[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 26 20:13:55 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1f7b7ef8 by security tracker role at 2026-06-26T19:13:48+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,448 @@
-CVE-2026-11702
+CVE-2026-9699 (Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sa ...)
+	TODO: check
+CVE-2026-9640 (A privilege escalation vulnerability exists in LXD from 6.0 before 6.9 ...)
+	TODO: check
+CVE-2026-9639 (Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to v ...)
+	TODO: check
+CVE-2026-6658 (A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cro ...)
+	TODO: check
+CVE-2026-5757 (Unauthenticated remote information disclosure vulnerability in Ollama' ...)
+	TODO: check
+CVE-2026-57940 (HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF) vulnerabilit ...)
+	TODO: check
+CVE-2026-57926 (In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vu ...)
+	TODO: check
+CVE-2026-57925 (In JetBrains YouTrack before 2026.2.16593 improper access control allo ...)
+	TODO: check
+CVE-2026-57924 (In JetBrains YouTrack before 2026.2.16593 default role configuration e ...)
+	TODO: check
+CVE-2026-57923 (In JetBrains YouTrack before 2026.2.16593 improper authorisation in th ...)
+	TODO: check
+CVE-2026-57922 (In JetBrains YouTrack before 2026.2.16593 project settings disclosure  ...)
+	TODO: check
+CVE-2026-57921 (In JetBrains YouTrack before 2026.2.16593 improper access control allo ...)
+	TODO: check
+CVE-2026-57920 (Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a s ...)
+	TODO: check
+CVE-2026-57918 (libnfs through 6.0.2 before 935b8db has an xid integer underflow in RE ...)
+	TODO: check
+CVE-2026-57915 (It is possible to bypass the Kerberos pre-authentication check in Apac ...)
+	TODO: check
+CVE-2026-57914 (By sending a deeply nested ASN1 structure to a Apache Kerby client or  ...)
+	TODO: check
+CVE-2026-57913 (Johnson & Johnson Audit Tracking Management System (ATMS) before 2026- ...)
+	TODO: check
+CVE-2026-57912 (Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing o ...)
+	TODO: check
+CVE-2026-57881 (An unauthenticated stack-based buffer overflow vulnerability exists in ...)
+	TODO: check
+CVE-2026-57880 (An unauthenticated stack-based buffer overflow vulnerability exists in ...)
+	TODO: check
+CVE-2026-57879 (An unauthenticated stack-based buffer overflow vulnerability exists in ...)
+	TODO: check
+CVE-2026-57878 (An unauthenticated stack-based buffer overflow vulnerability exists in ...)
+	TODO: check
+CVE-2026-57877 (An unauthenticated format string vulnerability exists in vlsvr in GeoV ...)
+	TODO: check
+CVE-2026-57876 (An unauthenticated out-of-bounds write vulnerability exists in onvif.c ...)
+	TODO: check
+CVE-2026-57875 (An unauthenticated NULL pointer dereference vulnerability exists in th ...)
+	TODO: check
+CVE-2026-57874 (An unauthenticated buffer overflow vulnerability exists in IEEE8021x_u ...)
+	TODO: check
+CVE-2026-57873 (An unauthenticated NULL pointer dereference vulnerability exists in IE ...)
+	TODO: check
+CVE-2026-57872 (An unauthenticated directory traversal vulnerability exists in get_fco ...)
+	TODO: check
+CVE-2026-57667 (Sales Representative SQL Injection in Groundhogg <= 4.5 versions.)
+	TODO: check
+CVE-2026-57665 (Unauthenticated Insecure Direct Object References (IDOR) in GravityVie ...)
+	TODO: check
+CVE-2026-57664 (Unauthenticated Sensitive Data Exposure in Bopo \u2013 WooCommerce Pro ...)
+	TODO: check
+CVE-2026-57663 (Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip  ...)
