[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 14 08:13:09 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d74cb9a8 by security tracker role at 2026-05-14T07:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,26 +1,686 @@
-CVE-2026-8500
+CVE-2026-8496 (A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, vers ...)
+ TODO: check
+CVE-2026-8466 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-8369 (Improper Input Validation in the NAT64 translator in The OpenThread Au ...)
+ TODO: check
+CVE-2026-8367 (aria2c accepts a server certificate with incorrect Extended Key Usage ...)
+ TODO: check
+CVE-2026-8328 (The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4 ...)
+ TODO: check
+CVE-2026-8280 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-8181 (The Burst Statistics \u2013 Privacy-Friendly WordPress Analytics (Goog ...)
+ TODO: check
+CVE-2026-8144 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-7648 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online ...)
+ TODO: check
+CVE-2026-7525 (The My Calendar \u2013 Accessible Event Manager plugin for WordPress i ...)
+ TODO: check
+CVE-2026-7481 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+ TODO: check
+CVE-2026-7471 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+ TODO: check
+CVE-2026-7377 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+ TODO: check
+CVE-2026-6883 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+ TODO: check
+CVE-2026-6670 (The Media Sync plugin for WordPress is vulnerable to Path Traversal in ...)
+ TODO: check
+CVE-2026-6510 (The InfusedWoo Pro plugin for WordPress is vulnerable to privilege esc ...)
+ TODO: check
+CVE-2026-6506 (The InfusedWoo Pro plugin for WordPress is vulnerable to privilege esc ...)
+ TODO: check
+CVE-2026-6417 (The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-6335 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-6282 (A potential improper file path validation vulnerability was reported i ...)
+ TODO: check
+CVE-2026-6281 (A potential vulnerability was reported in some Lenovo Personal Cloud S ...)
+ TODO: check
+CVE-2026-6271 (The Career Section plugin for WordPress is vulnerable to Arbitrary Fil ...)
+ TODO: check
+CVE-2026-6252 (The Meta Field Block plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2026-6225 (The Taskbuilder \u2013 Project Management & Task Management Tool With ...)
+ TODO: check
+CVE-2026-6177 (The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2026-6073 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+ TODO: check
+CVE-2026-6063 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+ TODO: check
+CVE-2026-5486 (The Unlimited Elements for Elementor plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2026-5396 (The Fluent Forms plugin for WordPress is vulnerable to Authorization B ...)
+ TODO: check
+CVE-2026-5395 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Co ...)
+ TODO: check
+CVE-2026-5365 (The LatePoint plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2026-5361 (The Envira Gallery Lite plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2026-5243 (The The Plus Addons for Elementor \u2013 Addons for Elementor, Page Te ...)
+ TODO: check
+CVE-2026-5193 (The Essential Addons for Elementor \u2013 Popular Elementor Templates ...)
+ TODO: check
+CVE-2026-4798 (The Avada Builder plugin for WordPress is vulnerable to time-based SQL ...)
+ TODO: check
+CVE-2026-4782 (The Avada Builder plugin for WordPress is vulnerable to Arbitrary File ...)
+ TODO: check
+CVE-2026-4609 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+ TODO: check
+CVE-2026-4608 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+ TODO: check
+CVE-2026-4607 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
+ TODO: check
+CVE-2026-4527 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-4524 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-46446 (SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext ...)
+ TODO: check
+CVE-2026-46445 (SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.)
+ TODO: check
+CVE-2026-46419 (Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2. ...)
+ TODO: check
+CVE-2026-45740 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
+ TODO: check
+CVE-2026-45714 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authent ...)
+ TODO: check
+CVE-2026-45708 (CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin w ...)
+ TODO: check
+CVE-2026-45411 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is p ...)
+ TODO: check
+CVE-2026-45229 (Quark Drive before 0.8.5 contains a mass assignment vulnerability in t ...)
+ TODO: check
+CVE-2026-45228 (Quark Drive before 0.8.5 contains a stored cross-site scripting vulner ...)
+ TODO: check
+CVE-2026-45158 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
+ TODO: check
+CVE-2026-45109 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-45055 (CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6 ...)
+ TODO: check
+CVE-2026-45054 (CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin ...)
+ TODO: check
+CVE-2026-45053 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authent ...)
+ TODO: check
+CVE-2026-45033 (GitHub Copilot CLI brings AI-powered coding assistance directly to you ...)
+ TODO: check
+CVE-2026-45028 (Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM ...)
+ TODO: check
+CVE-2026-44919 (In OpenStack Ironic through 35.x before a3f6d73, during image handling ...)
+ TODO: check
+CVE-2026-44665 (fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input d ...)
+ TODO: check
+CVE-2026-44664 (fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026- ...)
+ TODO: check
+CVE-2026-44582 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44581 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44580 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44579 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44578 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44577 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44576 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44575 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44574 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44573 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44572 (Next.js is a React framework for building full-stack web applications. ...)
+ TODO: check
+CVE-2026-44479 (Vercel\u2019s AI Cloud is a unified platform for building modern appli ...)
+ TODO: check
+CVE-2026-44478 (hoppscotch is an open source API development ecosystem. The fix for CV ...)
+ TODO: check
+CVE-2026-44471 (gitoxide is an implementation of git written in Rust. Prior to 0.21.1, ...)
+ TODO: check
+CVE-2026-44470 (The Claude Desktop app gives you Claude Code with a graphical interfac ...)
+ TODO: check
+CVE-2026-44467 (The Claude Desktop app gives you Claude Code with a graphical interfac ...)
