[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 23 08:13:14 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
30e4cee4 by security tracker role at 2026-06-23T07:13:08+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,167 @@
+CVE-2026-8379 (The Frontend File Manager Plugin WordPress plugin through 23.6 does no ...)
+	TODO: check
+CVE-2026-8378 (The Frontend File Manager Plugin WordPress plugin through 23.6 does no ...)
+	TODO: check
+CVE-2026-8172 (The Simple Basic Contact Form WordPress plugin through 20250114 does n ...)
+	TODO: check
+CVE-2026-8163 (The Infility Global WordPress plugin before 2.15.19 does not properly  ...)
+	TODO: check
+CVE-2026-7842 (The Infility Global Infility Global WordPress plugin before 2.15.20 fo ...)
+	TODO: check
+CVE-2026-56698 (Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validat ...)
+	TODO: check
+CVE-2026-56697 (Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol ...)
+	TODO: check
+CVE-2026-56357 (n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability ...)
+	TODO: check
+CVE-2026-56348 (n8n before 2.20.0 contains a credential exfiltration vulnerability in  ...)
+	TODO: check
+CVE-2026-56326 (Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a serve ...)
+	TODO: check
+CVE-2026-56324 (Capgo before 12.128.2 contains a rate limit bypass vulnerability in th ...)
+	TODO: check
+CVE-2026-56323 (Capgo before 12.128.2 contains an information disclosure vulnerability ...)
+	TODO: check
+CVE-2026-56321 (Capgo (backend Supabase edge functions) before 12.128.2 does not apply ...)
+	TODO: check
+CVE-2026-56314 (Capgo before 12.128.12 fails to filter deleted app versions when joini ...)
+	TODO: check
+CVE-2026-56311 (Capgo before 12.128.2 contains an authorization bypass vulnerability i ...)
+	TODO: check
+CVE-2026-56306 (Capgo before 12.128.2 contains a weak parsing vulnerability in the x-l ...)
+	TODO: check
+CVE-2026-56280 (Cap-go before 12.128.2 contains a privilege inversion vulnerability in ...)
+	TODO: check
+CVE-2026-56268 (Flowise before 3.1.2 contains an information disclosure vulnerability  ...)
+	TODO: check
+CVE-2026-56266 (Crawl4AI before 0.8.7 contains a server-side request forgery vulnerabi ...)
+	TODO: check
+CVE-2026-56255 (Capgo before 12.128.2 contains a denial of service vulnerability in th ...)
+	TODO: check
+CVE-2026-56221 (Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities ...)
+	TODO: check
+CVE-2026-55655 (A flaw was found in OpenSSH. A local unprivileged attacker on a Linux  ...)
+	TODO: check
+CVE-2026-55654 (A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds  ...)
+	TODO: check
+CVE-2026-55653 (A flaw was found in OpenSSH. A malicious SSH server can exploit a doub ...)
+	TODO: check
+CVE-2026-55603 (http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 unt ...)
+	TODO: check
+CVE-2026-55599 (phpseclib is a PHP secure communications library. From 0.1.1 until 1.0 ...)
+	TODO: check
+CVE-2026-55409 (Filament is a collection of full-stack components for accelerated Lara ...)
+	TODO: check
+CVE-2026-54911 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
+	TODO: check
+CVE-2026-54651 (pypdf is a free and open-source pure-python PDF library. Prior to 6.13 ...)
+	TODO: check
+CVE-2026-54531 (pypdf is a free and open-source pure-python PDF library. Prior to 6.13 ...)
+	TODO: check
+CVE-2026-54530 (pypdf is a free and open-source pure-python PDF library. Prior to 6.13 ...)
+	TODO: check
+CVE-2026-54281 (Nest is a framework for building scalable Node.js server-side applicat ...)
+	TODO: check
+CVE-2026-54236 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-54235 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-54233 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-54232 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-53923 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-49468 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or  ...)
+	TODO: check
+CVE-2026-49461 (pypdf is a free and open-source pure-python PDF library. Prior to 6.12 ...)
+	TODO: check
+CVE-2026-49460 (pypdf is a free and open-source pure-python PDF library. Prior to 6.12 ...)
+	TODO: check
+CVE-2026-48746 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-48517 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48516 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48515 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48514 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48513 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48512 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48511 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48510 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48509 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48506 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48505 (Filament is a collection of full-stack components for accelerated Lara ...)
+	TODO: check
+CVE-2026-48502 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48500 (Filament is a collection of full-stack components for accelerated Lara ...)
+	TODO: check
+CVE-2026-48167 (Filament is a collection of full-stack components for accelerated Lara ...)
+	TODO: check
+CVE-2026-48166 (Filament is a collection of full-stack components for accelerated Lara ...)
+	TODO: check
+CVE-2026-48109 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
+	TODO: check
+CVE-2026-48067 (Filament is a collection of full-stack components for accelerated Lara ...)
+	TODO: check
+CVE-2026-47242 (Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...)
+	TODO: check
+CVE-2026-47241 (Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...)
+	TODO: check
+CVE-2026-47240 (Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...)
