[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 5 20:13:29 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d431c210 by security tracker role at 2026-03-05T20:13:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2026-3598 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in rust ...)
+	TODO: check
+CVE-2026-3459 (The Drag and Drop Multiple File Upload - Contact Form 7 plugin for Wor ...)
+	TODO: check
+CVE-2026-3236 (In affected versions of Octopus Server it was possible to create a new ...)
+	TODO: check
+CVE-2026-3047 (A flaw was found in org.keycloak.broker.saml. When a disabled Security ...)
+	TODO: check
+CVE-2026-3009 (A security flaw in the IdentityBrokerService.performLogin endpoint of  ...)
+	TODO: check
+CVE-2026-30798 (Insufficient Verification of Data Authenticity, Improper Handling of E ...)
+	TODO: check
+CVE-2026-30797 (Missing Authorization vulnerability in rustdesk-client RustDesk Client ...)
+	TODO: check
+CVE-2026-30796 (Cleartext Transmission of Sensitive Information vulnerability in rustd ...)
+	TODO: check
+CVE-2026-30795 (Cleartext Transmission of Sensitive Information vulnerability in rustd ...)
+	TODO: check
+CVE-2026-30794 (Improper Certificate Validation vulnerability in rustdesk-client RustD ...)
+	TODO: check
+CVE-2026-30793 (Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client Rus ...)
+	TODO: check
+CVE-2026-30792 (A vulnerability in rustdesk-client RustDesk Client rustdesk-client on  ...)
+	TODO: check
+CVE-2026-30791 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in rust ...)
+	TODO: check
+CVE-2026-30790 (Improper Restriction of Excessive Authentication Attempts, Use of Pass ...)
+	TODO: check
+CVE-2026-30789 (Authentication Bypass by Capture-replay, Use of Password Hash With Ins ...)
+	TODO: check
+CVE-2026-30785 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
+	TODO: check
+CVE-2026-30784 (Missing Authorization, Missing Authentication for Critical Function vu ...)
+	TODO: check
+CVE-2026-30783 (A vulnerability in rustdesk-client RustDesk Client rustdesk-client on  ...)
+	TODO: check
+CVE-2026-2599 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...)
+	TODO: check
+CVE-2026-29054 (Traefik is an HTTP reverse proxy and load balancer. From version 2.11. ...)
+	TODO: check
+CVE-2026-28790 (OliveTin gives access to predefined shell commands from a web interfac ...)
+	TODO: check
+CVE-2026-28789 (OliveTin gives access to predefined shell commands from a web interfac ...)
+	TODO: check
+CVE-2026-28551 (Race condition vulnerability in the device security management module. ...)
+	TODO: check
+CVE-2026-28549 (Race condition vulnerability in the permission management service.Impa ...)
+	TODO: check
+CVE-2026-28548 (Vulnerability of improper verification in the email application.Impact ...)
+	TODO: check
+CVE-2026-28547 (Vulnerability of uninitialized pointer access in the scanning module.I ...)
+	TODO: check
+CVE-2026-28546 (Buffer overflow vulnerability in the scanning module.Impact: Successfu ...)
+	TODO: check
+CVE-2026-28542 (Permission bypass vulnerability in the system service framework.Impact ...)
+	TODO: check
+CVE-2026-28353 (Trivy Vulnerability Scanner is a VS Code extension that helps find vul ...)
+	TODO: check
+CVE-2026-28350 (lxml_html_clean is a project for HTML cleaning functionalities copied  ...)
+	TODO: check
+CVE-2026-28348 (lxml_html_clean is a project for HTML cleaning functionalities copied  ...)
+	TODO: check
+CVE-2026-28343 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...)
+	TODO: check
+CVE-2026-28342 (OliveTin gives access to predefined shell commands from a web interfac ...)
+	TODO: check
+CVE-2026-28287 (FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16 ...)
+	TODO: check
+CVE-2026-28284 (FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5 ...)
+	TODO: check
+CVE-2026-28277 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
+	TODO: check
+CVE-2026-28223 (Wagtail is an open source content management system built on Django. P ...)
+	TODO: check
+CVE-2026-28222 (Wagtail is an open source content management system built on Django. P ...)
+	TODO: check
+CVE-2026-28210 (FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7 ...)
+	TODO: check
+CVE-2026-28209 (FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16 ...)
