[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 6 08:13:44 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a79457f3 by security tracker role at 2026-05-06T07:13:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,104 @@
-CVE-2026-39852
+CVE-2026-7857 (A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vuln ...)
+	TODO: check
+CVE-2026-7856 (A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an un ...)
+	TODO: check
+CVE-2026-7573 (An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoin ...)
+	TODO: check
+CVE-2026-7572 (An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUni ...)
+	TODO: check
+CVE-2026-5753 (The All-in-One WP Migration Unlimited Extension plugin for WordPress i ...)
+	TODO: check
+CVE-2026-44405 (In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 a ...)
+	TODO: check
+CVE-2026-44331 (In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerabilit ...)
+	TODO: check
+CVE-2026-41950 (Dify before version 1.14.0 contains an authorization bypass vulnerabil ...)
+	TODO: check
+CVE-2026-40934 (Jupyter Server is the backend for Jupyter web applications. In version ...)
+	TODO: check
+CVE-2026-40331 (Masa CMS is an open source content management system. In versions 7.2. ...)
+	TODO: check
+CVE-2026-40330 (Masa CMS is an open source content management system. In versions 7.2. ...)
+	TODO: check
+CVE-2026-40329 (Masa CMS is an open source content management system. In versions 7.5. ...)
+	TODO: check
+CVE-2026-40280 (Gotenberg is an API-based document conversion tool. In versions 8.30.1 ...)
+	TODO: check
+CVE-2026-40110 (Jupyter Server is the backend for Jupyter web applications. In version ...)
+	TODO: check
+CVE-2026-40075 (OpenMRS Core is an open source electronic medical record system platfo ...)
+	TODO: check
+CVE-2026-40068 (In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust det ...)
+	TODO: check
+CVE-2026-3208 (The Mercado Pago payments for WooCommerce plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2026-39849 (Pi-hole FTL is the core engine of the Pi-hole network-level advertisem ...)
+	TODO: check
+CVE-2026-39383 (Gotenberg is an API-based document conversion tool. In version 8.29.1, ...)
+	TODO: check
+CVE-2026-38947 (FluentCMS 1.2.3 is vulnerable to Cross Site Scripting (XSS) in TextHTM ...)
+	TODO: check
+CVE-2026-35579 (CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, th ...)
+	TODO: check
+CVE-2026-35453 (PhpSpreadsheet is a library for reading and writing spreadsheet files. ...)
+	TODO: check
+CVE-2026-35397 (Jupyter Server is the backend for Jupyter web applications. In version ...)
+	TODO: check
+CVE-2026-34596 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
+	TODO: check
+CVE-2026-34527 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
+	TODO: check
+CVE-2026-34464 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
+	TODO: check
+CVE-2026-34462 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
+	TODO: check
+CVE-2026-34461 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
+	TODO: check
+CVE-2026-34459 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
+	TODO: check
+CVE-2026-34458 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
+	TODO: check
+CVE-2026-34084 (PhpSpreadsheet is a library for reading and writing spreadsheet files. ...)
+	TODO: check
+CVE-2026-33975 (Twenty is an open source CRM built with NestJS (Node.js). In versions  ...)
+	TODO: check
+CVE-2026-33489 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.14 ...)
+	TODO: check
+CVE-2026-33420 (Vaultwarden is a Bitwarden-compatible server written in Rust. In versi ...)
+	TODO: check
+CVE-2026-33324 (SQLBot is an intelligent Text-to-SQL system based on large language mo ...)
+	TODO: check
+CVE-2026-33190 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.14 ...)
+	TODO: check
+CVE-2026-32936 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.14 ...)
+	TODO: check
+CVE-2026-32934 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.14 ...)
+	TODO: check
+CVE-2026-32699 (FacturaScripts is an open source accounting and invoicing software. In ...)
+	TODO: check
+CVE-2026-32603 (Sandboxie is an open source sandbox-based isolation software for Windo ...)
+	TODO: check
+CVE-2026-31893 (Tunnelblick is an open source graphic user interface for OpenVPN on ma ...)
+	TODO: check
+CVE-2026-2306 (The Ninja Tables \u2013 Easy Data Table Builder plugin for WordPress i ...)
+	TODO: check
+CVE-2025-71256 (In nr modem, there is a possible improper input validation. This could ...)
+	TODO: check
+CVE-2025-71255 (In Modem IMS, there is a possible improper input validation. This coul ...)
+	TODO: check
+CVE-2025-71254 (In Modem IMS, there is a possible improper input validation. This coul ...)
+	TODO: check
+CVE-2025-71253 (In Modem IMS, there is a possible improper input validation. This coul ...)
+	TODO: check
+CVE-2025-71252 (In Modem IMS, there is a possible improper input validation. This coul ...)
+	TODO: check
+CVE-2025-71251 (In IMS, there is a possible system crash due to improper input validat ...)
+	TODO: check
+CVE-2024-52911 (Bitcoin Core through 28.x has a security issue, the details of which a ...)
+	TODO: check
+CVE-2026-39852 (Quarkus is a Java framework for building cloud-native applications. In ...)
 	NOT-FOR-US: Quarkus
-CVE-2026-28780
+CVE-2026-28780 (Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HT ...)
 	- apache2 2.4.67-1
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-28780
 CVE-2026-7865 (A hidden console command is vulnerable to command injection flaw when  ...)
@@ -1408,7 +1506,7 @@ CVE-2026-40197
 	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-r7w7-mmxr-47r9
 	NOTE: https://github.com/lxc/incus/pull/3273
-CVE-2026-35527
+CVE-2026-35527 (Incus is an open source container and virtual machine manager. In vers ...)
 	- incus <unfixed>
 	[trixie] - incus <not-affected> (Vulnerable code not present, introduced in 6.22/6.0.6)
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-8gw4-p4wq-4hcv
@@ -2485,7 +2583,7 @@ CVE-2022-50993 (Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain
 	NOT-FOR-US: Weaver (Fanwei) E-office
 CVE-2022-50992 (Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitr ...)
 	NOT-FOR-US: Weaver (Fanwei) E-cology
-CVE-2026-39402
+CVE-2026-39402 (lxc is a Linux container runtime. In the setuid helper lxc-user-nic, t ...)
 	- lxc 1:7.0.0-1
 	[trixie] - lxc <no-dsa> (Minor issue)
 	[bookworm] - lxc <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a79457f32a1574bf1c20f0725b8d5e5f76a7d7f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a79457f32a1574bf1c20f0725b8d5e5f76a7d7f0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260506/ceb79845/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list