+	TODO: check
+CVE-2026-57662 (Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.)
+	TODO: check
+CVE-2026-57661 (Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.)
+	TODO: check
+CVE-2026-57660 (Unauthenticated Broken Access Control in Booking and Rental Manager <= ...)
+	TODO: check
+CVE-2026-57659 (Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships  ...)
+	TODO: check
+CVE-2026-57658 (Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions ...)
+	TODO: check
+CVE-2026-57657 (Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2 ...)
+	TODO: check
+CVE-2026-57656 (Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.)
+	TODO: check
+CVE-2026-57655 (Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizar ...)
+	TODO: check
+CVE-2026-57654 (Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versio ...)
+	TODO: check
+CVE-2026-57653 (Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.)
+	TODO: check
+CVE-2026-57652 (Unauthenticated Insecure Direct Object References (IDOR) in JS Help De ...)
+	TODO: check
+CVE-2026-57651 (Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.)
+	TODO: check
+CVE-2026-57650 (Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 ver ...)
+	TODO: check
+CVE-2026-57649 (Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versi ...)
+	TODO: check
+CVE-2026-57648 (Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.)
+	TODO: check
+CVE-2026-57647 (Contributor Local File Inclusion in Panorama Viewer \u2013 360 Degree  ...)
+	TODO: check
+CVE-2026-57646 (Subscriber Insecure Direct Object References (IDOR) in Majestic Suppor ...)
+	TODO: check
+CVE-2026-57645 (newsletters_subscribers Broken Access Control in Newsletters <= 4.13 v ...)
+	TODO: check
+CVE-2026-57644 (Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 ve ...)
+	TODO: check
+CVE-2026-57643 (Contributor SQL Injection in WP Post Author <= 3.9.1 versions.)
+	TODO: check
+CVE-2026-57642 (Contributor SQL Injection in Gallery  <= 4.7.8 versions.)
+	TODO: check
+CVE-2026-57641 (Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <=  ...)
+	TODO: check
+CVE-2026-57640 (Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions ...)
+	TODO: check
+CVE-2026-57638 (Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 vers ...)
+	TODO: check
+CVE-2026-57637 (Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Li ...)
+	TODO: check
+CVE-2026-57636 (Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.)
+	TODO: check
+CVE-2026-57635 (Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment ...)
+	TODO: check
+CVE-2026-57634 (Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 ...)
+	TODO: check
+CVE-2026-57633 (Unauthenticated Sensitive Data Exposure in WCBoost – Products Co ...)
+	TODO: check
+CVE-2026-57632 (Subscriber Broken Access Control in Email Marketing for WooCommerce by ...)
+	TODO: check
+CVE-2026-57631 (Administrator SQL Injection in Popup box <= 6.0.1 versions.)
+	TODO: check
+CVE-2026-57630 (Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Co ...)
+	TODO: check
+CVE-2026-57629 (Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 version ...)
+	TODO: check
+CVE-2026-57628 (Administrator SQL Injection in WP All Import <= 4.0.1 versions.)
+	TODO: check
+CVE-2026-57627 (Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versi ...)
+	TODO: check
+CVE-2026-57622 (Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.)
+	TODO: check
+CVE-2026-57620 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2026-57618 (Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.)
+	TODO: check
+CVE-2026-57617 (Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versio ...)
+	TODO: check
+CVE-2026-57527 (Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an i ...)
+	TODO: check
+CVE-2026-57518 (Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that  ...)
+	TODO: check
+CVE-2026-57473 (A vulnerability exists in the netclient and factory services of Reolin ...)
+	TODO: check
+CVE-2026-57431 (Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.)
+	TODO: check
+CVE-2026-57430 (Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.)
+	TODO: check
+CVE-2026-57325 (Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.)
+	TODO: check
+CVE-2026-57324 (Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.)
+	TODO: check
+CVE-2026-57323 (Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 ...)
+	TODO: check
+CVE-2026-57322 (Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions ...)
