[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 20 08:13:40 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
efa3091a by security tracker role at 2026-03-20T08:13:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,93 +1,531 @@
+CVE-2026-4478 (A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.1 ...)
+ TODO: check
+CVE-2026-4477 (A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1 ...)
+ TODO: check
+CVE-2026-4476 (A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_2017 ...)
+ TODO: check
+CVE-2026-4475 (A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1 ...)
+ TODO: check
+CVE-2026-4474 (A flaw has been found in itsourcecode University Management System 1.0 ...)
+ TODO: check
+CVE-2026-4473 (A vulnerability was detected in itsourcecode Online Doctor Appointment ...)
+ TODO: check
+CVE-2026-4472 (A security vulnerability has been detected in itsourcecode Online Froz ...)
+ TODO: check
+CVE-2026-4471 (A weakness has been identified in itsourcecode Online Frozen Foods Ord ...)
+ TODO: check
+CVE-2026-4470 (A security flaw has been discovered in itsourcecode Online Frozen Food ...)
+ TODO: check
+CVE-2026-4469 (A vulnerability was identified in itsourcecode Online Frozen Foods Ord ...)
+ TODO: check
+CVE-2026-4468 (A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected i ...)
+ TODO: check
+CVE-2026-4467 (A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an ...)
+ TODO: check
+CVE-2026-4466 (A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affec ...)
+ TODO: check
+CVE-2026-4465 (A flaw has been found in D-Link DIR-513 1.10. The impacted element is ...)
+ TODO: check
+CVE-2026-4428 (A logic error in CRL distribution point validation in AWS-LC before 1. ...)
+ TODO: check
+CVE-2026-4395 (Heap-based buffer overflow in the KCAPI ECC code path of wc_ecc_import ...)
+ TODO: check
+CVE-2026-4159 (1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length e ...)
+ TODO: check
+CVE-2026-4136 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is ...)
+ TODO: check
+CVE-2026-4038 (The Aimogen Pro plugin for WordPress is vulnerable to Arbitrary Functi ...)
+ TODO: check
+CVE-2026-3948
+ REJECTED
+CVE-2026-3849 (Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Confi ...)
+ TODO: check
+CVE-2026-3549 (Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ...)
+ TODO: check
+CVE-2026-3547 (Out-of-bounds read in ALPN parsing due to incomplete validation. wolfS ...)
+ TODO: check
+CVE-2026-3230 (Missing required cryptographic step in the TLS 1.3 client HelloRetryRe ...)
+ TODO: check
+CVE-2026-3229 (An integer overflow vulnerability existed in the static function wolfs ...)
+ TODO: check
+CVE-2026-33410 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
+ TODO: check
+CVE-2026-33408 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-33395 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-33394 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-33393 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-33355 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-33346 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33321 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33305 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33304 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33303 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33302 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33301 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33299 (OpenEMR is a free and open source electronic health records and medica ...)
+ TODO: check
+CVE-2026-33289 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-33288 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-33191 (Free5GC is an open-source Linux Foundation project for 5th generation ...)
+ TODO: check
+CVE-2026-33065 (Free5GC is an open-source Linux Foundation project for 5th generation ...)
+ TODO: check
+CVE-2026-33064 (Free5GC is an open-source Linux Foundation project for 5th generation ...)
+ TODO: check
+CVE-2026-33063 (free5GC is an open source 5G core network. free5GC AUSF prior to versi ...)
+ TODO: check
+CVE-2026-33062 (free5GC is an open source 5G core network. free5GC NRF prior to versio ...)
+ TODO: check
+CVE-2026-33061 (exactyl is a customisable game management panel and billing system. Co ...)
+ TODO: check
+CVE-2026-33060 (CKAN MCP Server is a tool for querying CKAN open data portals. Version ...)
+ TODO: check
+CVE-2026-33057 (Mesop is a Python-based UI framework that allows users to build web ap ...)
+ TODO: check
+CVE-2026-33056 (tar-rs is a tar archive reading/writing library for Rust. In versions ...)
+ TODO: check
+CVE-2026-33055 (tar-rs is a tar archive reading/writing library for Rust. Versions 0.4 ...)
+ TODO: check
+CVE-2026-33054 (Mesop is a Python-based UI framework that allows users to build web ap ...)
+ TODO: check
+CVE-2026-33053 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
+ TODO: check
+CVE-2026-33051 (Craft CMS is a content management system (CMS). In versions 5.9.0-beta ...)
