[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 2 08:13:18 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d59f344c by security tracker role at 2026-05-02T07:13:11+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2026-7647 (The Profile Builder Pro plugin for WordPress is vulnerable to PHP Obje ...)
+ TODO: check
+CVE-2026-7641 (The Import and export users and customers plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2026-7638 (The App Builder \u2013 Create Native Android & iOS Apps On The Flight ...)
+ TODO: check
+CVE-2026-7605 (A security flaw has been discovered in JeecgBoot up to 3.9.1. This vul ...)
+ TODO: check
+CVE-2026-7604 (A vulnerability was identified in JeecgBoot up to 3.9.1. This affects ...)
+ TODO: check
+CVE-2026-7603 (A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by t ...)
+ TODO: check
+CVE-2026-7602 (A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this v ...)
+ TODO: check
+CVE-2026-7601 (A vulnerability has been found in Open5GS up to 2.7.6. Affected is an ...)
+ TODO: check
+CVE-2026-7600 (A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts ...)
+ TODO: check
+CVE-2026-7599 (A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This affects ...)
+ TODO: check
+CVE-2026-7598 (A security vulnerability has been detected in libssh2 up to 1.11.1. Th ...)
+ TODO: check
+CVE-2026-7597 (A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects th ...)
+ TODO: check
+CVE-2026-7596 (A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill ...)
+ TODO: check
+CVE-2026-7595 (A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2. ...)
+ TODO: check
+CVE-2026-7594 (A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affe ...)
+ TODO: check
+CVE-2026-7593 (A security vulnerability has been detected in Sunwood-ai-labs command- ...)
+ TODO: check
+CVE-2026-7592 (A weakness has been identified in itsourcecode Courier Management Syst ...)
+ TODO: check
+CVE-2026-7458 (The User Verification by PickPlugins plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2026-7209 (The Simple Link Directory plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-7049 (The PixelYourSite Pro \u2013 Your smart PIXEL (TAG) Manager plugin for ...)
+ TODO: check
+CVE-2026-6963 (The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2026-6916 (The Jeg Kit for Elementor \u2013 Powerful Addons for Elementor, Widget ...)
+ TODO: check
+CVE-2026-6812 (The Ona theme for WordPress is vulnerable to Server-Side Request Forge ...)
+ TODO: check
+CVE-2026-6447 (The Call for Price for WooCommerce plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-6446 (The My Social Feeds \u2013 Social Feeds Embedder plugin for WordPress ...)
+ TODO: check
+CVE-2026-6378 (The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2026-5113 (The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2026-5112 (The Gravity Forms plugin for WordPress is vulnerable to Unauthenticate ...)
+ TODO: check
+CVE-2026-5111 (The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2026-5110 (The Gravity Forms plugin for WordPress is vulnerable to Unauthenticate ...)
+ TODO: check
+CVE-2026-5109 (The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2026-4882 (The User Registration Advanced Fields plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2026-4658 (The Essential Blocks \u2013 Page Builder Gutenberg Blocks, Patterns & ...)
+ TODO: check
+CVE-2026-43824 (In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff ...)
+ TODO: check
+CVE-2026-43058 (In the Linux kernel, the following vulnerability has been resolved: m ...)
+ TODO: check
+CVE-2026-42788 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-42786 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-39807 (Reliance on Untrusted Inputs in a Security Decision vulnerability in m ...)
+ TODO: check
+CVE-2026-39805 (Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel ...)
+ TODO: check
+CVE-2026-39804 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2025-8903
+ REJECTED
+CVE-2025-14726 (The Widgets for Social Photo Feed plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-12993
+ REJECTED
CVE-2026-42050 [Stack buffer overflow in XTileImage]
- imagemagick 8:7.1.2.21+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7mxf-ff4f-jj7p
@@ -9917,13 +10003,13 @@ CVE-2026-40312 (ImageMagick is free and open-source software used for editing an
NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick6/commit/0e328007d2eeefb9ae24bc3f4442b1a2469d772e (6.9.13-39)
NOTE: Fix included in: https://github.com/ImageMagick/ImageMagick6/commit/74e89a3dad41f89dfa74399c0b087d3ee4e81f90 (6.9.13-39)
CVE-2026-40311 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6240-1}
+ {DSA-6240-1 DLA-4559-1}
- imagemagick 8:7.1.2.19+dfsg1-1 (bug #1134627)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r83h-crwp-3vm7
NOTE: https://github.com/ImageMagick/ImageMagick/commit/5facfecf1abb3fed46a08f614dcc43d1e548e20d (7.1.2-19)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ccf3cffe819616b39374594a7b5389fc2d49260d (6.9.13-44)
CVE-2026-40310 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6240-1}
+ {DSA-6240-1 DLA-4559-1}
- imagemagick 8:7.1.2.19+dfsg1-1 (bug #1134627)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pwg5-6jfc-crvh
NOTE: https://github.com/ImageMagick/ImageMagick/commit/3d653bea2df085c728a1c8f775808e1e9249dff9 (7.1.2-19)
@@ -10004,7 +10090,7 @@ CVE-2026-34257 (Due to an Open Redirect vulnerability in SAP NetWeaver Applicati
CVE-2026-34256 (Due to a missing authorization check in SAP ERP and SAP S/4HANA (Priva ...)
