[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 13 08:13:17 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc9855a6 by security tracker role at 2026-05-13T07:13:08+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,357 @@
+CVE-2026-8449 (Linux ksmbd contains a remote memory corruption vulnerability in the A ...)
+ TODO: check
+CVE-2026-8336 (After invoking $_internalJsEmit, which is not intended to be directly ...)
+ TODO: check
+CVE-2026-8202 (Using a densely populated chars mask and a large input string in the M ...)
+ TODO: check
+CVE-2026-8201 (A use-after-free vulnerability exists in MongoDB's Field-Level Encrypt ...)
+ TODO: check
+CVE-2026-8200 (When schema validation is enabled on a collection and an update or ins ...)
+ TODO: check
+CVE-2026-8199 (An authenticated user can cause excess memory usage via bitwise match ...)
+ TODO: check
+CVE-2026-8108 (The installation of Fuji Tellus adds a driver to the kernel which gran ...)
+ TODO: check
+CVE-2026-8053 (An issue in MongoDB Server's time-series collection implementation all ...)
+ TODO: check
+CVE-2026-8052 (HashiCorp Nomad\u2019s exec2 task driver prior to 0.1.2 is vulnerable ...)
+ TODO: check
+CVE-2026-7635 (The coreActivity: Activity Logging for WordPress plugin for WordPress ...)
+ TODO: check
+CVE-2026-7619 (The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising ...)
+ TODO: check
+CVE-2026-7474 (HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to ...)
+ TODO: check
+CVE-2026-7051 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
+ TODO: check
+CVE-2026-6965 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
+ TODO: check
+CVE-2026-6962 (The Cost of Goods: Product Cost & Profit Calculator for WooCommerce pl ...)
+ TODO: check
+CVE-2026-6959 (HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to ...)
+ TODO: check
+CVE-2026-6929 (The JoomSport \u2013 for Sports: Team & League, Football, Hockey & mor ...)
+ TODO: check
+CVE-2026-6888 (Successful exploitation of the SQL injection vulnerability could allow ...)
+ TODO: check
+CVE-2026-6828 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Co ...)
+ TODO: check
+CVE-2026-5371 (The MonsterInsights \u2013 Google Analytics Dashboard for WordPress (W ...)
+ TODO: check
+CVE-2026-45227 (Heym before 0.0.21 contains a sandbox escape vulnerability in the cust ...)
+ TODO: check
+CVE-2026-45226 (Heym before 0.0.21 contains an authorization bypass vulnerability in w ...)
+ TODO: check
+CVE-2026-45225 (Heym before 0.0.21 contains a path traversal vulnerability in the file ...)
+ TODO: check
+CVE-2026-44874 (A vulnerability exists in the web-based management interface of an AOS ...)
+ TODO: check
+CVE-2026-44873 (A session management vulnerability in AOS-8 allows previously authenti ...)
+ TODO: check
+CVE-2026-44872 (A command injection vulnerability exists in the web-based management i ...)
+ TODO: check
+CVE-2026-44871 (Command injection vulnerabilities exist in the command line interface ...)
+ TODO: check
+CVE-2026-44870 (Command injection vulnerabilities exist in the command line interface ...)
+ TODO: check
+CVE-2026-44869 (Command injection vulnerabilities exist in the web-based management in ...)
+ TODO: check
+CVE-2026-44868 (Command injection vulnerabilities exist in the web-based management in ...)
+ TODO: check
+CVE-2026-44867 (Command injection vulnerabilities exist in the web-based management in ...)
+ TODO: check
+CVE-2026-44866 (Command injection vulnerabilities exist in the web-based management in ...)
+ TODO: check
+CVE-2026-44865 (Command injection vulnerabilities exist in the web-based management in ...)
+ TODO: check
+CVE-2026-44864 (SQL injection vulnerabilities exist in several underlying service comp ...)
+ TODO: check
+CVE-2026-44863 (SQL injection vulnerabilities exist in several underlying service comp ...)
