[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 20 08:13:14 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee64c729 by security tracker role at 2026-06-20T07:13:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,83 @@
+CVE-2026-9843 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...)
+	TODO: check
+CVE-2026-9375 (urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in  ...)
+	TODO: check
+CVE-2026-9265 (Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OO ...)
+	TODO: check
+CVE-2026-56216 (Capgo before 12.128.2 contains a scope escalation vulnerability in the ...)
+	TODO: check
+CVE-2026-56215 (Capgo before 12.128.12 allows authenticated users to modify their muta ...)
+	TODO: check
+CVE-2026-56214 (Capgo before 12.128.2 contains an information disclosure vulnerability ...)
+	TODO: check
+CVE-2026-56213 (Capgo before 12.128.2 contains an authorization bypass vulnerability i ...)
+	TODO: check
+CVE-2026-56212 (Capgo before 12.128.2 contains an authentication logic flaw: a user wi ...)
+	TODO: check
+CVE-2026-56082 (Capgo (Cap-go/capgo) before 12.128.2 contains an improper access contr ...)
+	TODO: check
+CVE-2026-56081 (Cap-go before 12.128.2 contains an authentication logic flaw that lets ...)
+	TODO: check
+CVE-2026-56080 (Capgo before 12.128.2 contains a flaw in the Enforce Password Policy f ...)
+	TODO: check
+CVE-2026-56079 (Capgo before 12.128.2 contains a cross-tenant authorization bypass vul ...)
+	TODO: check
+CVE-2026-56073 (Cap-go before 12.128.2 contains an authentication bypass vulnerability ...)
+	TODO: check
+CVE-2026-50559 (Quarkus is a Java framework for building cloud-native applications. Pr ...)
+	TODO: check
+CVE-2026-50519 (Initialization of a resource with an insecure default in GitHub Copilo ...)
+	TODO: check
+CVE-2026-49346 (libde265 is an open source implementation of the h.265 video codec. Pr ...)
+	TODO: check
+CVE-2026-49345 (Mercator is an open source web application that enables mapping of the ...)
+	TODO: check
+CVE-2026-49344 (Mercator is an open source web application that enables mapping of the ...)
+	TODO: check
+CVE-2026-49342 (YARD is a documentation generation tool for the Ruby programming langu ...)
+	TODO: check
+CVE-2026-49340 (gonic is a music streaming server / free-software subsonic server API  ...)
+	TODO: check
+CVE-2026-49338 (gonic is a music streaming server / free-software subsonic server API  ...)
+	TODO: check
+CVE-2026-49337 (libde265 is an open source implementation of the h.265 video codec. Pr ...)
+	TODO: check
+CVE-2026-49295 (libde265 is an open source implementation of the h.265 video codec. Pr ...)
+	TODO: check
+CVE-2026-48794 (Authelia is an open-source authentication and authorization server pro ...)
+	TODO: check
+CVE-2026-48787 (gin-vue-admin is an AI-assisted basic development platform. In version ...)
+	TODO: check
+CVE-2026-48774 (ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In ...)
+	TODO: check
+CVE-2026-48773 (ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Ve ...)
+	TODO: check
+CVE-2026-48772 (ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In ...)
+	TODO: check
+CVE-2026-48584 (Execution with unnecessary privileges in Azure Synapse allows an autho ...)
+	TODO: check
+CVE-2026-48582 (Missing authorization in Microsoft Exchange Online allows an authorize ...)
+	TODO: check
+CVE-2026-48129 (Kestra is an open-source, event-driven orchestration platform. Prior t ...)
+	TODO: check
+CVE-2026-48089 (DevGuard provides vulnerability management for the full software suppl ...)
+	TODO: check
+CVE-2026-47645 (Url redirection to untrusted site ('open redirect') in Microsoft 365 C ...)
+	TODO: check
+CVE-2026-47203 (Authelia is an open-source authentication and authorization server pro ...)
+	TODO: check
+CVE-2026-45480 (Improper authentication in Azure Active Directory allows an unauthoriz ...)
+	TODO: check
+CVE-2026-42895 (Improper neutralization of special elements used in a command ('comman ...)
+	TODO: check
+CVE-2026-32208 (Improper neutralization of input during web page generation ('cross-si ...)
+	TODO: check
+CVE-2026-27878 (A TraceQL query in Grafana Tempo with a large exemplars hint value can ...)
+	TODO: check
+CVE-2026-12726 (A flaw was found in the AWX GitHub webhook integration. When processin ...)
+	TODO: check
+CVE-2026-11551 (The Branda plugin for WordPress is vulnerable to privilege escalation  ...)
+	TODO: check
 CVE-2026-9143 (There is an incorrect conversion between numeric types vulnerability i ...)
 	NOT-FOR-US: National Instruments
 CVE-2026-9142 (There is an insecure default credentials vulnerability in NI grpc-devi ...)
@@ -6445,7 +6525,7 @@ CVE-2026-45484 (Deserialization of untrusted data in Microsoft Office SharePoint
 	NOT-FOR-US: Microsoft
 CVE-2026-45483 (Improper neutralization of input during web page generation ('cross-si ...)
 	NOT-FOR-US: Microsoft
-CVE-2026-45482 (Improper limitation of a pathname to a restricted directory ('path tra ...)
+CVE-2026-45482 (Initialization of a resource with an insecure default in GitHub Copilo ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-45481 (Improper neutralization of input during web page generation ('cross-si ...)
 	NOT-FOR-US: Microsoft
@@ -8733,7 +8813,7 @@ CVE-2026-45291 (Cloudburst Network provides network components used within Cloud
 	NOT-FOR-US: Cloudburst Network
 CVE-2026-45290 (Cloudburst Network provides network components used within Cloudburst  ...)
 	NOT-FOR-US: Cloudburst Network
-CVE-2026-42824 (Improper neutralization of special elements used in a command ('comman ...)
+CVE-2026-42824 (Missing authentication for critical function in M365 Copilot allows an ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-41567 (Moby is an open source container framework. In versions prior to 29.5. ...)
 	- docker.io <unfixed> (bug #1139965)
@@ -19268,7 +19348,7 @@ CVE-2025-62745 (Improper Neutralization of Input During Web Page Generation ('Cr
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48099
 	- python-wsgidav <itp> (bug #1032213)
-CVE-2026-48715 [Stack Buffer Overflow in radvdump Route Information Option Parser]
+CVE-2026-48715 (radvd is a router advertisement daemon for IPv6. Prior to version 2.21 ...)
 	- radvd <unfixed> (bug #1138049; unimportant)
 	NOTE: https://github.com/radvd-project/radvd/security/advisories/GHSA-52px-gh9p-m379
 	NOTE: Crash in CLI tool, no security impact



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee64c7295e8b299a7914eb84a920fb38a3fc558d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee64c7295e8b299a7914eb84a920fb38a3fc558d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260620/52169a0e/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list