[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 16 20:13:15 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
11f0d8ac by security tracker role at 2026-03-16T20:13:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,249 @@
+CVE-2026-4276 (LibreChat RAG API, version 0.7.0, contains a log-injection vulnerabili ...)
+	TODO: check
+CVE-2026-4270 (Improper Protection of Alternate Path exists in the no-access and work ...)
+	TODO: check
+CVE-2026-4269 (A missing S3 ownership verification in the Bedrock AgentCore Starter T ...)
+	TODO: check
+CVE-2026-4265 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-4254 (A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vu ...)
+	TODO: check
+CVE-2026-4253 (A security flaw has been discovered in Tenda AC8 16.03.50.11. This aff ...)
+	TODO: check
+CVE-2026-4252 (A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by t ...)
+	TODO: check
+CVE-2026-4251 (A vulnerability was determined in CityData CityChat up to 0.12.6 on An ...)
+	TODO: check
+CVE-2026-4250 (A vulnerability was found in Albert Sa\u011fl\u0131k Hizmetleri ve Tic ...)
+	TODO: check
+CVE-2026-4243 (A weakness has been identified in La Nacion App 10.2.25 on Android. Th ...)
+	TODO: check
+CVE-2026-4242 (A security flaw has been discovered in BabyChakra Pregnancy & Parentin ...)
+	TODO: check
+CVE-2026-4241 (A vulnerability was identified in itsourcecode College Management Syst ...)
+	TODO: check
+CVE-2026-4240 (A vulnerability was determined in Open5GS up to 2.7.6. The affected el ...)
+	TODO: check
+CVE-2026-4239 (A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacte ...)
+	TODO: check
+CVE-2026-4238 (A vulnerability has been found in itsourcecode College Management Syst ...)
+	TODO: check
+CVE-2026-4237 (A flaw has been found in itsourcecode Free Hotel Reservation System 1. ...)
+	TODO: check
+CVE-2026-4236 (A security vulnerability has been detected in itsourcecode Online Enro ...)
+	TODO: check
+CVE-2026-4235 (A weakness has been identified in itsourcecode Online Enrollment Syste ...)
+	TODO: check
+CVE-2026-4234 (A security flaw has been discovered in SSCMS 7.4.0. This vulnerability ...)
+	TODO: check
+CVE-2026-4233 (A vulnerability was identified in ThingsGateway 12. This affects an un ...)
+	TODO: check
+CVE-2026-4232 (A vulnerability was determined in Tiandy Integrated Management Platfor ...)
+	TODO: check
+CVE-2026-4231 (A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by t ...)
+	TODO: check
+CVE-2026-4230 (A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected ...)
+	TODO: check
+CVE-2026-4229 (A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the  ...)
+	TODO: check
+CVE-2026-4228 (A vulnerability was detected in LB-LINK BL-WR9000 2.4.9. This affects  ...)
+	TODO: check
+CVE-2026-4227 (A security vulnerability has been detected in LB-LINK BL-WR9000 2.4.9. ...)
+	TODO: check
+CVE-2026-4224 (When an Expat parser with a registered ElementDeclHandler parses an in ...)
+	TODO: check
+CVE-2026-3644 (The fix for CVE-2026-0672, which rejected control characters in http.c ...)
+	TODO: check
+CVE-2026-3476 (A Code Injection vulnerability affecting SOLIDWORKS Desktop from Relea ...)
+	TODO: check
+CVE-2026-3111 (Insecure Direct Object Reference (IDOR) vulnerability in Campus Educat ...)
+	TODO: check
+CVE-2026-3110 (Insecure Direct Object Reference (IDOR) vulnerability in Campus Educat ...)
+	TODO: check
+CVE-2026-3024 (Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web appl ...)
+	TODO: check
+CVE-2026-3023 (Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web  ...)
+	TODO: check
+CVE-2026-3022 (Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web  ...)
+	TODO: check
+CVE-2026-3021 (Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web  ...)
+	TODO: check
+CVE-2026-3020 (Identity based authorization bypass vulnerability (IDOR) that allows a ...)
