin ...)
+ TODO: check
+CVE-2026-20265 (In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that ...)
+ TODO: check
+CVE-2026-20246 (A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance ...)
+ TODO: check
+CVE-2026-20220 (A vulnerability in the web-based management interface of Cisco Crosswo ...)
+ TODO: check
+CVE-2026-20190 (A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticate ...)
+ TODO: check
+CVE-2026-20181 (A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, ...)
+ TODO: check
+CVE-2026-20178 (A vulnerability in the browser-based version of Cisco Webex App could ...)
+ TODO: check
+CVE-2026-1288 (A maliciously crafted RFA file, when converted to FormIt via \u201cCon ...)
+ TODO: check
+CVE-2026-12528 (A flaw was found in 389 Directory Server in the __aclp__normalize_aclt ...)
+ TODO: check
+CVE-2026-12515 (A flaw was found in Katello's of Red Hat Satellite. A content upload f ...)
+ TODO: check
+CVE-2026-12491 (A flaw was found in vLLM, an open-source library for large language mo ...)
+ TODO: check
+CVE-2026-12199 (A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows u ...)
+ TODO: check
+CVE-2026-12165 (The Contest Gallery \u2013 Upload & Vote Photos, Media, Sell with PayP ...)
+ TODO: check
+CVE-2026-12151 (Impact: The undici WebSocket client enforces maxPayloadSize on the cum ...)
+ TODO: check
+CVE-2026-12115 (The Counter Box \u2013 Add Countdowns, Timers & Dynamic Counters to Wo ...)
+ TODO: check
+CVE-2026-11975 (Stored cross-site scripting (XSS) in NewsItemApiControllerIn SimplComm ...)
+ TODO: check
+CVE-2026-11858 (Quanos SCHEMA ST4 on-premises contains a local privilege escalation vu ...)
+ TODO: check
+CVE-2026-11857 (Quanos SCHEMA ST4 on-premises contains a local privilege escalation vu ...)
+ TODO: check
+CVE-2026-11525 (Impact: When undici parses a Set-Cookie header, it accepts any SameSit ...)
+ TODO: check
+CVE-2026-11311 (When NGINX Plus is configured as the data plane for NGINX Gateway Fabr ...)
+ TODO: check
+CVE-2026-10850 (Plane CE 1.3.1 allows a low-privileged project member to submit arbitr ...)
+ TODO: check
+CVE-2026-10839 (Open redirection vulnerability in the authentication system allows an ...)
+ TODO: check
+CVE-2026-10837 (Open redirection vulnerability due to insufficient validation of the X ...)
+ TODO: check
+CVE-2026-10836 (Improper handling of HTTP headers that allows a remote attacker to man ...)
+ TODO: check
+CVE-2026-10641 (Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role pa ...)
+ TODO: check
+CVE-2026-10094 (A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOL ...)
+ TODO: check
+CVE-2026-0092 (In Package Manager, there is a possible device lock controller bypass ...)
+ TODO: check
+CVE-2026-0083 (In Nfc::eventCallback() of Nfc.h, there is a possible use after free d ...)
+ TODO: check
+CVE-2026-0082 (In tryStartActivity of NfcDispatcher.java, there is a possible automat ...)
+ TODO: check
+CVE-2026-0081 (In NFC, there is a possible way to spoof an NFC event due to a missing ...)
+ TODO: check
+CVE-2026-0071 (In SettingsLib, there is a possible missing permission check due to a ...)
+ TODO: check
+CVE-2026-0068 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
+ TODO: check
+CVE-2026-0064 (In multiple places, there is a possible persistent denial of service d ...)
+ TODO: check
+CVE-2026-0063 (In setAllowedCarriers of PhoneInterfaceManager.java, there is a possib ...)
+ TODO: check
+CVE-2025-71325 (picklescan before 0.0.27 contains a parsing logic error in the _list_g ...)
+ TODO: check
+CVE-2025-71323 (picklescan before 0.0.33 fails to block the ctypes module, allowing at ...)
+ TODO: check
+CVE-2025-71322 (PickleScan before 0.0.33 fails to include the pty.spawn function in it ...)
+ TODO: check
+CVE-2025-71321 (picklescan before 0.0.33 contains an arbitrary file writing vulnerabil ...)