+ TODO: check
+CVE-2026-44459 (Hono is a Web application framework that provides support for any Java ...)
+ TODO: check
+CVE-2026-44458 (Hono is a Web application framework that provides support for any Java ...)
+ TODO: check
+CVE-2026-44457 (Hono is a Web application framework that provides support for any Java ...)
+ TODO: check
+CVE-2026-44456 (Hono is a Web application framework that provides support for any Java ...)
+ TODO: check
+CVE-2026-44455 (Hono is a Web application framework that provides support for any Java ...)
+ TODO: check
+CVE-2026-44448 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
+ TODO: check
+CVE-2026-44447 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
+ TODO: check
+CVE-2026-44446 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
+ TODO: check
+CVE-2026-44445 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
+ TODO: check
+CVE-2026-44442 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
+ TODO: check
+CVE-2026-44441 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
+ TODO: check
+CVE-2026-44440 (ERPNext is a free and open source Enterprise Resource Planning tool. P ...)
+ TODO: check
+CVE-2026-44439 (PlaywrightCapture is a simple replacement for splash using playwright. ...)
+ TODO: check
+CVE-2026-44437 (The Angular SSR is a server-rise rendering tool for Angular applicatio ...)
+ TODO: check
+CVE-2026-44432 (urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7 ...)
+ TODO: check
+CVE-2026-44431 (urllib3 is an HTTP client library for Python. From 1.23 to before 2.7. ...)
+ TODO: check
+CVE-2026-44426 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/names ...)
+ TODO: check
+CVE-2026-44425 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device lis ...)
+ TODO: check
+CVE-2026-44424 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devic ...)
+ TODO: check
+CVE-2026-44423 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessi ...)
+ TODO: check
+CVE-2026-44418 (EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlie ...)
+ TODO: check
+CVE-2026-44381 (MISP is an open source threat intelligence and sharing platform. Prior ...)
+ TODO: check
+CVE-2026-44380 (MISP is an open source threat intelligence and sharing platform. Prior ...)
+ TODO: check
+CVE-2026-44379 (MISP is an open source threat intelligence and sharing platform. Prior ...)
+ TODO: check
+CVE-2026-44377 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authent ...)
+ TODO: check
+CVE-2026-44376 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthe ...)
+ TODO: check
+CVE-2026-44373 (Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, a ...)
+ TODO: check
+CVE-2026-44372 (Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, a ...)
+ TODO: check
+CVE-2026-44369 (CVAT is an open source interactive video and image annotation tool for ...)
+ TODO: check
+CVE-2026-44368 (PyQuorum is a cryptographic library for secret sharing and key managem ...)
+ TODO: check
+CVE-2026-44364 (MISP modules are autonomous modules that can be used to extend MISP fo ...)
+ TODO: check
+CVE-2026-44363 (MISP modules are autonomous modules that can be used to extend MISP fo ...)
+ TODO: check
+CVE-2026-44351 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6 ...)
+ TODO: check
+CVE-2026-44295 (protobufjs-cli is the command line add-on for protobuf.js. Prior to 1. ...)
+ TODO: check
+CVE-2026-44294 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
+ TODO: check
+CVE-2026-44293 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
+ TODO: check
+CVE-2026-44292 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
+ TODO: check
+CVE-2026-44291 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
+ TODO: check
+CVE-2026-44290 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
+ TODO: check
+CVE-2026-44289 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
+ TODO: check
+CVE-2026-44288 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
+ TODO: check
+CVE-2026-44248 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-44195 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
+ TODO: check
+CVE-2026-44194 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
+ TODO: check
+CVE-2026-44193 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
+ TODO: check
+CVE-2026-44009 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This v ...)
+ TODO: check
+CVE-2026-44008 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new ...)
+ TODO: check
+CVE-2026-44007 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a ...)
+ TODO: check
+CVE-2026-44006 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is p ...)
+ TODO: check
+CVE-2026-44005 (vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm ...)
+ TODO: check
+CVE-2026-44004 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandbox ...)
+ TODO: check
+CVE-2026-44003 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's c ...)
+ TODO: check
+CVE-2026-44002 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's C ...)
+ TODO: check
+CVE-2026-44001 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandb ...)
+ TODO: check
+CVE-2026-44000 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandb ...)
+ TODO: check
+CVE-2026-43999 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM' ...)
+ TODO: check
+CVE-2026-43998 (vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's requ ...)
+ TODO: check
+CVE-2026-43997 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is p ...)
+ TODO: check
+CVE-2026-43970 (Improper Handling of Highly Compressed Data (Data Amplification) vulne ...)
+ TODO: check
+CVE-2026-42961 (ELECOM wireless LAN access point devices implement CSRF protection mec ...)
+ TODO: check
+CVE-2026-42950 (ELECOM wireless LAN access point devices do not check if language para ...)
+ TODO: check
+CVE-2026-42948 (Stored cross-site scripting vulnerability exists in ELECOM wireless LA ...)
+ TODO: check
+CVE-2026-42937 (Incorrect permission assignment vulnerabilities exist in BIG-IP and BI ...)
+ TODO: check
+CVE-2026-42930 (When running in Appliance mode, an authenticated attacker assigned the ...)
+ TODO: check
+CVE-2026-42924 (An authenticated attacker with the Resource Administrator or Administr ...)
+ TODO: check
+CVE-2026-42920 (When a Client SSL profile is configured with Allow Dynamic Record Sizi ...)
+ TODO: check
+CVE-2026-42919 (A vulnerability exists in BIG-IP systems that may allow an authenticat ...)
+ TODO: check
+CVE-2026-42781 (When embedded Packet Velocity Acceleration (ePVA) acceleration is conf ...)