+ TODO: check
+CVE-2026-44862 (SQL injection vulnerabilities exist in several underlying service comp ...)
+ TODO: check
+CVE-2026-44861 (SQL injection vulnerabilities exist in several underlying service comp ...)
+ TODO: check
+CVE-2026-44860 (SQL injection vulnerabilities exist in several underlying service comp ...)
+ TODO: check
+CVE-2026-44859 (Stack-based buffer overflow vulnerabilities exist in several underlyin ...)
+ TODO: check
+CVE-2026-44858 (Stack-based buffer overflow vulnerabilities exist in several underlyin ...)
+ TODO: check
+CVE-2026-44857 (Stack-based buffer overflow vulnerabilities exist in several underlyin ...)
+ TODO: check
+CVE-2026-44856 (Stack-based buffer overflow vulnerabilities exist in several underlyin ...)
+ TODO: check
+CVE-2026-44855 (Stack-based buffer overflow vulnerabilities exist in several underlyin ...)
+ TODO: check
+CVE-2026-44854 (Command injection vulnerabilities exist in the web-based management in ...)
+ TODO: check
+CVE-2026-44853 (Command injection vulnerabilities exist in the web-based management in ...)
+ TODO: check
+CVE-2026-44852 (An authenticated remote code execution vulnerability exists in the AOS ...)
+ TODO: check
+CVE-2026-44612 (Bytello Share (Windows Edition) installer executable provided by Bytel ...)
+ TODO: check
+CVE-2026-44548 (ChurchCRM is an open-source church management system. Prior to 7.3.2, ...)
+ TODO: check
+CVE-2026-44547 (ChurchCRM is an open-source church management system. From 7.2.0 to 7. ...)
+ TODO: check
+CVE-2026-44403 (Wing FTP Server 8.1.2 contains an authenticated remote code execution ...)
+ TODO: check
+CVE-2026-44352 (Flowsint is an open-source OSINT graph exploration tool designed for c ...)
+ TODO: check
+CVE-2026-44347 (Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux ...)
+ TODO: check
+CVE-2026-44341 (GoJobs is a REST API for a Job Board platform. The application exposes ...)
+ TODO: check
+CVE-2026-44307 (Mako is a template library written in Python. Prior to 1.3.12, on Wind ...)
+ TODO: check
+CVE-2026-44306 (Statamic is a Laravel and Git powered content management system (CMS). ...)
+ TODO: check
+CVE-2026-44305 (Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS ...)
+ TODO: check
+CVE-2026-44304 (Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP a ...)
+ TODO: check
+CVE-2026-44302 (Snappier is a high performance C# implementation of the Snappy compres ...)
+ TODO: check
+CVE-2026-44301 (Hugo is a static site generator. From 0.43 to before 0.161.0, when bui ...)
+ TODO: check
+CVE-2026-44296 (Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a r ...)
+ TODO: check
+CVE-2026-44262 (Scramble generates API documentation for Laravel project. From 0.13.2 ...)
+ TODO: check
+CVE-2026-44260 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the read ...)
+ TODO: check
+CVE-2026-44259 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the prev ...)
+ TODO: check
+CVE-2026-44258 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfi ...)
+ TODO: check
+CVE-2026-44257 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file ...)
+ TODO: check
+CVE-2026-44246 (nnU-Net is a semantic segmentation framework that automatically adapts ...)
+ TODO: check
+CVE-2026-44245 (Kyverno is a policy engine designed for cloud native platform engineer ...)
+ TODO: check
+CVE-2026-44242 (Micronaut Framework is a JVM-based full stack Java framework designed ...)
+ TODO: check
+CVE-2026-44241 (Micronaut Framework is a JVM-based full stack Java framework designed ...)
+ TODO: check
+CVE-2026-44240 (basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is v ...)
+ TODO: check
+CVE-2026-44232 (DSSRF is a Node.js library that provides a wide range of utilities and ...)
