[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 14 20:13:34 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6da1b13f by security tracker role at 2026-05-14T19:13:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,57 +1,315 @@
-CVE-2026-6479
+CVE-2026-8621 (Crabbox prior to v0.12.0 contains an authentication bypass vulnerabili ...)
+ TODO: check
+CVE-2026-8468 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-8295 (An integer overflow vulnerability in the simdjson document-builder API ...)
+ TODO: check
+CVE-2026-7805
+ REJECTED
+CVE-2026-6923 (A side-channel attack, which requires a physical presence to the TPM, ...)
+ TODO: check
+CVE-2026-6514 (The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary Fil ...)
+ TODO: check
+CVE-2026-6512 (The InfusedWoo Pro plugin for WordPress is vulnerable to authorization ...)
+ TODO: check
+CVE-2026-6504 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2026-6332 (CWE-312: Cleartext Storage of Sensitive Information vulnerability exis ...)
+ TODO: check
+CVE-2026-6206 (The MW WP Form plugin for WordPress is vulnerable to Information Expos ...)
+ TODO: check
+CVE-2026-6174 (The CC Child Pages plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2026-6145 (The User Registration & Membership plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-6008 (Authorization bypass through User-Controlled key vulnerability in Im P ...)
+ TODO: check
+CVE-2026-5798 (Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versi ...)
+ TODO: check
+CVE-2026-5790 (Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, l ...)
+ TODO: check
+CVE-2026-4031 (The Database Backup for WordPress plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-4030 (The Database Backup for WordPress plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-4029 (The Database Backup for WordPress plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2026-46470 (An issue was discovered in GStreamer gst-plugins-good before 1.28.2. W ...)
+ TODO: check
+CVE-2026-46469 (An issue was discovered in GStreamer gst-plugins-good before 1.28.2. W ...)
+ TODO: check
+CVE-2026-45448 (CWE-601 URL redirection to untrusted site ('open redirect'))
+ TODO: check
+CVE-2026-45375 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+ TODO: check
+CVE-2026-45371 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+ TODO: check
+CVE-2026-45205 (Uncontrolled Recursion vulnerability in Apache Commons. When processi ...)
+ TODO: check
+CVE-2026-45148 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+ TODO: check
+CVE-2026-45147 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+ TODO: check
+CVE-2026-44827 (Diffusers is the a library for pretrained diffusion models. Prior to ...)
+ TODO: check
+CVE-2026-44670 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+ TODO: check
+CVE-2026-44633 (Live Helper Chat is an open-source application that enables live suppo ...)
+ TODO: check
+CVE-2026-44592 (Gradient is a nix-based continuous integration system. In 1.1.0, when ...)
+ TODO: check
+CVE-2026-44589 (Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBl ...)
+ TODO: check
+CVE-2026-44588 (SiYuan is an open-source personal knowledge management system. Prior t ...)
+ TODO: check
+CVE-2026-44586 (SiYuan is an open-source personal knowledge management system. From 2. ...)
+ TODO: check
+CVE-2026-44544 (gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an ...)
+ TODO: check
+CVE-2026-44542 (FileBrowser Quantum is a free, self-hosted, web-based file manager. Pr ...)
+ TODO: check
+CVE-2026-44523 (Note Mark is an open-source note-taking application. Prior to 0.19.4, ...)
+ TODO: check
+CVE-2026-44522 (Note Mark is an open-source note-taking application. From 0.13.0 to be ...)
+ TODO: check
+CVE-2026-44520 (Docling-Graph turns documents into validated Pydantic objects, then bu ...)
+ TODO: check
+CVE-2026-44516 (Valtimo is an open-source business process automation platform. From 1 ...)
+ TODO: check
+CVE-2026-44515 (Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nex ...)
+ TODO: check
+CVE-2026-44514 (Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.1 ...)
+ TODO: check
+CVE-2026-44513 (Diffusers is the a library for pretrained diffusion models. Prior to ...)