+ TODO: check
+CVE-2026-42780 (A directory traversal vulnerability exists in BIG-IP SSL Orchestrator ...)
+ TODO: check
+CVE-2026-42602 (azureauthextension is the Azure Authenticator Extension. From 0.124.0 ...)
+ TODO: check
+CVE-2026-42587 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42586 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42585 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42584 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42583 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42582 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42581 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42580 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42579 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42578 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42577 (Netty is an asynchronous, event-driven network application framework. ...)
+ TODO: check
+CVE-2026-42561 (Python-Multipart is a streaming multipart parser for Python. Prior to ...)
+ TODO: check
+CVE-2026-42557 (jupyterlab is an extensible environment for interactive and reproducib ...)
+ TODO: check
+CVE-2026-42552 (Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the ...)
+ TODO: check
+CVE-2026-42551 (Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Requ ...)
+ TODO: check
+CVE-2026-42550 (Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Simp ...)
+ TODO: check
+CVE-2026-42549 (Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the ...)
+ TODO: check
+CVE-2026-42548 (Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flig ...)
+ TODO: check
+CVE-2026-42463 (SQLBot is an intelligent Text-to-SQL system based on large language mo ...)
+ TODO: check
+CVE-2026-42409 (When an HTTP/2 profile and an iRule containing the HTTP::redirector HT ...)
+ TODO: check
+CVE-2026-42408 (When BIG-IP DNS is provisioned, a vulnerability exists in an undisclos ...)
+ TODO: check
+CVE-2026-42406 (A vulnerability exists in BIG-IP and BIG-IQ systems where a highly pri ...)
+ TODO: check
+CVE-2026-42290 (protobufjs-cli is the command line add-on for protobuf.js. Prior to 1. ...)
+ TODO: check
+CVE-2026-42266 (jupyterlab is an extensible environment for interactive and reproducib ...)
+ TODO: check
+CVE-2026-42063 (A vulnerability exists in iControl SOAP where an authenticated attacke ...)
+ TODO: check
+CVE-2026-42062 (ELECOM wireless LAN access point devices contain an OS command injecti ...)
+ TODO: check
+CVE-2026-42058 (An authenticated attacker's undisclosed requests to BIG-IP iControl RE ...)
+ TODO: check
+CVE-2026-42032 (CKAN is an open-source DMS (data management system) for powering data ...)
+ TODO: check
+CVE-2026-42031 (CKAN is an open-source DMS (data management system) for powering data ...)
+ TODO: check
+CVE-2026-41959 (Incorrect permission assignment vulnerabilities exist in BIG-IP and BI ...)
+ TODO: check
+CVE-2026-41957 (An authenticated remote code execution vulnerability through undisclos ...)
+ TODO: check
+CVE-2026-41956 (When a classification profile is configured on a UDP virtual server, u ...)
+ TODO: check
+CVE-2026-41954 (Sensitive information disclosure vulnerability exists in the undisclos ...)
+ TODO: check
+CVE-2026-41953 (A vulnerability exists in BIG-IP systems where a highly privileged, au ...)
+ TODO: check
+CVE-2026-41410
+ REJECTED
+CVE-2026-41281 (Android App "\u3042\u3093\u3057\u3093\u30d5\u30a3\u30eb\u30bf\u30fc fo ...)
+ TODO: check
+CVE-2026-41255 (CKAN is an open-source DMS (data management system) for powering data ...)
+ TODO: check
+CVE-2026-41227 (On an HTTP/2 virtual server with Layer 7 DoS Protection configured, un ...)
+ TODO: check
+CVE-2026-41225 (A vulnerability exists in iControl REST where a highly privileged, aut ...)
+ TODO: check
+CVE-2026-41219 (An improper sanitization vulnerability exists in the BIG-IP QKView uti ...)
+ TODO: check
+CVE-2026-41218 (When BIG-IP PEM iRules are configured on a virtual server (iRules usin ...)
+ TODO: check
+CVE-2026-41217 (A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) comm ...)
+ TODO: check
+CVE-2026-41132 (CKAN is an open-source DMS (data management system) for powering data ...)
+ TODO: check
+CVE-2026-41051 (csync2 uses insecure temporary directories when compiled with C99 or l ...)
+ TODO: check
+CVE-2026-41050 (Fleet's Helm deployer did not fully apply ServiceAccount impersonation ...)
+ TODO: check
+CVE-2026-40703 (A cross-site request forgery (CSRF) vulnerability exists in the dashbo ...)
+ TODO: check
+CVE-2026-40699 (A vulnerability exists in the undisclosed pages in the Configuration u ...)
+ TODO: check
+CVE-2026-40698 (A vulnerability exists in BIG-IP and BIG-IQ systems where a highly pri ...)
+ TODO: check
+CVE-2026-40631 (An authenticated attacker with the Resource Administrator or Administr ...)
+ TODO: check
+CVE-2026-40629 (When SSL profiles are configured on a virtual server, undisclosed traf ...)
+ TODO: check
+CVE-2026-40621 (ELECOM wireless LAN access point devices do not require authentication ...)
+ TODO: check
+CVE-2026-40618 (When an SSL profile is configured on a virtual server on BIG-IP Virtua ...)
+ TODO: check
+CVE-2026-40462 (Incorrect permission assignment vulnerabilities exist in iControl REST ...)
+ TODO: check
+CVE-2026-40435 (When configured, IP-based access restrictions for httpddo not cover al ...)
+ TODO: check
+CVE-2026-40423 (When a SIP profile is configured on a virtual server, undisclosed traf ...)
