[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 6 20:14:08 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
92375c04 by security tracker role at 2026-03-06T20:13:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,183 @@
+CVE-2026-3653
+ REJECTED
+CVE-2026-3589 (The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does no ...)
+ TODO: check
+CVE-2026-3419 (Fastify incorrectly accepts malformed `Content-Type` headers containin ...)
+ TODO: check
+CVE-2026-30847 (Wekan is an open source kanban tool built with Meteor. In versions 8.3 ...)
+ TODO: check
+CVE-2026-30846 (Wekan is an open source kanban tool built with Meteor. In versions 8.3 ...)
+ TODO: check
+CVE-2026-30845 (Wekan is an open source kanban tool built with Meteor. In versions 8.3 ...)
+ TODO: check
+CVE-2026-30844 (Wekan is an open source kanban tool built with Meteor. Versions 8.32 a ...)
+ TODO: check
+CVE-2026-30843 (Wekan is an open source kanban tool built with Meteor. Versions 8.32 a ...)
+ TODO: check
+CVE-2026-30833 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+ TODO: check
+CVE-2026-30831 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+ TODO: check
+CVE-2026-2754 (Navtor NavBox exposes sensitive configuration and operational data due ...)
+ TODO: check
+CVE-2026-2753 (An Absolute Path Traversal vulnerability exists in Navtor NavBox. The ...)
+ TODO: check
+CVE-2026-2752 (Navtor NavBox allows information disclosure via the /api/ais-data endp ...)
+ TODO: check
+CVE-2026-29783 (The shell tool within GitHub Copilot CLI versions prior to and includi ...)
+ TODO: check
+CVE-2026-29178 (Lemmy, a link aggregator and forum for the fediverse, is vulnerable to ...)
+ TODO: check
+CVE-2026-29110 (Cryptomator encrypts data being stored on cloud infrastructure. Prior ...)
+ TODO: check
+CVE-2026-29091 (Locutus brings stdlibs of other programming languages to JavaScript fo ...)
+ TODO: check
+CVE-2026-29089 (TimescaleDB is a time-series database for high-performance real-time a ...)
+ TODO: check
+CVE-2026-29087 (@hono/node-server allows running the Hono application on Node.js. Prio ...)
+ TODO: check
+CVE-2026-29082 (Kestra is an event-driven orchestration platform. In versions from 1.1 ...)
+ TODO: check
+CVE-2026-29075 (Mesa is an open-source Python library for agent-based modeling, simula ...)
+ TODO: check
+CVE-2026-29064 (Zarf is an Airgap Native Packager Manager for Kubernetes. From version ...)
+ TODO: check
+CVE-2026-29063 (Immutable.js provides many Persistent Immutable data structures. Prior ...)
+ TODO: check
+CVE-2026-28514 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
+ TODO: check
+CVE-2026-28106 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in K ...)
+ TODO: check
+CVE-2026-28080 (Missing Authorization vulnerability in Rank Math Rank Math SEO PRO all ...)
+ TODO: check
+CVE-2026-27777 (Charging station authentication identifiers are publicly accessible vi ...)
+ TODO: check
+CVE-2026-27764 (The WebSocket backend uses charging station identifiers to uniquely as ...)
+ TODO: check
+CVE-2026-27123
+ REJECTED
+CVE-2026-27027 (Charging station authentication identifiers are publicly accessible vi ...)
+ TODO: check
+CVE-2026-26288 (WebSocket endpoints lack proper authentication mechanisms, enabling at ...)
+ TODO: check
+CVE-2026-26051 (WebSocket endpoints lack proper authentication mechanisms, enabling at ...)
+ TODO: check
+CVE-2026-26018 (CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, ...)
+ TODO: check
+CVE-2026-26017 (CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, ...)
+ TODO: check
+CVE-2026-24696 (The WebSocket Application Programming Interface lacks restrictions on ...)
+ TODO: check
+CVE-2026-23925 (An authenticated Zabbix user (User role) with template/host write perm ...)
