[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon May 25 20:13:16 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3bad0123 by security tracker role at 2026-05-25T19:13:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,196 @@
-CVE-2026-46745
+CVE-2026-9490 (A security vulnerability has been identified in Acer Care Center where ...)
+ TODO: check
+CVE-2026-9483 (A vulnerability was found in SourceCodester Student Grades Management ...)
+ TODO: check
+CVE-2026-9482 (A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts ...)
+ TODO: check
+CVE-2026-9481 (A flaw has been found in Edimax EW-7438RPn 1.31. This affects the func ...)
+ TODO: check
+CVE-2026-9480 (A vulnerability was detected in Edimax EW-7438RPn 1.31. The impacted e ...)
+ TODO: check
+CVE-2026-9479 (A security vulnerability has been detected in Edimax EW-7438RPn 1.31. ...)
+ TODO: check
+CVE-2026-9478 (A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521 ...)
+ TODO: check
+CVE-2026-9477 (A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b202 ...)
+ TODO: check
+CVE-2026-9476 (A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521 ...)
+ TODO: check
+CVE-2026-9475 (A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521 ...)
+ TODO: check
+CVE-2026-9474 (A vulnerability was found in yashpokharna2555 StudentManagementSystem ...)
+ TODO: check
+CVE-2026-9473 (A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected b ...)
+ TODO: check
+CVE-2026-9472 (A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c9 ...)
+ TODO: check
+CVE-2026-9471 (A vulnerability was detected in yashpokharna2555 StudentManagementSyst ...)
+ TODO: check
+CVE-2026-9470 (A security vulnerability has been detected in yashpokharna2555 Student ...)
+ TODO: check
+CVE-2026-9469 (A weakness has been identified in yashpokharna2555 StudentManagementSy ...)
+ TODO: check
+CVE-2026-9468 (A security flaw has been discovered in dazeb cline-mcp-memory-bank up ...)
+ TODO: check
+CVE-2026-9467 (A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. ...)
+ TODO: check
+CVE-2026-9466 (A vulnerability was determined in Tiandy Easy7 Integrated Management P ...)
+ TODO: check
+CVE-2026-9465 (A vulnerability was found in Tiandy Easy7 Integrated Management Platfo ...)
+ TODO: check
+CVE-2026-9464 (A vulnerability has been found in YunaiV yudao-cloud 2026.03. This aff ...)
+ TODO: check
+CVE-2026-9463 (A flaw has been found in Edimax EW-7438RPn 1.31. Affected by this issu ...)
+ TODO: check
+CVE-2026-9462 (A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by th ...)
+ TODO: check
+CVE-2026-9461 (A security vulnerability has been detected in Edimax EW-7438RPn 1.31. ...)
+ TODO: check
+CVE-2026-9460 (A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts ...)
+ TODO: check
+CVE-2026-9459 (A security flaw has been discovered in Edimax EW-7438RPn 1.31. This af ...)
+ TODO: check
+CVE-2026-9458 (A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521 ...)
+ TODO: check
+CVE-2026-9457 (A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521 ...)
+ TODO: check
+CVE-2026-9456 (A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Imp ...)
+ TODO: check
+CVE-2026-9455 (A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521 ...)
+ TODO: check
+CVE-2026-9454 (A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vu ...)
+ TODO: check
+CVE-2026-9453 (A vulnerability was detected in FoundDream miniclawd up to 2d65665046e ...)
+ TODO: check
+CVE-2026-9452 (A security vulnerability has been detected in FoundDream miniclawd up ...)
+ TODO: check
+CVE-2026-9451 (A weakness has been identified in code-projects Employee Management Sy ...)
+ TODO: check
+CVE-2026-9450 (A security flaw has been discovered in code-projects Employee Manageme ...)
+ TODO: check
+CVE-2026-9449 (A vulnerability was identified in code-projects Employee Management Sy ...)
+ TODO: check
+CVE-2026-9448 (A vulnerability was determined in code-projects Employee Management Sy ...)
+ TODO: check
+CVE-2026-9447 (A vulnerability was found in SourceCodester Simple POS and Inventory S ...)
+ TODO: check
+CVE-2026-9446 (A vulnerability has been found in SourceCodester Simple POS and Invent ...)
+ TODO: check
+CVE-2026-9445 (A flaw has been found in SourceCodester Simple POS and Inventory Syste ...)
