[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 19 08:13:45 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3ec16ec by security tracker role at 2026-03-19T08:13:36+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,154 @@
-CVE-2026-31973
+CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect v ...)
+ TODO: check
+CVE-2026-4120 (The Info Cards \u2013 Add Text and Media in Card Layouts plugin for Wo ...)
+ TODO: check
+CVE-2026-4068 (The Add Custom Fields to Media plugin for WordPress is vulnerable to C ...)
+ TODO: check
+CVE-2026-4006 (The Simple Draft List plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2026-3475 (The Instant Popup Builder plugin for WordPress is vulnerable to Unauth ...)
+ TODO: check
+CVE-2026-3181
+ REJECTED
+CVE-2026-33163 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-33042 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-32944 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-32943 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-32886 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-32878 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-32805 (Romeo gives the capability to reach high code coverage of Go \u22651.2 ...)
+ TODO: check
+CVE-2026-32770 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-32743 (PX4 is an open-source autopilot stack for drones and unmanned vehicles ...)
+ TODO: check
+CVE-2026-32742 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-32737 (Romeo gives the capability to reach high code coverage of Go \u22651.2 ...)
+ TODO: check
+CVE-2026-32736 (The Hytale Modding Wiki is a free service for Hytale mods to host thei ...)
+ TODO: check
+CVE-2026-32735 (openapi-to-java-records-mustache-templates allows users to generate Ja ...)
+ TODO: check
+CVE-2026-32731 (ApostropheCMS is an open-source content management framework. Prior to ...)
+ TODO: check
+CVE-2026-32730 (ApostropheCMS is an open-source content management framework. Prior to ...)
+ TODO: check
+CVE-2026-32728 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-32723 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, Sandbox ...)
+ TODO: check
+CVE-2026-32722 (Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray ...)
+ TODO: check
+CVE-2026-32703 (OpenProject is an open-source, web-based project management software. ...)
+ TODO: check
+CVE-2026-32700 (Devise is an authentication solution for Rails based on Warden. Prior ...)
+ TODO: check
+CVE-2026-32698 (OpenProject is an open-source, web-based project management software. ...)
+ TODO: check
+CVE-2026-32638 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
+ TODO: check
+CVE-2026-32636 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
+CVE-2026-32321 (ClipBucket v5 is an open source video sharing platform. An authenticat ...)
+ TODO: check
+CVE-2026-32255 (Kan is an open-source project management tool. In versions 0.5.4 and b ...)
+ TODO: check
+CVE-2026-32000 (OpenClaw versions prior to 2026.2.19 contain a command injection vulne ...)
+ TODO: check
+CVE-2026-31999 (OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a cur ...)
+ TODO: check
+CVE-2026-31998 (OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization byp ...)
+ TODO: check
+CVE-2026-31997 (OpenClaw versions prior to 2026.3.1 fail to pin executable identity fo ...)
+ TODO: check
+CVE-2026-31996 (OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an i ...)
+ TODO: check
+CVE-2026-31995 (OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injec ...)
+ TODO: check
+CVE-2026-31994 (OpenClaw versions prior to 2026.2.19 contain a local command injection ...)
+ TODO: check
+CVE-2026-31993 (OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mism ...)
+ TODO: check
+CVE-2026-31992 (OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulne ...)
+ TODO: check
+CVE-2026-31991 (OpenClaw versions prior to 2026.2.26 contain an authorization bypass v ...)
+ TODO: check
+CVE-2026-31990 (OpenClaw versions prior to 2026.3.2 contain a vulnerability in the sta ...)
+ TODO: check
+CVE-2026-31989 (OpenClaw versions prior to 2026.3.1 contain a server-side request forg ...)
+ TODO: check
+CVE-2026-2571 (The Download Manager plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2026-29608 (OpenClaw 2026.3.1 contains an approval integrity vulnerability in syst ...)