+	TODO: check
+CVE-2026-57321 (Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.)
+	TODO: check
+CVE-2026-57319 (Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.)
+	TODO: check
+CVE-2026-57318 (Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.)
+	TODO: check
+CVE-2026-57317 (Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointm ...)
+	TODO: check
+CVE-2026-57316 (Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions.)
+	TODO: check
+CVE-2026-57315 (Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2. ...)
+	TODO: check
+CVE-2026-57314 (Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versio ...)
+	TODO: check
+CVE-2026-57313 (Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.)
+	TODO: check
+CVE-2026-57312 (Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 v ...)
+	TODO: check
+CVE-2026-57231 (Podman is a tool for managing OCI containers and pods. From 1.8.1 unti ...)
+	TODO: check
+CVE-2026-56876 (extract-zip does not validate symlink targets when extracting zip arch ...)
+	TODO: check
+CVE-2026-56823 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
+	TODO: check
+CVE-2026-56773 (Teable's v2 REST API controller lacks @Permissions metadata on ORPC en ...)
+	TODO: check
+CVE-2026-56663 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
+	TODO: check
+CVE-2026-56072 (Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versio ...)
+	TODO: check
+CVE-2026-56070 (Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versi ...)
+	TODO: check
+CVE-2026-56069 (Unauthenticated Insecure Direct Object References (IDOR) in Toolset Fo ...)
+	TODO: check
+CVE-2026-56068 (Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.)
+	TODO: check
+CVE-2026-56067 (Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.)
+	TODO: check
+CVE-2026-56066 (Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images  ...)
+	TODO: check
+CVE-2026-56064 (Subscriber SQL Injection in Tourfic <= 2.22.5 versions.)
+	TODO: check
+CVE-2026-56063 (Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 ver ...)
+	TODO: check
+CVE-2026-56062 (Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.)
+	TODO: check
+CVE-2026-56061 (Unauthenticated Broken Access Control in Subscriptions for WooCommerce ...)
+	TODO: check
+CVE-2026-56060 (Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery No ...)
+	TODO: check
+CVE-2026-56059 (Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.)
+	TODO: check
+CVE-2026-56058 (Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.)
+	TODO: check
+CVE-2026-56057 (Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 ve ...)
+	TODO: check
+CVE-2026-56055 (Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.)
+	TODO: check
+CVE-2026-56048 (Unauthenticated Insecure Direct Object References (IDOR) in Payment Ga ...)
+	TODO: check
+CVE-2026-56047 (Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 ver ...)
+	TODO: check
+CVE-2026-56046 (Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions ...)
+	TODO: check
+CVE-2026-56045 (Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 vers ...)
+	TODO: check
+CVE-2026-56044 (Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 ver ...)
+	TODO: check
+CVE-2026-56043 (Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for Woo ...)
+	TODO: check
+CVE-2026-56041 (Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2 ...)
+	TODO: check
+CVE-2026-56040 (Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 ...)
+	TODO: check
+CVE-2026-56039 (Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= ...)
+	TODO: check
+CVE-2026-56038 (Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.)
+	TODO: check
+CVE-2026-56036 (Unauthenticated SQL Injection in \uc6cc\ub4dc\ud504\ub808\uc2a4 \uacb0 ...)
+	TODO: check
+CVE-2026-56035 (Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3  ...)
+	TODO: check
+CVE-2026-56034 (Unauthenticated SQL Injection in Library Management System <= 3.5.7 ve ...)
+	TODO: check
+CVE-2026-56033 (Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.)
+	TODO: check
+CVE-2026-56032 (Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 version ...)
+	TODO: check
+CVE-2026-56031 (Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 v ...)
+	TODO: check
+CVE-2026-56030 (Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.)
+	TODO: check
+CVE-2026-56029 (Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment ...)
+	TODO: check
+CVE-2026-56028 (Unauthenticated Privilege Escalation in Easy Elements for Elementor &# ...)