+	TODO: check
+CVE-2026-47155 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-45034 (PhpSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
+	TODO: check
+CVE-2026-44889 (WebOb provides objects for HTTP requests and responses. Prior to 1.8.1 ...)
+	TODO: check
+CVE-2026-44727 (Jupyter Server is the backend for Jupyter web applications. Prior to 2 ...)
+	TODO: check
+CVE-2026-44311 (Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a pote ...)
+	TODO: check
+CVE-2026-44274 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain  ...)
+	TODO: check
+CVE-2026-44273 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain  ...)
+	TODO: check
+CVE-2026-44272 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain  ...)
+	TODO: check
+CVE-2026-44271 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain  ...)
+	TODO: check
+CVE-2026-41523 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-41479 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
+	TODO: check
+CVE-2026-39904 (Gophish through 0.12.1 contains a denial of service vulnerability that ...)
+	TODO: check
+CVE-2026-12866 (All versions of the package expr-eval are vulnerable to Code Execution ...)
+	TODO: check
+CVE-2026-11833 (Overview:  A vulnerability has been found in FAST/TOOLS and CI Server. ...)
+	TODO: check
+CVE-2026-10852 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IB ...)
+	TODO: check
+CVE-2026-10658 (A missing length validation in the Zephyr Bluetooth Host ISO receive p ...)
+	TODO: check
+CVE-2026-10651 (A malformed Bluetooth Classic SDP attribute can trigger a reachable as ...)
+	TODO: check
+CVE-2026-10645 (Zephyr's ext2 directory-entry parser does not fully validate on-disk d ...)
+	TODO: check
+CVE-2025-71358 (picklescan before 0.0.29 fails to detect malicious pickle files that e ...)
+	TODO: check
+CVE-2025-71344 (picklescan before 0.0.30 (affected versions 0.0.26 and earlier) fails  ...)
+	TODO: check
+CVE-2025-71339 (Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran._ ...)
+	TODO: check
 CVE-2026-9610 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9 ...)
 	NOT-FOR-US: IBM
 CVE-2026-9320 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Applic ...)
@@ -1199,7 +1363,7 @@ CVE-2026-55766
 	- php-guzzlehttp-psr7 2.12.1-1
 	[trixie] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
 	NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-vm85-hxw5-5432
-CVE-2026-48931
+CVE-2026-48931 (A flaw in Node.js HTTP Agent can cause a client to accept as valid a r ...)
 	- nodejs 24.17.0+dfsg+~cs24.13.2-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/june-2026-security-releases#http-response-queue-poisoning-via-toctou-race-condition-in-httpagent-cve-2026-48931---low
 	NOTE: https://github.com/nodejs/node/commit/0a22d40180cb796e0d68e94c1a7a8a05a8f47c10 (v22.23.0)
@@ -1245,6 +1409,7 @@ CVE-2026-9158 (In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially craft
 CVE-2026-8811 (SEPPmail versions before 15.0.5 allow improper handling of attachment  ...)
 	NOT-FOR-US: SEPPmail
 CVE-2026-8461 (An out-of-bounds write vulnerability in FFmpeg's libavcodec library, s ...)
+	{DSA-6361-1}
 	- ffmpeg 7:8.1.2-1
 	NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/c23d4da3128c279b714b282e6ec292e8755007e3 (master)
@@ -44835,6 +45000,7 @@ CVE-2026-30999 (A heap buffer overflow in the av_bprint_finalize() function of F
 CVE-2026-30998 (An improper resource deallocation and closure vulnerability in the too ...)
 	NOTE: Bogus CVE assignment for ffmpeg, gets cleaned up by the OS anyway
 CVE-2026-30997 (An out-of-bounds read in the read_global_param() function (libavcodec/ ...)
+	{DSA-6361-1}
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	[bullseye] - ffmpeg <postponed> (Minor issue)
@@ -49122,7 +49288,7 @@ CVE-2026-34986 (Go JOSE provides an implementation of the Javascript Object Sign
 	NOTE: https://github.com/go-jose/go-jose/commit/02464163e1e891db85257cb8860978a1c0226016 (v3.0.5)
 CVE-2026-34981 (The whisperX API is a tool for enhancing and analyzing audio content.  ...)
 	NOT-FOR-US: whisperX API
-CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2. ...)
+CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. In versions 3 ...)
 	NOT-FOR-US: AperiSolve
 CVE-2026-34976 (Dgraph is an open source distributed GraphQL database. Prior to 25.3.1 ...)
 	NOT-FOR-US: Dgraph
@@ -202566,7 +202732,7 @@ CVE-2025-25054 (Movable Type contains a reflected cross-site scripting vulnerabi
 CVE-2025-24841 (Movable Type contains a stored cross-site scripting vulnerability in t ...)
 	- movabletype-opensource <removed>
 CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a seg ...)
-	{DLA-4073-1}
+	{DSA-6361-1 DLA-4073-1}
 	- ffmpeg 7:8.0.1-2
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://trac.ffmpeg.org/ticket/11393



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4cee46a90cdb3866580dff2c04fc6bc10b61c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30e4cee46a90cdb3866580dff2c04fc6bc10b61c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260623/c4787d02/attachment.htm>


More information about the debian-security-tracker-commits mailing list