[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 8 08:13:18 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ec7c6815 by security tracker role at 2026-05-08T07:13:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,263 @@
+CVE-2026-8149 (A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on ...)
+ TODO: check
+CVE-2026-8148 (NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local atta ...)
+ TODO: check
+CVE-2026-8142 (VINCE versions 3.0.38 and earlier do not properly verify the From addr ...)
+ TODO: check
+CVE-2026-8138 (A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affec ...)
+ TODO: check
+CVE-2026-8137 (A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B2023011 ...)
+ TODO: check
+CVE-2026-8136 (A flaw has been found in SourceCodester Pharmacy Sales and Inventory S ...)
+ TODO: check
+CVE-2026-8133 (A security vulnerability has been detected in zyx0814 FilePress up to ...)
+ TODO: check
+CVE-2026-8132 (A weakness has been identified in CodeAstro Leave Management System 1. ...)
+ TODO: check
+CVE-2026-8131 (A security flaw has been discovered in SourceCodester SUP Online Shopp ...)
+ TODO: check
+CVE-2026-8130 (A vulnerability was identified in SourceCodester SUP Online Shopping 1 ...)
+ TODO: check
+CVE-2026-8129 (A vulnerability was determined in SourceCodester SUP Online Shopping 1 ...)
+ TODO: check
+CVE-2026-8128 (A vulnerability was found in SourceCodester SUP Online Shopping 1.0. T ...)
+ TODO: check
+CVE-2026-8127 (A vulnerability has been found in eladmin up to 2.7. Impacted is the f ...)
+ TODO: check
+CVE-2026-8126 (A flaw has been found in SourceCodester Comment System 1.0. This issue ...)
+ TODO: check
+CVE-2026-8125 (A vulnerability was detected in code-projects Simple Chat System 1.0. ...)
+ TODO: check
+CVE-2026-8124 (A security vulnerability has been detected in GPAC up to 26.02.0. This ...)
+ TODO: check
+CVE-2026-8123 (A vulnerability was determined in Open5GS up to 2.7.7. This impacts th ...)
+ TODO: check
+CVE-2026-8122 (A vulnerability was found in Open5GS up to 2.7.7. This affects the fun ...)
+ TODO: check
+CVE-2026-8121 (A vulnerability has been found in Open5GS up to 2.7.7. The impacted el ...)
+ TODO: check
+CVE-2026-8120 (A flaw has been found in Open5GS up to 2.7.7. The affected element is ...)
+ TODO: check
+CVE-2026-8119 (A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the f ...)
+ TODO: check
+CVE-2026-8117 (A security vulnerability has been detected in SourceCodester Pizzafy E ...)
+ TODO: check
+CVE-2026-8116 (A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to ...)
+ TODO: check
+CVE-2026-8115 (A security flaw has been discovered in gyoridavid short-video-maker up ...)
+ TODO: check
+CVE-2026-8114 (A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by t ...)
+ TODO: check
+CVE-2026-8113 (A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76 ...)
+ TODO: check
+CVE-2026-8112 (A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838 ...)
+ TODO: check
+CVE-2026-8106 (A reflected HTML injection vulnerability was identified in the GitHub ...)
+ TODO: check
+CVE-2026-8098 (A security vulnerability has been detected in code-projects Feedback S ...)
+ TODO: check
+CVE-2026-8097 (A security flaw has been discovered in CodeAstro Online Classroom 1.0. ...)
+ TODO: check
+CVE-2026-8088 (A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The af ...)
+ TODO: check
+CVE-2026-8087 (A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. I ...)
+ TODO: check
+CVE-2026-8069 (PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege E ...)
+ TODO: check
+CVE-2026-8034 (A server-side request forgery (SSRF) vulnerability was identified in t ...)
+ TODO: check
+CVE-2026-7891 (The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta all ...)
+ TODO: check
+CVE-2026-7541 (A denial of service vulnerability was identified in GitHub Enterprise ...)
