[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 12 20:24:57 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e7bd64b4 by security tracker role at 2026-05-12T19:24:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,767 @@
+CVE-2026-8431 (An administrative user with access to configure webhooks can execute a ...)
+ TODO: check
+CVE-2026-8430 (SPIP versions prior to 4.4.14 contain a remote code execution vulnerab ...)
+ TODO: check
+CVE-2026-8429 (SPIP versions prior to 4.4.14 contain a remote code execution vulnerab ...)
+ TODO: check
+CVE-2026-8407 (Missing authorization in the PAM module in Devolutions Server allows a ...)
+ TODO: check
+CVE-2026-8401 (Sandbox escape in the Profile Backup component. This vulnerability was ...)
+ TODO: check
+CVE-2026-8391 (Other issue in the JavaScript Engine component. This vulnerability was ...)
+ TODO: check
+CVE-2026-8390 (Use-after-free in the JavaScript: WebAssembly component. This vulnerab ...)
+ TODO: check
+CVE-2026-8389 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
+ TODO: check
+CVE-2026-8388 (Incorrect boundary conditions in the JavaScript Engine: JIT component. ...)
+ TODO: check
+CVE-2026-8368 (LWP::UserAgent versions before 6.83 for Perl leak Authorization and Pr ...)
+ TODO: check
+CVE-2026-8278
+ REJECTED
+CVE-2026-8162 (multiparty at 4.2.3 and lower versions are vulnerable to denial of servic ...)
+ TODO: check
+CVE-2026-8161 (multiparty at 4.2.3 and lower versions are vulnerable to denial of servic ...)
+ TODO: check
+CVE-2026-8159 (multiparty at 4.2.3 and lower versions are vulnerable to denial of servic ...)
+ TODO: check
+CVE-2026-8111 (SQL injection in the web consoleof Ivanti Endpoint Managerbefore versi ...)
+ TODO: check
+CVE-2026-8110 (Incorrect permissions assignment inthe agent ofIvanti Endpoint Manager ...)
+ TODO: check
+CVE-2026-8109 (An exposed dangerous methodonthe Core Server ofIvanti Endpoint Manager ...)
+ TODO: check
+CVE-2026-8072 (Insecure generation of credentials in the local SAT (Technical Support ...)
+ TODO: check
+CVE-2026-8051 (OS command injection in Ivanti Virtual Traffic Manager before version ...)
+ TODO: check
+CVE-2026-8043 (External control of a file name in Ivanti Xtraction before version 202 ...)
+ TODO: check
+CVE-2026-7661 (The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2026-7659 (The Advanced Social Media Icons plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-7626 (The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-7616 (The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Requ ...)
+ TODO: check
+CVE-2026-7562 (The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2026-7561 (The Tm \u2013 WordPress Redirection plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-7464 (The WP Google Maps Integration plugin for WordPress is vulnerable to R ...)
+ TODO: check
+CVE-2026-7437 (The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
+ TODO: check
+CVE-2026-7432 (A race condition in Ivanti Secure Access Client before 22.8R6 allows a ...)
+ TODO: check
+CVE-2026-7431 (An incorrect permission assignment for critical resource of Ivanti Sec ...)
+ TODO: check
+CVE-2026-7428 (Prior to 2025-11-03,well-intended users of Terraform or REST API for G ...)
+ TODO: check
+CVE-2026-7050 (The Forms Rb plugin for WordPress is vulnerable to authorization bypas ...)
+ TODO: check
+CVE-2026-6932 (The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-6913 (The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2026-6866 (CWE-1188 Initialization of a Resource with an Insecure Default vulnera ...)
+ TODO: check
+CVE-2026-6865 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\ ...)
+ TODO: check
+CVE-2026-6813 (The Continually plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2026-6808 (The Pricing Tables for WP plugin for WordPress is vulnerable to Reflec ...)
+ TODO: check
+CVE-2026-6800 (The FastBots plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2026-6710 (The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2026-6709 (The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2026-6708 (The HEL Online Classroom: AI-powered Online Classrooms plugin for Word ...)
+ TODO: check
+CVE-2026-6690 (The LifePress plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-6663 (The GWD Connect plugin for WordPress is vulnerable to missing authoriz ...)
+ TODO: check
+CVE-2026-6402 (webpack-dev-server versions up to and including 5.2.3 are vulnerable t ...)
+ TODO: check
+CVE-2026-6256 (The Credits Shortcode plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2026-6247 (The scratchblocks for WP plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-6237 (The Quick Table plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2026-6001 (Authorization bypass through User-Controlled key vulnerability in ABIS ...)
+ TODO: check
+CVE-2026-5715 (The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2026-5693 (The Smart Appointment & Booking plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-5340 (The Fancy Image Show plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-5146 (Improper access control in the notification management endpoints in De ...)
+ TODO: check
+CVE-2026-5061 (The consul-template library before version 0.42.0 is vulnerable to a s ...)
+ TODO: check
+CVE-2026-5029 (A remote code execution vulnerability exists inCode Runner MCP Server ...)
+ TODO: check
+CVE-2026-5028 (The Eight Day Week Print Workflow plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-4920 (The Next Date plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2026-4859 (The SP Blog Designer plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-4827 (CWE\u2011331 Insufficient Entropy vulnerability exists that could lead ...)
+ TODO: check
+CVE-2026-4663 (The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing ...)