+ TODO: check
+CVE-2026-20882 (The WebSocket Application Programming Interface lacks restrictions on ...)
+ TODO: check
+CVE-2026-20748 (The WebSocket backend uses charging station identifiers to uniquely as ...)
+ TODO: check
+CVE-2026-1799
+ REJECTED
+CVE-2026-1468 (QuickCMS is vulnerable to Cross-Site Request Forgery across multiple e ...)
+ TODO: check
+CVE-2025-70363 (Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Pla ...)
+ TODO: check
+CVE-2025-69654 (A crafted JavaScript input executed with the QuickJS release 2025-09-1 ...)
+ TODO: check
+CVE-2025-69653 (A crafted JavaScript input can trigger an internal assertion failure i ...)
+ TODO: check
+CVE-2025-69652 (GNU Binutils thru 2.46 readelf contains a vulnerability that leads to ...)
+ TODO: check
+CVE-2025-69651 (GNU Binutils thru 2.46 readelf contains a vulnerability that leads to ...)
+ TODO: check
+CVE-2025-69650 (GNU Binutils thru 2.46 readelf contains a double free vulnerability wh ...)
+ TODO: check
+CVE-2025-69649 (GNU Binutils thru 2.46 readelf contains a null pointer dereference vul ...)
+ TODO: check
+CVE-2025-69646 (Binutils objdump contains a denial-of-service vulnerability when proce ...)
+ TODO: check
+CVE-2025-69645 (Binutils objdump contains a denial-of-service vulnerability when proce ...)
+ TODO: check
+CVE-2025-69644 (An issue was discovered in Binutils before 2.46. The objdump contains ...)
+ TODO: check
+CVE-2025-15602 (Snipe-IT versions prior to 8.3.7 contain sensitive user attributes rel ...)
+ TODO: check
+CVE-2024-35644 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2022-4947
+ REJECTED
+CVE-2018-25200 (OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability t ...)
+ TODO: check
+CVE-2018-25199 (OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow una ...)
+ TODO: check
+CVE-2018-25198 (eToolz 3.4.8.0 contains a denial of service vulnerability that allows ...)
+ TODO: check
+CVE-2018-25197 (PlayJoom 0.10.1 contains an SQL injection vulnerability that allows un ...)
+ TODO: check
+CVE-2018-25196 (ServerZilla 1.0 contains an SQL injection vulnerability that allows un ...)
+ TODO: check
+CVE-2018-25194 (Nominas 0.27 contains an SQL injection vulnerability that allows unaut ...)
+ TODO: check
+CVE-2018-25193 (Mongoose Web Server 6.9 contains a denial of service vulnerability tha ...)
+ TODO: check
+CVE-2018-25192 (GPS Tracking System 2.12 contains an SQL injection vulnerability that ...)
+ TODO: check
+CVE-2018-25191 (Facturation System 1.0 contains an SQL injection vulnerability that al ...)
+ TODO: check
+CVE-2018-25190 (Easyndexer 1.0 contains a cross-site request forgery vulnerability tha ...)
+ TODO: check
+CVE-2018-25189 (Data Center Audit 2.6.2 contains an SQL injection vulnerability in the ...)
+ TODO: check
+CVE-2018-25188 (Webiness Inventory 2.3 contains an SQL injection vulnerability that al ...)
+ TODO: check
+CVE-2018-25187 (Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthent ...)
+ TODO: check
+CVE-2018-25186 (Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability ...)
+ TODO: check
+CVE-2018-25184 (Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability tha ...)
+ TODO: check
+CVE-2018-25182 (Silurus Classifieds Script 2.0 contains an SQL injection vulnerability ...)
+ TODO: check
+CVE-2018-25181 (Musicco 2.0.0 contains a path traversal vulnerability that allows unau ...)
+ TODO: check
+CVE-2018-25180 (Maitra 1.7.2 contains an sql injection vulnerability that allows authe ...)