+	TODO: check
+CVE-2026-27944 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
+	TODO: check
+CVE-2026-27750 (Avira Internet Security contains a time-of-check time-of-use (TOCTOU)  ...)
+	TODO: check
+CVE-2026-27749 (Avira Internet Security contains a deserialization of untrusted data v ...)
+	TODO: check
+CVE-2026-27748 (Avira Internet Security contains an improper link resolution vulnerabi ...)
+	TODO: check
+CVE-2026-27723 (OpenProject is an open-source, web-based project management software.  ...)
+	TODO: check
+CVE-2026-27023 (Twenty is an open source CRM. Prior to version 1.18, the SSRF protecti ...)
+	TODO: check
+CVE-2026-26999 (Traefik is an HTTP reverse proxy and load balancer. Prior to versions  ...)
+	TODO: check
+CVE-2026-26998 (Traefik is an HTTP reverse proxy and load balancer. Prior to versions  ...)
+	TODO: check
+CVE-2026-26418 (Missing authentication and authorization in the web API of Tata Consul ...)
+	TODO: check
+CVE-2026-26417 (A broken access control vulnerability in the password reset functional ...)
+	TODO: check
+CVE-2026-26416 (An authorization bypass vulnerability in Tata Consultancy Services Cog ...)
+	TODO: check
+CVE-2026-26377 (Cross Site Scripting vulnerability in Koha 25.11 and before allows a r ...)
+	TODO: check
+CVE-2026-26276 (Gogs is an open source self-hosted Git service. Prior to version 0.14. ...)
+	TODO: check
+CVE-2026-26196 (Gogs is an open source self-hosted Git service. Prior to version 0.14. ...)
+	TODO: check
+CVE-2026-26195 (Gogs is an open source self-hosted Git service. Prior to version 0.14. ...)
+	TODO: check
+CVE-2026-26194 (Gogs is an open source self-hosted Git service. Prior to version 0.14. ...)
+	TODO: check
+CVE-2026-26022 (Gogs is an open source self-hosted Git service. Prior to version 0.14. ...)
+	TODO: check
+CVE-2026-25921 (Gogs is an open source self-hosted Git service. Prior to version 0.14. ...)
+	TODO: check
+CVE-2026-25048 (xgrammar is an open-source library for efficient, flexible, and portab ...)
+	TODO: check
+CVE-2026-24457 (An unsafe parsing of OpenMQ's configuration, allows a remote attacker  ...)
+	TODO: check
+CVE-2026-21628 (A improperly secured file management feature allows uploads of dangero ...)
+	TODO: check
+CVE-2026-21621 (Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.He ...)
+	TODO: check
+CVE-2026-1720 (The WowOptin: Next-Gen Popup Maker \u2013 Create Stunning Popups and O ...)
+	TODO: check
+CVE-2026-1605 (In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class Gzi ...)
+	TODO: check
+CVE-2025-7375 (A denial-of-service (DoS) vulnerability was identified in Omada EAP610 ...)
+	TODO: check
+CVE-2025-70616 (A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnB ...)
+	TODO: check
+CVE-2025-70233 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
+	TODO: check
+CVE-2025-70232 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
+	TODO: check
+CVE-2025-70231 (D-Link DIR-513 version 1.10 contains a critical-level vulnerability. W ...)
+	TODO: check
+CVE-2025-70230 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
+	TODO: check
+CVE-2025-70229 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
+	TODO: check
+CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malformed HT ...)
+	TODO: check
+CVE-2025-64166 (Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a ...)
+	TODO: check
+CVE-2025-45691 (An Arbitrary File Read vulnerability exists in the ImageTextPromptValu ...)
+	TODO: check
+CVE-2025-29165 (An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escal ...)
+	TODO: check
+CVE-2025-13476 (Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0\u ...)
+	TODO: check
+CVE-2025-13350 (Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but b ...)
+	TODO: check
+CVE-2025-11143 (The Jetty URI parser has some key differences to other common parsers  ...)
+	TODO: check
+CVE-2024-43035 (Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arb ...)
+	TODO: check
 CVE-2026-3523 (The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injectio ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3072 (The Media Library Assistant plugin for WordPress is vulnerable to unau ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d431c2108dc3f674524175d8a52217323ef686cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d431c2108dc3f674524175d8a52217323ef686cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260305/2d047e8b/attachment.htm>

More information about the debian-security-tracker-commits mailing list