+ TODO: check
+CVE-2026-40328
+ REJECTED
+CVE-2026-40327
+ REJECTED
+CVE-2026-40067 (When a BIG-IP APM access policy is configured on a virtual server, und ...)
+ TODO: check
+CVE-2026-40061 (When BIG-IP DNS is provisioned, a vulnerability exists in an undisclos ...)
+ TODO: check
+CVE-2026-40060 (When a BIG-IP Advanced WAF or ASM security policy is configured on a v ...)
+ TODO: check
+CVE-2026-3892 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
+ TODO: check
+CVE-2026-3829 (The WP Encryption \u2013 One Click Free SSL Certificate & SSL / HTTPS ...)
+ TODO: check
+CVE-2026-3718 (The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2026-3694 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2026-3607 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-3426 (The RTMKit Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-3425 (The RTMKit Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2026-3160 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-3074 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-3073 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-3004 (The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2026-39806 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
+ TODO: check
+CVE-2026-39803 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-39459 (A vulnerability exists in iControl REST and the TMOS Shell (tmsh) wher ...)
+ TODO: check
+CVE-2026-39458 (When a BIG-IP DNS profile enabled with DNS cache is configured on a vi ...)
+ TODO: check
+CVE-2026-39455 (When the BIG-IP Configuration utility is configured to use Lightweight ...)
+ TODO: check
+CVE-2026-39428 (CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored C ...)
+ TODO: check
+CVE-2026-39358 (CubeCart is an ecommerce software solution. Prior to 6.6.0, Authentica ...)
+ TODO: check
+CVE-2026-37430 (An arbitrary file upload vulnerability in the ShopOrderImportControlle ...)
+ TODO: check
+CVE-2026-37429 (qihang-wms commit 75c15a was discovered to contain a SQL injection vul ...)
+ TODO: check
+CVE-2026-37428 (qihang-wms commit 75c15a was discovered to contain a SQL injection vul ...)
+ TODO: check
+CVE-2026-36742 (Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART boo ...)
+ TODO: check
+CVE-2026-36741 (U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerabl ...)
+ TODO: check
+CVE-2026-36738 (U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerabl ...)
+ TODO: check
+CVE-2026-35506 (ELECOM wireless LAN access point devices contain an OS command injecti ...)
+ TODO: check
+CVE-2026-35062 (An authenticated iControl SOAP user may be able to obtain information ...)
+ TODO: check
+CVE-2026-34176 (When running in Appliance mode, an authenticated remote command inject ...)
+ TODO: check
+CVE-2026-34019 (When Bidirectional Forwarding Detection (BFD) is configured in Static ...)
+ TODO: check
+CVE-2026-33585 (Improper management of the idle timeout parameterin the Keycloak inter ...)
+ TODO: check
+CVE-2026-33584 (Exposed Keycloak management service in the Arqit Symmetric Key Agreem ...)
+ TODO: check
+CVE-2026-33583 (Exposure of the QKEY (used as input into the \u2018OTA-Quantum\u2019 ...)
+ TODO: check
+CVE-2026-33381 (When a user's access to mint tokens for a service account is revoked, ...)
+ TODO: check
+CVE-2026-33380 (A vulnerability in SQL Expressions allows an authenticated attacker to ...)
+ TODO: check
+CVE-2026-33378 (Using the $__timeGroup macro, one can achieve an OOM by overloading th ...)
+ TODO: check
+CVE-2026-33377 (An Editor can overwrite a dashboard not owned by them to acquire admin ...)
+ TODO: check
+CVE-2026-33376 (When using an IPv6 allow-list for the Auth Proxy feature, it defaults ...)
+ TODO: check
+CVE-2026-32993 (Improper sanitization of the `status` query parameter of the `/unprote ...)
+ TODO: check
+CVE-2026-32992 (SSL verification is disabled in the DNS Cluster system. This could all ...)
+ TODO: check
+CVE-2026-32991 (Improper authorization checks of team members privileges allow a team ...)
+ TODO: check
+CVE-2026-32673 (A vulnerability exists in BIG-IP scripted monitors that may allow an a ...)
+ TODO: check
+CVE-2026-32643 (A vulnerability exists in BIG-IP and BIG-IQ systems where a highly pri ...)
+ TODO: check
+CVE-2026-31156 (A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f ...)
+ TODO: check
+CVE-2026-30906 (Untrusted search path in the installer for Zoom Rooms for Windows befo ...)
+ TODO: check
+CVE-2026-30905 (External Control of File Name or Path in the Zoom Workplace VDI Plugin ...)
+ TODO: check
+CVE-2026-30904 (Protection Mechanism Failure in Zoom Workplace for iOS before version ...)
+ TODO: check
+CVE-2026-2900 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+ TODO: check
+CVE-2026-2695 (A command injection vulnerability was discoveredin TeamViewer DEX Plat ...)
+ TODO: check
+CVE-2026-2515 (The Hostinger Reach \u2013 AI-Powered Email Marketing for WordPress pl ...)
+ TODO: check
+CVE-2026-29206 (Insufficient sanitization of SQL queries in the `sqloptimizer` utility ...)
+ TODO: check
+CVE-2026-29205 (Incorrect privileges management and insufficient path filtering allow ...)
+ TODO: check
+CVE-2026-28758 (When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_adda ...)
+ TODO: check
+CVE-2026-28383 (A request to the Grafana plugin resources endpoint can cause unbounded ...)
+ TODO: check
+CVE-2026-28380 (Any Editor could delete any snapshot, even if they have no access to r ...)