+ TODO: check
+CVE-2025-71320 (picklescan before 0.0.33 contains an incomplete deny-list that fails t ...)
+ TODO: check
+CVE-2025-69189 (Missing Authorization vulnerability in EMV JobBank allows Exploiting I ...)
+ TODO: check
+CVE-2025-69179 (Unauthenticated Privilege Escalation in Support Ticket Management Syst ...)
+ TODO: check
+CVE-2025-69175 (Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.)
+ TODO: check
+CVE-2025-69174 (Unauthenticated Local File Inclusion in Etude <= 1.6 versions.)
+ TODO: check
+CVE-2025-69173 (Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions.)
+ TODO: check
+CVE-2025-69172 (Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.)
+ TODO: check
+CVE-2025-69171 (Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.)
+ TODO: check
+CVE-2025-69170 (Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.)
+ TODO: check
+CVE-2025-69166 (Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions.)
+ TODO: check
+CVE-2025-69164 (Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.)
+ TODO: check
+CVE-2025-69161 (Unauthenticated Local File Inclusion in Snowy <= 1.13 versions.)
+ TODO: check
+CVE-2025-69158 (Unauthenticated Local File Inclusion in Granola <= 1.13 versions.)
+ TODO: check
+CVE-2025-69157 (Unauthenticated Local File Inclusion in Gamic <= 1.15 versions.)
+ TODO: check
+CVE-2025-69148 (Unauthenticated Local File Inclusion in Quirky <= 1.23 versions.)
+ TODO: check
+CVE-2025-69145 (Unauthenticated Local File Inclusion in Gat <= 1.16 versions.)
+ TODO: check
+CVE-2025-69144 (Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.)
+ TODO: check
+CVE-2025-69140 (Unauthenticated Cross Site Scripting (XSS) in SweetDate Core < 1.1.5 v ...)
+ TODO: check
+CVE-2025-69138 (Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.)
+ TODO: check
+CVE-2025-69135 (Subscriber SQL Injection in Events Schedule - WordPress Events Calenda ...)
+ TODO: check
+CVE-2025-69130 (Subscriber PHP Object Injection in Entrepreneur - Booking for Small Bu ...)
+ TODO: check
+CVE-2025-69129 (Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scrap ...)
+ TODO: check
+CVE-2025-69128 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-69127 (Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.)
+ TODO: check
+CVE-2025-69126 (Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions.)
+ TODO: check
+CVE-2025-69123 (Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions.)
+ TODO: check
+CVE-2025-69120 (Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.)
+ TODO: check
+CVE-2025-69117 (Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.)
+ TODO: check
+CVE-2025-69115 (Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare ...)
+ TODO: check
+CVE-2025-69111 (Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.)
+ TODO: check
+CVE-2025-69110 (Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.)
+ TODO: check
+CVE-2025-69106 (Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.)
+ TODO: check
+CVE-2025-68524 (Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.)
+ TODO: check
+CVE-2025-66391 (In Citrix Cloud through 2025-11-10, an account with read-only access c ...)
+ TODO: check
+CVE-2025-62340 (HCL iControl was affected by Inadequate Session Timeout vulnerability. ...)
+ TODO: check
+CVE-2025-60236 (Deserialization of Untrusted Data vulnerability in EMV Creatify allows ...)
+ TODO: check
+CVE-2025-60231 (Deserialization of Untrusted Data vulnerability in EMV The Hospital nr ...)
+ TODO: check
+CVE-2025-60230 (Deserialization of Untrusted Data vulnerability in Themeton The Barber ...)
+ TODO: check
+CVE-2025-60229 (Deserialization of Untrusted Data vulnerability in Themeton Lagom allo ...)
+ TODO: check
+CVE-2025-60223 (Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot <= 1 ...)
+ TODO: check
+CVE-2025-60218 (Subscriber Arbitrary File Upload in PT Luxa Addons <= 1.2.2 versions.)
+ TODO: check
+CVE-2025-60205 (Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 ve ...)
+ TODO: check
+CVE-2025-59872 (HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerabili ...)
+ TODO: check
+CVE-2025-59563 (Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.)
+ TODO: check
+CVE-2025-59560 (Unauthenticated Cross Site Scripting (XSS) in Sonaar <= 4.27.4 version ...)
+ TODO: check
+CVE-2025-59554 (Unauthenticated SQL Injection in Advanced Ads \u2013 Tracking < 3.0.7 ...)