+ TODO: check
+CVE-2026-44225 (Pulpy is a lightweight, cross-platform desktop application packager fo ...)
+ TODO: check
+CVE-2026-44224 (Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, ...)
+ TODO: check
+CVE-2026-44223 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2026-44222 (vLLM is an inference and serving engine for large language models (LLM ...)
+ TODO: check
+CVE-2026-44221 (ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users an ...)
+ TODO: check
+CVE-2026-44220 (ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 t ...)
+ TODO: check
+CVE-2026-44219 (ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 t ...)
+ TODO: check
+CVE-2026-44218 (ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 t ...)
+ TODO: check
+CVE-2026-44217 (sse-channel is an SSE-implementation which can be used to any node.js ...)
+ TODO: check
+CVE-2026-44215 (NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...)
+ TODO: check
+CVE-2026-44015 (Nginx UI is a web user interface for the Nginx web server. In 2.3.4 an ...)
+ TODO: check
+CVE-2026-44012 (Craft CMS is a content management system (CMS). From 5.0.0-RC1 to befo ...)
+ TODO: check
+CVE-2026-44011 (Craft CMS is a content management system (CMS). From 4.0.0 to before 4 ...)
+ TODO: check
+CVE-2026-44010 (Craft CMS is a content management system (CMS). From 4.0.0 to before 4 ...)
+ TODO: check
+CVE-2026-43948 (wger is a free, open-source workout and fitness manager. Prior to 2.6, ...)
+ TODO: check
+CVE-2026-43685 (A Remote Code Execution vulnerability in Claris FileMaker Cloud allowe ...)
+ TODO: check
+CVE-2026-43680 (A Remote Code Execution vulnerability in Claris FileMaker Cloud allowe ...)
+ TODO: check
+CVE-2026-42889 (Relay adds real-time collaboration to Obsidian. Relay Server versions ...)
+ TODO: check
+CVE-2026-42855 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...)
+ TODO: check
+CVE-2026-42854 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...)
+ TODO: check
+CVE-2026-42844 (Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privile ...)
+ TODO: check
+CVE-2026-42545 (Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2 ...)
+ TODO: check
+CVE-2026-42544 (Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2 ...)
+ TODO: check
+CVE-2026-42446 (NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...)
+ TODO: check
+CVE-2026-42445 (NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...)
+ TODO: check
+CVE-2026-42444 (NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...)
+ TODO: check
+CVE-2026-42443 (NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...)
+ TODO: check
+CVE-2026-42442 (NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...)
+ TODO: check
+CVE-2026-42355 (NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...)
+ TODO: check
+CVE-2026-42338 (ip-address is a library for parsing and manipulating IPv4 and IPv6 add ...)
+ TODO: check
+CVE-2026-42289 (ChurchCRM is an open-source church management system. Prior to 7.3.2, ...)
+ TODO: check
+CVE-2026-42288 (ChurchCRM is an open-source church management system. Prior to 7.3.2, ...)
+ TODO: check
+CVE-2026-42196 (django-s3file is a lightweight file upload input for Django and Amazon ...)
+ TODO: check
+CVE-2026-42191 (OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetr ...)
+ TODO: check
+CVE-2026-42158 (Flowsint is an open-source OSINT graph exploration tool designed for c ...)
+ TODO: check
+CVE-2026-42157 (Flowsint is an open-source OSINT graph exploration tool designed for c ...)
+ TODO: check
+CVE-2026-42156 (Flowsint is an open-source OSINT graph exploration tool designed for c ...)
+ TODO: check
+CVE-2026-41901 (Thymeleaf is a server-side Java template engine for web and standalone ...)
+ TODO: check
+CVE-2026-41195 (mosparo is the modern solution to protect your online forms from spam. ...)
+ TODO: check
+CVE-2026-40902 (PhpSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
+ TODO: check
+CVE-2026-40863 (PhpSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
+ TODO: check
+CVE-2026-35555 (PowerSYSTEM Center feature for device project groups allows an authent ...)