+ TODO: check
+CVE-2026-4301 (The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin f ...)
+ TODO: check
+CVE-2026-45218 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-45215 (Insertion of Sensitive Information Into Sent Data vulnerability in Saa ...)
+ TODO: check
+CVE-2026-45214 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-45213 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-45212 (Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page ...)
+ TODO: check
+CVE-2026-45211 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-45210 (Missing Authorization vulnerability in Broadstreet Broadstreet Ads bro ...)
+ TODO: check
+CVE-2026-45091 (sealed-env is a cross-stack, zero-trust secret management library for ...)
+ TODO: check
+CVE-2026-44412 (A vulnerability has been identified in Solid Edge SE2026 (All versions ...)
+ TODO: check
+CVE-2026-44411 (A vulnerability has been identified in Solid Edge SE2026 (All versions ...)
+ TODO: check
+CVE-2026-44343 (WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there ar ...)
+ TODO: check
+CVE-2026-44279 (A improper export of android application components vulnerability in F ...)
+ TODO: check
+CVE-2026-44278 (A use of hard-coded cryptographic key vulnerability in Fortinet FortiC ...)
+ TODO: check
+CVE-2026-44277 (A improper access control vulnerability in Fortinet FortiAuthenticator ...)
+ TODO: check
+CVE-2026-44204 (Shelf is a platform for tracking physical assets. From 1.12 to before ...)
+ TODO: check
+CVE-2026-44196 (Pingvin Share X is a secure and easy self-hosted file sharing platform ...)
+ TODO: check
+CVE-2026-44184 (Cleanuparr is a tool for automating the cleanup of unwanted or blocked ...)
+ TODO: check
+CVE-2026-44183 (Cleanuparr is a tool for automating the cleanup of unwanted or blocked ...)
+ TODO: check
+CVE-2026-44167 (phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0 ...)
+ TODO: check
+CVE-2026-44166 (Pocketbase is an open source web backend written in go. Prior to 0.22. ...)
+ TODO: check
+CVE-2026-43993 (JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...)
+ TODO: check
+CVE-2026-43992 (JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...)
+ TODO: check
+CVE-2026-43991 (JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...)
+ TODO: check
+CVE-2026-43990 (JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...)
+ TODO: check
+CVE-2026-43989 (JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...)
+ TODO: check
+CVE-2026-43983 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
+ TODO: check
+CVE-2026-43939 (YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 an ...)
+ TODO: check
+CVE-2026-43938 (YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 an ...)
+ TODO: check
+CVE-2026-43937 (YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, A ...)
+ TODO: check
+CVE-2026-43930 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2026-43929 (ssrfcheck is a library that checks if a string contains a potential SS ...)
+ TODO: check
+CVE-2026-43916 (pam_authnft is a PAM session module binding nftables firewall rules to ...)
+ TODO: check
+CVE-2026-43892 (AntSword is a cross-platform website management toolkit. Prior to 2.1. ...)
+ TODO: check
+CVE-2026-43891 (changedetection.io is a free open source web page change detection too ...)
+ TODO: check
+CVE-2026-43515 (Improper Authorization vulnerability when multiple method constraints ...)
+ TODO: check
+CVE-2026-43514 (Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i ...)
+ TODO: check
+CVE-2026-43513 (Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...)
+ TODO: check
+CVE-2026-43512 (DEPRECATED: Authentication Bypass Issues vulnerability in digest authe ...)
+ TODO: check
+CVE-2026-42899 (Loop with unreachable exit condition ('infinite loop') in ASP.NET Core ...)
+ TODO: check
+CVE-2026-42898 (Improper control of generation of code ('code injection') in Microsoft ...)
+ TODO: check
+CVE-2026-42896 (Integer overflow or wraparound in Windows DWM Core Library allows an a ...)
+ TODO: check
+CVE-2026-42893 (Improper neutralization of special elements used in a command ('comman ...)
+ TODO: check
+CVE-2026-42891 (User interface (ui) misrepresentation of critical information in Micro ...)
+ TODO: check
+CVE-2026-42838 (Improper neutralization of special elements in output used by a downst ...)
+ TODO: check
+CVE-2026-42833 (Execution with unnecessary privileges in Microsoft Dynamics 365 (on-pr ...)
+ TODO: check
+CVE-2026-42832 (Improper access control in Microsoft Office allows an unauthorized att ...)
+ TODO: check
+CVE-2026-42831 (Heap-based buffer overflow in Microsoft Office allows an unauthorized ...)
+ TODO: check
+CVE-2026-42830 (Untrusted search path in Azure Monitor Agent allows an authorized atta ...)
+ TODO: check
+CVE-2026-42825 (Use after free in Windows Telephony Service allows an authorized attac ...)
+ TODO: check
+CVE-2026-42823 (Improper access control in Azure Logic Apps allows an authorized attac ...)
+ TODO: check
+CVE-2026-42742 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-42741 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-42541 (Kubewarden is a policy engine for Kubernetes. Prior to , An attacker w ...)
+ TODO: check
+CVE-2026-42498 (Exposure of HTTP Authentication Header to unexpected hosts during WebS ...)
+ TODO: check
+CVE-2026-42348 (OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. ...)
+ TODO: check
+CVE-2026-42303 (Fides is an open-source privacy engineering platform. From 2.75.0 to b ...)
+ TODO: check
+CVE-2026-42300 (DevGuard provides vulnerability management for the full software suppl ...)