+	TODO: check
+CVE-2026-56027 (Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 ver ...)
+	TODO: check
+CVE-2026-56026 (Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 ve ...)
+	TODO: check
+CVE-2026-56025 (Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1 ...)
+	TODO: check
+CVE-2026-56011 (Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPr ...)
+	TODO: check
+CVE-2026-56010 (Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce  ...)
+	TODO: check
+CVE-2026-56008 (Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.)
+	TODO: check
+CVE-2026-55686 (Podman is a tool for managing OCI containers and pods. From 3.0.0 unti ...)
+	TODO: check
+CVE-2026-55677 (Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router a ...)
+	TODO: check
+CVE-2026-55448 (mise manages dev tools like node, python, cmake, and terraform. From 2 ...)
+	TODO: check
+CVE-2026-55441 (mise manages dev tools like node, python, cmake, and terraform. Prior  ...)
+	TODO: check
+CVE-2026-54847 (Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8. ...)
+	TODO: check
+CVE-2026-54846 (Unauthenticated Broken Access Control in Syncee Premium Dropshipping & ...)
+	TODO: check
+CVE-2026-54840 (Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.)
+	TODO: check
+CVE-2026-54839 (Unauthenticated Sensitive Data Exposure in Trinity Backup – Back ...)
+	TODO: check
+CVE-2026-54837 (Unauthenticated Broken Access Control in Intranet & Private Site & ...)
+	TODO: check
+CVE-2026-54835 (Unauthenticated Broken Access Control in Five Star Restaurant Menu <=  ...)
+	TODO: check
+CVE-2026-54834 (Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <=  ...)
+	TODO: check
+CVE-2026-54833 (Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.)
+	TODO: check
+CVE-2026-54832 (Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 ...)
+	TODO: check
+CVE-2026-54831 (Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.)
+	TODO: check
+CVE-2026-54827 (Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.)
+	TODO: check
+CVE-2026-54826 (Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= ...)
+	TODO: check
+CVE-2026-54825 (Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.)
+	TODO: check
+CVE-2026-54824 (Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 ver ...)
+	TODO: check
+CVE-2026-54820 (Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.)
+	TODO: check
+CVE-2026-54753 (Nx is a monorepo solution for TypeScript and polyglot codebases. From  ...)
+	TODO: check
+CVE-2026-54636 (Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utili ...)
+	TODO: check
+CVE-2026-54557 (mise manages dev tools like node, python, cmake, and terraform. Prior  ...)
+	TODO: check
+CVE-2026-54341 (Dragonfly is an in-memory data store built for modern application work ...)
+	TODO: check
+CVE-2026-53914 (In JetBrains Kotlin before 2.4.20 code execution was possible via unsa ...)
+	TODO: check
+CVE-2026-52701 (Unauthenticated Broken Access Control in User Registration <= 5.2.2 ve ...)
+	TODO: check
+CVE-2026-4339 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 1 ...)
+	TODO: check
+CVE-2026-49486 (The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ft ...)
+	TODO: check
+CVE-2026-48743 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-48706 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-48529 (GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1 ...)
+	TODO: check
+CVE-2026-48497 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-48090 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-48044 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-48042 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-47778 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-47775 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-47692 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-47221 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-47220 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-47214 (Docling simplifies document processing by parsing diverse formats and  ...)
+	TODO: check
+CVE-2026-47207 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-47206 (Dragonfly is an in-memory data store built for modern application work ...)
+	TODO: check
+CVE-2026-47205 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-47204 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
+	TODO: check
+CVE-2026-45408 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validati ...)
+	TODO: check
+CVE-2026-45407 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command  ...)
+	TODO: check
+CVE-2026-45406 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts  ...)
+	TODO: check
+CVE-2026-45405 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive  ...)
+	TODO: check
+CVE-2026-45257 (The KTLS receive path decrypted each record in place, assuming that th ...)