+ TODO: check
+CVE-2026-28379 (A race condition in Grafana Live allows authenticated users with Viewe ...)
+ TODO: check
+CVE-2026-28376 (The Grafana Live push endpoint can be exploited to cause unbounded mem ...)
+ TODO: check
+CVE-2026-28374 (Editors could delete any annotation, even those they do not have read ...)
+ TODO: check
+CVE-2026-25705 (A vulnerability has been identified in [Rancher's Extensions](https:// ...)
+ TODO: check
+CVE-2026-25107 (ELECOM wireless LAN access point devices use a hard-coded cryptographi ...)
+ TODO: check
+CVE-2026-24464 (When running in Appliance mode, a directory traversal vulnerability ex ...)
+ TODO: check
+CVE-2026-22677 (Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vu ...)
+ TODO: check
+CVE-2026-21821 (The HCL BigFix SCM Reporting site contains an outdated and unsupported ...)
+ TODO: check
+CVE-2026-20916 (An authenticated iControl REST user with low privileges can create or ...)
+ TODO: check
+CVE-2026-1659 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-1338 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-1322 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2026-1184 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
+ TODO: check
+CVE-2026-0265 (An authentication bypass vulnerability in Palo Alto Networks PAN-OS\xa ...)
+ TODO: check
+CVE-2026-0264 (A buffer overflow vulnerability in the DNS proxy and DNS Server featur ...)
+ TODO: check
+CVE-2026-0263 (A buffer overflow vulnerability in the IKEv2 processing of Palo Alto N ...)
+ TODO: check
+CVE-2026-0262 (Multiple denial of service vulnerabilities in Palo Alto Networks PAN-O ...)
+ TODO: check
+CVE-2026-0261 (Multiple command injection vulnerabilities in Palo Alto Networks PAN-O ...)
+ TODO: check
+CVE-2026-0259 (An arbitrary File Read and Delete Vulnerability in Palo Alto Networks ...)
+ TODO: check
+CVE-2026-0258 (A server-side request forgery (SSRF) vulnerability in the IKEv2 implem ...)
+ TODO: check
+CVE-2026-0257 (Authentication bypass vulnerabilities in the GlobalProtect portal and ...)
+ TODO: check
+CVE-2026-0256 (A stored cross-site scripting (XSS) vulnerability in Palo Alto Network ...)
+ TODO: check
+CVE-2026-0251 (Multiple local privilege escalation vulnerabilities in the Palo Alto N ...)
+ TODO: check
+CVE-2026-0250 (A buffer overflow vulnerability exists in the Palo Alto Networks Globa ...)
+ TODO: check
+CVE-2026-0249 (Multiple improper certificate validation vulnerabilities in the Palo A ...)
+ TODO: check
+CVE-2026-0248 (An improper certificate validation vulnerability in the Prisma Access ...)
+ TODO: check
+CVE-2026-0247 (Multiple authorization bypass vulnerabilities in the Endpoint DLP comp ...)
+ TODO: check
+CVE-2026-0246 (A vulnerability with a privilege management mechanism in the Palo Alto ...)
+ TODO: check
+CVE-2026-0245 (Multiple information disclosure vulnerabilities in Prisma Access Agent ...)
+ TODO: check
+CVE-2026-0244 (An improper certificate validation vulnerability in the Palo Alto Netw ...)
+ TODO: check
+CVE-2026-0243 (A denial of service (DoS) vulnerability in Palo Alto Networks Prisma S ...)
+ TODO: check
+CVE-2026-0242 (A SQL injection vulnerability in Trust Protection Foundation allows an ...)
+ TODO: check
+CVE-2026-0241 (Incorrect Authorization vulnerabilities in Trust Protection Foundation ...)
+ TODO: check
+CVE-2026-0240 (An information disclosure vulnerability in Trust Protection Foundation ...)
+ TODO: check
+CVE-2026-0239 (An information disclosure vulnerability in the Chronosphere Chronocoll ...)
+ TODO: check
+CVE-2026-0238 (A vulnerability in Palo Alto Networks Broker VM allows an authenticate ...)
+ TODO: check
+CVE-2026-0237 (An improper protection of alternate path vulnerability in Palo Alto Ne ...)
+ TODO: check
+CVE-2026-0236 (A code injection vulnerability in Palo Alto Networks Prisma\xae Browse ...)
+ TODO: check
+CVE-2026-0235 (A race condition vulnerability in Palo Alto Networks Prisma\xae Browse ...)
+ TODO: check
+CVE-2025-32425 (AutoGPT is a platform that allows users to create, deploy, and manage ...)
+ TODO: check
+CVE-2025-29338 (NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To ...)
+ TODO: check
+CVE-2025-28344 (striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in fu ...)
+ TODO: check
+CVE-2025-28343 (striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in fu ...)
+ TODO: check
+CVE-2025-27853 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) al ...)
+ TODO: check
+CVE-2025-27852 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) al ...)
+ TODO: check
+CVE-2025-27851 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) al ...)
+ TODO: check
+CVE-2025-27850 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) al ...)
+ TODO: check
+CVE-2025-15345 (The MapGeo \u2013 Interactive Geo Maps plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2025-14870 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-14869 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-14767 (The WPC Badge Management for WooCommerce plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2025-13874 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2025-12669 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
+ TODO: check
+CVE-2024-55045 (Firmament-Autopilot FMT-Firmware commit de5aec was discovered to conta ...)
+ TODO: check
+CVE-2024-51395 (Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e0 ...)
+ TODO: check
+CVE-2024-51394 (Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e0 ...)
+ TODO: check
+CVE-2024-48519 (Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b04516 ...)