+ TODO: check
+CVE-2026-9444 (A vulnerability was detected in SourceCodester Simple POS and Inventor ...)
+ TODO: check
+CVE-2026-9443 (A security vulnerability has been detected in Edimax BR-6478AC 1.23. T ...)
+ TODO: check
+CVE-2026-9442 (A weakness has been identified in Edimax BR-6478AC 1.23. This affects ...)
+ TODO: check
+CVE-2026-9441 (A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected ...)
+ TODO: check
+CVE-2026-9440 (A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by t ...)
+ TODO: check
+CVE-2026-9439 (A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is t ...)
+ TODO: check
+CVE-2026-9438 (A vulnerability was found in yashpokharna2555 StudentManagementSystem ...)
+ TODO: check
+CVE-2026-9437 (A vulnerability has been found in DTStack Taier 1.4.0. This affects th ...)
+ TODO: check
+CVE-2026-9436 (A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The imp ...)
+ TODO: check
+CVE-2026-9435 (A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. ...)
+ TODO: check
+CVE-2026-9274 (This vulnerability exists in CP Plus Wi-Fi Camera due to improper prot ...)
+ TODO: check
+CVE-2026-9078 (Firefox for iOS displayed specially crafted right-to-left (RTL) and in ...)
+ TODO: check
+CVE-2026-9058 (Szafir SDK returns a success status code from the cryptographic digita ...)
+ TODO: check
+CVE-2026-7766 (Kenik Camera management Panel is vulnerable to Path Traversal vulnerab ...)
+ TODO: check
+CVE-2026-5223 (Cargo incorrectly handled symlinks inside of crate tarballs downloaded ...)
+ TODO: check
+CVE-2026-5222 (Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-p ...)
+ TODO: check
+CVE-2026-4915 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
+ TODO: check
+CVE-2026-47077 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-47076 (Interpretation Conflict vulnerability in benoitc hackney allows Server ...)
+ TODO: check
+CVE-2026-47075 (Improper Neutralization of CRLF Sequences vulnerability in benoitc hac ...)
+ TODO: check
+CVE-2026-47073 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-47072 (Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerabi ...)
+ TODO: check
+CVE-2026-47071 (Uncontrolled Resource Consumption vulnerability in benoitc hackney all ...)
+ TODO: check
+CVE-2026-47070 (Sensitive Data Exposure vulnerability in benoitc hackney allows Retrie ...)
+ TODO: check
+CVE-2026-47069 (Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerabi ...)
+ TODO: check
+CVE-2026-47067 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-47066 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
+ TODO: check
+CVE-2026-45249 (A cross-site scripting (XSS) vulnerability exists in Apache ECharts in ...)
+ TODO: check
+CVE-2026-42797 (Exposure of Sensitive Information Through Data Queries vulnerability i ...)
+ TODO: check
+CVE-2026-42782 (Improper Isolation or Compartmentalization vulnerability in Apache Syn ...)
+ TODO: check
+CVE-2026-40127 (OutSystems Lifetime is vulnerable to Authorization Bypass Through User ...)
+ TODO: check
+CVE-2026-27768 (SQL Injection affecting the Access Manager role.)
+ TODO: check
+CVE-2018-25381 (Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerabil ...)
+ TODO: check
+CVE-2018-25380 (Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerabil ...)
+ TODO: check
+CVE-2018-25379 (Collectric CMU 1.0 contains a boolean-based blind SQL injection vulner ...)
+ TODO: check
+CVE-2018-25378 (Notebook Pro 2.0 contains a denial of service vulnerability that allow ...)
+ TODO: check
+CVE-2018-25377 (Flash Slideshow Maker Professional 5.20 contains a buffer overflow vul ...)
+ TODO: check
+CVE-2018-25376 (Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerabi ...)
+ TODO: check
+CVE-2018-25375 (SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerab ...)
+ TODO: check
+CVE-2018-25374 (Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory tra ...)
+ TODO: check
+CVE-2018-25373 (SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based ...)
+ TODO: check
+CVE-2018-25372 (MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnera ...)
+ TODO: check
+CVE-2018-25371 (mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerabilit ...)
+ TODO: check
+CVE-2018-25370 (Admidio 3.3.5 contains a cross-site request forgery vulnerability that ...)
+ TODO: check
+CVE-2018-25369 (Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input ...)
+ TODO: check
+CVE-2018-25368 (Nord VPN 6.14.31 contains a denial of service vulnerability that allow ...)