+ TODO: check
+CVE-2026-42260 (Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for ...)
+ TODO: check
+CVE-2026-42177 (linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entr ...)
+ TODO: check
+CVE-2026-42175 (requests-hardened is a library that overrides the default behaviors of ...)
+ TODO: check
+CVE-2026-42141 (Xibo is an open source digital signage platform with a web content man ...)
+ TODO: check
+CVE-2026-42048 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
+ TODO: check
+CVE-2026-42045 (LobeHub is a work-and-lifestyle space to find, build, and collaborate ...)
+ TODO: check
+CVE-2026-42006 (An attacker can cause uncontrolled memory usage with excessive bracing ...)
+ TODO: check
+CVE-2026-41895 (changedetection.io is a free open source web page change detection too ...)
+ TODO: check
+CVE-2026-41713 (A malicious user could craft input that is stored in conversation memo ...)
+ TODO: check
+CVE-2026-41712 (Spring AI's chat memory component contained a problematic default that ...)
+ TODO: check
+CVE-2026-41614 (Improper access control in M365 Copilot for Desktop allows an unauthor ...)
+ TODO: check
+CVE-2026-41613 (Session fixation in Visual Studio Code allows an unauthorized attacker ...)
+ TODO: check
+CVE-2026-41612 (Relative path traversal in Visual Studio Code allows an unauthorized a ...)
+ TODO: check
+CVE-2026-41611 (Improper neutralization of script-related html tags in a web page (bas ...)
+ TODO: check
+CVE-2026-41610 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2026-41551 (A vulnerability has been identified in ROS# (All versions < V2.2.2). A ...)
+ TODO: check
+CVE-2026-41513 (Horilla is an HR and CRM software. In 1.5.0, the notification endpoint ...)
+ TODO: check
+CVE-2026-41293 (Improper Input Validation vulnerability in Apache Tomcat. This issue ...)
+ TODO: check
+CVE-2026-41284 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-41125 (A vulnerability has been identified in blueplanet 100 NX3 M8 (All vers ...)
+ TODO: check
+CVE-2026-41109 (Improper neutralization of special elements in output used by a downst ...)
+ TODO: check
+CVE-2026-41107 (External control of file name or path in Microsoft Edge (Chromium-base ...)
+ TODO: check
+CVE-2026-41103 (Incorrect implementation of authentication algorithm in Microsoft SSO ...)
+ TODO: check
+CVE-2026-41102 (Improper access control in Microsoft Office PowerPoint allows an autho ...)
+ TODO: check
+CVE-2026-41101 (Improper access control in Microsoft Office Word allows an authorized ...)
+ TODO: check
+CVE-2026-41100 (Improper access control in M365 Copilot allows an authorized attacker ...)
+ TODO: check
+CVE-2026-41097 (Reliance on a component that is not updateable in Windows Secure Boot ...)
+ TODO: check
+CVE-2026-41096 (Heap-based buffer overflow in Microsoft Windows DNS allows an unauthor ...)
+ TODO: check
+CVE-2026-41095 (Use after free in Data Deduplication allows an authorized attacker to ...)
+ TODO: check
+CVE-2026-41094 (Improper control of generation of code ('code injection') in Microsoft ...)
+ TODO: check
+CVE-2026-41089 (Stack-based buffer overflow in Windows Netlogon allows an unauthorized ...)
+ TODO: check
+CVE-2026-41088 (External control of file name or path in Windows Ancillary Function Dr ...)
+ TODO: check
+CVE-2026-41086 (Improper access control in Windows Admin Center allows an authorized a ...)
+ TODO: check
+CVE-2026-40638 (Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an e ...)
+ TODO: check
+CVE-2026-40421 (External control of file name or path in Microsoft Office Word allows ...)
+ TODO: check
+CVE-2026-40420 (Improper access control in Microsoft Office Click-To-Run allows an aut ...)
+ TODO: check
+CVE-2026-40419 (Use after free in Microsoft Office allows an authorized attacker to el ...)
+ TODO: check
+CVE-2026-40418 (Use after free in Microsoft Office Click-To-Run allows an authorized a ...)
+ TODO: check
+CVE-2026-40417 (Weak authentication in Dynamics Business Central allows an authorized ...)
+ TODO: check
+CVE-2026-40416 (User interface (ui) misrepresentation of critical information in Micro ...)
+ TODO: check
+CVE-2026-40415 (Use after free in Windows TCP/IP allows an unauthorized attacker to ex ...)
+ TODO: check
+CVE-2026-40414 (Null pointer dereference in Windows TCP/IP allows an unauthorized atta ...)
+ TODO: check
+CVE-2026-40413 (Null pointer dereference in Windows TCP/IP allows an unauthorized atta ...)
+ TODO: check
+CVE-2026-40410 (Use after free in Windows SMB Client allows an authorized attacker to ...)
+ TODO: check
+CVE-2026-40408 (Use after free in Windows Kernel-Mode Drivers allows an authorized att ...)
+ TODO: check
+CVE-2026-40407 (Heap-based buffer overflow in Windows Common Log File System Driver al ...)
+ TODO: check
+CVE-2026-40406 (Use after free in Windows TCP/IP allows an unauthorized attacker to di ...)
+ TODO: check
+CVE-2026-40405 (Null pointer dereference in Windows TCP/IP allows an unauthorized atta ...)