+	TODO: check
+CVE-2026-45256 (When used to deliver a signal to a specific thread, thr_kill2(2) calle ...)
+	TODO: check
+CVE-2026-45195 (Kernel software installed and running inside a Host VM may post improp ...)
+	TODO: check
+CVE-2026-44018 (Docling simplifies document processing by parsing diverse formats and  ...)
+	TODO: check
+CVE-2026-40711 (Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0 ...)
+	TODO: check
+CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 1 ...)
+	TODO: check
+CVE-2026-33646 (mise manages dev tools like node, python, cmake, and terraform. Prior  ...)
+	TODO: check
+CVE-2026-30041 (An integer overflow in the PSD parser compnent of FastStone Image View ...)
+	TODO: check
+CVE-2026-30040 (A heap overflow in the FSViewer.exe process of FastStone Image Viewer  ...)
+	TODO: check
+CVE-2026-2053 (The WSO2 API Manager's message flow component, when processing WS-Addr ...)
+	TODO: check
+CVE-2026-28385 (In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forg ...)
+	TODO: check
+CVE-2026-24547 (Unauthenticated Broken Access Control in SiteGround Email Marketing <= ...)
+	TODO: check
+CVE-2026-21734 (A web page that contains unusual GPU shader code is loaded into the GP ...)
+	TODO: check
+CVE-2026-1869 (The User Registration & Membership \u2013 Free & Paid Memberships, Sub ...)
+	TODO: check
+CVE-2026-13434 (A flaw was found in KubeVirt's network annotation generator. When a te ...)
+	TODO: check
+CVE-2026-13426 (The Mattermost Go module github.com/mattermost/mattermost/server/publi ...)
+	TODO: check
+CVE-2026-13372 (Incorrect link resolution by display name in the custom PowerShell VPN ...)
+	TODO: check
+CVE-2026-13325 (A flaw was found in KubeVirt's migration proxy. When spec.configuratio ...)
+	TODO: check
+CVE-2026-12411 (Broken Access Control in the devLXDInstancePatchHandler component of C ...)
+	TODO: check
+CVE-2026-11779 (An Improper Authorization vulnerability exists in PayloadCMS version 3 ...)
+	TODO: check
+CVE-2026-0828 (Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x ...)
+	TODO: check
+CVE-2026-0685 (Server side template inject (SSTI) in the expression evaluation compon ...)
+	TODO: check
+CVE-2025-7958 (A Code Injection vulnerability existed in Trellix Network Security CM  ...)
+	TODO: check
+CVE-2025-68075 (Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 ve ...)
+	TODO: check
+CVE-2025-68074 (Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 v ...)
+	TODO: check
+CVE-2025-68064 (Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.)
+	TODO: check
+CVE-2025-68063 (Contributor Local File Inclusion in Splash - Sport Club WordPress Them ...)
+	TODO: check
+CVE-2025-68052 (Unauthenticated Cross Site Request Forgery (CSRF) in Eagle Booking <=  ...)
+	TODO: check
+CVE-2025-66123 (Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= ...)
+	TODO: check
+CVE-2025-64637 (Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.)
+	TODO: check
+CVE-2025-64636 (Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 ...)
+	TODO: check
+CVE-2025-64152 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-63079 (Contributor Broken Access Control in Live Copy Paste for Elementor <=  ...)
+	TODO: check
+CVE-2025-63078 (Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2. ...)
+	TODO: check
+CVE-2025-63041 (Contributor Broken Access Control in Forget About Shortcode Buttons <= ...)
+	TODO: check
+CVE-2025-55017 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+	TODO: check
+CVE-2025-32423 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
+	TODO: check
+CVE-2025-32394 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
+	TODO: check
+CVE-2025-11919 (The default JVM can access files and directories under `/tmp/` includi ...)
+	TODO: check
+CVE-2026-11702 (Bytes::Random::Secure::Tiny versions through 1.011 for Perl share inte ...)
