[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 10 08:13:38 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2972a8d by security tracker role at 2026-03-10T08:13:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,150 @@
-CVE-2026-3288
+CVE-2026-3585 (The The Events Calendar plugin for WordPress is vulnerable to Path Tra ...)
+	TODO: check
+CVE-2026-31816 (Budibase is a low code platform for creating internal tools, workflows ...)
+	TODO: check
+CVE-2026-31802 (node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11,  ...)
+	TODO: check
+CVE-2026-30937 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-30936 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-30935 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-30931 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-30929 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-30927 (Admidio is an open-source user management solution. Prior to 5.0.6, in ...)
+	TODO: check
+CVE-2026-30926 (SiYuan is a personal knowledge management system. Prior to 3.5.10, a p ...)
+	TODO: check
+CVE-2026-30925 (Parse Server is an open source backend that can be deployed to any inf ...)
+	TODO: check
+CVE-2026-30921 (OneUptime is a solution for monitoring and managing online services. P ...)
+	TODO: check
+CVE-2026-30920 (OneUptime is a solution for monitoring and managing online services. P ...)
+	TODO: check
+CVE-2026-30919 (facileManager is a modular suite of web apps built with the sysadmin i ...)
+	TODO: check
+CVE-2026-30918 (facileManager is a modular suite of web apps built with the sysadmin i ...)
+	TODO: check
+CVE-2026-30917 (Bucket is a MediaWiki extension to store and retrieve structured data  ...)
+	TODO: check
+CVE-2026-30916 (Shescape is a simple shell escape library for JavaScript. Prior to 2.1 ...)
+	TODO: check
+CVE-2026-30913 (Flarum is open-source forum software. When the flarum/nicknames extens ...)
+	TODO: check
+CVE-2026-30887 (OneUptime is a solution for monitoring and managing online services. P ...)
+	TODO: check
+CVE-2026-30885 (WWBN AVideo is an open source video platform. Prior to 25.0, the /obje ...)
+	TODO: check
+CVE-2026-30883 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-30870 (PowerSync Service is the server-side component of the PowerSync sync e ...)
+	TODO: check
+CVE-2026-30869 (SiYuan is a personal knowledge management system. Prior to 3.5.10, a p ...)
+	TODO: check
+CVE-2026-30862 (Appsmith is a platform to build admin panels, internal tools, and dash ...)
+	TODO: check
+CVE-2026-30240 (Budibase is a low code platform for creating internal tools, workflows ...)
+	TODO: check
+CVE-2026-2364 (If a legitimate user confirms a self-update prompt or initiate an inst ...)
+	TODO: check
+CVE-2026-29773 (Kubewarden is a policy engine for Kubernetes. Kubewarden cluster opera ...)
+	TODO: check
+CVE-2026-28693 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-28692 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-28691 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-28690 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-28689 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-28688 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-28687 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-28686 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-28513 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
+	TODO: check
+CVE-2026-28512 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
+	TODO: check
+CVE-2026-28494 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-28493 (ImageMagick is free and open-source software used for editing and mani ...)
+	TODO: check
+CVE-2026-28433 (Misskey is an open source, federated social media platform. All Misske ...)
+	TODO: check
+CVE-2026-28432 (Misskey is an open source, federated social media platform. All Misske ...)
+	TODO: check
+CVE-2026-28431 (Misskey is an open source, federated social media platform. All Misske ...)
+	TODO: check
+CVE-2026-28281 (InstantCMS is a free and open source content management system. Prior  ...)
+	TODO: check
+CVE-2026-28267 (Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are configured with ...)
+	TODO: check
+CVE-2026-27689 (Due to an uncontrolled resource consumption (Denial of Service) vulner ...)
+	TODO: check
+CVE-2026-27688 (Due to a missing authorization check in SAP NetWeaver Application Serv ...)
+	TODO: check
+CVE-2026-27687 (Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ...)
+	TODO: check
+CVE-2026-27686 (Due to a Missing Authorization Check in SAP Business Warehouse (Servic ...)
+	TODO: check
+CVE-2026-27685 (SAP NetWeaver Enterprise Portal Administration is vulnerable if a priv ...)
