[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 7 08:13:17 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a67a281 by security tracker role at 2026-03-07T08:13:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,151 @@
+CVE-2026-3352 (The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code I ...)
+ TODO: check
+CVE-2026-3233
+ REJECTED
+CVE-2026-30842 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
+ TODO: check
+CVE-2026-30841 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
+ TODO: check
+CVE-2026-30840 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
+ TODO: check
+CVE-2026-30839 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
+ TODO: check
+CVE-2026-30835 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30830 (Defuddle cleans up HTML pages. Prior to version 0.9.0, the _findConten ...)
+ TODO: check
+CVE-2026-30829 (Checkmate is an open-source, self-hosted tool designed to track and mo ...)
+ TODO: check
+CVE-2026-30828 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
+ TODO: check
+CVE-2026-30827 (express-rate-limit is a basic rate-limiting middleware for Express. In ...)
+ TODO: check
+CVE-2026-30825 (hoppscotch is an open source API development ecosystem. Prior to versi ...)
+ TODO: check
+CVE-2026-30824 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-30823 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-30822 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-30821 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-30820 (Flowise is a drag & drop user interface to build a customized large la ...)
+ TODO: check
+CVE-2026-30247 (WeKnora is an LLM-powered framework designed for deep document underst ...)
+ TODO: check
+CVE-2026-30244 (Plane is an an open-source project management tool. Prior to version 1 ...)
+ TODO: check
+CVE-2026-30242 (Plane is an an open-source project management tool. Prior to version 1 ...)
+ TODO: check
+CVE-2026-30241 (Mercurius is a GraphQL adapter for Fastify. Prior to version 16.8.0, M ...)
+ TODO: check
+CVE-2026-30238 (Group-Office is an enterprise customer relationship management and gro ...)
+ TODO: check
+CVE-2026-30237 (Group-Office is an enterprise customer relationship management and gro ...)
+ TODO: check
+CVE-2026-30233 (OliveTin gives access to predefined shell commands from a web interfac ...)
+ TODO: check
+CVE-2026-30231 (Flare is a Next.js-based, self-hostable file sharing platform that int ...)
+ TODO: check
+CVE-2026-30230 (Flare is a Next.js-based, self-hostable file sharing platform that int ...)
+ TODO: check
+CVE-2026-30229 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30228 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-30227 (MimeKit is a C# library which may be used for the creation and parsing ...)
+ TODO: check
+CVE-2026-30225 (OliveTin gives access to predefined shell commands from a web interfac ...)
+ TODO: check
+CVE-2026-30224 (OliveTin gives access to predefined shell commands from a web interfac ...)
+ TODO: check
+CVE-2026-30223 (OliveTin gives access to predefined shell commands from a web interfac ...)
+ TODO: check
+CVE-2026-2722 (The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2026-2721 (The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2026-2494 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+ TODO: check
+CVE-2026-2488 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+ TODO: check
+CVE-2026-2433 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...)
+ TODO: check
+CVE-2026-2431 (The CM Custom Reports plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2026-2429 (The Community Events plugin for WordPress is vulnerable to SQL Injecti ...)
+ TODO: check
+CVE-2026-2420 (The LotekMedia Popup Form plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-2371 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...)
+ TODO: check
+CVE-2026-2020 (The JS Archive List plugin for WordPress is vulnerable to PHP Object I ...)
+ TODO: check
+CVE-2026-29795 (stellar-xdr is a library and CLI containing types and functionality fo ...)
+ TODO: check
+CVE-2026-29791 (Agentgateway is an open source data plane for agentic AI connectivity ...)
+ TODO: check
+CVE-2026-29790 (dbt-common is the shared common utilities for dbt-core and adapter imp ...)
+ TODO: check
+CVE-2026-29789 (Vito is a self-hosted web application that helps manage servers and de ...)
+ TODO: check
+CVE-2026-29788 (TSPortal is the WikiTide Foundation\u2019s in-house platform used by t ...)
+ TODO: check
+CVE-2026-29182 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-27797 (Homarr is an open-source dashboard. Prior to version 1.54.0, an unauth ...)
+ TODO: check
+CVE-2026-27796 (Homarr is an open-source dashboard. Prior to version 1.54.0, the integ ...)
+ TODO: check
+CVE-2026-25073 (XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prio ...)
+ TODO: check
+CVE-2026-25072 (XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prio ...)
+ TODO: check
+CVE-2026-25071 (XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prio ...)
+ TODO: check
+CVE-2026-25070 (XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prio ...)
+ TODO: check
+CVE-2026-1981 (The HUMN-1 AI Website Scanner & Human Certification by Winston AI plug ...)
