[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun May 17 20:13:44 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
38f1e9fc by security tracker role at 2026-05-17T19:13:39+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,117 @@
+CVE-2026-8759 (A vulnerability was identified in xiandafu beetl up to 3.20.2. Affecte ...)
+ TODO: check
+CVE-2026-8758 (A vulnerability was determined in Metasoft \u7f8e\u7279\u8f6f\u4ef6 Me ...)
+ TODO: check
+CVE-2026-8757 (A vulnerability was found in adenhq hive up to 0.11.0. This affects th ...)
+ TODO: check
+CVE-2026-8756 (A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4 ...)
+ TODO: check
+CVE-2026-8755 (A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225 ...)
+ TODO: check
+CVE-2026-8754 (A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impa ...)
+ TODO: check
+CVE-2026-8753 (A security vulnerability has been detected in kalcaddle Kodbox up to 1 ...)
+ TODO: check
+CVE-2026-8752 (A weakness has been identified in h2oai h2o-3 up to 7402. This vulnera ...)
+ TODO: check
+CVE-2026-8751 (A security flaw has been discovered in h2oai h2o-3 up to 7402. This af ...)
+ TODO: check
+CVE-2026-8750 (A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by ...)
+ TODO: check
+CVE-2026-8747 (A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects t ...)
+ TODO: check
+CVE-2026-8746 (A security flaw has been discovered in Open5GS up to 2.7.7. Affected b ...)
+ TODO: check
+CVE-2026-8745 (A vulnerability was identified in Open5GS up to 2.7.7. Affected by thi ...)
+ TODO: check
+CVE-2026-8744 (A vulnerability was determined in Open5GS up to 2.7.7. Affected is the ...)
+ TODO: check
+CVE-2026-8743 (A vulnerability was found in Open5GS up to 2.7.6. This impacts the fun ...)
+ TODO: check
+CVE-2026-8741 (A vulnerability has been found in EMQX up to 6.2.0. This affects an un ...)
+ TODO: check
+CVE-2026-8740 (A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted el ...)
+ TODO: check
+CVE-2026-8739 (A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affe ...)
+ TODO: check
+CVE-2026-8738 (A security vulnerability has been detected in Sanluan PublicCMS 5.2025 ...)
+ TODO: check
+CVE-2026-8737 (A weakness has been identified in Sanluan PublicCMS 5.202506.d. This i ...)
+ TODO: check
+CVE-2026-8736 (A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This ...)
+ TODO: check
+CVE-2026-8735 (A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affe ...)
+ TODO: check
+CVE-2026-8734 (A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected ...)
+ TODO: check
+CVE-2026-8733 (A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. ...)
+ TODO: check
+CVE-2026-8731 (A vulnerability has been found in Open5GS up to 2.7.7. Affected is the ...)
+ TODO: check
+CVE-2026-8730 (A flaw has been found in Open5GS up to 2.7.6. This impacts the functio ...)
+ TODO: check
+CVE-2026-8729 (A vulnerability was detected in Open5GS up to 2.7.7. This affects an u ...)
+ TODO: check
+CVE-2026-8728 (A security vulnerability has been detected in Open5GS up to 2.7.7. The ...)
+ TODO: check
+CVE-2026-8725 (A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The af ...)
+ TODO: check
+CVE-2026-8724 (A security flaw has been discovered in Dataease 2.10.20. Impacted is t ...)
+ TODO: check
+CVE-2026-8723 (### Summary `qs.stringify` throws `TypeError` when called with `arr ...)
+ TODO: check
+CVE-2026-8721 (Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwo ...)
+ TODO: check
+CVE-2026-8719 (The AI Engine \u2013 The Chatbot, AI Framework & MCP for WordPress plu ...)
+ TODO: check
+CVE-2026-8507 (Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of boun ...)
+ TODO: check
+CVE-2026-6050
+ REJECTED
+CVE-2026-46720 (Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric inject ...)
+ TODO: check
+CVE-2018-25339 (Zechat 1.5 contains a SQL injection vulnerability in the v parameter t ...)