NOT-FOR-US: SAP
CVE-2026-34238 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6240-1}
+ {DSA-6240-1 DLA-4559-1}
- imagemagick 8:7.1.2.19+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-26qp-ffjh-2x4v
NOTE: https://github.com/ImageMagick/ImageMagick/commit/bcd8519c70ecd9ebbc180920f2cf97b267d1f440 (7.1.2-19)
@@ -10028,13 +10114,13 @@ CVE-2026-33947 (jq is a command-line JSON processor. In versions 1.8.1 and below
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-xwrw-4f8h-rjvg
NOTE: Fixed by: https://github.com/jqlang/jq/commit/fb59f1491058d58bdc3e8dd28f1773d1ac690a1f
CVE-2026-33908 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6240-1}
+ {DSA-6240-1 DLA-4559-1}
- imagemagick 8:7.1.2.19+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwvm-ggf6-2p4x
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ccdc01180276aa2cb3d4a32a611aa4f417061cd8 (7.1.2-19)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4a8819a0e1c2768d592cb6e8584cadecf9cf536e (6.9.13-44)
CVE-2026-33905 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6240-1}
+ {DSA-6240-1 DLA-4559-1}
- imagemagick 8:7.1.2.19+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pcvx-ph33-r5vv
NOTE: https://github.com/ImageMagick/ImageMagick/commit/cca607366fb38c2dde019a9088b8415ffba3a835 (7.1.2-19)
@@ -10048,19 +10134,19 @@ CVE-2026-33902 (ImageMagick is free and open-source software used for editing an
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-f4qm-vj5j-9xpw
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3c0a37485314c5ccef72efb18f3847cd53868ba (7.1.2-19)
CVE-2026-33901 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6240-1}
+ {DSA-6240-1 DLA-4559-1}
- imagemagick 8:7.1.2.19+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x9h5-r9v2-vcww
NOTE: https://github.com/ImageMagick/ImageMagick/commit/4c72003e9e54a4ebaa938d239e75f5d285527ebe (7.1.2-19)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/53db9565c648e71733a5c2cc2a4e8e8a4347d9cd (6.9.13-44)
CVE-2026-33900 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6240-1}
+ {DSA-6240-1 DLA-4559-1}
- imagemagick 8:7.1.2.19+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v67w-737x-v2c9
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d27b840a61b322419a66d0d192ff56d52498148d (7.1.2-19)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b6c01a5a23f1e350ebe2db78c7cc326db2e320c9 (6.9.13-45)
CVE-2026-33899 (ImageMagick is free and open-source software used for editing and mani ...)
- {DSA-6240-1}
+ {DSA-6240-1 DLA-4559-1}
- imagemagick 8:7.1.2.19+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr67-pvmx-2pp2
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ae679e2fd19ec656bfab9f822ae4cf06bf91604d (7.1.2-19)
@@ -15621,7 +15707,8 @@ CVE-2026-23474 (In the Linux kernel, the following vulnerability has been resolv
{DSA-6243-1 DSA-6238-1}
- linux 6.19.10-1
NOTE: https://git.kernel.org/linus/8e2f8020270af7777d49c2e7132260983e4fc566 (7.0-rc5)
-CVE-2026-23473 (In the Linux kernel, the following vulnerability has been resolved: i ...)
+CVE-2026-23473
+ REJECTED
- linux 6.19.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a68ed2df72131447d131531a08fe4dfcf4fa4653 (7.0-rc5)
@@ -47967,7 +48054,8 @@ CVE-2025-71150 (In the Linux kernel, the following vulnerability has been resolv
- linux 6.18.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/cafb57f7bdd57abba87725eb4e82bbdca4959644 (6.19-rc2)
-CVE-2025-71149 (In the Linux kernel, the following vulnerability has been resolved: i ...)
+CVE-2025-71149
+ REJECTED
{DSA-6127-1 DSA-6126-1 DLA-4476-1}
- linux 6.18.3-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d59f344cbd1a9b113cb0727437fbe9ea14cfed79
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d59f344cbd1a9b113cb0727437fbe9ea14cfed79
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260502/849b3b91/attachment.htm>
More information about the debian-security-tracker-commits
mailing list