+ TODO: check
+CVE-2025-58954 (Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions.)
+ TODO: check
+CVE-2025-58953 (Unauthenticated Local File Inclusion in Joly <= 1.22.0 versions.)
+ TODO: check
+CVE-2025-58952 (Unauthenticated Local File Inclusion in Neuronet < 1.14.0 versions.)
+ TODO: check
+CVE-2025-49403 (Unauthenticated Arbitrary File Download in Premium Age Verification / ...)
+ TODO: check
+CVE-2025-32748 (Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header ...)
+ TODO: check
+CVE-2025-31013 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-26240 (In JazzCore python-pdfkit 1.0.0, the from_string method enables the ex ...)
+ TODO: check
+CVE-2025-15657 (Unauthenticated Insecure Direct Object References (IDOR) in School Man ...)
+ TODO: check
+CVE-2024-52488 (Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions.)
+ TODO: check
+CVE-2024-49269 (Unauthenticated Cross Site Scripting (XSS) in my flatonica <= 0.0.8 ve ...)
+ TODO: check
+CVE-2024-47477 (Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper ...)
+ TODO: check
+CVE-2024-37496 (Missing Authorization vulnerability in Rara Themes Metro Magazine allo ...)
+ TODO: check
+CVE-2024-37210 (Missing Authorization vulnerability in ali2woo AliNext allows Exploiti ...)
+ TODO: check
+CVE-2024-35690 (Insertion of sensitive information into sent data vulnerability in Mar ...)
+ TODO: check
+CVE-2024-35648 (Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergenc ...)
+ TODO: check
+CVE-2024-34810 (Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyli ...)
+ TODO: check
+CVE-2024-33909 (Missing Authorization vulnerability in Avirtum iPages Flipbook allows ...)
+ TODO: check
+CVE-2024-33685 (Missing Authorization vulnerability in Jegstudio Startupzy startupzy a ...)
+ TODO: check
+CVE-2024-32949 (Missing Authorization vulnerability in Prince Integrate Google Drive a ...)
+ TODO: check
+CVE-2024-32729 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2024-31435 (: Missing Authorization vulnerability in Inisev Social Media & Share I ...)
+ TODO: check
+CVE-2024-24709 (Missing Authorization vulnerability in Shareaholic allows Exploiting I ...)
+ TODO: check
CVE-2026-47178
- libheif <unfixed> (bug #1140223)
NOTE: https://project-zero.issues.chromium.org/issues/507396184
@@ -1074,16 +1666,19 @@ CVE-2026-12412
CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The do_git_c ...)
NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2026-12330 (Incorrect boundary conditions in the Internationalization component. T ...)
+ {DSA-6350-1}
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12330
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12330
CVE-2026-12329 (Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability ...)
+ {DSA-6350-1}
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12329
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12329
CVE-2026-12328 (Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1091,6 +1686,7 @@ CVE-2026-12328 (Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 14
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12328
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12328
CVE-2026-12327 (Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140. ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1101,6 +1697,7 @@ CVE-2026-12326 (Memory safety bugs present in Firefox 151 and Thunderbird 151. S
- firefox 152.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12326
CVE-2026-12325 (Denial-of-service in the Graphics: ImageLib component. This vulnerabil ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1108,6 +1705,7 @@ CVE-2026-12325 (Denial-of-service in the Graphics: ImageLib component. This vuln
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12325
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12325
CVE-2026-12324 (Incorrect boundary conditions in the Graphics: CanvasWebGL component. ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1141,6 +1739,7 @@ CVE-2026-12316 (Mitigation bypass in the DOM: Security component. This vulnerabi
- firefox 152.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12316
CVE-2026-12315 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1148,6 +1747,7 @@ CVE-2026-12315 (Mitigation bypass in the DOM: Security component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12315
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12315
CVE-2026-12314 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1155,6 +1755,7 @@ CVE-2026-12314 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12314
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12314
CVE-2026-12313 (Information disclosure, sandbox escape in the Security: Process Sandbo ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1162,6 +1763,7 @@ CVE-2026-12313 (Information disclosure, sandbox escape in the Security: Process
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12313
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12313
CVE-2026-12312 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1169,6 +1771,7 @@ CVE-2026-12312 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12312
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12312
CVE-2026-12311 (Information disclosure, sandbox escape in the Security: Process Sandbo ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1176,6 +1779,7 @@ CVE-2026-12311 (Information disclosure, sandbox escape in the Security: Process
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12311
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12311
CVE-2026-12310 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1183,6 +1787,7 @@ CVE-2026-12310 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12310