+ TODO: check
+CVE-2018-25338 (Zechat 1.5 contains a SQL injection vulnerability in the hashtag param ...)
+ TODO: check
+CVE-2018-25337 (Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerabil ...)
+ TODO: check
+CVE-2018-25336 (Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forger ...)
+ TODO: check
+CVE-2018-25335 (WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload v ...)
+ TODO: check
+CVE-2018-25334 (Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability ...)
+ TODO: check
+CVE-2018-25333 (Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL inject ...)
+ TODO: check
+CVE-2018-25332 (GitBucket 4.23.1 contains an unauthenticated remote code execution vul ...)
+ TODO: check
+CVE-2018-25331 (Zenar Content Management System contains a cross-site scripting vulner ...)
+ TODO: check
+CVE-2018-25330 (Joomla! extension EkRishta 2.10 contains persistent cross-site scripti ...)
+ TODO: check
+CVE-2018-25329 (WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion v ...)
+ TODO: check
+CVE-2018-25328 (VX Search 10.6.18 contains a local buffer overflow vulnerability that ...)
+ TODO: check
+CVE-2018-25327 (Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery ...)
+ TODO: check
+CVE-2018-25326 (Google Drive for WordPress 2.2 contains a path traversal vulnerability ...)
+ TODO: check
+CVE-2018-25325 (Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability ...)
+ TODO: check
+CVE-2018-25324 (Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file ...)
+ TODO: check
+CVE-2018-25323 (Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured ex ...)
+ TODO: check
+CVE-2018-25322 (Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflo ...)
+ TODO: check
+CVE-2018-25321 (TP-Link TL-WR720N wireless router contains a cross-site request forger ...)
+ TODO: check
+CVE-2018-25320 (ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary co ...)
+ TODO: check
+CVE-2018-25319 (Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerabilit ...)
+ TODO: check
CVE-2025-4202 (The Multicollab: Content Team Collaboration and Editorial Workflow plu ...)
NOT-FOR-US: WordPress plugin
CVE-2021-47981 (Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sli ...)
@@ -34148,7 +34262,7 @@ CVE-2026-33291 (Discourse is an open-source discussion platform. Prior to versio
NOT-FOR-US: Discourse
CVE-2026-33251 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
NOT-FOR-US: Discourse
-CVE-2026-46728
+CVE-2026-46728 (Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verif ...)
- u-boot <unfixed> (bug #1136954)
[trixie] - u-boot <no-dsa> (Minor issue)
[bookworm] - u-boot <no-dsa> (Minor issue)
@@ -46301,7 +46415,7 @@ CVE-2026-23521 (Versions of the Traccar open-source GPS tracking system up to an
CVE-2026-21864 (Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter ...)
NOT-FOR-US: Valkey-Bloom
CVE-2026-21863 (Valkey is a distributed key-value database. Prior to versions 9.0.2, 8 ...)
- {DSA-6198-1}
+ {DSA-6279-1 DSA-6198-1}
- redis 5:8.0.6-1 (bug #1132205)
[bullseye] - redis <not-affected> (Vulnerable code not present, cluster branch merged for version 7.2.4-rc1)
- redict 7.3.6+ds-2 (bug #1132206)
@@ -46344,7 +46458,7 @@ CVE-2025-69208 (free5GC UDR is the user data repository (UDR) for free5GC, an an
CVE-2025-68930 (Versions of the Traccar open-source GPS tracking system up to and incl ...)
NOT-FOR-US: Traccar
CVE-2025-67733 (Valkey is a distributed key-value database. Prior to versions 9.0.2, 8 ...)
- {DSA-6198-1}
+ {DSA-6279-1 DSA-6198-1}
- redis 5:8.0.6-1 (bug #1132205)
[bullseye] - redis <not-affected> (Vulnerable code not present)
- redict 7.3.6+ds-2 (bug #1132206)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f1e9fc1c39f9a3a1f43bf8525b6ee8eec3a230
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38f1e9fc1c39f9a3a1f43bf8525b6ee8eec3a230
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260517/caed9208/attachment.htm>
More information about the debian-security-tracker-commits
mailing list