+ TODO: check
+CVE-2026-40403 (Heap-based buffer overflow in Windows Win32K - GRFX allows an authoriz ...)
+ TODO: check
+CVE-2026-40402 (Use after free in Windows Hyper-V allows an unauthorized attacker to e ...)
+ TODO: check
+CVE-2026-40401 (Null pointer dereference in Windows TCP/IP allows an unauthorized atta ...)
+ TODO: check
+CVE-2026-40399 (Stack-based buffer overflow in Windows TCP/IP allows an authorized att ...)
+ TODO: check
+CVE-2026-40398 (Heap-based buffer overflow in Windows Remote Desktop allows an authori ...)
+ TODO: check
+CVE-2026-40397 (Integer underflow (wrap or wraparound) in Windows Common Log File Syst ...)
+ TODO: check
+CVE-2026-40382 (Use after free in Windows Telephony Service allows an authorized attac ...)
+ TODO: check
+CVE-2026-40381 (Improper access control in Azure Connected Machine Agent allows an aut ...)
+ TODO: check
+CVE-2026-40380 (Heap-based buffer overflow in Volume Manager Extension Driver allows a ...)
+ TODO: check
+CVE-2026-40379 (Exposure of sensitive information to an unauthorized actor in Azure En ...)
+ TODO: check
+CVE-2026-40377 (Heap-based buffer overflow in Windows Cryptographic Services allows an ...)
+ TODO: check
+CVE-2026-40374 (Exposure of sensitive information to an unauthorized actor in Power Au ...)
+ TODO: check
+CVE-2026-40370 (External control of file name or path in SQL Server allows an authoriz ...)
+ TODO: check
+CVE-2026-40369 (Untrusted pointer dereference in Windows Kernel allows an authorized a ...)
+ TODO: check
+CVE-2026-40368 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
+ TODO: check
+CVE-2026-40367 (Untrusted pointer dereference in Microsoft Office Word allows an unaut ...)
+ TODO: check
+CVE-2026-40366 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2026-40365 (Insufficient granularity of access control in Microsoft Office SharePo ...)
+ TODO: check
+CVE-2026-40364 (Access of resource using incompatible type ('type confusion') in Micro ...)
+ TODO: check
+CVE-2026-40363 (Heap-based buffer overflow in Microsoft Office allows an unauthorized ...)
+ TODO: check
+CVE-2026-40362 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
+ TODO: check
+CVE-2026-40361 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2026-40360 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
+ TODO: check
+CVE-2026-40359 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2026-40358 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2026-40357 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
+ TODO: check
+CVE-2026-40300 (Zulip is an open-source team collaboration tool. Prior to 12.0, With m ...)
+ TODO: check
+CVE-2026-40020 (Attacker can use the IMAP SETACL command to inject the anyone permissi ...)
+ TODO: check
+CVE-2026-40016 (Attacker can upload a malicious Sieve script over ManageSieve service ...)
+ TODO: check
+CVE-2026-3604 (The WP SEO Structured Data Schema plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-39432 (Missing Authorization vulnerability in Arraytics Timetics allows Explo ...)
+ TODO: check
+CVE-2026-35440 (Files or directories accessible to external parties in Microsoft Offic ...)
+ TODO: check
+CVE-2026-35439 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
+ TODO: check
+CVE-2026-35438 (Missing authorization in Windows Admin Center allows an authorized att ...)
+ TODO: check
+CVE-2026-35436 (Insufficient granularity of access control in Microsoft Office Click-T ...)
+ TODO: check
+CVE-2026-35433 (Improper input validation in .NET allows an unauthorized attacker to e ...)
+ TODO: check
+CVE-2026-35429 (User interface (ui) misrepresentation of critical information in Micro ...)
+ TODO: check
+CVE-2026-35424 (Missing release of memory after effective lifetime in Windows Internet ...)
+ TODO: check
+CVE-2026-35423 (Out-of-bounds read in Telnet Client allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2026-35422 (Authentication bypass using an alternate path or channel in Windows TC ...)
+ TODO: check
+CVE-2026-35421 (Heap-based buffer overflow in Windows GDI allows an unauthorized attac ...)
+ TODO: check
+CVE-2026-35420 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
+ TODO: check
+CVE-2026-35419 (Out-of-bounds read in Windows DWM Core Library allows an authorized at ...)
+ TODO: check
+CVE-2026-35418 (Use after free in Windows Cloud Files Mini Filter Driver allows an aut ...)
+ TODO: check
+CVE-2026-35417 (Access of resource using incompatible type ('type confusion') in Windo ...)
+ TODO: check
+CVE-2026-35416 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
+ TODO: check
+CVE-2026-35415 (Integer overflow or wraparound in Windows Storage Spaces Controller al ...)
+ TODO: check
+CVE-2026-35227 (An unauthenticated remote attacker may exhaust all available TCP conne ...)
+ TODO: check
+CVE-2026-35071 (Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an i ...)
+ TODO: check
+CVE-2026-34687 (Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-b ...)
+ TODO: check
+CVE-2026-34684 (Substance3D - Designer versions 15.1.0 and earlier are affected by an ...)
+ TODO: check
+CVE-2026-34683 (Substance3D - Designer versions 15.1.0 and earlier are affected by an ...)
+ TODO: check
+CVE-2026-34682 (Substance3D - Designer versions 15.1.0 and earlier are affected by an ...)
+ TODO: check
+CVE-2026-34681 (Substance3D - Designer versions 15.1.0 and earlier are affected by an ...)