+ TODO: check
+CVE-2026-6737 (An Exposed IOCTL with Insufficient Access Control vulnerability in Asu ...)
+ TODO: check
+CVE-2026-6736 (An authentication bypass vulnerability was identified in GitHub Enterp ...)
+ TODO: check
+CVE-2026-6411 (This vulnerability, in the MAXHUB Pivot client application versions p ...)
+ TODO: check
+CVE-2026-4935 (The OttoKit: All-in-One Automation Platform WordPress plugin before 1. ...)
+ TODO: check
+CVE-2026-44916 (In OpenStack Ironic through 35.x, instance_info['ks_template'] is rend ...)
+ TODO: check
+CVE-2026-44365
+ REJECTED
+CVE-2026-44298 (Kimai is an open-source time tracking application. From version 2.32.0 ...)
+ TODO: check
+CVE-2026-43944 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-43943 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-43942 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-43941 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-43940 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-43510 (manage.get.gov is the .gov TLD registrar maintained by CISA. manage.ge ...)
+ TODO: check
+CVE-2026-42880 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
+ TODO: check
+CVE-2026-42826 (Exposure of sensitive information to an unauthorized actor in Azure De ...)
+ TODO: check
+CVE-2026-42501 (A malicious module proxy can exploit a flaw in the go command's valida ...)
+ TODO: check
+CVE-2026-42499 (Pathological inputs could cause DoS through consumePhrase when parsing ...)
+ TODO: check
+CVE-2026-42449 (n8n-MCP is an MCP server that provides AI assistants access to n8n nod ...)
+ TODO: check
+CVE-2026-42279 (solidtime is an open-source time-tracking app. In version 0.12.0, the ...)
+ TODO: check
+CVE-2026-42278 (UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6e ...)
+ TODO: check
+CVE-2026-42277 (Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, an ...)
+ TODO: check
+CVE-2026-42276 (Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, an ...)
+ TODO: check
+CVE-2026-42275 (zrok is software for sharing web services, files, and network resource ...)
+ TODO: check
+CVE-2026-42274 (Heimdall is a cloud native Identity Aware Proxy and Access Control Dec ...)
+ TODO: check
+CVE-2026-42273 (Heimdall is a cloud native Identity Aware Proxy and Access Control Dec ...)
+ TODO: check
+CVE-2026-42272 (Heimdall is a cloud native Identity Aware Proxy and Access Control Dec ...)
+ TODO: check
+CVE-2026-42271 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or ...)
+ TODO: check
+CVE-2026-42267 (Kimai is an open-source time tracking application. From version 2.27.0 ...)
+ TODO: check
+CVE-2026-42264 (Axios is a promise based HTTP client for the browser and Node.js. From ...)
+ TODO: check
+CVE-2026-42261 (PromptHub is an all-in-one AI toolbox for prompt, skill, and agent man ...)
+ TODO: check
+CVE-2026-42259 (Saltcorn is an extensible, open source, no-code database application b ...)
+ TODO: check
+CVE-2026-42241 (ParquetSharp is a .NET library for reading and writing Apache Parquet ...)
+ TODO: check
+CVE-2026-42239 (Budibase is an open-source low-code platform. Prior to version 3.35.10 ...)
+ TODO: check
+CVE-2026-42225 (PJSIP is a free and open source multimedia communication library writt ...)
+ TODO: check
+CVE-2026-42203 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or ...)
+ TODO: check
+CVE-2026-42150 (wlc is a Weblate command-line client using Weblate's REST API. Prior t ...)
+ TODO: check
+CVE-2026-42047 (Inngest is a platform for running event-driven and scheduled backgroun ...)
+ TODO: check
+CVE-2026-41929 (Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site ...)
+ TODO: check
+CVE-2026-41928 (Vvveb before 1.0.8.2 contains an information disclosure vulnerability ...)
+ TODO: check
+CVE-2026-41900 (OpenLearnX is an open-source, decentralized learning and assessment pl ...)