+ TODO: check
+CVE-2026-33043 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
+ TODO: check
+CVE-2026-33041 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
+ TODO: check
+CVE-2026-33040 (libp2p-rust is the official rust language Implementation of the libp2p ...)
+ TODO: check
+CVE-2026-33039 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
+ TODO: check
+CVE-2026-33038 (WWBN AVideo is an open source video platform. Versions 25.0 and below ...)
+ TODO: check
+CVE-2026-33037 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
+ TODO: check
+CVE-2026-33036 (fast-xml-parser allows users to process XML from JS object without C/C ...)
+ TODO: check
+CVE-2026-33035 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
+ TODO: check
+CVE-2026-33025 (AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQ ...)
+ TODO: check
+CVE-2026-33024 (AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Se ...)
+ TODO: check
+CVE-2026-33022 (Tekton Pipelines project provides k8s-style resources for declaring CI ...)
+ TODO: check
+CVE-2026-33017 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
+ TODO: check
+CVE-2026-33013 (Micronaut Framework is a JVM-based full stack Java framework designed ...)
+ TODO: check
+CVE-2026-33012 (Micronaut Framework is a JVM-based full stack Java framework designed ...)
+ TODO: check
+CVE-2026-33011 (Nest is a framework for building scalable Node.js server-side applicat ...)
+ TODO: check
+CVE-2026-32985 (Xerte Online Toolkits versions 3.14 and earlier contain an unauthentic ...)
+ TODO: check
+CVE-2026-32954 (ERP is a free and open source Enterprise Resource Planning tool. In ve ...)
+ TODO: check
+CVE-2026-32950 (SQLBot is an intelligent data query system based on a large language m ...)
+ TODO: check
+CVE-2026-32949 (SQLBot is an intelligent data query system based on a large language m ...)
+ TODO: check
+CVE-2026-32947 (Harden-Runner is a CI/CD security agent that works like an EDR for Git ...)
+ TODO: check
+CVE-2026-32946 (Harden-Runner is a CI/CD security agent that works like an EDR for Git ...)
+ TODO: check
+CVE-2026-32945 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
+CVE-2026-32942 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
+CVE-2026-32941 (Sliver is a command and control framework that uses a custom Wireguard ...)
+ TODO: check
+CVE-2026-32940 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
+ TODO: check
+CVE-2026-32939 (DataEase is an open source data visualization analysis tool. Versions ...)
+ TODO: check
+CVE-2026-32938 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
+ TODO: check
+CVE-2026-32937 (free5GC is an open source 5G core network. free5GC CHF prior to versio ...)
+ TODO: check
+CVE-2026-32935 (phpseclib is a PHP secure communications library. Projects using versi ...)
+ TODO: check
+CVE-2026-32933 (AutoMapper is a convention-based object-object mapper in .NET. Version ...)
+ TODO: check
+CVE-2026-32891 (Anchorr is a Discord bot for requesting movies and TV shows and receiv ...)
+ TODO: check
+CVE-2026-32890 (Anchorr is a Discord bot for requesting movies and TV shows and receiv ...)
+ TODO: check
+CVE-2026-32889 (tinytag is a Python library for reading audio file metadata. Version 2 ...)
+ TODO: check
+CVE-2026-32888 (Open Source Point of Sale is a web based point-of-sale application wri ...)
+ TODO: check
+CVE-2026-32881 (ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 t ...)
+ TODO: check
+CVE-2026-32880 (ChurchCRM is an open-source church management system. Versions prior t ...)
+ TODO: check
+CVE-2026-32875 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
+ TODO: check
+CVE-2026-32874 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
+ TODO: check
+CVE-2026-32873 (ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug ...)
+ TODO: check
+CVE-2026-32828 (Kargo manages and automates the promotion of software artifacts. In ve ...)
+ TODO: check
+CVE-2026-32818 (Admidio is an open-source user management solution. In versions 5.0.0 ...)
+ TODO: check
+CVE-2026-32817 (Admidio is an open-source user management solution. In versions 5.0.0 ...)
+ TODO: check
+CVE-2026-32816 (Admidio is an open-source user management solution. In versions 5.0.0 ...)
+ TODO: check
+CVE-2026-32815 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
+ TODO: check
+CVE-2026-32813 (Admidio is an open-source user management solution. Versions 5.0.6 and ...)
