[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 3 08:13:31 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2148c859 by security tracker role at 2026-03-03T08:13:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,49 @@
+CVE-2026-3455 (Versions of the package mailparser before 3.9.3 are vulnerable to Cros ...)
+	TODO: check
+CVE-2026-3449 (Versions of the package @tootallnate/once before 3.0.1 are vulnerable  ...)
+	TODO: check
+CVE-2026-3338 (Improper signature validation in PKCS7_verify() in AWS-LC allows an un ...)
+	TODO: check
+CVE-2026-3337 (Observable timing discrepancy in AES-CCM decryption in AWS-LC allows a ...)
+	TODO: check
+CVE-2026-3336 (Improper certificate validation in PKCS7_verify() in AWS-LC allows an  ...)
+	TODO: check
+CVE-2026-2628 (The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin fo ...)
+	TODO: check
+CVE-2026-2583 (The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
+	TODO: check
+CVE-2026-2448 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable to L ...)
+	TODO: check
+CVE-2026-2269 (The Uncanny Automator \u2013 Easy Automation, Integration, Webhooks &  ...)
+	TODO: check
+CVE-2026-2256 (A command injection vulnerability in ModelScope's ms-agent versions v1 ...)
+	TODO: check
+CVE-2026-20801 (Cleartext Transmission of Sensitive Information (CWE-319) ina componen ...)
+	TODO: check
+CVE-2026-20757 (Improper Lockingvulnerability (CWE-667) inGallagher Morpho integration ...)
+	TODO: check
+CVE-2026-1876 (Improper Resource Shutdown or Release vulnerability in Mitsubishi Elec ...)
+	TODO: check
+CVE-2026-1875 (Improper Resource Shutdown or Release vulnerability in Mitsubishi Elec ...)
+	TODO: check
+CVE-2026-1874 (Always-Incorrect Control Flow Implementation vulnerability in Mitsubis ...)
+	TODO: check
+CVE-2026-1566 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
+	TODO: check
+CVE-2026-1492 (The User Registration & Membership \u2013 Custom Registration Form Bui ...)
+	TODO: check
+CVE-2026-1487 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
+	TODO: check
+CVE-2026-1336 (The AI ChatBot with ChatGPT and Content Generator by AYS plugin for Wo ...)
+	TODO: check
+CVE-2026-0754 (An embedded test key and certificate could be extracted from a Poly Vo ...)
+	TODO: check
+CVE-2025-47147 (Cleartext Storage of Sensitive Information (CWE-312) in the Command Ce ...)
+	TODO: check
+CVE-2025-15595 (Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier  ...)
+	TODO: check
+CVE-2025-12345 (A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1 ...)
+	TODO: check
 CVE-2026-3442
 	- binutils <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443828
@@ -31306,7 +31352,7 @@ CVE-2025-11009 (Cleartext Storage of Sensitive Information vulnerability in Mits
 CVE-2025-0852
 	REJECTED
 CVE-2025-14180 (In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...)
-	{DSA-6088-1}
+	{DSA-6154-1 DSA-6088-1}
 	- php8.4 8.4.16-1 (bug #1123574)
 	- php8.2 <removed>
 	- php7.4 <not-affected> (Vulnerable code introduced later)
@@ -31314,7 +31360,7 @@ CVE-2025-14180 (In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.*
 	NOTE: Fixed by: https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86 (php-8.4.16)
 	NOTE: Introduced by: https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86 (php-8.1.0RC1)
 CVE-2025-14178 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...)
-	{DSA-6088-1 DLA-4447-1}
+	{DSA-6154-1 DSA-6088-1 DLA-4447-1}
 	- php8.4 8.4.16-1 (bug #1123574)
 	- php8.2 <removed>
 	- php7.4 <removed>
@@ -31322,7 +31368,7 @@ CVE-2025-14178 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.*
 	NOTE: Fixed by: https://github.com/php/php-src/commit/e6d7d34c1ae46281993036189e3bcb6528911ce8 (php-8.4.16)
 	NOTE: Introduced by: https://github.com/php/php-src/commit/a08723d3d313445191470c19e12235a56165600a (php-7.2.0RC1)
 CVE-2025-14177 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...)
-	{DSA-6088-1}
+	{DSA-6154-1 DSA-6088-1}
 	- php8.4 8.4.16-1 (bug #1123574)
 	- php8.2 <removed>
 	- php7.4 <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2148c859f6a08c057db3c1d6839ecc1ca2638287

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2148c859f6a08c057db3c1d6839ecc1ca2638287
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260303/fc65b9d3/attachment.htm>

More information about the debian-security-tracker-commits mailing list