+ TODO: check
+CVE-2026-29607 (OpenClaw versions prior to 2026.2.22 contain an authorization bypass v ...)
+ TODO: check
+CVE-2026-28461 (OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth ...)
+ TODO: check
+CVE-2026-28460 (OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulne ...)
+ TODO: check
+CVE-2026-28449 (OpenClaw versions prior to 2026.2.25 lack durable replay state for Nex ...)
+ TODO: check
+CVE-2026-28073 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-28070 (Missing Authorization vulnerability in Tips and Tricks HQ WP eMember a ...)
+ TODO: check
+CVE-2026-28044 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-27670 (OpenClaw versions prior to 2026.3.2 contain a race condition vulnerabi ...)
+ TODO: check
+CVE-2026-27566 (OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulne ...)
+ TODO: check
+CVE-2026-27542 (Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. ...)
+ TODO: check
+CVE-2026-27540 (Unrestricted Upload of File with Dangerous Type vulnerability in Rymer ...)
+ TODO: check
+CVE-2026-27413 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-27397 (Authorization Bypass Through User-Controlled Key vulnerability in Real ...)
+ TODO: check
+CVE-2026-27096 (Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorF ...)
+ TODO: check
+CVE-2026-27093 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-27091 (Missing Authorization vulnerability in UiPress UiPress lite allows Exp ...)
+ TODO: check
+CVE-2026-25873 (OmniGen2-RL contains an unauthenticated remote code execution vulnerab ...)
+ TODO: check
+CVE-2026-25745 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-25471 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2026-25312 (Missing Authorization vulnerability in EventPrime allows Exploiting In ...)
+ TODO: check
+CVE-2026-22176 (OpenClaw versions prior to 2026.2.19 contain a command injection vulne ...)
+ TODO: check
+CVE-2026-1276 (IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to ...)
+ TODO: check
+CVE-2026-1238 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-36051 (IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potential ...)
+ TODO: check
+CVE-2025-15051 (IBM QRadar SIEM7.5.0 through 7.5.0 Update Package 14 is vulnerable to ...)
+ TODO: check
+CVE-2025-15031 (A vulnerability in MLflow's pyfunc extraction process allows for arbit ...)
+ TODO: check
+CVE-2025-13995 (IBM QRadar SIEM7.5.0 through 7.5.0 Update Package 14 could allow an at ...)
+ TODO: check
+CVE-2024-42210 (A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Ma ...)
+ TODO: check
+CVE-2026-31973 (SAMtools is a program for reading, manipulating and writing bioinforma ...)
- samtools <unfixed>
NOTE: https://github.com/samtools/samtools/security/advisories/GHSA-x86f-q6fj-cm43
NOTE: Fixed by: https://github.com/samtools/samtools/commit/06fc2a219b3d7c94d3f412c09f6d1efd51199f2f
-CVE-2026-31972
+CVE-2026-31972 (SAMtools is a program for reading, manipulating and writing bioinforma ...)
- samtools <unfixed>
NOTE: https://github.com/samtools/samtools/security/advisories/GHSA-72c8-4jf3-f27p
NOTE: Fixed by: https://github.com/samtools/samtools/commit/3036eb9af945fcef359427a2d359855553da4adf
@@ -7293,6 +7439,7 @@ CVE-2026-24105 (An issue was discovered in goform/formsetUsbUnload in Tenda AC15
CVE-2026-24101 (An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03 ...)
NOT-FOR-US: Tenda
CVE-2026-23865 (An integer overflow in the tt_var_load_item_variation_store function o ...)
+ {DSA-6168-1}
- freetype 2.14.2+dfsg-1 (bug #1129606)
[bookworm] - freetype <not-affected> (Vulnerable code introduced later)
[bullseye] - freetype <not-affected> (Vulnerable code introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3ec16ec646487ba98e914058f2872bc61f1c071
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3ec16ec646487ba98e914058f2872bc61f1c071
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260319/d0c0adf8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list