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12310
CVE-2026-12309 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1190,6 +1795,7 @@ CVE-2026-12309 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12309
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12309
CVE-2026-12308 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1197,6 +1803,7 @@ CVE-2026-12308 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12308
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12308
CVE-2026-12307 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1204,6 +1811,7 @@ CVE-2026-12307 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12307
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12307
CVE-2026-12306 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1211,6 +1819,7 @@ CVE-2026-12306 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12306
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12306
CVE-2026-12305 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1218,6 +1827,7 @@ CVE-2026-12305 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12305
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12305
CVE-2026-12304 (Same-origin policy bypass in the Networking: Cookies component. This v ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1228,6 +1838,7 @@ CVE-2026-12303 (Information disclosure due to incorrect boundary conditions in t
- firefox 152.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12303
CVE-2026-12302 (Mitigation bypass in the DOM: Security component. This vulnerability w ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1241,6 +1852,7 @@ CVE-2026-12300 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
- firefox 152.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12300
CVE-2026-12299 (JIT miscompilation in the DOM: Core & HTML component. This vulnerabili ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1248,6 +1860,7 @@ CVE-2026-12299 (JIT miscompilation in the DOM: Core & HTML component. This vulne
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12299
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12299
CVE-2026-12298 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1255,6 +1868,7 @@ CVE-2026-12298 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12298
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12298
CVE-2026-12297 (Sandbox escape due to incorrect boundary conditions in the Networking ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1262,6 +1876,7 @@ CVE-2026-12297 (Sandbox escape due to incorrect boundary conditions in the Netwo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12297
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12297
CVE-2026-12296 (Sandbox escape in the Security: Process Sandboxing component. This vul ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1269,6 +1884,7 @@ CVE-2026-12296 (Sandbox escape in the Security: Process Sandboxing component. Th
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12296
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12296
CVE-2026-12295 (Sandbox escape in the DOM: Navigation component. This vulnerability wa ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1276,6 +1892,7 @@ CVE-2026-12295 (Sandbox escape in the DOM: Navigation component. This vulnerabil
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12295
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12295
CVE-2026-12294 (Sandbox escape in the DOM: Workers component. This vulnerability was f ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1286,6 +1903,7 @@ CVE-2026-12293 (Use-after-free in the Graphics: WebGPU component. This vulnerabi
- firefox 152.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/#CVE-2026-12293
CVE-2026-12292 (Incorrect boundary conditions in the Web Audio component. This vulnera ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1293,6 +1911,7 @@ CVE-2026-12292 (Incorrect boundary conditions in the Web Audio component. This v
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12292
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12292
CVE-2026-12291 (Use-after-free in the Networking: HTTP component. This vulnerability w ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1300,6 +1919,7 @@ CVE-2026-12291 (Use-after-free in the Networking: HTTP component. This vulnerabi
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12291
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12291
CVE-2026-12290 (Memory safety bug fixed in Thunderbird 152. This vulnerability was fix ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -1307,6 +1927,7 @@ CVE-2026-12290 (Memory safety bug fixed in Thunderbird 152. This vulnerability w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/#CVE-2026-12290
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/#CVE-2026-12290
CVE-2026-12289 (Privilege escalation in the Graphics: WebRender component. This vulner ...)
+ {DSA-6350-1}
- firefox 152.0-1
- firefox-esr 140.12.0esr-1
- thunderbird <unfixed>
@@ -2078,15 +2699,15 @@ CVE-2026-8386 (The WP Go Maps WordPress plugin before 10.0.10 does not perform
CVE-2026-8385 (The WP Go Maps WordPress plugin before 10.0.10 does not properly enfo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8358 (LibreOffice Calc can import tracked changes from a spreadsheet documen ...)
- {DSA-6346-1}
+ {DSA-6346-1 DLA-4633-1}
- libreoffice 4:26.2.4.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-8358
CVE-2026-8357 (LibreOffice Calc compiles cell formulas when opening a spreadsheet. A ...)
- {DSA-6346-1}
+ {DSA-6346-1 DLA-4633-1}
- libreoffice 4:26.2.4.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-8357
CVE-2026-8356 (LibreOffice can import presentations in the legacy binary PPT format. ...)
