[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 4 08:13:00 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1661f14a by security tracker role at 2026-05-04T07:12:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,123 @@
+CVE-2026-7740 (A security vulnerability has been detected in justdan96 tsMuxer up to  ...)
+	TODO: check
+CVE-2026-7739 (A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This  ...)
+	TODO: check
+CVE-2026-7738 (A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. ...)
+	TODO: check
+CVE-2026-7737 (A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by  ...)
+	TODO: check
+CVE-2026-7736 (A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by  ...)
+	TODO: check
+CVE-2026-7735 (A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the f ...)
+	TODO: check
+CVE-2026-7734 (A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts ...)
+	TODO: check
+CVE-2026-7733 (A flaw has been found in funadmin up to 7.1.0-rc6. This affects the fu ...)
+	TODO: check
+CVE-2026-7732 (A vulnerability was detected in code-projects BloodBank Managing Syste ...)
+	TODO: check
+CVE-2026-7731 (A security vulnerability has been detected in code-projects BloodBank  ...)
+	TODO: check
+CVE-2026-7730 (A weakness has been identified in privsim mcp-test-runner 0.2.0. Impac ...)
+	TODO: check
+CVE-2026-7729 (A security flaw has been discovered in pixelsock directus-mcp 1.0.0. T ...)
+	TODO: check
+CVE-2026-7728 (A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vul ...)
+	TODO: check
+CVE-2026-7727 (A vulnerability was determined in Shandong Hoteam Software PDM Product ...)
+	TODO: check
+CVE-2026-7725 (A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affe ...)
+	TODO: check
+CVE-2026-7724 (A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. ...)
+	TODO: check
+CVE-2026-7723 (A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is a ...)
+	TODO: check
+CVE-2026-7722 (A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This i ...)
+	TODO: check
+CVE-2026-7721 (A security vulnerability has been detected in Totolink WA300 5.2cu.711 ...)
+	TODO: check
+CVE-2026-7720 (A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. ...)
+	TODO: check
+CVE-2026-7719 (A security flaw has been discovered in Totolink WA300 5.2cu.7112_B2019 ...)
+	TODO: check
+CVE-2026-7718 (A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. ...)
+	TODO: check
+CVE-2026-7717 (A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. ...)
+	TODO: check
+CVE-2026-7716 (A vulnerability was found in code-projects Gym Management System In PH ...)
+	TODO: check
+CVE-2026-7715 (A vulnerability has been found in ravenwits mcp-server-arangodb up to  ...)
+	TODO: check
+CVE-2026-7714 (A flaw has been found in crocodilestick Calibre-Web-Automated up to 4. ...)
+	TODO: check
+CVE-2026-7713 (A vulnerability was detected in crocodilestick Calibre-Web-Automated u ...)
+	TODO: check
+CVE-2026-7712 (A security vulnerability has been detected in MindsDB up to 26.01. Aff ...)
+	TODO: check
+CVE-2026-7711 (A weakness has been identified in MindsDB up to 26.01. This impacts th ...)
+	TODO: check
+CVE-2026-7710 (A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. ...)
+	TODO: check
+CVE-2026-7709 (A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. T ...)
+	TODO: check
+CVE-2026-7708 (A vulnerability was determined in Open5GS up to 2.7.7. The affected el ...)
+	TODO: check
+CVE-2026-7707 (A vulnerability was found in Open5GS up to 2.7.7. Impacted is the func ...)
+	TODO: check
+CVE-2026-7706 (A vulnerability has been found in Open5GS up to 2.7.7. This issue affe ...)
+	TODO: check
+CVE-2026-7705 (A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerabilit ...)
+	TODO: check
+CVE-2026-7372 (A stack overflow vulnerability exists in the WebCam Server Login funct ...)
+	TODO: check
+CVE-2026-7371 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+	TODO: check
+CVE-2026-7161 (An insufficient encryption vulnerability exists in the Device Authenti ...)
+	TODO: check
+CVE-2026-6948 (Velociraptor versions prior to 0.76.4 contain a resource exhaustion vu ...)
+	TODO: check
+CVE-2026-5335 (The Magic Export & Import WordPress plugin before 1.2.0 stores exporte ...)
+	TODO: check
+CVE-2026-43864 (mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.)
+	TODO: check
+CVE-2026-43863 (mutt before 2.3.2 has an infinite loop in data_object_to_stream in cry ...)
+	TODO: check
+CVE-2026-43862 (In mutt before 2.3.2, the imap_auth_gss security level is mishandled.)
+	TODO: check
+CVE-2026-43861 (mutt before 2.3.2 does not check for '\0' in url_pct_decode.)
+	TODO: check
+CVE-2026-43860 (mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for  ...)
+	TODO: check
+CVE-2026-43859 (mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMA ...)
+	TODO: check
+CVE-2026-42370 (A stack overflow vulnerability exists in the WebCam Server Login funct ...)
+	TODO: check
+CVE-2026-42369 (GV-VMS V20 is a Video Monitoring Software used to gather the feeds of  ...)
+	TODO: check
+CVE-2026-42368 (A privilege escalation vulnerability exists in the Web Interface funct ...)
+	TODO: check
+CVE-2026-42367 (A privilege escalation vulnerability exists in the Web Interface / ssi ...)
+	TODO: check
+CVE-2026-42366 (Multiple reflected cross-site scripting (xss) vulnerabilities exist in ...)
+	TODO: check
+CVE-2026-42365 (A guessable session cookie vulnerability exists in the Web Interface f ...)
+	TODO: check
+CVE-2026-42364 (An os command injection vulnerability exists in the DdnsSetting.cgi fu ...)
+	TODO: check
+CVE-2026-29200 (A critical IDOR vulnerability has been discovered in Comet Backup affe ...)
+	TODO: check
+CVE-2026-29199 (phpBB before 3.3.16 is vulnerable to Host Header Injection that can le ...)
+	TODO: check
+CVE-2026-20451 (In slbc, there is a possible out of bounds write due to type confusion ...)
+	TODO: check
+CVE-2026-20450 (In Modem, there is a possible system crash due to incorrect error hand ...)
+	TODO: check
+CVE-2026-20449 (In Modem, there is a possible system crash due to a heap buffer overfl ...)
+	TODO: check
+CVE-2026-20448 (In geniezone, there is a possible escalation of privilege due to a mis ...)
+	TODO: check
+CVE-2026-20447 (In geniezone, there is a possible escalation of privilege due to a mis ...)
+	TODO: check
 CVE-2026-7704 (A vulnerability has been found in AV Stumpfl Pixera Two Media Server u ...)
 	NOT-FOR-US: AV Stumpfl Pixera Two Media Server
 CVE-2026-7703 (A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 ...)
@@ -4922,7 +5042,7 @@ CVE-2026-3259 (A Generation of Error Message Containing Sensitive Information vu
 	NOT-FOR-US: BigQuery
 CVE-2026-39440 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin or theme
-CVE-2026-39087 (An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to exe ...)
+CVE-2026-39087 (ntfy before 2.22.0 allows SSRF because of an unanchored regular expres ...)
 	NOT-FOR-US: ntfy.sh
 CVE-2026-35225 (An unauthenticated remote attacker is able to exhaust all available TC ...)
 	NOT-FOR-US: CODESYS



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1661f14a099f92d05875e2984f1f31205f6c0034

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1661f14a099f92d05875e2984f1f31205f6c0034
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260504/36027dbc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list