+ TODO: check
+CVE-2026-32812 (Admidio is an open-source user management solution. In versions 5.0.0 ...)
+ TODO: check
+CVE-2026-32811 (Heimdall is a cloud native Identity Aware Proxy and Access Control Dec ...)
+ TODO: check
+CVE-2026-32808 (pyLoad is a free and open-source download manager written in Python. V ...)
+ TODO: check
+CVE-2026-32771 (The CTFer.io Monitoring component is in charge of the collection, proc ...)
+ TODO: check
+CVE-2026-32769 (Fullchain is an umbrella project for deploying a ready-to-use CTF plat ...)
+ TODO: check
+CVE-2026-32768 (Chall-Manager is a platform-agnostic system able to start Challenges o ...)
+ TODO: check
+CVE-2026-32767 (SiYuan is a personal knowledge management system. Versions 3.6.0 and b ...)
+ TODO: check
+CVE-2026-32766 (astral-tokio-tar is a tar archive reading/writing library for async Ru ...)
+ TODO: check
+CVE-2026-32765
+ REJECTED
+CVE-2026-32764
+ REJECTED
+CVE-2026-32763 (Kysely is a type-safe TypeScript SQL query builder. Versions up to and ...)
+ TODO: check
+CVE-2026-32761 (File Browser is a file managing interface for uploading, deleting, pre ...)
+ TODO: check
+CVE-2026-32760 (File Browser is a file managing interface for uploading, deleting, pre ...)
+ TODO: check
+CVE-2026-32759 (File Browser is a file managing interface for uploading, deleting, pre ...)
+ TODO: check
+CVE-2026-32758 (File Browser is a file managing interface for uploading, deleting, pre ...)
+ TODO: check
+CVE-2026-32757 (Admidio is an open-source user management solution. In versions 5.0.6 ...)
+ TODO: check
+CVE-2026-32756 (Admidio is an open-source user management solution. Versions 5.0.6 and ...)
+ TODO: check
+CVE-2026-32755 (Admidio is an open-source user management solution. In versions 5.0.6 ...)
+ TODO: check
+CVE-2026-32754 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-32753 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-32752 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
+ TODO: check
+CVE-2026-32751 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
+ TODO: check
+CVE-2026-32750 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
+ TODO: check
+CVE-2026-32749 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
+ TODO: check
+CVE-2026-32747 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
+ TODO: check
+CVE-2026-32711 (pydicom is a pure Python package for working with DICOM files. Version ...)
+ TODO: check
+CVE-2026-32697 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-32622 (SQLBot is an intelligent data query system based on a large language m ...)
+ TODO: check
+CVE-2026-32194 (Improper neutralization of special elements used in a command ('comman ...)
+ TODO: check
+CVE-2026-32191 (Improper neutralization of special elements used in an os command ('os ...)
+ TODO: check
+CVE-2026-32169 (Server-side request forgery (ssrf) in Azure Cloud Shell allows an unau ...)
+ TODO: check
+CVE-2026-32114 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-32099 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-32041 (OpenClaw versions prior to 2026.3.1 fail to properly handle authentica ...)
+ TODO: check
+CVE-2026-32040 (OpenClaw versions prior to 2026.2.23 contain an html injection vulnera ...)
+ TODO: check
+CVE-2026-32039 (OpenClaw versions prior to 2026.2.22 contain an authorization bypass v ...)
+ TODO: check
+CVE-2026-32038 (OpenClaw before 2026.2.24 contains a sandbox network isolation bypass ...)
+ TODO: check
+CVE-2026-32037 (OpenClaw versions prior to 2026.2.22 fail to consistently validate red ...)
+ TODO: check
+CVE-2026-32036 (OpenClaw gateway plugin versions prior to 2026.2.26 contain a path tra ...)
+ TODO: check
+CVE-2026-32035 (OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner fla ...)
+ TODO: check
+CVE-2026-32034 (OpenClaw versions prior to 2026.2.21 contain an authentication bypass ...)
+ TODO: check
+CVE-2026-32033 (OpenClaw versions prior to 2026.2.24 contain a path traversal vulnerab ...)
+ TODO: check
+CVE-2026-32032 (OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execut ...)
+ TODO: check
+CVE-2026-32031 (OpenClaw versions prior to 2026.2.26 server-http contains an authentic ...)
+ TODO: check
+CVE-2026-32030 (OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerab ...)