+ TODO: check
+CVE-2018-25179 (Gumbo CMS 0.99 contains an SQL injection vulnerability that allows una ...)
+ TODO: check
+CVE-2018-25178 (Easyndexer 1.0 contains an arbitrary file download vulnerability that ...)
+ TODO: check
+CVE-2018-25177 (Data Center Audit 2.6.2 contains a cross-site request forgery vulnerab ...)
+ TODO: check
+CVE-2018-25176 (Alive Parish 2.0.4 contains an SQL injection vulnerability that allows ...)
+ TODO: check
+CVE-2018-25175 (Alienor Web Libre 2.0 contains an SQL injection vulnerability that all ...)
+ TODO: check
+CVE-2018-25174 (ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that ...)
+ TODO: check
+CVE-2018-25173 (Rmedia SMS 1.0 contains an SQL injection vulnerability that allows una ...)
+ TODO: check
+CVE-2018-25172 (Pedidos 1.0 contains an SQL injection vulnerability that allows unauth ...)
+ TODO: check
+CVE-2018-25171 (EdTv 2 contains an SQL injection vulnerability that allows unauthentic ...)
+ TODO: check
+CVE-2018-25170 (DoceboLMS 1.2 contains an SQL injection vulnerability that allows unau ...)
+ TODO: check
+CVE-2018-25169 (AMPPS 2.7 contains a denial of service vulnerability that allows remot ...)
+ TODO: check
+CVE-2018-25168 (Precurio Intranet Portal 2.0 contains a cross-site request forgery vul ...)
+ TODO: check
+CVE-2018-25167 (Net-Billetterie 2.9 contains an SQL injection vulnerability in the log ...)
+ TODO: check
+CVE-2018-25166 (Meneame English Pligg 5.8 contains an SQL injection vulnerability that ...)
+ TODO: check
+CVE-2018-25165 (Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability tha ...)
+ TODO: check
+CVE-2018-25164 (EverSync 0.5 contains an arbitrary file download vulnerability that al ...)
+ TODO: check
+CVE-2018-25163 (BitZoom 1.0 contains an SQL injection vulnerability that allows unauth ...)
+ TODO: check
+CVE-2018-25162 (2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that ...)
+ TODO: check
+CVE-2018-25161 (Warranty Tracking System 11.06.3 contains an SQL injection vulnerabili ...)
+ TODO: check
CVE-2026-27142
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
@@ -200,7 +380,8 @@ CVE-2026-28486 (OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path
NOT-FOR-US: OpenClaw
CVE-2026-28485 (OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandator ...)
NOT-FOR-US: OpenClaw
-CVE-2026-28484 (OpenClaw versions prior to 2026.2.15 contain an option injection vulne ...)
+CVE-2026-28484
+ REJECTED
NOT-FOR-US: OpenClaw
CVE-2026-28482 (OpenClaw versions prior to 2026.2.12 construct transcript file paths u ...)
NOT-FOR-US: OpenClaw
@@ -310,9 +491,9 @@ CVE-2026-27005 (Chartbrew is an open-source web application that can connect dir
TODO: check
CVE-2026-26125 (Payment Orchestrator Service Elevation of Privilege Vulnerability)
TODO: check
-CVE-2026-26124 (Microsoft ACI Confidential Containers Elevation of Privilege Vulnerabi ...)
+CVE-2026-26124 ('.../...//' in Azure Compute Gallery allows an authorized attacker to ...)
TODO: check
-CVE-2026-26122 (Microsoft ACI Confidential Containers Information Disclosure Vulnerabi ...)
+CVE-2026-26122 (Initialization of a resource with an insecure default in Azure Compute ...)
TODO: check
CVE-2026-25962 (MarkUs is a web application for the submission and grading of student ...)
TODO: check
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92375c04952fba90fc56e9566350f3fbe31cce3b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92375c04952fba90fc56e9566350f3fbe31cce3b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260306/e6cfd92f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list