+ TODO: check
+CVE-2026-34676 (Substance3D - Painter versions 12.0.2 and earlier are affected by an o ...)
+ TODO: check
+CVE-2026-34675 (Substance3D - Painter versions 12.0.2 and earlier are affected by an o ...)
+ TODO: check
+CVE-2026-34664 (Substance3D - Designer versions 15.1.0 and earlier are affected by an ...)
+ TODO: check
+CVE-2026-34663 (Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-o ...)
+ TODO: check
+CVE-2026-34662 (Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL P ...)
+ TODO: check
+CVE-2026-34661 (Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-o ...)
+ TODO: check
+CVE-2026-34660 (Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected ...)
+ TODO: check
+CVE-2026-34659 (Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected ...)
+ TODO: check
+CVE-2026-34644 (After Effects versions 26.0, 25.6.4 and earlier are affected by an Int ...)
+ TODO: check
+CVE-2026-34643 (After Effects versions 26.0, 25.6.4 and earlier are affected by an out ...)
+ TODO: check
+CVE-2026-34642 (After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap ...)
+ TODO: check
+CVE-2026-34640 (Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an I ...)
+ TODO: check
+CVE-2026-34639 (Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an o ...)
+ TODO: check
+CVE-2026-34638 (Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use ...)
+ TODO: check
+CVE-2026-34637 (Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2026-34636 (Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an ou ...)
+ TODO: check
+CVE-2026-34351 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-34350 (Null pointer dereference in Windows Storport Miniport Driver allows an ...)
+ TODO: check
+CVE-2026-34347 (Use after free in Windows Win32K - GRFX allows an authorized attacker ...)
+ TODO: check
+CVE-2026-34345 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-34344 (Access of resource using incompatible type ('type confusion') in Windo ...)
+ TODO: check
+CVE-2026-34343 (Heap-based buffer overflow in Windows Application Identity (AppID) Sub ...)
+ TODO: check
+CVE-2026-34342 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-34341 (Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an ...)
+ TODO: check
+CVE-2026-34340 (Use after free in Windows Projected File System allows an authorized a ...)
+ TODO: check
+CVE-2026-34339 (Null pointer dereference in Windows LDAP - Lightweight Directory Acces ...)
+ TODO: check
+CVE-2026-34338 (Use after free in Windows Telephony Service allows an authorized attac ...)
+ TODO: check
+CVE-2026-34337 (Use after free in Windows Cloud Files Mini Filter Driver allows an aut ...)
+ TODO: check
+CVE-2026-34336 (Buffer over-read in Windows DWM Core Library allows an authorized atta ...)
+ TODO: check
+CVE-2026-34334 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-34333 (Use after free in Windows Win32K - GRFX allows an authorized attacker ...)
+ TODO: check
+CVE-2026-34332 (Use after free in Windows Kernel-Mode Drivers allows an authorized att ...)
+ TODO: check
+CVE-2026-34331 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-34330 (Integer overflow or wraparound in Windows Win32K - GRFX allows an auth ...)
+ TODO: check
+CVE-2026-34329 (Heap-based buffer overflow in Windows Message Queuing allows an unauth ...)
+ TODO: check
+CVE-2026-34187 (Improper Neutralization of Special Elements used in an SQL Command vul ...)
+ TODO: check
+CVE-2026-33893 (A vulnerability has been identified in Teamcenter V2312 (All versions ...)
+ TODO: check
+CVE-2026-33862 (A vulnerability has been identified in Teamcenter V2312 (All versions ...)
+ TODO: check
+CVE-2026-33841 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
+ TODO: check
+CVE-2026-33840 (Use after free in Windows Win32K - ICOMP allows an authorized attacker ...)
+ TODO: check
+CVE-2026-33839 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-33838 (Double free in Windows Message Queuing allows an authorized attacker t ...)
+ TODO: check
+CVE-2026-33837 (Heap-based buffer overflow in Windows TCP/IP allows an authorized atta ...)
+ TODO: check
+CVE-2026-33835 (Use after free in Windows Cloud Files Mini Filter Driver allows an aut ...)
+ TODO: check
+CVE-2026-33834 (Improper access control in Windows Event Logging Service allows an aut ...)
+ TODO: check
+CVE-2026-33833 (Improper neutralization of special elements in output used by a downst ...)
+ TODO: check
+CVE-2026-33821 (Improper privilege management in Microsoft Dynamics 365 Customer Insig ...)
+ TODO: check
+CVE-2026-33603 (Attacker can use a specially crafted base64 exchange between Dovecot a ...)
+ TODO: check
+CVE-2026-33117 (Improper authentication in Azure SDK allows an unauthorized attacker t ...)
+ TODO: check
+CVE-2026-33112 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
+ TODO: check
+CVE-2026-33110 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
+ TODO: check
+CVE-2026-32687 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2026-32684 (The application does not impose strict enough restrictions on director ...)
+ TODO: check
+CVE-2026-32209 (Improper access control in Windows Filtering Platform (WFP) allows an ...)
+ TODO: check
+CVE-2026-32204 (External control of file name or path in Azure Monitor Agent allows an ...)
+ TODO: check
+CVE-2026-32185 (Files or directories accessible to external parties in Microsoft Teams ...)
+ TODO: check
+CVE-2026-32177 (Heap-based buffer overflow in .NET allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2026-32175 (A tampering vulnerability exists when .NET Core improperly handles spe ...)