+ TODO: check
+CVE-2024-47091 (Privilege escalation in the mk_mysql agent plugin on Windows in Checkm ...)
+ TODO: check
+CVE-2020-37226 (Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerabi ...)
+ TODO: check
+CVE-2020-37225 (Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scr ...)
+ TODO: check
+CVE-2020-37224 (Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerabi ...)
+ TODO: check
+CVE-2020-37223 (IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerabi ...)
+ TODO: check
+CVE-2020-37222 (Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerabi ...)
+ TODO: check
+CVE-2020-37221 (Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that al ...)
+ TODO: check
+CVE-2020-37220 (Huawei HG630 V2 router contains an authentication bypass vulnerability ...)
+ TODO: check
+CVE-2020-37219 (Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability ...)
+ TODO: check
+CVE-2020-37218 (Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in th ...)
+ TODO: check
+CVE-2020-37217 (Easy2Pilot 7 contains a cross-site request forgery vulnerability that ...)
+ TODO: check
+CVE-2020-37174 (WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross ...)
+ TODO: check
+CVE-2020-37169 (WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion ...)
+ TODO: check
+CVE-2020-37168 (Ecommerce Systempay 1.0 contains a weak cryptographic implementation v ...)
+ TODO: check
+CVE-2026-8500 (Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web: ...)
NOT-FOR-US: Web::Passwd Perl module
-CVE-2026-42945
+CVE-2026-42945 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
- nginx 1.30.0-3
NOTE: https://www.openwall.com/lists/oss-security/2026/05/13/7
NOTE: https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability
NOTE: https://my.f5.com/manage/s/article/K000161019
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686 (release-1.30.1)
-CVE-2026-42946
+CVE-2026-42946 (A vulnerability exists in the ngx_http_scgi_moduleand ngx_http_uwsgi_m ...)
- nginx <unfixed>
NOTE: https://my.f5.com/manage/s/article/K000161027
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/baef7fdac28e4e1fe26509b50b8d15603393e28e (release-1.30.1)
NOTE: https://github.com/nginx/nginx/commit/39d7d0ba0799fcff6baee52b6525f45739593cfd (release-1.30.1)
-CVE-2026-40460
+CVE-2026-40460 (When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 ...)
- nginx <unfixed>
[bookworm] - nginx <not-affected> (Vulnerable code not present, introduced in 1.25.0)
[bullseye] - nginx <not-affected> (Vulnerable code not present, introduced in 1.25.0)
NOTE: https://my.f5.com/manage/s/article/K000161068
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/5461e8bbc09230a4cf8e3d7737c176ae69b091f1 (release-1.30.1)
-CVE-2026-42926
+CVE-2026-42926 (When NGINX Open Source is configured to proxy HTTP/2 traffic by settin ...)
- nginx <unfixed>
[trixie] - nginx <not-affected> (Vulnerable code not present, introduced in 1.29.4)
[bookworm] - nginx <not-affected> (Vulnerable code not present, introduced in 1.29.4)
@@ -29,12 +689,12 @@ CVE-2026-42926
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/ce3362cfd5c3e1434a6151cfa585b89114389da7 (release-1.30.1)
NOTE: https://github.com/nginx/nginx/commit/a0e742944db64d8a547cc2e7a0ba4c2e85cd4b98 (release-1.30.1)
-CVE-2026-40701
+CVE-2026-40701 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
- nginx <unfixed>
NOTE: https://my.f5.com/manage/s/article/K000161021
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/d2b8d47741820c9fb134c6731ecb40b21f3085b1 (release-1.30.1)
-CVE-2026-42934
+CVE-2026-42934 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
- nginx <unfixed>
NOTE: https://my.f5.com/manage/s/article/K000161028
NOTE: https://nginx.org/en/security_advisories.html
@@ -44,80 +704,80 @@ CVE-2026-46300
NOTE: https://github.com/v12-security/pocs/tree/main/fragnesia
NOTE: https://lore.kernel.org/all/20260513041635.1289541-1-vakzz@zellic.io/
NOTE: https://lore.kernel.org/all/agRfuVOeMI5pbHhY@v4bel/
-CVE-2026-43489 [liveupdate: luo_file: remember retrieve() status]
+CVE-2026-43489 (In the Linux kernel, the following vulnerability has been resolved: l ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/f85b1c6af5bc3872f994df0a5688c1162de07a62 (7.0-rc2)
-CVE-2026-43487 [ata: libata-core: Disable LPM on ST1000DM010-2EP102]
+CVE-2026-43487 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b3b1d3ae1d87bc9398fb715c945968bf4c75a09a (7.0-rc3)
-CVE-2026-43486 [arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults]
+CVE-2026-43486 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/97c5550b763171dbef61e6239cab372b9f9cd4a2 (7.0-rc3)
-CVE-2026-43482 [sched_ext: Disable preemption between scx_claim_exit() and kicking helper work]
+CVE-2026-43482 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/83236b2e43dba00bee5b82eb5758816b1a674f6a (7.0-rc3)
-CVE-2026-43481 [net-shapers: don't free reply skb after genlmsg_reply()]
+CVE-2026-43481 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/57885276cc16a2e2b76282c808a4e84cbecb3aae (7.0-rc4)
-CVE-2026-43479 [net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect]
+CVE-2026-43479 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/312c816c6bc30342bc30dca0d6db617ab4d3ae4e (7.0-rc4)
-CVE-2026-43478 [ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put]
+CVE-2026-43478 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/30e4b2290cc2a8d1b9ddb9dcb9c981df1f2a7399 (7.0-rc4)
-CVE-2026-43477 [drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL]
+CVE-2026-43477 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.10-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/237aab549676288d9255bb8dcc284738e56eaa31 (7.0-rc4)
-CVE-2026-43476 [iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()]
+CVE-2026-43476 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/216345f98cae7fcc84f49728c67478ac00321c87 (7.0-rc4)
-CVE-2026-43488 [usb: xhci: Prevent interrupt storm on host controller error (HCE)]
+CVE-2026-43488 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
NOTE: https://git.kernel.org/linus/d6d5febd12452b7fd951fdd15c3ec262f01901a4 (7.0-rc4)
-CVE-2026-43485 [nouveau/gsp: drop WARN_ON in ACPI probes]
+CVE-2026-43485 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9478c166c46934160135e197b049b5a05753f2ad (7.0-rc2)
-CVE-2026-43484 [mmc: core: Avoid bitfield RMW for claim/retune flags]
+CVE-2026-43484 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
NOTE: https://git.kernel.org/linus/901084c51a0a8fb42a3f37d2e9c62083c495f824 (7.0-rc2)
-CVE-2026-43483 [KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated]
+CVE-2026-43483 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
NOTE: https://git.kernel.org/linus/87d0f901a9bd8ae6be57249c737f20ac0cace93d (7.0-rc4)
-CVE-2026-43480 [ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition]
+CVE-2026-43480 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
@@ -146,11 +806,12 @@ CVE-2026-XXXX [RUSTSEC-2026-0134]
- rust-diesel <unfixed>
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0134.html
NOTE: https://github.com/diesel-rs/diesel/pull/5042
-CVE-2026-8463
+CVE-2026-8463 (Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap ...)