+ TODO: check
+CVE-2026-32029 (OpenClaw versions prior to 2026.2.21 improperly parse the left-most X- ...)
+ TODO: check
+CVE-2026-32028 (OpenClaw versions prior to 2026.2.25 fail to enforce dmPolicy and allo ...)
+ TODO: check
+CVE-2026-32027 (OpenClaw versions prior to 2026.2.26 contain an authorization bypass v ...)
+ TODO: check
+CVE-2026-32026 (OpenClaw versions prior to 2026.2.24 contain an improper path validati ...)
+ TODO: check
+CVE-2026-32025 (OpenClaw versions prior to 2026.2.25 contain an authentication hardeni ...)
+ TODO: check
+CVE-2026-32024 (OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulne ...)
+ TODO: check
+CVE-2026-32023 (OpenClaw versions prior to 2026.2.24 contain an approval gating bypass ...)
+ TODO: check
+CVE-2026-32022 (OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypas ...)
+ TODO: check
+CVE-2026-32021 (OpenClaw versions prior to 2026.2.22 contain an authorization bypass v ...)
+ TODO: check
+CVE-2026-32020 (OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerab ...)
+ TODO: check
+CVE-2026-32019 (OpenClaw versions prior to 2026.2.22 contain incomplete IPv4 special-u ...)
+ TODO: check
+CVE-2026-32018 (OpenClaw versions prior to 2026.2.19 contain a race condition vulnerab ...)
+ TODO: check
+CVE-2026-32017 (OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulne ...)
+ TODO: check
+CVE-2026-32016 (OpenClaw versions prior to 2026.2.22 on macOS contain a path validatio ...)
+ TODO: check
+CVE-2026-32015 (OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a path hijackin ...)
+ TODO: check
+CVE-2026-32014 (OpenClaw versions prior to 2026.2.26 contain a metadata spoofing vulne ...)
+ TODO: check
+CVE-2026-32013 (OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulne ...)
+ TODO: check
+CVE-2026-32011 (OpenClaw versions prior to 2026.3.2 contain a denial of service vulner ...)
+ TODO: check
+CVE-2026-32010 (OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulne ...)
+ TODO: check
+CVE-2026-32009 (OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerabi ...)
+ TODO: check
+CVE-2026-32008 (OpenClaw versions prior to 2026.2.21 contain an improper URL scheme va ...)
+ TODO: check
+CVE-2026-32007 (OpenClaw versions prior to 2026.2.23 contain a path traversal vulnerab ...)
+ TODO: check
+CVE-2026-32006 (OpenClaw versions prior to 2026.2.26 contain an authorization bypass v ...)
+ TODO: check
+CVE-2026-32005 (OpenClaw versions prior to 2026.2.25 fail to enforce sender authorizat ...)
+ TODO: check
+CVE-2026-32004 (OpenClaw versions prior to 2026.3.2 contain an authentication bypass v ...)
+ TODO: check
+CVE-2026-32003 (OpenClaw versions prior to 2026.2.22 contain an environment variable i ...)
+ TODO: check
+CVE-2026-32002 (OpenClaw versions prior to 2026.2.23 contain a sandbox bypass vulnerab ...)
+ TODO: check
+CVE-2026-32001 (OpenClaw versions prior to 2026.2.22 contain an authentication bypass ...)
+ TODO: check
+CVE-2026-31869 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-31805 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-30924 (qui is a web interface for managing qBittorrent instances. Versions 1. ...)
+ TODO: check
+CVE-2026-30891 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-30889 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-30888 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
+ TODO: check
+CVE-2026-30836 (Step CA is an online certificate authority for secure, automated certi ...)
+ TODO: check
+CVE-2026-29189 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29109 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29108 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29107 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29106 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29105 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29104 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29103 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29102 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29101 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29100 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29099 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29098 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29097 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29096 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+ TODO: check
+CVE-2026-29072 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-28282 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
+ TODO: check
+CVE-2026-27953 (ormar is a async mini ORM for Python. Versions 0.23.0 and below are vu ...)
+ TODO: check
+CVE-2026-27936 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-27935 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
+ TODO: check
+CVE-2026-27934 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
+ TODO: check
+CVE-2026-27740 (Discourse is an open-source discussion platform. Versions prior to 202 ...)