+ TODO: check
+CVE-2026-44511 (Katalyst Koi is a framework for building Rails admin functionality. Pr ...)
+ TODO: check
+CVE-2026-44504 (Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9 ...)
+ TODO: check
+CVE-2026-44503 (The RedirectHandler middleware in microsoft/kiota-java (com.microsoft. ...)
+ TODO: check
+CVE-2026-44501 (DataHub is an open-source metadata platform. Prior to 1.5.0.3, The Dat ...)
+ TODO: check
+CVE-2026-44484 (PyTorch Lightning is a deep learning framework to pretrain and finetun ...)
+ TODO: check
+CVE-2026-44482 (soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark ...)
+ TODO: check
+CVE-2026-44375 (Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serializati ...)
+ TODO: check
+CVE-2026-44374 (Backstage is an open framework for building developer portals. Prior t ...)
+ TODO: check
+CVE-2026-44371 (Open OnDemand is an open-source high-performance computing portal. Pri ...)
+ TODO: check
+CVE-2026-44348 (PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4 ...)
+ TODO: check
+CVE-2026-44312 (css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Pa ...)
+ TODO: check
+CVE-2026-44308 (Spring Cloud AWS simplifies using AWS managed services in a Spring and ...)
+ TODO: check
+CVE-2026-44283 (etcd is a distributed key-value store for the data of a distributed sy ...)
+ TODO: check
+CVE-2026-44216 (Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, ...)
+ TODO: check
+CVE-2026-43644 (podinfo through 6.11.2 contains a reflected cross-site scripting vulne ...)
+ TODO: check
+CVE-2026-42897 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2026-42881 (STIGQter is an open-source reimplementation of DISA's STIG Viewer. Fro ...)
+ TODO: check
+CVE-2026-42598 (Pode is a Cross-Platform PowerShell web framework for creating REST AP ...)
+ TODO: check
+CVE-2026-42597 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
+ TODO: check
+CVE-2026-42596 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
+ TODO: check
+CVE-2026-42595 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
+ TODO: check
+CVE-2026-42594 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
+ TODO: check
+CVE-2026-42593 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
+ TODO: check
+CVE-2026-42592 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
+ TODO: check
+CVE-2026-42591 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
+ TODO: check
+CVE-2026-42590 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
+ TODO: check
+CVE-2026-42589 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
+ TODO: check
+CVE-2026-42572 (Hatchet is a platform for orchestrating background tasks, AI agents, a ...)
+ TODO: check
+CVE-2026-42559 (RMCP is an official Rust SDK for the Model Context Protocol. Prior to ...)
+ TODO: check
+CVE-2026-42555 (Valtimo is an open-source business process automation platform. com.ri ...)
+ TODO: check
+CVE-2026-42457 (vCluster Platform provides a Kubernetes platform for managing virtual ...)
+ TODO: check
+CVE-2026-42334 (Mongoose is a MongoDB object modeling tool designed to work in an asyn ...)
+ TODO: check
+CVE-2026-42283 (DevSpace is a client-only developer tool for cloud-native development ...)
+ TODO: check
+CVE-2026-42281 (MagicMirror\xb2 is an open source modular smart mirror platform. Prior ...)
+ TODO: check
+CVE-2026-42186 (OpenBao is an open source identity-based secrets management system. Pr ...)
+ TODO: check
+CVE-2026-42159 (Flowsint is an open-source OSINT graph exploration tool designed for c ...)
+ TODO: check
+CVE-2026-41937 (Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerabilit ...)
+ TODO: check
+CVE-2026-41935 (Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability ...)
+ TODO: check
+CVE-2026-41933 (Vvveb before 1.0.8.3 contains a directory listing information disclosu ...)
+ TODO: check
+CVE-2026-41932 (Vvveb before 1.0.8.3 contains a stored cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2026-41888 (Distribution is a toolkit to pack, ship, store, and deliver container ...)