+ TODO: check
+CVE-2026-35504 (PowerSYSTEM Center email notification service is affected by a CRLF in ...)
+ TODO: check
+CVE-2026-34690 (After Effects versions 26.0, 25.6.4 and earlier are affected by a Stac ...)
+ TODO: check
+CVE-2026-34688 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34686 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34685 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34680 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34679 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34678 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34677 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34673 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34672 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34671 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34670 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34669 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34668 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34667 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34666 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34665 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
+ TODO: check
+CVE-2026-34658 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34656 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34655 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34654 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34653 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34652 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34651 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34650 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34649 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34648 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34647 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34646 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-34645 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
+ TODO: check
+CVE-2026-33570 (PowerSYSTEM Center REST API endpoint for devices allows a low privileg ...)
+ TODO: check
+CVE-2026-32661 (Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailS ...)
+ TODO: check
+CVE-2026-2725 (Incorrect authorization in the "submitted together" feature in Gerrit ...)
+ TODO: check
+CVE-2026-26289 (PowerSYSTEM Center REST API endpoint for device account export allows ...)
+ TODO: check
+CVE-2026-23827 (A heap-based buffer overflow vulnerability exists in a Network managem ...)
+ TODO: check
+CVE-2026-23826 (A vulnerability in a network management service of AOS-8 Operating Sys ...)
+ TODO: check
+CVE-2026-23825 (Vulnerabilities exist in a protocol-handling component of AOS-8 and AO ...)
+ TODO: check
+CVE-2026-23824 (Vulnerabilities exist in a protocol-handling component of AOS-8 and AO ...)
+ TODO: check
+CVE-2026-21024 (Improper privilege management in Samsung System Support Service prior ...)
+ TODO: check
+CVE-2026-21022 (Improper handling of insufficient permissions in Routines prior to SMR ...)
+ TODO: check
+CVE-2026-21021 (Improper input validation in Routines prior to SMR May-2026 Release 1 ...)
+ TODO: check
+CVE-2026-21020 (Improper export of android application components in OmaCP prior to SM ...)
+ TODO: check
+CVE-2026-21019 (Improper input validation in FacAtFunction in Galaxy Watch prior to SM ...)
+ TODO: check
+CVE-2026-21018 (Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allo ...)
+ TODO: check
+CVE-2026-21016 (Incorrect privilege assignment in LocationManager prior to SMR May-202 ...)
+ TODO: check
+CVE-2026-21015 (Incorrect default permissions in FactoryCamera prior to SMR May-2026 R ...)
+ TODO: check
+CVE-2026-1250 (The Court Reservation \u2013 Manage Your Court Bookings Online plugin ...)
+ TODO: check
+CVE-2025-9989 (The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-9988 (The Broadstreet plugin for WordPress is vulnerable to unauthorized acc ...)
+ TODO: check
+CVE-2025-9987 (The Broadstreet plugin for WordPress is vulnerable to Sensitive Inform ...)
+ TODO: check
+CVE-2025-65088 (An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt ...)
+ TODO: check
+CVE-2025-65087 (An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt ...)
+ TODO: check
+CVE-2025-65086 (An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobal ...)
+ TODO: check
+CVE-2025-62627 (An untrusted pointer dereference in the ionic cloud driver for VMWare ...)
+ TODO: check
+CVE-2025-62624 (A heap-based buffer overflow in the ionic cloud driver for VMware ESXi ...)
+ TODO: check
+CVE-2025-62623 (A heap-based buffer overflow in the ionic cloud driver for VMware ESXi ...)
+ TODO: check
+CVE-2025-61972 (Missing lock bit protection for NBIO registers could allow a local adm ...)
+ TODO: check
+CVE-2025-61971 (Missing lock bit protection for NBIO registers could allow a local adm ...)