+ TODO: check
+CVE-2026-27570 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-27491 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-27454 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-27166 (Discourse is an open source discussion platform. Prior to versions 202 ...)
+ TODO: check
+CVE-2026-26139 (Server-side request forgery (ssrf) in Microsoft Purview allows an unau ...)
+ TODO: check
+CVE-2026-26138 (Server-side request forgery (ssrf) in Microsoft Purview allows an unau ...)
+ TODO: check
+CVE-2026-26137 (Server-side request forgery (ssrf) in Microsoft 365 Copilot's Business ...)
+ TODO: check
+CVE-2026-26136 (Improper neutralization of special elements used in a command ('comman ...)
+ TODO: check
+CVE-2026-26120 (Server-side request forgery (ssrf) in Microsoft Bing allows an unautho ...)
+ TODO: check
+CVE-2026-24299 (Improper neutralization of special elements used in a command ('comman ...)
+ TODO: check
+CVE-2026-23659 (Exposure of sensitive information to an unauthorized actor in Azure Da ...)
+ TODO: check
+CVE-2026-23658 (Insufficiently protected credentials in Azure DevOps allows an unautho ...)
+ TODO: check
+CVE-2026-22737 (Use of Java scripting engine enabled (e.g. JRuby, Jython) template vie ...)
+ TODO: check
+CVE-2026-22735 (Spring MVC and WebFlux applications are vulnerable to stream corruptio ...)
+ TODO: check
+CVE-2026-22733 (Spring Boot applications with Actuator can be vulnerable to an "Authen ...)
+ TODO: check
+CVE-2026-22732 (When applications specify HTTP response headers for servlet applicatio ...)
+ TODO: check
+CVE-2026-22731 (Spring Boot applications with Actuator can be vulnerable to an "Authen ...)
+ TODO: check
+CVE-2026-21992 (Vulnerability in the Oracle Identity Manager product of Oracle Fusion ...)
+ TODO: check
CVE-2026-33412 [Command injection via newline in glob()]
- vim <unfixed>
NOTE: https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c
NOTE: Fixed by: https://github.com/vim/vim/commit/645ed6597d1ea896c712cd7ddbb6edee79577e9a (v9.2.0202)
-CVE-2026-32721
+CVE-2026-32721 (LuCI is the OpenWrt Configuration Interface. Versions prior to both 24 ...)
NOT-FOR-US: LuCI in OpenWrt
-CVE-2026-30874
+CVE-2026-30874 (OpenWrt Project is a Linux operating system targeting embedded devices ...)
NOT-FOR-US: procd in OpenWrt
-CVE-2026-30873
+CVE-2026-30873 (OpenWrt Project is a Linux operating system targeting embedded devices ...)
NOT-FOR-US: jsonpath in OpenWrt
-CVE-2026-30872
+CVE-2026-30872 (OpenWrt Project is a Linux operating system targeting embedded devices ...)
NOT-FOR-US: mdns deamon in OpenWrt
-CVE-2026-30871
+CVE-2026-30871 (OpenWrt Project is a Linux operating system targeting embedded devices ...)
NOT-FOR-US: mdns deamon in OpenWrt
-CVE-2026-4464
+CVE-2026-4464 (Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 all ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4463
+CVE-2026-4463 (Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.15 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4462
+CVE-2026-4462 (Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 a ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4461
+CVE-2026-4461 (Inappropriate implementation in V8 in Google Chrome prior to 146.0.768 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4460
+CVE-2026-4460 (Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 al ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4459
+CVE-2026-4459 (Out of bounds read and write in WebAudio in Google Chrome prior to 146 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4458
+CVE-2026-4458 (Use after free in Extensions in Google Chrome prior to 146.0.7680.153 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4457
+CVE-2026-4457 (Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4456
+CVE-2026-4456 (Use after free in Digital Credentials API in Google Chrome prior to 14 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4455
+CVE-2026-4455 (Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.15 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4454
+CVE-2026-4454 (Use after free in Network in Google Chrome prior to 146.0.7680.153 all ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4453
+CVE-2026-4453 (Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.1 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4452
+CVE-2026-4452 (Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4451
+CVE-2026-4451 (Insufficient validation of untrusted input in Navigation in Google Chr ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4450
+CVE-2026-4450 (Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 all ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4449
+CVE-2026-4449 (Use after free in Blink in Google Chrome prior to 146.0.7680.153 allow ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4448
+CVE-2026-4448 (Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4447
+CVE-2026-4447 (Inappropriate implementation in V8 in Google Chrome prior to 146.0.768 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4446
+CVE-2026-4446 (Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allo ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4445
+CVE-2026-4445 (Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allo ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4444
+CVE-2026-4444 (Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.1 ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4443
+CVE-2026-4443 (Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680. ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4442
+CVE-2026-4442 (Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 a ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4441
+CVE-2026-4441 (Use after free in Base in Google Chrome prior to 146.0.7680.153 allowe ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4440
+CVE-2026-4440 (Out of bounds read and write in WebGL in Google Chrome prior to 146.0. ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
-CVE-2026-4439
+CVE-2026-4439 (Out of bounds memory access in WebGL in Google Chrome on Android prior ...)
