[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 23 20:15:34 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc814795 by security tracker role at 2026-03-23T20:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,215 @@
+CVE-2026-4647 (A flaw was found in the GNU Binutils BFD library, a widely used compon ...)
+ TODO: check
+CVE-2026-4645 (A flaw was found in the `github.com/antchfx/xpath` component. A remote ...)
+ TODO: check
+CVE-2026-4633 (A flaw was found in Keycloak. A remote attacker can exploit differenti ...)
+ TODO: check
+CVE-2026-4628 (A flaw was found in Keycloak. An improper Access Control vulnerability ...)
+ TODO: check
+CVE-2026-4596 (A vulnerability was identified in projectworlds Lawyer Management Syst ...)
+ TODO: check
+CVE-2026-4595 (A vulnerability was determined in code-projects Exam Form Submission 1 ...)
+ TODO: check
+CVE-2026-4594 (A vulnerability has been found in erupts erupt up to 1.13.3. Affected ...)
+ TODO: check
+CVE-2026-4593 (A flaw has been found in erupts erupt bis 1.13.3. Affected by this vul ...)
+ TODO: check
+CVE-2026-4592 (A security vulnerability has been detected in kalcaddle kodbox 1.64. T ...)
+ TODO: check
+CVE-2026-4591 (A weakness has been identified in kalcaddle kodbox 1.64. This affects ...)
+ TODO: check
+CVE-2026-4590 (A security flaw has been discovered in kalcaddle kodbox 1.64. The impa ...)
+ TODO: check
+CVE-2026-4589 (A vulnerability was identified in kalcaddle kodbox 1.64. The affected ...)
+ TODO: check
+CVE-2026-4588 (A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is t ...)
+ TODO: check
+CVE-2026-4587 (A vulnerability was found in HybridAuth up to 3.12.2. This issue affec ...)
+ TODO: check
+CVE-2026-4586 (A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This aff ...)
+ TODO: check
+CVE-2026-4585 (A vulnerability has been found in Tiandy Easy7 Integrated Management P ...)
+ TODO: check
+CVE-2026-4584 (A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. ...)
+ TODO: check
+CVE-2026-4583 (A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1 ...)
+ TODO: check
+CVE-2026-4582 (A security vulnerability has been detected in Shenzhen HCC Technology ...)
+ TODO: check
+CVE-2026-4581 (A weakness has been identified in code-projects Simple Laundry System ...)
+ TODO: check
+CVE-2026-4580 (A security flaw has been discovered in code-projects Simple Laundry Sy ...)
+ TODO: check
+CVE-2026-4404 (Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and be ...)
+ TODO: check
+CVE-2026-3635 (Summary When trustProxy is configured with a restrictive trust functio ...)
+ TODO: check
+CVE-2026-33723 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33719 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33717 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33716 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33690 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33688 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33685 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33683 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33681 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33651 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33650 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33649 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33648 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33647 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33548 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...)
+ TODO: check
+CVE-2026-33517 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...)
+ TODO: check
+CVE-2026-33513 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33512 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33507 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33502 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33501 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33500 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33499 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33493 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33492 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33488 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33485 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33483 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33482 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33480 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33479 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33478 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33354 (WWBN AVideo is an open source video platform. In versions up to and in ...)
+ TODO: check
+CVE-2026-33352 (WWBN AVideo is an open source video platform. Prior to version 26.0, a ...)
+ TODO: check
+CVE-2026-33351 (WWBN AVideo is an open source video platform. Prior to version 26.0, a ...)
+ TODO: check
+CVE-2026-33297 (WWBN AVideo is an open source video platform. Prior to version 26.0, t ...)
+ TODO: check
+CVE-2026-32969 (An unauthenticated remote attacker can exploit a Pre-Auth blind SQL In ...)
+ TODO: check
+CVE-2026-32968 (Due to the improper neutralisation of special elements used in an OS c ...)
+ TODO: check
+CVE-2026-32879 (New API is a large language mode (LLM) gateway and artificial intellig ...)
+ TODO: check
+CVE-2026-32852 (MailEnable versions prior to10.55 contain a reflected cross-site scrip ...)
+ TODO: check
+CVE-2026-32851 (MailEnable versions prior to10.55 contain a reflected cross-site scrip ...)
+ TODO: check
+CVE-2026-32850 (MailEnable versions prior to10.55 contain a reflected cross-site scrip ...)
+ TODO: check
+CVE-2026-32845 (cgltf version 1.15 and prior contain an integer overflow vulnerability ...)
+ TODO: check
+CVE-2026-31851 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does ...)
+ TODO: check
+CVE-2026-31850 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 store ...)
+ TODO: check
+CVE-2026-31849 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does ...)
+ TODO: check
+CVE-2026-31848 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 store ...)
+ TODO: check
+CVE-2026-31847 (Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solu ...)
+ TODO: check
+CVE-2026-31846 (An unauthenticated credential disclosure vulnerability in the /goform/ ...)
+ TODO: check
+CVE-2026-30886 (New API is a large language mode (LLM) gateway and artificial intellig ...)
+ TODO: check
+CVE-2026-30849 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
+ TODO: check
+CVE-2026-30007 (XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .t ...)