+ TODO: check
+CVE-2018-25367 (NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allo ...)
+ TODO: check
+CVE-2018-25366 (CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows lo ...)
+ TODO: check
+CVE-2018-25365 (PCViewer vt1000 contains a directory traversal vulnerability that allo ...)
+ TODO: check
+CVE-2018-25364 (Twitter-Clone 1 contains a SQL injection vulnerability that allows una ...)
+ TODO: check
+CVE-2018-25363 (Twitter-Clone 1 contains a cross-site request forgery vulnerability th ...)
+ TODO: check
+CVE-2018-25362 (Twitter-Clone 1 contains a SQL injection vulnerability in follow.php t ...)
+ TODO: check
+CVE-2018-25361 (Soroush IM Desktop App 0.17.0 contains an authentication bypass vulner ...)
+ TODO: check
+CVE-2018-25360 (AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow v ...)
+ TODO: check
+CVE-2018-25359 (Splinterware System Scheduler Pro 5.12 contains an insecure file permi ...)
+ TODO: check
+CVE-2026-46745 (Apache Airflow FAB Auth Manager contains an LDAP filter injection vuln ...)
NOT-FOR-US: Airflow provider
-CVE-2026-45361
+CVE-2026-45361 (Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH ...)
NOT-FOR-US: Airflow provider
CVE-2026-9489 (NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation (L ...)
NOT-FOR-US: NitroSense
@@ -105,6 +295,7 @@ CVE-2026-XXXX [CSRF Security Fix]
- nagios4 4.5.12+ds-1 (bug #1136340)
NOTE: Fixed by: https://github.com/NagiosEnterprises/nagioscore/commit/e5ed38e53a5d65721520c7c67be0746d63da28cb (nagios-4.5.12)
CVE-2026-48832 (action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open ...)
+ {DSA-6296-1}
- spip 4.4.15+dfsg-1
NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-15.html
NOTE: Fixed by: https://git.spip.net/spip/ecrire/-/commit/a22cb8a56f1e37ff3854b73ff3f66aa3df47070a
@@ -5624,8 +5815,10 @@ CVE-2026-44378
CVE-2026-8431 (An administrative user with access to configure webhooks can execute a ...)
NOT-FOR-US: MongoDB Ops Manager
CVE-2026-8430 (SPIP versions prior to 4.4.14 contain a remote code execution vulnerab ...)
+ {DSA-6296-1}
- spip 4.4.14+dfsg-1
CVE-2026-8429 (SPIP versions prior to 4.4.14 contain a remote code execution vulnerab ...)
+ {DSA-6296-1}
- spip 4.4.14+dfsg-1
CVE-2026-8407 (Missing authorization in the PAM module in Devolutions Server allows a ...)
NOT-FOR-US: Devolutions
@@ -7013,6 +7206,7 @@ CVE-2026-44992 (OpenClaw versions 2026.4.5 before 2026.4.20 contain an environme
CVE-2026-44991 (OpenClaw before 2026.4.21 contains an authorization bypass vulnerabili ...)
NOT-FOR-US: OpenClaw
CVE-2026-44777 (jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordi ...)
+ {DLA-4599-1}
- jq 1.8.1-6 (bug #1136445)
[trixie] - jq <no-dsa> (Minor issue)
[bookworm] - jq <no-dsa> (Minor issue)
@@ -7054,11 +7248,13 @@ CVE-2026-43968 (Improper Neutralization of CRLF Sequences ('CRLF Injection') vul
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-43968
NOTE: https://github.com/ninenines/cowlib/commit/6165fc40efa159ba1cceee7e7981e790acba5d9c
CVE-2026-43896 (jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded r ...)
+ {DLA-4599-1}
- jq 1.8.1-6 (bug #1136445)
[trixie] - jq <no-dsa> (Minor issue)
[bookworm] - jq <no-dsa> (Minor issue)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-mg96-6h3q-g846
CVE-2026-43895 (jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts ...)
+ {DLA-4599-1}
- jq 1.8.1-6 (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-7q7g-mrq3-phxr
CVE-2026-43894 (jq is a command-line JSON processor. In 1.8.1 and earlier, when decNum ...)
@@ -7133,11 +7329,13 @@ CVE-2026-41951 (Path traversal vulnerability exists in GROWI v7.5.0 and earlier,
CVE-2026-41431 (Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a ...)