- libcrypt-argon2-perl 0.031-1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40006926/
NOTE: https://github.com/Leont/crypt-argon2/commit/92eac03ce63d541e0ead7ea5a89b9b67ce0c0e64 (v0.031)
-CVE-2026-8449 (Linux ksmbd contains a remote memory corruption vulnerability in the A ...)
+CVE-2026-8449
+ REJECTED
TODO: check
CVE-2026-8336 (After invoking $_internalJsEmit, which is not intended to be directly ...)
- mongodb <removed>
@@ -248,7 +909,7 @@ CVE-2026-44548 (ChurchCRM is an open-source church management system. Prior to 7
NOT-FOR-US: ChurchCRM
CVE-2026-44547 (ChurchCRM is an open-source church management system. From 7.2.0 to 7. ...)
NOT-FOR-US: ChurchCRM
-CVE-2026-44403 (Wing FTP Server 8.1.2 contains an authenticated remote code execution ...)
+CVE-2026-44403 (Wing FTP Server before 8.1.3 contains an authenticated remote code exe ...)
NOT-FOR-US: Wing FTP Server
CVE-2026-44352 (Flowsint is an open-source OSINT graph exploration tool designed for c ...)
NOT-FOR-US: Flowsint
@@ -1359,7 +2020,7 @@ CVE-2026-45185 (Exim before 4.99.3, in certain GnuTLS configurations, has a remo
NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/4
NOTE: https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/EXIM-Security-2026-05-01.1.txt
NOTE: https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim
-CVE-2026-44931
+CVE-2026-44931 (The newly introduced RecordUsage D-Bus method https://gitlab.freedesk ...)
- malcontent <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/11/1
NOTE: https://gitlab.freedesktop.org/pwithnall/malcontent/-/work_items/137
@@ -2077,7 +2738,7 @@ CVE-2025-10470 (The Magic Link authentication flow accepts multiple invalid auth
NOT-FOR-US: WSO2
CVE-2024-0391 (The check user account lock states feature within the email OTP flow f ...)
NOT-FOR-US: WSO2
-CVE-2026-42304
+CVE-2026-42304 (Twisted is an event-based framework for internet applications, support ...)
- twisted 26.4.0-1
NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4
NOTE: https://github.com/twisted/twisted/issues/12626
@@ -7398,7 +8059,7 @@ CVE-2026-41572 (Note Mark is an open-source note-taking application. Prior to ve
NOT-FOR-US: Note Mark
CVE-2026-41571 (Note Mark is an open-source note-taking application. In version 0.19.2 ...)
NOT-FOR-US: Note Mark
-CVE-2026-41471 (Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and ear ...)
+CVE-2026-41471 (Easy PayPal Events & Tickets plugin for WordPress before version 1.4 c ...)
NOT-FOR-US: WordPress plugin
CVE-2026-40797 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
@@ -7476,7 +8137,7 @@ CVE-2026-33006 (A timing attack against mod_auth_digest in Apache HTTP Server 2.
NOTE: https://www.openwall.com/lists/oss-security/2026/05/04/21
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-33006
NOTE: https://github.com/apache/httpd/commit/4833b58c484c4eb8b429887b472bf4967cf88320 (2.4.67-rc1-candidate)
-CVE-2026-32834 (Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earl ...)
+CVE-2026-32834 (Easy PayPal Events & Tickets plugin for WordPress before version 1.4 c ...)
NOT-FOR-US: WordPress plugin
CVE-2026-31205 (Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev all ...)
NOT-FOR-US: Pluck CMS
@@ -10013,7 +10674,7 @@ CVE-2026-7111 (Text::CSV_XS versions before 1.62 for Perl have a use-after-free
NOTE: https://github.com/cpan-authors/Text-CSV_XS/issues/65
NOTE: Requisite for test case: https://github.com/cpan-authors/Text-CSV_XS/commit/b69bd94c2847cf3a28442af6286a345435955bcd
NOTE: Fixed by: https://github.com/cpan-authors/Text-CSV_XS/commit/c17f31a5f2bf36674748eb4b6e25672f0571a224
-CVE-2026-7168
+CVE-2026-7168 (Successfully using libcurl to do a transfer over a specific HTTP proxy ...)