+ TODO: check
+CVE-2026-41615 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
+ TODO: check
+CVE-2026-41315 (mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver- ...)
+ TODO: check
+CVE-2026-40893 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
+ TODO: check
+CVE-2026-38740 (Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Clearte ...)
+ TODO: check
+CVE-2026-2347 (Authorization bypass through User-Controlled key vulnerability in Akil ...)
+ TODO: check
+CVE-2026-27886 (Strapi is an open source headless content management system. Strapi ve ...)
+ TODO: check
+CVE-2026-27680 (Due to improper input handling under certain conditions, SAP NetWeaver ...)
+ TODO: check
+CVE-2026-24712 (Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, ...)
+ TODO: check
+CVE-2026-24711 (Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 ha ...)
+ TODO: check
+CVE-2026-24710 (Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 al ...)
+ TODO: check
+CVE-2026-23998 (Fleet is open source device management software. Prior to version 4.81 ...)
+ TODO: check
+CVE-2026-22707 (Strapi is an open source headless content management system. In Strapi ...)
+ TODO: check
+CVE-2026-22706 (Strapi is an open source headless content management system. In Strapi ...)
+ TODO: check
+CVE-2026-22599 (Strapi is an open source headless content management system. In versio ...)
+ TODO: check
+CVE-2026-21730 (Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability ...)
+ TODO: check
+CVE-2026-20224 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, former ...)
+ TODO: check
+CVE-2026-20210 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, former ...)
+ TODO: check
+CVE-2026-20209 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, former ...)
+ TODO: check
+CVE-2026-20182 (May 2026: This security advisory provides the details and fix informat ...)
+ TODO: check
+CVE-2026-1630 (WEBCON BPS is vulnerable to Reflected XSS via one of parameters used b ...)
+ TODO: check
+CVE-2025-69443 (Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, w ...)
+ TODO: check
+CVE-2025-68421 (Comarch ERP Optima client makes use of a hard-coded password for a dat ...)
+ TODO: check
+CVE-2025-68420 (ComarchERP Optima client connects to a database using a high privilege ...)
+ TODO: check
+CVE-2025-64526 (Strapi is an open source headless content management system. In Strapi ...)
+ TODO: check
+CVE-2025-62628 (Unsafe OpenSSL initialization within some AMD optional tools may allow ...)
+ TODO: check
+CVE-2025-62625 (Improper privilege management in the KVM key download component could ...)
+ TODO: check
+CVE-2025-62619 (Missing authentication in the KVM key download endpoint could allow an ...)
+ TODO: check
+CVE-2025-62317 (HCL AION is affected by a vulnerability where sensitive information ma ...)
+ TODO: check
+CVE-2025-62316 (HCL AION is affected by a vulnerability where certain security-related ...)
+ TODO: check
+CVE-2025-62313 (HCL AION is affected by a vulnerability where adequate protections aga ...)
+ TODO: check
+CVE-2025-62312 (HCL AION is affected by a vulnerability where basic authorization toke ...)
+ TODO: check
+CVE-2025-62311 (HCL AION is affected by a vulnerability where backend service details ...)
+ TODO: check
+CVE-2025-62310 (HCL AION is affected by a vulnerability where encryption is not enforc ...)
+ TODO: check
+CVE-2025-62309 (HCL AION is affected by a vulnerability where auto-complete functional ...)
+ TODO: check
+CVE-2025-62308 (HCL AION is affected by a vulnerability where sensitive backend infras ...)
+ TODO: check
+CVE-2025-62305 (HCL AION is affected by a vulnerability where certain operations may t ...)
+ TODO: check
+CVE-2025-15025 (Authorization bypass through User-Controlled key vulnerability in Yord ...)
+ TODO: check
+CVE-2025-15024 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-15023 (Incorrect Authorization vulnerability in Yordam Information Technology ...)
+ TODO: check
+CVE-2025-12008 (Authorization bypass through User-Controlled key vulnerability in APPY ...)