+	TODO: check
+CVE-2026-27684 (SAP NetWeaver Feedback Notifications Service contains a SQL injection  ...)
+	TODO: check
+CVE-2026-26982 (Ghostty is a cross-platform terminal emulator. Ghostty allows control  ...)
+	TODO: check
+CVE-2026-25960 (vLLM is an inference and serving engine for large language models (LLM ...)
+	TODO: check
+CVE-2026-25737 (Budibase is a low code platform for creating internal tools, workflows ...)
+	TODO: check
+CVE-2026-25045 (Budibase is a low code platform for creating internal tools, workflows ...)
+	TODO: check
+CVE-2026-24317 (SAP GUI for Windows allows DLL files to be loaded from arbitrary direc ...)
+	TODO: check
+CVE-2026-24316 (SAP NetWeaver Application Server for ABAP provides an ABAP Report for  ...)
+	TODO: check
+CVE-2026-24313 (SAP Solution Tools Plug-In (ST-PI) contains a function module that doe ...)
+	TODO: check
+CVE-2026-24311 (The SAP Customer Checkout application exhibits certain design characte ...)
+	TODO: check
+CVE-2026-24310 (Due to missing authorization check in SAP NetWeaver Application Server ...)
+	TODO: check
+CVE-2026-24309 (Due to missing authorization check in SAP NetWeaver Application Server ...)
+	TODO: check
+CVE-2026-1920 (The Booking Calendar for Appointments and Service Businesses \u2013 Bo ...)
+	TODO: check
+CVE-2026-1919 (The Booking Calendar for Appointments and Service Businesses \u2013 Bo ...)
+	TODO: check
+CVE-2026-1776 (Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e,  ...)
+	TODO: check
+CVE-2026-1508 (The Court Reservation  WordPress plugin before 1.10.9 does not have CS ...)
+	TODO: check
+CVE-2026-0953 (The Tutor LMS Pro plugin for WordPress is vulnerable to authentication ...)
+	TODO: check
+CVE-2026-0489 (Due to insufficient validation of user-controlled input in the URLs qu ...)
+	TODO: check
+CVE-2025-70973 (ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assi ...)
+	TODO: check
+CVE-2025-70028 (An issue pertaining to CWE-22: Improper Limitation of a Pathname to a  ...)
+	TODO: check
+CVE-2025-36173 (Affected Product(s)Version(s)InfoSphere Data Architect9.2.1)
+	TODO: check
+CVE-2025-36105 (IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1 ...)
+	TODO: check
+CVE-2025-2399 (Improper Validation of Specified Index, Position, or Offset in Input v ...)
+	TODO: check
+CVE-2025-15603 (A security vulnerability has been detected in open-webui up to 0.6.16. ...)
+	TODO: check
+CVE-2025-11158 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
+	TODO: check
+CVE-2026-3288 (A security issue was discovered in ingress-nginx where the `nginx.ingr ...)
 	NOT-FOR-US: Kubernetes ingress-nginx
 CVE-2026-3819 (A vulnerability has been found in SourceCodester Resort Reservation Sy ...)
 	NOT-FOR-US: SourceCodester
@@ -14768,7 +14914,7 @@ CVE-2026-24514 (A security issue was discovered in ingress-nginxwhere the valida
 	NOT-FOR-US: Kubernetes ingress-nginx
 CVE-2026-24513 (A security issue was discovered in ingress-nginxwhere the protection a ...)
 	NOT-FOR-US: Kubernetes ingress-nginx
-CVE-2026-24512 (A security issue was discovered in ingress-nginx cthe `rules.http.path ...)
+CVE-2026-24512 (A security issue was discovered in ingress-nginx where the `rules.http ...)
 	NOT-FOR-US: Kubernetes ingress-nginx
 CVE-2026-1580 (A security issue was discovered in ingress-nginxwhere the `nginx.ingre ...)
 	NOT-FOR-US: Kubernetes ingress-nginx



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2972a8d9884eab594990390e6aa9198db8ccf1b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2972a8d9884eab594990390e6aa9198db8ccf1b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260310/3a7fe504/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list