- curl 8.20.0-1
[trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <no-dsa> (Minor issue)
@@ -10021,10 +10682,10 @@ CVE-2026-7168
NOTE: https://curl.se/docs/CVE-2026-7168.html
NOTE: Introduced by: https://github.com/curl/curl/commit/fc6eff13b5414caf6edf22d73a3239e074a04216 (curl-7_12_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/c1cfdf59acbaf9504c4578d4cf56cdd7c8594507 (curl-8_20_0)
-CVE-2026-7009
+CVE-2026-7009 (When curl is told to use the Certificate Status Request TLS extension, ...)
- curl <not-affected> (Specific to MacOS)
NOTE: https://curl.se/docs/CVE-2026-7009.html
-CVE-2026-6429
+CVE-2026-6429 (When asked to both use a `.netrc` file for credentials and to follow H ...)
- curl 8.20.0~rc3-1
[trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <no-dsa> (Minor issue)
@@ -10032,7 +10693,7 @@ CVE-2026-6429
NOTE: https://curl.se/docs/CVE-2026-6429.html
NOTE: Introduced by: https://github.com/curl/curl/commit/01165e08e0d131b399fba2190f17af67e66f0888 (curl-7_14_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/b4024bf808bd558026fdc6096e8457f199ace306 (rc-8_20_0-3)
-CVE-2026-6253
+CVE-2026-6253 (curl might erroneously pass on credentials for a first proxy to a seco ...)
- curl 8.20.0~rc3-1
[trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <no-dsa> (Minor issue)
@@ -10044,7 +10705,7 @@ CVE-2026-42198 (pgjdbc is an open source postgresql JDBC Driver. From version 42
- libpgjava 42.7.11-1
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-98qh-xjc8-98pq
NOTE: https://github.com/pgjdbc/pgjdbc/commit/c9d41d1332a7426fcef19ff89f2e6b1116429143 (REL42.7.11)
-CVE-2026-5773
+CVE-2026-5773 (libcurl might in some circumstances reuse the wrong connection for SMB ...)
- curl 8.20.0~rc2-1
[trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <no-dsa> (Minor issue)
@@ -10052,7 +10713,7 @@ CVE-2026-5773
NOTE: https://curl.se/docs/CVE-2026-5773.html
NOTE: Introduced by: https://github.com/curl/curl/commit/aec2e865f06669b9cb5d26cc1148d70bc418b163 (curl-7_40_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/74a169575d6412dc0ff532acdf94de35a6c2a571 (rc-8_20_0-2)
-CVE-2026-5545
+CVE-2026-5545 (libcurl might in some circumstances reuse the wrong connection when as ...)
- curl 8.20.0~rc2-1
[trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <no-dsa> (Minor issue)
@@ -10060,7 +10721,7 @@ CVE-2026-5545
NOTE: https://curl.se/docs/CVE-2026-5545.html
NOTE: Introduced by: https://github.com/curl/curl/commit/e56ae1426cb7a0a4a427cf8d6099a821fdaae428 (curl-7_10_6)
NOTE: Fixed by: https://github.com/curl/curl/commit/33e43985b8f3b9e66691d06e70be0395849856cd (rc-8_20_0-1)
-CVE-2026-4873
+CVE-2026-4873 (A vulnerability exists where a connection requiring TLS incorrectly re ...)
- curl 8.20.0~rc2-1
[trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <no-dsa> (Minor issue)
@@ -10068,7 +10729,7 @@ CVE-2026-4873
NOTE: https://curl.se/docs/CVE-2026-4873.html
NOTE: Introduced by: https://github.com/curl/curl/commit/ec3bb8f727405642a471b4b1b9eb0118fc003104 (curl-7_20_0)
NOTE: Fixed by: https://github.com/curl/curl/commit/507e7be573b0a76fca597b75ff7cb27a66e7d865 (rc-8_20_0-1)
-CVE-2026-6276
+CVE-2026-6276 (Using libcurl, when a custom `Host:` header is first set for an HTTP r ...)
- curl 8.20.0~rc3-1
[trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <no-dsa> (Minor issue)
@@ -11099,7 +11760,7 @@ CVE-2025-15626 (Authenticated user can bypass authorization in Ribblr - Crochet
NOT-FOR-US: Ribblr
CVE-2026-7040 (Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap ...)
NOT-FOR-US: Text::Minify::XS Perl module
-CVE-2026-25710
+CVE-2026-25710 (The new upstream added a privileged D-Bus helper called plasmaloginaut ...)
NOT-FOR-US: plasma-login-manager
CVE-2026-41682 (pupnp is an SDK for development of UPnP device and control point appli ...)
- pupnp 1:1.14.31-1
@@ -33654,6 +34315,7 @@ CVE-2026-29858 (A lack of path validation in aaPanel v7.57.0 allows attackers to
CVE-2026-29856 (An issue in the VirtualHost configuration handling/parser component of ...)
NOT-FOR-US: aaPanel
CVE-2026-27135 (nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...)
+ {DLA-4581-1}
- nghttp2 1.68.1-1 (bug #1131369)
NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6
NOTE: Fixed by: https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 (v1.68.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d74cb9a8a63374ee65fff2a434fdf97875681ef5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d74cb9a8a63374ee65fff2a434fdf97875681ef5
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/5885c1cf/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list