- chromium 146.0.7680.153-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-XXXX [OSSA-2026-004: Server-Side Request Forgery (SSRF) vulnerabilities inOpenStack Glance image import functionality]
@@ -237,7 +675,7 @@ CVE-2025-32223 (Authorization Bypass Through User-Controlled Key vulnerability i
NOT-FOR-US: WordPress plugin or theme
CVE-2025-14716 (Improper Authentication vulnerability in Secomea GateManager (webserve ...)
TODO: check
-CVE-2026-4342
+CVE-2026-4342 (A security issue was discovered in ingress-nginx where a combination o ...)
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect v ...)
- xpdf <not-affected> (Debian uses poppler)
@@ -1026,6 +1464,7 @@ CVE-2026-4147 (An authenticated user with the read role may read limited amounts
CVE-2026-4064 (Missing authorization checks on multiple gRPC service endpoints in Pow ...)
NOT-FOR-US: Devolutions
CVE-2026-3888 (Local privilege escalation in snapd on Linux allows local attackers to ...)
+ {DSA-6170-1}
- snapd <unfixed> (bug #1131120)
NOTE: https://www.openwall.com/lists/oss-security/2026/03/17/8
NOTE: https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt
@@ -1145,7 +1584,7 @@ CVE-2025-15584 (Netskope was notified about a potential gap in its Endpoint DLP
NOT-FOR-US: Netskope
CVE-2025-13406 (NULL Pointer Dereference vulnerability in Softing Industrial Automatio ...)
NOT-FOR-US: Softing
-CVE-2026-32953 [Error in Protocol Implementation]
+CVE-2026-32953 (Tillitis TKey Client package is a Go package for a TKey client. Versio ...)
- golang-github-tillitis-tkeyclient 1.3.0-1 (bug #1131010)
[trixie] - golang-github-tillitis-tkeyclient <no-dsa> (Minor issue)
NOTE: https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v
@@ -1161,7 +1600,7 @@ CVE-2025-71239 (In the Linux kernel, the following vulnerability has been resolv
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc (7.0-rc1)
-CVE-2026-32829
+CVE-2026-32829 (lz4_flex is a pure Rust implementation of LZ4 compression/decompressio ...)
- rust-lz4-flex 0.13.0-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0041.html
NOTE: https://github.com/advisories/GHSA-vvp9-7p8x-rfvv
@@ -2530,6 +2969,7 @@ CVE-2026-32269 (Parse Server is an open source backend that can be deployed to a
CVE-2026-32260 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 ...)
NOT-FOR-US: Deno
CVE-2026-32259 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-49hx-7656-jpg3
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/df934b4721173f8dda33c6d007f9811669640e86 (7.1.2-16)
@@ -3256,6 +3696,7 @@ CVE-2026-31856 (Parse Server is an open source backend that can be deployed to a
CVE-2026-31854 (Cursor is a code editor built for programming with AI. Prior to 2.0 ,i ...)
NOT-FOR-US: Cursor
CVE-2026-31853 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-56jp-jfqg-f8f4
NOTE: https://github.com/ImageMagick/ImageMagick/commit/7936d9c7bec4bd459a8d4b5304a1a6fbf7dac0ea (7.1.2-16)
@@ -4432,28 +4873,33 @@ CVE-2026-31802 (node-tar is a full-featured Tar for Node.js. Prior to version 7.