+ TODO: check
+CVE-2026-41692 (i18nextify is a JavaScript library that adds website internationalizat ...)
+ TODO: check
+CVE-2026-41691 (Copilot said: i18nextify is a JavaScript library that adds i18nextify ...)
+ TODO: check
+CVE-2026-41646 (Nuclei is a vulnerability scanner built on a simple YAML-based DSL. Fr ...)
+ TODO: check
+CVE-2026-41645 (Nuclei is a vulnerability scanner built on a simple YAML-based DSL. Fr ...)
+ TODO: check
+CVE-2026-41501 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-41500 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
+ TODO: check
+CVE-2026-41498 (Kimai is an open-source time tracking application. Prior to version 2. ...)
+ TODO: check
+CVE-2026-41105 (Server-side request forgery (ssrf) in Azure Notification Service allow ...)
+ TODO: check
+CVE-2026-40214 (In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API d ...)
+ TODO: check
+CVE-2026-40213 (OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the ...)
+ TODO: check
+CVE-2026-3508 (An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS Syste ...)
+ TODO: check
+CVE-2026-39836 (The Dial and LookupPort functions panic on Windows when provided with ...)
+ TODO: check
+CVE-2026-39826 (If a trusted template author were to write a <script> tag containing a ...)
+ TODO: check
+CVE-2026-39825 (ReverseProxy can forward queries containing parameters not visible to ...)
+ TODO: check
+CVE-2026-39823 (CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...)
+ TODO: check
+CVE-2026-39820 (Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...)
+ TODO: check
+CVE-2026-39819 (The "go bug" command writes to two files with predictable names in the ...)
+ TODO: check
+CVE-2026-39817 (The "go tool pack" subcommand (usually used only by the compiler as an ...)
+ TODO: check
+CVE-2026-35435 (Improper access control in Azure AI Foundry M365 published agents allo ...)
+ TODO: check
+CVE-2026-35428 (Improper neutralization of special elements used in a command ('comman ...)
+ TODO: check
+CVE-2026-34327 (Externally controlled reference to a resource in another sphere in Mic ...)
+ TODO: check
+CVE-2026-33844 (Improper input validation in Azure Managed Instance for Apache Cassand ...)
+ TODO: check
+CVE-2026-33823 (Improper authorization in Microsoft Teams allows an authorized attacke ...)
+ TODO: check
+CVE-2026-33814 (When processing HTTP/2 SETTINGS frames, transport will enter an infini ...)
+ TODO: check
+CVE-2026-33811 (When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...)
+ TODO: check
+CVE-2026-33111 (Improper neutralization of special elements used in a command ('comman ...)
+ TODO: check
+CVE-2026-33109 (Improper access control in Azure Managed Instance for Apache Cassandra ...)
+ TODO: check
+CVE-2026-32207 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2026-2710
+ REJECTED
+CVE-2026-26164 (Improper neutralization of special elements in output used by a downst ...)
+ TODO: check
+CVE-2026-26129 (Improper neutralization of special elements in M365 Copilot allows an ...)
+ TODO: check
+CVE-2025-69691 (Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via p ...)
+ TODO: check
+CVE-2025-69690 (Netgate pfSense CE 2.7.2 allows code execution by using the module ins ...)
+ TODO: check
+CVE-2025-69599 (RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain ...)
+ TODO: check
+CVE-2025-67888 (An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. ...)
+ TODO: check
+CVE-2025-67887 (1C-Bitrix through 25.100.500 allows Remote Code Execution because an a ...)
+ TODO: check
+CVE-2025-67886 (Bitrix24 through 25.100.300 allows Remote Code Execution because an ac ...)
+ TODO: check
+CVE-2025-55449 (AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_B ...)
+ TODO: check
+CVE-2024-53326 (LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserializa ...)
+ TODO: check
+CVE-2024-51092 (LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary ...)
+ TODO: check
+CVE-2024-46508 (yeti-platform yeti before 2.1.12 allows attackers to generate valid JW ...)