- {DSA-6346-1}
+ {DSA-6346-1 DLA-4633-1}
- libreoffice 4:26.2.4.2-1
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-8356
CVE-2026-6517 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the al ...)
@@ -2097,7 +2718,7 @@ CVE-2026-6047 (LibreOffice can import documents in the OOXML format (DOCX). A he
[bookworm] - libreoffice <not-affected> (Vulnerable code not present)
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6047
CVE-2026-6045 (LibreOffice can import EMF+ graphics, which may be embedded in documen ...)
- {DSA-6346-1}
+ {DSA-6346-1 DLA-4633-1}
- libreoffice 4:26.2.3.2-2
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6045
CVE-2026-6040 (A heap use-after-free existed when importing the blank-width character ...)
@@ -2106,7 +2727,7 @@ CVE-2026-6040 (A heap use-after-free existed when importing the blank-width char
[bookworm] - libreoffice <not-affected> (Vulnerable code not present)
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6040
CVE-2026-6039 (LibreOffice can import drawings in the DXF format used by CAD software ...)
- {DSA-6346-1}
+ {DSA-6346-1 DLA-4633-1}
- libreoffice 4:26.2.3.2-2
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6039
CVE-2026-5482 (Responsive FileManager's allows an unauthenticatedattacker to upload f ...)
@@ -9785,7 +10406,7 @@ CVE-2026-44393 (An issue was discovered in OpenStack oslo.messaging 1.0.0 throug
[bookworm] - python-oslo.messaging 14.0.3-0+deb12u1
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0096
NOTE: https://launchpad.net/bugs/2150316
-CVE-2026-55748 [Horizon RC file generation does not escape special characters in project]
+CVE-2026-55748 (OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file ...)
- horizon 3:25.7.3-2 (bug #1138845)
[trixie] - horizon <no-dsa> (Minor issue)
[bookworm] - horizon <no-dsa> (Minor issue)
@@ -10259,7 +10880,7 @@ CVE-2026-10725 (Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a
[bullseye] - libprotocol-http2-perl <postponed> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40751319/
NOTE: https://security.metacpan.org/patches/P/Protocol-HTTP2/1.12/CVE-2026-10725-r1.patch
-CVE-2026-47774
+CVE-2026-47774 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
- envoyproxy <itp> (bug #987544)
NOTE: https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8
CVE-2026-XXXX [HTTP/2 Bomb denial of service]
@@ -20273,7 +20894,7 @@ CVE-2026-5090 (Template::Plugin::HTML versions through 3.102 for Perl allows HTM
NOTE: https://github.com/cpan-authors/Template2/pull/337
NOTE: Fixed by: https://github.com/cpan-authors/Template2/commit/11c78a7a771d4af505efeb754a0b8775689c2eae
CVE-2026-46529 (Atril Document Viewer is the default document reader of the MATE deskt ...)
- {DSA-6286-1 DLA-4632-1 DLA-4597-1 DLA-4596-1}
+ {DSA-6349-1 DSA-6286-1 DLA-4632-1 DLA-4597-1 DLA-4596-1}
- evince 49~alpha-3
- evince-gtk3 48.4+dfsg-1 (unimportant)
- atril 1.28.4-1 (bug #1139874)
@@ -29439,8 +30060,8 @@ CVE-2026-43128 (In the Linux kernel, the following vulnerability has been resolv
[bookworm] - linux 6.1.170-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/104016eb671e19709721c1b0048dd912dc2e96be (7.0-rc2)
-CVE-2026-43122
- REJECTED
+CVE-2026-43122 (In the Linux kernel, the following vulnerability has been resolved: A ...)
+ TODO: check
CVE-2026-43121 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.19.6-1
[trixie] - linux <not-affected> (Vulnerable code not present)
@@ -140738,6 +141359,7 @@ CVE-2025-41392 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share
NOT-FOR-US: Ashlar-Vellum
CVE-2025-38553
REJECTED
+ {DLA-4327-1}
CVE-2025-53192 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/ ...)
- ognl <unfixed> (bug #1111588)
[trixie] - ognl <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9add2485a6972902aeb1994a294ff10a87b380f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9add2485a6972902aeb1994a294ff10a87b380f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260617/8ce47535/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list