+	TODO: check
+CVE-2026-32587 (Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Ex ...)
+	TODO: check
+CVE-2026-32583 (Missing Authorization vulnerability in Webnus Inc. Modern Events Calen ...)
+	TODO: check
+CVE-2026-32267 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
+	TODO: check
+CVE-2026-32264 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
+	TODO: check
+CVE-2026-32263 (Craft CMS is a content management system (CMS). From version 5.6.0 to  ...)
+	TODO: check
+CVE-2026-32262 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
+	TODO: check
+CVE-2026-32261 (Webhooks for Craft CMS plugin adds the ability to manage \u201cwebhook ...)
+	TODO: check
+CVE-2026-30882 (Chamilo LMS is a learning management system. Chamilo LMS version 1.11. ...)
+	TODO: check
+CVE-2026-30881 (Chamilo LMS is a learning management system. Version 1.11.34 and prior ...)
+	TODO: check
+CVE-2026-30876 (Chamilo LMS is a learning management system. Prior to version 1.11.36, ...)
+	TODO: check
+CVE-2026-30875 (Chamilo LMS is a learning management system. Prior to version 1.11.36, ...)
+	TODO: check
+CVE-2026-30405 (An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a d ...)
+	TODO: check
+CVE-2026-2578 (Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted sta ...)
+	TODO: check
+CVE-2026-2476 (Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive  ...)
+	TODO: check
+CVE-2026-2463 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-2462 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-2461 (Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to im ...)
+	TODO: check
+CVE-2026-2458 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-2457 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-2456 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-2455 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-2326
+	REJECTED
+CVE-2026-29521 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-s ...)
+	TODO: check
+CVE-2026-29520 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflect ...)
+	TODO: check
+CVE-2026-29516 (Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior c ...)
+	TODO: check
+CVE-2026-29513 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored  ...)
+	TODO: check
+CVE-2026-29510 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored  ...)
+	TODO: check
+CVE-2026-28498 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
+	TODO: check
+CVE-2026-28490 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
+	TODO: check
+CVE-2026-28430 (Chamilo LMS is a learning management system. Prior to version 1.11.34, ...)
+	TODO: check
+CVE-2026-27962 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
+	TODO: check
+CVE-2026-26304 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify  ...)
+	TODO: check
+CVE-2026-26246 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-25783 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-25780 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-25369 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2026-24692 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-24458 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2026-23862 (Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Impro ...)
+	TODO: check
+CVE-2026-23489 (Fields is a GLPI plugin that allows users to add custom fields on GLPI ...)
+	TODO: check
+CVE-2026-22545 (Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authen ...)
+	TODO: check
+CVE-2026-21386 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
+	TODO: check
+CVE-2025-69809 (A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows una ...)
+	TODO: check
+CVE-2025-69808 (An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 al ...)
+	TODO: check
+CVE-2025-69784 (A local, non-privileged attacker can abuse a vulnerable IOCTL interfac ...)
+	TODO: check
+CVE-2025-69783 (A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism b ...)
+	TODO: check
+CVE-2025-69768 (SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remot ...)
+	TODO: check
+CVE-2025-69727 (An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PR ...)
+	TODO: check
+CVE-2025-69693 (Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavco ...)
+	TODO: check
+CVE-2025-69246 (Raytha CMS does not have any brute force protection mechanism implemen ...)
+	TODO: check
+CVE-2025-69245 (Raytha CMS is vulnerable to Reflected XSS via returnUrlparameter in lo ...)
+	TODO: check
+CVE-2025-69243 (Raytha CMS is vulnerable to User Enumeration in password reset functio ...)
+	TODO: check
+CVE-2025-69242 (Raytha CMS is vulnerable to reflected XSS via the backToListUrlparamet ...)
+	TODO: check
+CVE-2025-69241 (Raytha CMS is vulnerable to Stored XSS viaFirstName and LastNameparame ...)
+	TODO: check
+CVE-2025-69240 (Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` he ...)