+ TODO: check
+CVE-2026-32170 (Double free in Windows Rich Text Edit Control allows an authorized att ...)
+ TODO: check
+CVE-2026-32161 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2026-31245 (The mem0 1.0.0 server lacks authentication and authorization controls ...)
+ TODO: check
+CVE-2026-31244 (The mem0 1.0.0 server lacks authentication and authorization controls ...)
+ TODO: check
+CVE-2026-31243 (The mem0 1.0.0 server lacks authentication and authorization controls ...)
+ TODO: check
+CVE-2026-31242 (The mem0 v1.0.0 server lacks authentication and authorization controls ...)
+ TODO: check
+CVE-2026-31241 (The mem0 1.0.0 server lacks authentication and authorization controls ...)
+ TODO: check
+CVE-2026-31240 (The mem0 1.0.0 server lacks authentication and authorization controls ...)
+ TODO: check
+CVE-2026-31239 (The mamba language model framework thru 2.2.6 is vulnerable to insecur ...)
+ TODO: check
+CVE-2026-31238 (The Ludwig framework thru 0.10.4 is vulnerable to insecure deserializa ...)
+ TODO: check
+CVE-2026-31237 (The Ludwig framework thru 0.10.4 is vulnerable to insecure deserializa ...)
+ TODO: check
+CVE-2026-31236 (The llm CLI tool thru 0.27.1 contains a critical code injection vulner ...)
+ TODO: check
+CVE-2026-31235 (The imgaug library thru 0.4.0 contains an insecure deserialization vul ...)
+ TODO: check
+CVE-2026-31234 (Horovod thru 0.28.1 contains an insecure deserialization vulnerability ...)
+ TODO: check
+CVE-2026-31233 (Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE- ...)
+ TODO: check
+CVE-2026-31232 (The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aa ...)
+ TODO: check
+CVE-2026-31231 (Cognee thru v0.4.0 contains a critical remote code execution vulnerabi ...)
+ TODO: check
+CVE-2026-31230 (The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a comman ...)
+ TODO: check
+CVE-2026-31229 (The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insec ...)
+ TODO: check
+CVE-2026-31228 (The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote ...)
+ TODO: check
+CVE-2026-31226 (The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b ...)
+ TODO: check
+CVE-2026-31225 (The superduper project thru v0.10.0 contains a critical remote code ex ...)
+ TODO: check
+CVE-2026-31224 (The snorkel library thru v0.10.0 contains an insecure deserialization ...)
+ TODO: check
+CVE-2026-31223 (The snorkel library thru v0.10.0 contains a critical insecure deserial ...)
+ TODO: check
+CVE-2026-31222 (The snorkel library thru v0.10.0 contains an insecure deserialization ...)
+ TODO: check
+CVE-2026-31221 (PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deser ...)
+ TODO: check
+CVE-2026-31220 (PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerabl ...)
+ TODO: check
+CVE-2026-31219 (The _load_model() function in the neural_magic_training.py script of t ...)
+ TODO: check
+CVE-2026-31218 (The _load_model() function in the neural_magic_training.py script of t ...)
+ TODO: check
+CVE-2026-31217 (The _load_model() function in the neural_magic_training.py script of t ...)
+ TODO: check
+CVE-2026-31216 (The nexent v1.7.5.2 backend service contains an unauthorized arbitrary ...)
+ TODO: check
+CVE-2026-31215 (The nexent v1.7.5.2 backend service contains an unauthorized arbitrary ...)
+ TODO: check
+CVE-2026-31214 (The torch-checkpoint-shrink.py script in the ml-engineering project in ...)
+ TODO: check
+CVE-2026-30810 (Server-Side Request Forgery vulnerability allows Privilege Escalation ...)
+ TODO: check
+CVE-2026-30808 (Session Fixation vulnerability allows Session Hijacking via crafted se ...)
+ TODO: check
+CVE-2026-30807 (Cross-Site Request Forgery vulnerability allows an attacker to perform ...)
+ TODO: check
+CVE-2026-30805 (Insecure Default Initialization of Resource vulnerability allows Authe ...)
+ TODO: check
+CVE-2026-2993 (The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is v ...)
+ TODO: check
+CVE-2026-2465 (Incorrect Authorization vulnerability in E-Kalite Software Hardware En ...)
+ TODO: check
+CVE-2026-2300 (The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2026-29204 (Insufficient ownership checks in `clientarea.php` allow an authenticat ...)
+ TODO: check
+CVE-2026-27851 (When safe filter is used with variable expansion, all following pipeli ...)
+ TODO: check
+CVE-2026-27662 (Affected devices do not properly restrict access to the web browser vi ...)
+ TODO: check
+CVE-2026-26083 (A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 t ...)
+ TODO: check
+CVE-2026-25789 (Affected devices do not properly validate and sanitize filenames on th ...)
+ TODO: check
+CVE-2026-25787 (Affected devices do not properly validate and sanitize Technology Obje ...)
+ TODO: check
+CVE-2026-25786 (Affected devices do not properly validate and sanitize PLC/station nam ...)
+ TODO: check
+CVE-2026-25690 (An improper neutralization of argument delimiters in a command ('argum ...)
+ TODO: check
+CVE-2026-25431 (Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiti ...)
+ TODO: check
+CVE-2026-25088 (An improper neutralization of special elements used in an sql command ...)