+ TODO: check
+CVE-2024-46507 (A SSTI (server side template injection) vulnerability in the custom te ...)
+ TODO: check
+CVE-2024-45257 (A Command Injection issue in the payload build page in BYOB (Build You ...)
+ TODO: check
+CVE-2024-33724 (SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the ...)
+ TODO: check
+CVE-2024-33722 (SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated ...)
+ TODO: check
+CVE-2024-33288 (Prison Management System Using PHP v1.0 was discovered to contain a SQ ...)
+ TODO: check
+CVE-2024-30167 (/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow re ...)
+ TODO: check
+CVE-2024-27686 (Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a r ...)
+ TODO: check
+CVE-2023-47268 (In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6. ...)
+ TODO: check
+CVE-2023-46453 (Certain GL.iNet devices with 4.x firmware allow authentication bypass ...)
+ TODO: check
+CVE-2023-42346 (Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an ...)
+ TODO: check
+CVE-2023-42345 (A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exis ...)
+ TODO: check
+CVE-2023-42344 (Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers ...)
+ TODO: check
+CVE-2023-42343 (A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 ...)
+ TODO: check
CVE-2026-8094 (Other issue in the WebRTC component. This vulnerability was fixed in F ...)
- firefox-esr 140.10.2esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/#CVE-2026-8094
@@ -10,7 +270,7 @@ CVE-2026-8092 (Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/#CVE-2026-8092
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/#CVE-2026-8092
CVE-2026-8091 (Incorrect boundary conditions in the Audio/Video: Playback component. ...)
- {DSA-6242-1 DSA-6236-1 DLA-4562-1 DLA-4555-1}
+ {DSA-6242-1 DSA-6236-1}
- firefox 150.0-1
- firefox-esr 140.10.1esr-1
- thunderbird 1:140.10.1esr-1
@@ -4935,7 +5195,7 @@ CVE-2026-39402 (lxc is a Linux container runtime. In the setuid helper lxc-user-
CVE-2026-31692 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux 6.19.14-1
NOTE: https://git.kernel.org/linus/7b735ef81286007794a227ce2539419479c02a5f (7.0)
-CVE-2026-42208
+CVE-2026-42208 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or ...)
NOT-FOR-US: LiteLLM
CVE-2026-7470 (A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. ...)
NOT-FOR-US: Tenda
@@ -359941,8 +360201,8 @@ CVE-2022-45901
RESERVED
CVE-2022-45900
RESERVED
-CVE-2022-45899
- RESERVED
+CVE-2022-45899 (Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthentic ...)
+ TODO: check
CVE-2022-45898
RESERVED
CVE-2022-4144 (An out-of-bounds read flaw was found in the QXL display device emulati ...)
@@ -417789,10 +418049,10 @@ CVE-2022-26525
RESERVED
CVE-2022-26524
RESERVED
-CVE-2022-26523
- RESERVED
-CVE-2022-26522
- RESERVED
+CVE-2022-26523 (The socket connection handler in aswArPot.sys in the Avast and AVG Win ...)
+ TODO: check
+CVE-2022-26522 (The socket connection handler in aswArPot.sys in the Avast and AVG Win ...)
+ TODO: check
CVE-2022-26521 (Abantecart through 1.3.2 allows remote authenticated administrators to ...)
NOT-FOR-US: Abantecart
CVE-2022-0872
@@ -425953,8 +426213,8 @@ CVE-2022-23963
RESERVED
CVE-2022-23962
RESERVED
-CVE-2022-23961
- RESERVED
+CVE-2022-23961 (In Thruk Monitoring through 2.46.3, the login field of the login form ...)
+ TODO: check
CVE-2022-23960 (Certain Arm Cortex and Neoverse processors through 2022-03-08 do not p ...)
{DSA-5173-1 DLA-3065-1}
- linux 5.16.14-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec7c6815e0a226a8f2ce27e12d27bf75439ed649
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec7c6815e0a226a8f2ce27e12d27bf75439ed649
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/65823b2b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list