+	TODO: check
+CVE-2025-69239 (Raytha CMS is vulnerable to Server-Side Request Forgery in the\u201cTh ...)
+	TODO: check
+CVE-2025-69238 (Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple ...)
+	TODO: check
+CVE-2025-69237 (Raytha CMS is vulnerable to Stored XSS viaFieldValues[0].Value paramet ...)
+	TODO: check
+CVE-2025-69236 (Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parame ...)
+	TODO: check
+CVE-2025-69196 (FastMCP is the standard framework for building MCP applications. Prior ...)
+	TODO: check
+CVE-2025-68971 (In Forgejo through 13.0.3, the attachment component allows a denial of ...)
+	TODO: check
+CVE-2025-66687 (Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to miss ...)
+	TODO: check
+CVE-2025-65734 (An authenticated arbitrary file upload vulnerability in the Courses/Wo ...)
+	TODO: check
+CVE-2025-62319 (Boolean-Based SQL Injection is a type of blind SQL injection where an  ...)
+	TODO: check
+CVE-2025-57543 (Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" fie ...)
+	TODO: check
+CVE-2025-54758
+	REJECTED
+CVE-2025-53815
+	REJECTED
+CVE-2025-53517
+	REJECTED
+CVE-2025-52649 (HCL AION is affected by a vulnerability where certain identifiers may  ...)
+	TODO: check
+CVE-2025-52648 (HCL AION is affected by a vulnerability where offering images are not  ...)
+	TODO: check
+CVE-2025-52646 (HCL AION is affected by a vulnerability where certain offering configu ...)
+	TODO: check
+CVE-2025-52645 (HCL AION is affected by a vulnerability where model packaging and dist ...)
+	TODO: check
+CVE-2025-52644 (HCL AION is affected by a vulnerability where certain user actions are ...)
+	TODO: check
+CVE-2025-52643 (HCL AION is affected by a vulnerability where untrusted file parsing o ...)
+	TODO: check
+CVE-2025-52642 (HCL AION is affected by a vulnerability where internal filesystem path ...)
+	TODO: check
+CVE-2025-52638 (HCL AION is affected by a vulnerability where container base images ar ...)
+	TODO: check
+CVE-2025-52637 (HCL AION is affected by a vulnerability where certain offering configu ...)
+	TODO: check
+CVE-2025-52636 (HCL AION is affected by a vulnerability related to the handling of upl ...)
+	TODO: check
+CVE-2025-2274 (Improper Neutralization of Input During Web Page Generation in Forcepo ...)
+	TODO: check
+CVE-2025-15587 (Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and ...)
+	TODO: check
+CVE-2025-15554 (Browser caching of LAPS passwords in Truesec\u2019s LAPSWebUI before v ...)
+	TODO: check
+CVE-2025-15553 (Non-working logout functionality in Truesec\u2019s LAPSWebUI before ve ...)
+	TODO: check
+CVE-2025-15552 (Insufficient Session Expiration in Truesec\u2019s LAPSWebUI before ver ...)
+	TODO: check
+CVE-2025-15540 ("Functions" module in Raytha CMS allows privileged users towrite custo ...)
+	TODO: check
+CVE-2025-11500 (Tinycontrol devices such as tcPDU andLAN Controllers LK3.5, LK3.9 and  ...)
+	TODO: check
+CVE-2025-10685 (Heap-based buffer overflow vulnerability in Softing Industrial Automat ...)
+	TODO: check
+CVE-2025-10461 (Global file reads caused by improper URL checks in webserver in Softin ...)
+	TODO: check
 CVE-2026-4255 (A DLL search order hijacking vulnerability in Thermalright TR-VISION H ...)
 	NOT-FOR-US: Thermalright TR-VISION
 CVE-2026-4226 (A weakness has been identified in LB-LINK BL-WR9000 2.4.9. The affecte ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11f0d8ac59d35eec5153110bb3fe3ce40f7c83a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11f0d8ac59d35eec5153110bb3fe3ce40f7c83a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260316/71924d7f/attachment.htm>

More information about the debian-security-tracker-commits mailing list