+ TODO: check
+CVE-2026-23823 (A vulnerability in the command line interface of Access Points running ...)
+ TODO: check
+CVE-2026-23822 (A vulnerability in the XML handling component of AOS-8 DHCP services c ...)
+ TODO: check
+CVE-2026-23821 (A vulnerability in the configuration processing logic of Access Points ...)
+ TODO: check
+CVE-2026-23820 (A vulnerability in the command line interface of Access Points running ...)
+ TODO: check
+CVE-2026-23819 (A vulnerability in the web-based management interface of Access Points ...)
+ TODO: check
+CVE-2026-22925 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2026-22924 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2026-21530 (Double free in Windows Rich Text Edit allows an authorized attacker to ...)
+ TODO: check
+CVE-2026-20914 (Null pointer dereference for some Intel(R) QAT software drivers for Wi ...)
+ TODO: check
+CVE-2026-20905 (Improper input validation for some Intel(R) QAT software drivers for W ...)
+ TODO: check
+CVE-2026-20887 (Improper access control for some Intel Vision software for all version ...)
+ TODO: check
+CVE-2026-20881 (Divide by zero for some Intel(R) QAT software drivers for Windows befo ...)
+ TODO: check
+CVE-2026-20879 (Out-of-bounds write for the Intel(R) Data Center Graphics Driver for V ...)
+ TODO: check
+CVE-2026-20794 (Buffer overflow for the Intel(R) Data Center Graphics Driver for VMwar ...)
+ TODO: check
+CVE-2026-20793 (Unchecked return value for some Intel(R) QAT software drivers for Wind ...)
+ TODO: check
+CVE-2026-20782 (Buffer overflow for some Intel(R) QAT software drivers for Windows bef ...)
+ TODO: check
+CVE-2026-20772 (Uncontrolled search path for some Intel(R) Connectivity Performance Su ...)
+ TODO: check
+CVE-2026-20771 (Null pointer dereference for some Intel(R) QAT software drivers for Wi ...)
+ TODO: check
+CVE-2026-20767 (Improper input validation for some Intel(R) QAT software drivers for W ...)
+ TODO: check
+CVE-2026-20754 (Improper conditions check in some firmware for some Intel(R) NPU Drive ...)
+ TODO: check
+CVE-2026-20753 (Integer overflow in the UEFI firmware for the Slim Bootloader may allo ...)
+ TODO: check
+CVE-2026-20751 (Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VM ...)
+ TODO: check
+CVE-2026-20738 (Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 89 ...)
+ TODO: check
+CVE-2026-20718 (Incorrect default permissions for some Intel(R) NPU Driver software in ...)
+ TODO: check
+CVE-2026-20717 (Improper input validation for some Intel(R) QAT software drivers for W ...)
+ TODO: check
+CVE-2026-20714 (Out-of-bounds write for some Intel(R) QAT software drivers for Windows ...)
+ TODO: check
+CVE-2026-1934 (The Motors \u2013 Car Dealership & Classified Listings plugin for Word ...)
+ TODO: check
+CVE-2025-70842 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in th ...)
+ TODO: check
+CVE-2025-6577 (Improper neutralization of special elements used in an SQL command ('S ...)
+ TODO: check
+CVE-2025-67604 (A use of potentially dangerous function vulnerability in Fortinet Fort ...)
+ TODO: check
+CVE-2025-65719 (An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to ...)
+ TODO: check
+CVE-2025-53870 (An improper neutralization of special elements used in an os command ( ...)
+ TODO: check
+CVE-2025-53844 (A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through ...)
+ TODO: check
+CVE-2025-53681 (An improper neutralization of special elements used in an SQL Command ...)
+ TODO: check
+CVE-2025-53680 (An improper neutralization of special elements used in an OS command ( ...)
+ TODO: check
+CVE-2025-46311 (An inconsistent user interface issue was addressed with improved state ...)
+ TODO: check
+CVE-2025-43524 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ TODO: check
+CVE-2025-40949 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ TODO: check
+CVE-2025-40948 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ TODO: check
+CVE-2025-40947 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
+ TODO: check
+CVE-2025-40946 (A vulnerability has been identified in blueplanet 100 NX3 M8 (All vers ...)
+ TODO: check
+CVE-2025-40833 (The affected devices contain a null pointer dereference vulnerability ...)
+ TODO: check
+CVE-2025-36515 (Uncontrolled search path for some AI Playground software before versio ...)
+ TODO: check
+CVE-2025-36510 (Improper buffer restrictions for some Display Virtualization for Windo ...)
+ TODO: check
+CVE-2025-35991 (Improper initialization in the UEFI firmware for some Intel platforms ...)
+ TODO: check
+CVE-2025-35990 (Improper input validation for some Intel Endpoint Management Assistant ...)
+ TODO: check
+CVE-2025-35979 (Exposure of sensitive information caused by shared microarchitectural ...)
+ TODO: check
+CVE-2025-35969 (Uncontrolled search path for some Intel(R) Server Firmware Update Util ...)
+ TODO: check
+CVE-2025-27723 (Use after free for some Linux kernel driver for the Intel(R) Ethernet ...)
+ TODO: check
+CVE-2025-12659 (The affected applications contains a memory corruption vulnerability w ...)
+ TODO: check
+CVE-2024-54017 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
+ TODO: check
CVE-2025-54518
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-490.html
NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html
-CVE-2026-5089
+CVE-2026-5089 (YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. ...)