+ TODO: check
+CVE-2026-30006 (XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a craf ...)
+ TODO: check
+CVE-2026-2298 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
+ TODO: check
+CVE-2026-28809 (XML External Entity (XXE) vulnerability in esaml (and its forks) allow ...)
+ TODO: check
+CVE-2026-27131 (The Sprig Plugin for Craft CMS is a reactive Twig component framework ...)
+ TODO: check
+CVE-2026-26829 (A NULL pointer dereference in the safe_atou64 function (src/misc.c) of ...)
+ TODO: check
+CVE-2026-26828 (A NULL pointer dereference in the daap_reply_playlists function (src/h ...)
+ TODO: check
+CVE-2026-26209 (cbor2 provides encoding and decoding for the Concise Binary Object Rep ...)
+ TODO: check
+CVE-2026-24516 (A command injection vulnerability exists in DigitalOcean Droplet Agent ...)
+ TODO: check
+CVE-2026-1958 (Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino al ...)
+ TODO: check
+CVE-2026-0898 (An arbitrary file-write vulnerability in Pega Browser Extension (PBE) ...)
+ TODO: check
+CVE-2025-52204 (A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x ...)
+ TODO: check
+CVE-2025-41008 (SQL injection vulnerability in Sinturno. This vulnerability allows an ...)
+ TODO: check
+CVE-2025-41007 (SQL Injection in Cuantis. This vulnerability allows an attacker to ret ...)
+ TODO: check
+CVE-2025-15606 (A Denial-of-Service (DoS) vulnerability in the httpd component of TP-L ...)
+ TODO: check
+CVE-2025-15605 (A hardcoded cryptographic key within the configuration mechanism on TP ...)
+ TODO: check
+CVE-2025-15519 (Improper input handling in a modem-management administrative CLI comma ...)
+ TODO: check
+CVE-2025-15518 (Improper input handling in a wireless-control administrative CLI comma ...)
+ TODO: check
+CVE-2025-15517 (A missing authentication check in the HTTP server on TP-Link Archer NX ...)
+ TODO: check
+CVE-2024-51226 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...)
+ TODO: check
+CVE-2024-51225 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...)
+ TODO: check
+CVE-2024-51224 (Multiple cross-site scripting (XSS) vulnerabilities in the component / ...)
+ TODO: check
+CVE-2024-51223 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...)
+ TODO: check
+CVE-2024-51222 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...)
+ TODO: check
+CVE-2024-46879 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POS ...)
+ TODO: check
+CVE-2024-46878 (A Cross-Site Scripting (XSS) vulnerability exists in the page paramete ...)
+ TODO: check
+CVE-2019-25625 (Blob Studio 2.17 contains a denial of service vulnerability that allow ...)
+ TODO: check
+CVE-2019-25624 (Liquid Studio 2.17 contains a denial of service vulnerability that all ...)
+ TODO: check
+CVE-2019-25623 (Luminance Studio 2.17 contains a denial of service vulnerability that ...)
+ TODO: check
+CVE-2019-25622 (Paint Studio 2.17 contains a denial of service vulnerability that allo ...)
+ TODO: check
+CVE-2019-25621 (Pixel Studio 2.17 contains a denial of service vulnerability that allo ...)
+ TODO: check
+CVE-2019-25620 (Tree Studio 2.17 contains a denial of service vulnerability that allow ...)
+ TODO: check
CVE-2026-33347
- php-league-commonmark 2.8.2-1
NOTE: https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5
@@ -8,7 +220,8 @@ CVE-2026-33699
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3
NOTE: https://github.com/py-pdf/pypdf/pull/3693
NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/02b1345f77fdbc006faccc301507df4fb1855413 (6.9.2)
-CVE-2026-25075
+CVE-2026-25075 (strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow ...)
+ {DSA-6176-1}
- strongswan <unfixed>
NOTE: https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html
NOTE: Patch: https://download.strongswan.org/security/CVE-2026-25075/
@@ -2637,9 +2850,9 @@ CVE-2026-32293 (The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during
NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
CVE-2026-32292 (The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requ ...)
NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
-CVE-2026-32291 (The GL-iNet Comet (GL-RM1) KVM does not require authentication on the ...)
+CVE-2026-32291 (The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentic ...)
NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
-CVE-2026-32290 (The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify the authen ...)
+CVE-2026-32290 (The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficien ...)
NOT-FOR-US: GL-iNet Comet (GL-RM1) KVM
CVE-2026-30911 (Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vuln ...)
- airflow <itp> (bug #819700)
@@ -30362,7 +30575,7 @@ CVE-2020-36875 (AccessAlly WordPress plugin versions prior to3.3.2 contain an un
CVE-2025-14459 (A flaw was found in KubeVirt Containerized Data Importer (CDI). This v ...)
NOT-FOR-US: Red Hat virt-cdi-controller
CVE-2025-51602 (mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bo ...)
- {DSA-6082-1}
+ {DSA-6082-1 DLA-4507-1}
- vlc 3.0.22-1
NOTE: https://www.videolan.org/security/sb-vlc3022.html
CVE-2026-22714 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc8147957681305b11c41bf260f37eb768ab04cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc8147957681305b11c41bf260f37eb768ab04cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260323/e5aed4a7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list