+ TODO: check
+CVE-2025-11024 (Improper neutralization of special elements used in an SQL command ('S ...)
+ TODO: check
+CVE-2026-6479 (Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an ...)
+ {DSA-6270-1 DSA-6269-1}
- postgresql-18 18.4-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-6473
+CVE-2026-6473 (Integer wraparound in multiple PostgreSQL server features allows an un ...)
+ {DSA-6270-1 DSA-6269-1}
- postgresql-18 18.4-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-6476
+CVE-2026-6476 (SQL injection in PostgreSQL pg_createsubscriber allows an attacker wit ...)
+ {DSA-6270-1}
- postgresql-18 18.4-1
- postgresql-17 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-6638
+CVE-2026-6638 (SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... ...)
+ {DSA-6270-1}
- postgresql-18 18.4-1
- postgresql-17 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-6575
+CVE-2026-6575 (Buffer over-read in PostgreSQL function pg_restore_attribute_stats() a ...)
- postgresql-18 18.4-1
NOTE: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-6474
+CVE-2026-6474 (Externally-controlled format string in PostgreSQL timeofday() function ...)
+ {DSA-6270-1 DSA-6269-1}
- postgresql-18 18.4-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-6472
+CVE-2026-6472 (Missing authorization in PostgreSQL CREATE TYPE allows an object creat ...)
+ {DSA-6270-1 DSA-6269-1}
- postgresql-18 18.4-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-6478
+CVE-2026-6478 (Covert timing channel in comparison of MD5-hashed password in PostgreS ...)
+ {DSA-6270-1 DSA-6269-1}
- postgresql-18 18.4-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-6477
+CVE-2026-6477 (Use of inherently dangerous function PQfn(..., result_is_int=0, ...) i ...)
+ {DSA-6270-1 DSA-6269-1}
- postgresql-18 18.4-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-6475
+CVE-2026-6475 (Symlink following in PostgreSQL pg_basebackup plain format and in pg_r ...)
+ {DSA-6270-1 DSA-6269-1}
- postgresql-18 18.4-1
- postgresql-17 <removed>
- postgresql-15 <removed>
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/
-CVE-2026-6637
+CVE-2026-6637 (Stack buffer overflow in PostgreSQL module "refint" allows an unprivil ...)
+ {DSA-6270-1 DSA-6269-1}
- postgresql-18 18.4-1
- postgresql-17 <removed>
- postgresql-15 <removed>
@@ -1414,7 +1672,7 @@ CVE-2026-4920 (The Next Date plugin for WordPress is vulnerable to Stored Cross-
NOT-FOR-US: WordPress plugin
CVE-2026-4859 (The SP Blog Designer plugin for WordPress is vulnerable to Stored Cros ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-4827 (CWE\u2011331 Insufficient Entropy vulnerability exists that could lead ...)
+CVE-2026-4827 (CWE\u2011331: Insufficient Entropy vulnerability exists that could lea ...)
NOT-FOR-US: Schneider Electric
CVE-2026-4663 (The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing ...)
NOT-FOR-US: WordPress plugin
@@ -5154,7 +5412,7 @@ CVE-2023-42344 (Alkacon OpenCms before 10.5.1 allows remote unauthenticated atta
CVE-2023-42343 (A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 ...)
NOT-FOR-US: Alkacon OpenCms
CVE-2026-8094 (Other issue in the WebRTC component. This vulnerability was fixed in F ...)
- {DSA-6254-1 DLA-4575-1}
+ {DSA-6267-1 DSA-6254-1 DLA-4582-1 DLA-4575-1}
- firefox-esr 140.10.2esr-1
- thunderbird 1:140.10.2esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/#CVE-2026-8094
@@ -5163,7 +5421,7 @@ CVE-2026-8093 (Memory safety bugs present in Thunderbird 150.0.1. Some of these
- firefox 150.0.2-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/#CVE-2026-8093
CVE-2026-8092 (Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird ...)