 	NOT-FOR-US: Bytes::Random::Secure::Tiny Perl module
-CVE-2026-11625
+CVE-2026-11625 (Bytes::Random::Secure versions through 0.29 for Perl share internal st ...)
 	- libbytes-random-secure-perl 0.29-4
 	[trixie] - libbytes-random-secure-perl <no-dsa> (Minor issue; will be fixed via point release)
 	[bookworm] - libbytes-random-secure-perl <no-dsa> (Minor issue; will be fixed via point release)
@@ -196,7 +638,7 @@ CVE-2026-10512 (The X25519 x86_64 assembly implementation fails to clear the mos
 	TODO: check
 CVE-2026-10098 (OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_s ...)
 	TODO: check
-CVE-2026-10097 (ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamot ...)
+CVE-2026-10097 (wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compar ...)
 	TODO: check
 CVE-2025-71340 (picklescan through 0.0.26 fails to detect malicious pickle files that  ...)
 	TODO: check
@@ -29420,7 +29862,7 @@ CVE-2026-44432 (urllib3 is an HTTP client library for Python. From 2.6.0 to befo
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j
 	NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a (2.7.0)
 CVE-2026-44431 (urllib3 is an HTTP client library for Python. From 1.23 to before 2.7. ...)
-	{DSA-6363-1}
+	{DSA-6363-1 DLA-4651-1}
 	- python-urllib3 <unfixed> (bug #1136653)
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc
 	NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc (2.7.0)
@@ -30663,7 +31105,7 @@ CVE-2026-44411 (A vulnerability has been identified in Solid Edge SE2026 (All ve
 	NOT-FOR-US: Siemens
 CVE-2026-44343 (WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there ar ...)
 	NOT-FOR-US: WGDashboard
-CVE-2026-44279 (A improper export of android application components vulnerability in F ...)
+CVE-2026-44279 (An improper export of android application components vulnerability in  ...)
 	NOT-FOR-US: Fortinet
 CVE-2026-44278 (A use of hard-coded cryptographic key vulnerability in Fortinet FortiC ...)
 	NOT-FOR-US: Fortinet
@@ -46914,7 +47356,7 @@ CVE-2026-23776 (Dell PowerProtect Data Domain with Data Domain Operating System
 	NOT-FOR-US: Dell / EMC
 CVE-2026-23775 (Dell PowerProtect Data Domain appliances with Data Domain Operating Sy ...)
 	NOT-FOR-US: Dell / EMC
-CVE-2026-21733 (Vulnerability in Imagination Technologies Graphics DDK on Linux, Andro ...)
+CVE-2026-21733 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2026-21709 (A vulnerability allowing a local attacker with administrator privilege ...)
 	NOT-FOR-US: Veeam
@@ -402610,8 +403052,7 @@ CVE-2023-20574
 	RESERVED
 CVE-2023-20573 (A privileged attacker can prevent delivery of debug exceptions to SEV- ...)
 	NOT-FOR-US: AMD
-CVE-2023-20572
-	RESERVED
+CVE-2023-20572 (An observable timing discrepancy in the ASP could allow a privileged a ...)
 	NOT-FOR-US: AMD
 CVE-2023-20571 (A race condition in System Management Mode (SMM) code may allow an att ...)
 	NOT-FOR-US: AMD
@@ -402695,8 +403136,7 @@ CVE-2023-20542
 	RESERVED
 CVE-2023-20541
 	RESERVED
-CVE-2023-20540
-	RESERVED
+CVE-2023-20540 (An observable timing discrepancy in the ASP could allow a privileged a ...)
 	NOT-FOR-US: AMD
 CVE-2023-20539
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7b7ef8fd7688272960f3d1839381f40fca9482

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f7b7ef8fd7688272960f3d1839381f40fca9482
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260626/bbcd4a5d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list