- libyaml-syck-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39981051/
NOTE: https://github.com/cpan-authors/YAML-Syck/issues/132
@@ -8417,18 +9175,22 @@ CVE-2026-7381 (Plack::Middleware::XSendfile versions through 1.0053 for Perl can
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39467666/
NOTE: Plack::Middleware::XSendfile documented as deprecated.
CVE-2026-40684 (In Exim before 4.99.2, on systems using musl libc (not glibc), an atta ...)
+ {DSA-6265-1}
- exim4 4.99.2-1 (unimportant)
NOTE: Fixed by: https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81
NOTE: Debian builds with glibc
CVE-2026-40685 (In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds h ...)
+ {DSA-6265-1}
- exim4 4.99.2-1 (unimportant)
NOTE: Fixed by: https://code.exim.org/exim/exim/commit/9fdc057e71b87c87a0d3d2288b2810a0efaaba57
NOTE: JSON lookup support not enabled in Debian
CVE-2026-40686 (In Exim before 4.99.2, when utf8 operators are enabled, there is an ou ...)
+ {DSA-6265-1}
- exim4 4.99.2-1
[bullseye] - exim4 <postponed> (Minor issue; can be fixed in next update)
NOTE: Fixed by: https://code.exim.org/exim/exim/commit/f2570bde16fb4d4a1242ff363a4c4eecf6372efc
CVE-2026-40687 (In Exim before 4.99.2, when the SPA authentication driver is used with ...)
+ {DSA-6265-1}
- exim4 4.99.2-1
[bullseye] - exim4 <postponed> (Minor issue; can be fixed in next update)
NOTE: Fixed by: https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505
@@ -19686,7 +20448,7 @@ CVE-2026-39588 (Missing Authorization vulnerability in nmerii NM Gift Registry a
NOT-FOR-US: WordPress plugin or theme
CVE-2026-39586 (Insertion of Sensitive Information Into Sent Data vulnerability in Ate ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2026-39585 (Missing Authorization vulnerability in Arraytics Booktics booktics all ...)
+CVE-2026-39585 (Missing Authorization vulnerability in Arraytics Booktics allows Explo ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-39575 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
@@ -51642,9 +52404,9 @@ CVE-2026-22780 (Rizin is a UNIX-like reverse engineering framework and command-l
NOT-FOR-US: Rizin
CVE-2026-22778 (vLLM is an inference and serving engine for large language models (LLM ...)
- vllm <itp> (bug #1095237)
-CVE-2026-22550 (OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X15 ...)
+CVE-2026-22550 (OS command injection vulnerability exists in ELECOM wireless LAN produ ...)
NOT-FOR-US: ELECOM devices
-CVE-2026-20704 (Cross-site request forgery vulnerability exists in WRC-X1500GS-B and W ...)
+CVE-2026-20704 (Cross-site request forgery vulnerability exists in ELECOM wireless LAN ...)
NOT-FOR-US: ELECOM devices
CVE-2026-1788 (: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xqui ...)
NOT-FOR-US: Xquic
@@ -58163,7 +58925,8 @@ CVE-2026-23494 (Pimcore is an Open Source Data & Experience Management Platform.
NOT-FOR-US: Pimcore
CVE-2026-23493 (Pimcore is an Open Source Data & Experience Management Platform. Prior ...)
NOT-FOR-US: Pimcore
-CVE-2026-22920 (The device's passwords have not been adequately salted, making them vu ...)
+CVE-2026-22920
+ REJECTED
NOT-FOR-US: SICK AG
CVE-2026-22919 (An attacker with administrative access may inject malicious content in ...)
NOT-FOR-US: SICK AG
@@ -267693,7 +268456,7 @@ CVE-2024-29413 (Cross Site Scripting vulnerability in Webasyst v.2.9.9 allows a
NOT-FOR-US: Webasyst
CVE-2024-29375 (CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a re ...)
NOT-FOR-US: Addactis IBNRS
-CVE-2024-29225 (WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier all ...)
+CVE-2024-29225 (ELECOM wireless LAN routers allow a network-adjacent unauthenticated a ...)
NOT-FOR-US: WRC-X3200GST3-B
CVE-2024-29167 (SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated ...)
NOT-FOR-US: SEEnergy Corp SVR-116
@@ -330029,8 +330792,8 @@ CVE-2023-30061 (D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via
NOT-FOR-US: D-Link
CVE-2023-30060
RESERVED
-CVE-2023-30059
- RESERVED
+CVE-2023-30059 (An insecure direct object reference in MK-Auth 23.01K4.9 allows attack ...)
+ TODO: check
CVE-2023-30058 (novel-plus 3.6.2 is vulnerable to SQL Injection.)
NOT-FOR-US: novel-plus
CVE-2023-30057 (Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Ori ...)
@@ -337803,8 +338566,8 @@ CVE-2023-27755 (go-bbs v1 was discovered to contain an arbitrary file download v
NOT-FOR-US: go-bbs
CVE-2023-27754 (vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow ca ...)
NOT-FOR-US: vox2mesh
-CVE-2023-27753
- RESERVED
+CVE-2023-27753 (An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows att ...)
+ TODO: check
CVE-2023-27752
REJECTED
CVE-2023-27751
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7bd64b41d300edcb8290fd9450f088ac46209ac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7bd64b41d300edcb8290fd9450f088ac46209ac
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260512/78758013/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list