- {DSA-6254-1 DLA-4575-1}
+ {DSA-6267-1 DSA-6254-1 DLA-4582-1 DLA-4575-1}
- firefox 150.0.2-1
- firefox-esr 140.10.2esr-1
- thunderbird 1:140.10.2esr-1
@@ -5179,7 +5437,7 @@ CVE-2026-8091 (Incorrect boundary conditions in the Audio/Video: Playback compon
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-8091
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/#CVE-2026-8091
CVE-2026-8090 (Use-after-free in the DOM: Networking component. This vulnerability wa ...)
- {DSA-6254-1 DLA-4575-1}
+ {DSA-6267-1 DSA-6254-1 DLA-4582-1 DLA-4575-1}
- firefox 150.0.2-1
- firefox-esr 140.10.2esr-1
- thunderbird 1:140.10.2esr-1
@@ -6247,7 +6505,7 @@ CVE-2026-20193 (A vulnerability in the RADIUS Policy API endpoints of Cisco ISE
NOT-FOR-US: Cisco
CVE-2026-20189 (A vulnerability in the log file download functionality of Cisco Prime ...)
NOT-FOR-US: Cisco
-CVE-2026-20188 (A vulnerability in the connection-handling mechanism of Cisco Crosswor ...)
+CVE-2026-20188 (Following the initial publication of the Security Advisory about a den ...)
NOT-FOR-US: Cisco
CVE-2026-20185 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
NOT-FOR-US: Cisco
@@ -7575,7 +7833,7 @@ CVE-2024-52911 (Bitcoin Core through 28.x has a security issue, the details of w
CVE-2026-39852 (Quarkus is a Java framework for building cloud-native applications. In ...)
NOT-FOR-US: Quarkus
CVE-2026-28780 (Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HT ...)
- {DSA-6248-1}
+ {DSA-6248-1 DLA-4571-1}
- apache2 2.4.67-1
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-28780
NOTE: https://github.com/apache/httpd/commit/d04119e6e591f7b21222e749387a8b39e9092a1b (2.4.67-rc1-candidate)
@@ -7728,7 +7986,7 @@ CVE-2026-30923 (ModSecurity is an open source, cross platform web application fi
CVE-2026-30246 (Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versio ...)
NOT-FOR-US: Fiber
CVE-2026-29168 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- {DSA-6248-1}
+ {DSA-6248-1 DLA-4571-1}
- apache2 2.4.67-1
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/6
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2026-29168
@@ -34433,7 +34691,7 @@ CVE-2026-29858 (A lack of path validation in aaPanel v7.57.0 allows attackers to
CVE-2026-29856 (An issue in the VirtualHost configuration handling/parser component of ...)
NOT-FOR-US: aaPanel
CVE-2026-27135 (nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...)
- {DLA-4581-1}
+ {DSA-6266-1 DLA-4581-1}
- nghttp2 1.68.1-1 (bug #1131369)
NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6
NOTE: Fixed by: https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1 (v1.68.1)
@@ -45558,7 +45816,7 @@ CVE-2026-26746 (OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulner
NOT-FOR-US: OpenSourcePOS
CVE-2026-26745 (OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in ...)
NOT-FOR-US: OpenSourcePOS
-CVE-2026-26725 (An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 allo ...)
+CVE-2026-26725 (An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 (fix ...)
NOT-FOR-US: edu Business Solutions Print Shop Pro WebDesk
CVE-2026-26724 (Cross Site Scripting vulnerability in Key Systems Inc Global Facilitie ...)
NOT-FOR-US: Key Systems Inc Global Facilities Management Software
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6da1b13fb9396966080ae1476ec21f3ad777dddd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6da1b13fb9396966080ae1476ec21f3ad777dddd
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/d622db44/attachment.htm>
More information about the debian-security-tracker-commits
mailing list