NOTE: https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e
NOTE: https://github.com/isaacs/node-tar/commit/e9a1ddb821b29ddee75b9470dd511066148c8070
CVE-2026-30937 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/134f1c17d5dafc565182f9b00304fc08cfa3184e (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/42e5a37eeb60ca4fdede5060c0aa60802c2dc701 (6.9.13-41)
CVE-2026-30936 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5ggv-92r5-cp4p
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ffbbd7201e0ba08707849c0053aa703e076bf86e (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/f33c585ed9da768e8e1a88d40302dc7b3480a934
CVE-2026-30935 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
[bookworm] - imagemagick <not-affected> (BilateralBlurImage introduced in IM7)
[bullseye] - imagemagick <not-affected> (BilateralBlurImage introduced in IM7)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cqw9-w2m7-r2m2
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ed448e879285db99d2c1207393822713acb510f2 (7.1.2-16)
CVE-2026-30931 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
[bookworm] - imagemagick <not-affected> (UHDR support introduced in IM7)
[bullseye] - imagemagick <not-affected> (UHDR support introduced in IM7)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/7fe4dbabe5d50057513d5d16eb9cbfa0734b4848 (7.1.2-16)
CVE-2026-30929 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
[bookworm] - imagemagick <not-affected> (vulnerable code introduced later)
[bullseye] - imagemagick <not-affected> (vulnerable code introduced later)
@@ -4485,6 +4931,7 @@ CVE-2026-30887 (OneUptime is a solution for monitoring and managing online servi
CVE-2026-30885 (WWBN AVideo is an open source video platform. Prior to 25.0, the /obje ...)
NOT-FOR-US: WWBN AVideo
CVE-2026-30883 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5897fb65d173a57729026321d5067c9ddca5c56f (7.1.2-16)
@@ -4502,6 +4949,7 @@ CVE-2026-2364 (If a legitimate user confirms a self-update prompt or initiate an
CVE-2026-29773 (Kubewarden is a policy engine for Kubernetes. Kubewarden cluster opera ...)
NOT-FOR-US: Kubewarden
CVE-2026-28693 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/33375f93a866830bbaf72f86314fbc3014b9e4c4 (7.1.2-16)
@@ -4509,27 +4957,32 @@ CVE-2026-28693 (ImageMagick is free and open-source software used for editing an
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c54e9b365118972f939b0efcdd5087e106eb8945 (6.9.13-41)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/b13562f805d36de13c7c66c5fca6a6505495aae1 (6.9.13-41)
CVE-2026-28692 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/cb6cc0611baa4dac59add6439fa1d8af33fc5927 (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) (jumbo security patch for multiple issues)
CVE-2026-28691 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/87f619bcd066a3c8e8fae4addb99f15d496ae881 (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) (jumbo security patch for multiple issues)
CVE-2026-28690 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e6e874875e48dd9838acca3bd22c14a4d2f1b3ca (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) (jumbo security patch for multiple issues)
CVE-2026-28689 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/3eb11260cfe84fddbdcb8d2ed47f92703d1b2987 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/753ffb699934331b31028d4e271f2f6d6db85074 (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) (jumbo security patch for multiple issues)
CVE-2026-28688 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/40cfaa7b38729eb6a2808c9b94d6baa2fae6219b (7.1.2-14)
@@ -4537,6 +4990,7 @@ CVE-2026-28688 (ImageMagick is free and open-source software used for editing an
TODO: For imagemagick6 by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
TODO: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-28687 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/3392b4bba6ce076f4d88f5653a42d97b7e4f6970 (7.1.2-14)
@@ -4544,6 +4998,7 @@ CVE-2026-28687 (ImageMagick is free and open-source software used for editing an
TODO: For imagemagick6 superseded by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
TODO: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-28686 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d622bd6023310d57cec1e8f265095a1979210371 (7.1.2-16)
@@ -4554,11 +5009,13 @@ CVE-2026-28513 (Pocket ID is an OIDC provider that allows users to authenticate
CVE-2026-28512 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
NOT-FOR-US: Pocket ID OIDC provider
CVE-2026-28494 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a3f2f8680fa01cbce731191789322419efb5954a (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/f6cd30e0493635eb0b8a4e3dd93c1ac14a35a7e9 (6.9.13-41)
CVE-2026-28493 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DSA-6169-1}
- imagemagick 8:7.1.2.16+dfsg1-1
[bookworm] - imagemagick <not-affected> (vulnerable code is not present)
[bullseye] - imagemagick <not-affected> (vulnerable code is not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efa3091a3ab52ea6cd0de14a33158418320bec44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/efa3091a3ab52ea6cd0de14a33158418320bec44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260320/412661fc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list