NOT-FOR-US: Zen
CVE-2026-41257 (jq is a command-line JSON processor. In 1.8.1 and earlier, the jq byte ...)
+ {DLA-4599-1}
- jq 1.8.1-6 (bug #1136445)
[trixie] - jq <no-dsa> (Minor issue)
[bookworm] - jq <no-dsa> (Minor issue)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-4jm8-m363-4539
CVE-2026-41256 (jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level j ...)
+ {DLA-4599-1}
- jq 1.8.1-6 (bug #1136445)
[trixie] - jq <no-dsa> (Minor issue)
[bookworm] - jq <no-dsa> (Minor issue)
@@ -9720,7 +9918,7 @@ CVE-2026-5786 (An Improper Access Control vulnerability in Ivanti EPMM before ve
CVE-2026-5784 (Improper neutralization of input during web page generation ('cross-si ...)
NOT-FOR-US: DivvyDrive
CVE-2026-44742 (Postorius through 1.3.13 does not escape HTML in the message subject w ...)
- {DSA-6257-1}
+ {DSA-6257-1 DLA-4600-1}
- postorius <unfixed> (bug #1136003)
NOTE: https://gitlab.com/mailman/postorius/-/commit/8d00a3c317729f37435bdbd27170f630e341f29e
NOTE: https://gitlab.com/mailman/postorius/-/merge_requests/972
@@ -16207,6 +16405,7 @@ CVE-2026-40970 (When configured to use an SSL bundle, Spring Boot's Elasticsearc
CVE-2026-40967 (In Spring AI, various FilterExpressionConverter implementations accept ...)
NOT-FOR-US: VMware
CVE-2026-40356 (In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underf ...)
+ {DSA-6293-1}
- krb5 1.22.1-2.1 (bug #1135317)
NOTE: https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f
CVE-2026-40355 (In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer de ...)
@@ -23634,6 +23833,7 @@ CVE-2026-40169 (ImageMagick is free and open-source software used for editing an
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5592-p365-24xh
NOTE: https://github.com/ImageMagick/ImageMagick/commit/f86452a8aea37bf2b4bd36127f836dcc5f138b38 (7.1.2-19)
CVE-2026-40164 (jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6 ...)
+ {DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
[bookworm] - jq <no-dsa> (Minor issue)
@@ -23642,12 +23842,14 @@ CVE-2026-40164 (jq is a command-line JSON processor. Before commit 0c7d133c3c7e3
CVE-2026-3017 (The Smart Post Show \u2013 Post Grid, Post Carousel & Slider, and List ...)
NOT-FOR-US: WordPress plugin
CVE-2026-39979 (jq is a command-line JSON processor. In commits before 2f09060afab23fe ...)
+ {DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
[bookworm] - jq <no-dsa> (Minor issue)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p
NOTE: Fixed by: https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f
CVE-2026-39956 (jq is a command-line JSON processor. In commits after 69785bf77f86e2ea ...)
+ {DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
[bookworm] - jq <no-dsa> (Minor issue)
@@ -23696,12 +23898,14 @@ CVE-2026-34225 (Open WebUI is a self-hosted artificial intelligence platform des
CVE-2026-34069 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
NOT-FOR-US: nimiq/core-rs-albatross
CVE-2026-33948 (jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18e ...)
+ {DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
[bookworm] - jq <no-dsa> (Minor issue)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-32cx-cvvh-2wj9
NOTE: Fixed by: https://github.com/jqlang/jq/commit/6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b
CVE-2026-33947 (jq is a command-line JSON processor. In versions 1.8.1 and below, func ...)
+ {DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
[bookworm] - jq <no-dsa> (Minor issue)
@@ -23968,6 +24172,7 @@ CVE-2026-33555 (An issue was discovered in HAProxy before 3.3.6. The HTTP/3 pars
NOTE: Fixed by: https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=425b969d6ea4114f4ae260f57802c65ccafc319c (v3.0.19)
NOTE: Fixed by: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=3d8388d089170f8544c4a43bf0575f296c885f94 (v2.6.25)
CVE-2026-32316 (jq is a command-line JSON processor. An integer overflow vulnerability ...)
+ {DLA-4599-1}
- jq 1.8.1-5 (bug #1133921)
[trixie] - jq 1.7.1-6+deb13u2
[bookworm] - jq <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bad0123551236758d67891cb6f85ce909c2e1f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3bad0123551236758d67891cb6f85ce909c2e1f4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260525/982e4d9e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list