+ TODO: check
+CVE-2026-1902 (The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2026-1825 (The Show YouTube video plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2026-1824 (The Infomaniak Connect for OpenID plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-1823 (The Consensus Embed plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2026-1820 (The Media Library Alt Text Editor plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-1805 (The DA Media GigList plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-1650 (The MDJM Event Management plugin for WordPress is vulnerable to unauth ...)
+ TODO: check
+CVE-2026-1644 (The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Si ...)
+ TODO: check
+CVE-2026-1574 (The MyQtip \u2013 easy qTip2 plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2026-1569 (The Wueen plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
+ TODO: check
+CVE-2026-1087 (The Guardian News Feed plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2026-1086 (The Font Pairing Preview For Landing Pages plugin for WordPress is vul ...)
+ TODO: check
+CVE-2026-1085 (The True Ranker plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2026-1074 (The WP App Bar plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-1073 (The Purchase Button For Affiliate Link plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2026-1071 (The Carta Online plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-8899 (The Paid Videochat Turnkey Site \u2013 HTML5 PPV Live Webcams plugin f ...)
+ TODO: check
+CVE-2025-14675 (The Meta Box plugin for WordPress is vulnerable to arbitrary file dele ...)
+ TODO: check
+CVE-2025-14353 (The ZIP Code Based Content Protection plugin for WordPress is vulnerab ...)
+ TODO: check
CVE-2026-3653
REJECTED
CVE-2026-3589 (The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does no ...)
@@ -201,7 +349,7 @@ CVE-2018-25162 (2-Plan Team 1.0.4 contains an arbitrary file upload vulnerabilit
NOT-FOR-US: 2-Plan Team
CVE-2018-25161 (Warranty Tracking System 11.06.3 contains an SQL injection vulnerabili ...)
NOT-FOR-US: Warranty Tracking System
-CVE-2026-27139
+CVE-2026-27139 (On Unix platforms, when listing the contents of a directory using File ...)
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
@@ -210,7 +358,7 @@ CVE-2026-27139
NOTE: https://github.com/golang/go/issues/77827
NOTE: Fixed by: https://github.com/golang/go/commit/8cce3ab20c49a5c3c9fa8e97ad47335c3ccd2620 (go1.26.1)
NOTE: Fixed by: https://github.com/golang/go/commit/4091800393d254befde3770fd16f51200ebd5a3d (go1.25.8)
-CVE-2026-25679
+CVE-2026-25679 (url.Parse insufficiently validated the host/authority component and ac ...)
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
@@ -219,7 +367,7 @@ CVE-2026-25679
NOTE: https://github.com/golang/go/issues/77578
NOTE: Fixed by: https://github.com/golang/go/commit/65c7d7a9fb3a9d1fbf1e702a211b8cc3a7bedb53 (go1.26.1)
NOTE: fixed by: https://github.com/golang/go/commit/d8174a9500d53784594b198f6195d1fae8dfe803 (go1.25.8)
-CVE-2026-27142
+CVE-2026-27142 (Actions which insert URLs into the content attribute of HTML meta tags ...)
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
- golang-1.24 <unfixed>
@@ -228,7 +376,7 @@ CVE-2026-27142
NOTE: https://github.com/golang/go/issues/77954
NOTE: Fixed by: https://github.com/golang/go/commit/994692847a2cd3efd319f0cb61a07c0012c8a4ff (go1.26.1)
NOTE: Fixed by: https://github.com/golang/go/commit/a9db31e6d9f280418ce441067f3f9dc0a036e770 (go1.25.8)
-CVE-2026-27138
+CVE-2026-27138 (Certificate verification can panic when a certificate in the chain has ...)
- golang-1.26 <unfixed>
- golang-1.25 <not-affected> (Vulnerable code not present)
- golang-1.24 <not-affected> (Vulnerable code not present)
@@ -236,7 +384,7 @@ CVE-2026-27138
- golang-1.15 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/golang/go/issues/77953
NOTE: Fixed by: https://github.com/golang/go/commit/e792d6aa952dbfdd3e8eac6f7abc3efd9df09030 (go1.26.1)
-CVE-2026-27137
+CVE-2026-27137 (When verifying a certificate chain which contains a certificate contai ...)
- golang-1.26 <unfixed>
- golang-1.25 <not-affected> (Vulnerable code not present)
- golang-1.24 <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a67a281e31caa5372e2aeaf74083985d1a9c328
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a67a281e31caa5372e2aeaf74083985d1a9c328
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260307/ccf8661a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list