+ TODO: check
+CVE-2025-15463 (The The Advanced Custom Fields: Extended plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2025-14755 (The Cost Calculator Builder plugin for WordPress is vulnerable to Unau ...)
+ TODO: check
+CVE-2025-14033 (The ilGhera Support System for WooCommerce plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-11159 (Hitachi Vantara Pentaho Data Integration & Analytics of all versions c ...)
+ TODO: check
+CVE-2024-36315 (Improper enforcement of the LFENCE serialization property may allow an ...)
+ TODO: check
CVE-2026-44378
[experimental] - botan3 3.12.0+dfsg-1
- botan3 <unfixed>
@@ -652,7 +1006,7 @@ CVE-2026-2465 (Incorrect Authorization vulnerability in E-Kalite Software Hardwa
TODO: check
CVE-2026-2300 (The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-29204 (Insufficient ownership checks in `clientarea.php` allow an authenticat ...)
+CVE-2026-29204 (Insufficient ownership check in `clientarea.php` allows an authenticat ...)
TODO: check
CVE-2026-27851 (When safe filter is used with variable expansion, all following pipeli ...)
- dovecot <unfixed>
@@ -786,7 +1140,8 @@ CVE-2026-5089 (YAML::Syck versions before 1.38 for Perl has an out-of-bounds re
NOTE: https://github.com/cpan-authors/YAML-Syck/issues/132
NOTE: https://github.com/cpan-authors/YAML-Syck/pull/133
NOTE: Fixed by: https://github.com/cpan-authors/YAML-Syck/commit/208a4d3bd1b5cdb4a791a6e3905bd6bd45e9d005 (1.38)
-CVE-2026-45185 [Exim-Security-2026-05-01.1: TLS: on rxd close with CHUNKING active, clean the input processing stack]
+CVE-2026-45185 (Exim before 4.99.3, in certain GnuTLS configurations, has a remotely r ...)
+ {DSA-6265-1 DLA-4580-1}
- exim4 4.99.2-2
NOTE: https://code.exim.org/exim/exim/commit/040c1ce6889f435206677ed532c9a4185cf0bcaf
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/4
@@ -6354,7 +6709,7 @@ CVE-2026-31196 (The traceroute diagnostic handler in /bin/httpd_clientside for A
NOT-FOR-US: ALTICE
CVE-2026-31195 (The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / ...)
NOT-FOR-US: ALTICE
-CVE-2026-42268 [Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators ]
+CVE-2026-42268 (ModSecurity is an open source, cross platform web application firewall ...)
- modsecurity 3.0.15-1
NOTE: https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-vwr3-7x7g-7p9w
CVE-2026-30923 (ModSecurity is an open source, cross platform web application firewall ...)
@@ -27703,7 +28058,7 @@ CVE-2025-15488 (The Responsive Plus WordPress plugin before 3.4.3 is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2025-15433 (The Shared Files WordPress plugin before 1.7.58 allows users with a r ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-15101 (A Cross-Site Request Forgery (CSRF) vulnerability has been identified ...)
+CVE-2025-15101 (An OS command injection vulnerability in the web management interface ...)
NOT-FOR-US: ASUS
CVE-2025-14974 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
NOT-FOR-US: IBM
@@ -279719,7 +280074,7 @@ CVE-2024-27354 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x befo
- php-phpseclib3 3.0.36-1
[bookworm] - php-phpseclib3 3.0.19-1+deb12u3
NOTE: https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
-CVE-2026-44167 [Bypass of CVE-2024-27355 mitigations]
+CVE-2026-44167 (phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0 ...)
- phpseclib 1.0.29-1
[trixie] - phpseclib <no-dsa> (Minor issue, will be fixed via point update)
[bookworm] - phpseclib <no-dsa> (Minor issue, will be fixed via point update)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc9855a6b11b948f3b98e3de2759cdb9d12e2829
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc9855a6b11b948f3b98e3de2759cdb9d12e2829
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260513/29108966/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list