[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 26 20:12:53 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2bd0ce35 by security tracker role at 2026-05-26T19:12:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,12 +1,350 @@
-CVE-2026-45836 [Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()]
+CVE-2026-9572 (A security vulnerability has been detected in GPAC up to 2.4.0. Affect ...)
+ TODO: check
+CVE-2026-9568 (A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected ...)
+ TODO: check
+CVE-2026-9567 (A security flaw has been discovered in GPAC up to 2.4.0. Affected is t ...)
+ TODO: check
+CVE-2026-9566 (A vulnerability was identified in teableio teable up to 1.9.x. This im ...)
+ TODO: check
+CVE-2026-9565 (A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. Th ...)
+ TODO: check
+CVE-2026-9564 (A vulnerability was found in SourceCodester/oretnom23 Hospitals Patien ...)
+ TODO: check
+CVE-2026-9562 (A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM ...)
+ TODO: check
+CVE-2026-9560 (Privilege escalation via background service of OpenVPN Connect 3.5.1 t ...)
+ TODO: check
+CVE-2026-9552 (A security flaw has been discovered in Das Parking Management System \ ...)
+ TODO: check
+CVE-2026-9551 (A vulnerability was identified in Das Parking Management System \u505c ...)
+ TODO: check
+CVE-2026-9550 (A vulnerability was determined in Acrel Electrical EEMS Enterprise Pow ...)
+ TODO: check
+CVE-2026-9544 (A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Gr ...)
+ TODO: check
+CVE-2026-9543 (A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. ...)
+ TODO: check
+CVE-2026-9542 (A weakness has been identified in CodeAstro Leave Management System 1. ...)
+ TODO: check
+CVE-2026-9541 (A security flaw has been discovered in Squirrel up to 3.2. Impacted is ...)
+ TODO: check
+CVE-2026-9540 (A vulnerability was identified in vllm-project vllm 0.19.0. This issue ...)
+ TODO: check
+CVE-2026-9170 (IBM Web Server Plug-ins for WebSphere Application Server and WebSphere ...)
+ TODO: check
+CVE-2026-8890 (code100x contains an authentication bypass vulnerability in the Mobile ...)
+ TODO: check
+CVE-2026-8856 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in con ...)
+ TODO: check
+CVE-2026-8855 (IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution an ...)
+ TODO: check
+CVE-2026-8854 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via th ...)
+ TODO: check
+CVE-2026-8852 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via th ...)
+ TODO: check
+CVE-2026-8850 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via th ...)
+ TODO: check
+CVE-2026-8835 (IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer derefere ...)
+ TODO: check
+CVE-2026-8834 (IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. ...)
+ TODO: check
+CVE-2026-8633 (IBM Web Server Plug-ins for WebSphere Application Server and WebSphere ...)
+ TODO: check
+CVE-2026-8620 (IBM Web Server Plug-ins for WebSphere Application Server and WebSphere ...)
+ TODO: check
+CVE-2026-8479 (IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for ...)
+ TODO: check
+CVE-2026-8174 (Zohocorp Zoho Mail wordpress plugin is vulnerable toCross-Site request ...)
+ TODO: check
+CVE-2026-8047 (The affected products perform improper length checking when parsing in ...)
+ TODO: check
+CVE-2026-8046 (The affected products insufficiently verify authorization when deletin ...)
+ TODO: check
+CVE-2026-7454 (A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, ...)
+ TODO: check
+CVE-2026-7453 (A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, ...)
+ TODO: check
+CVE-2026-7452 (A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, ...)
+ TODO: check
+CVE-2026-7451 (A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, ...)
+ TODO: check
+CVE-2026-7450 (A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, ...)
+ TODO: check
+CVE-2026-7374 (A flaw was found in KubeVirt's virt-handler component. This vulnerabil ...)
+ TODO: check
+CVE-2026-7310 (A heap-based buffer overflow vulnerability exists in XML parser functi ...)
+ TODO: check
+CVE-2026-7251 (Eppendorf BioFlo 320is vulnerable to due to VNC server using a hard-co ...)
+ TODO: check
+CVE-2026-4051 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021 ...)
+ TODO: check
+CVE-2026-48905 (Lack of input filtering leads to an XSS vector in the HTML filter code ...)
+ TODO: check
+CVE-2026-48904 (An improper access check allows privelege escalation through the com_u ...)
+ TODO: check
+CVE-2026-48903 (Inadequate content filtering within the checkAttribute methods leads t ...)
+ TODO: check
+CVE-2026-48902 (The password and username reset features created plain http links for ...)
+ TODO: check
+CVE-2026-48901 (The InputFilter::getInstance() method omitted a security sensitive par ...)
+ TODO: check
+CVE-2026-48900 (An improper access check allowed low privileged users to edit the task ...)
+ TODO: check
+CVE-2026-48899 (An improper access check allows privilege escalation through the com_u ...)
+ TODO: check
+CVE-2026-48898 (An improper access check allows privilege escalation through the com_u ...)
+ TODO: check
+CVE-2026-48897 (Insufficient state checks lead to a vector that allows to bypass 2FA c ...)
+ TODO: check
+CVE-2026-48896 (Insufficient state checks lead to a vector that allows to bypass 2FA c ...)
+ TODO: check
+CVE-2026-48864 (A flaw was found in libsolv. This heap buffer overflow occurs during t ...)
+ TODO: check
+CVE-2026-48697 (FastNetMon Community Edition through 1.2.9 does not verify TLS certifi ...)
+ TODO: check
+CVE-2026-48696 (FastNetMon Community Edition through 1.2.9 has a buffer overflow, a di ...)
+ TODO: check
+CVE-2026-48695 (FastNetMon Community Edition through 1.2.9 contains an OS command inje ...)
+ TODO: check
+CVE-2026-48694 (FastNetMon Community Edition through 1.2.9 contains a configuration in ...)
+ TODO: check
+CVE-2026-48693 (FastNetMon Community Edition through 1.2.9 is vulnerable to a local sy ...)
+ TODO: check
+CVE-2026-48692 (FastNetMon Community Edition through 1.2.9 exposes a gRPC API server o ...)
+ TODO: check
+CVE-2026-48691 (FastNetMon Community Edition through 1.2.9 contains an integer overflo ...)
+ TODO: check
+CVE-2026-48690 (FastNetMon Community Edition through 1.2.9 contains an integer overflo ...)
+ TODO: check
+CVE-2026-48689 (FastNetMon Community Edition through 1.2.9 contains an off-by-one heap ...)
+ TODO: check
+CVE-2026-48688 (FastNetMon Community Edition through 1.2.9 contains multiple out-of-bo ...)
+ TODO: check
+CVE-2026-48687 (FastNetMon Community Edition through 1.2.9 contains an OS command inje ...)
+ TODO: check
+CVE-2026-48686 (FastNetMon Community Edition through 1.2.9 contains a stack-based buff ...)
+ TODO: check
+CVE-2026-48685 (FastNetMon Community Edition through 1.2.9 has out-of-bounds memory ac ...)
+ TODO: check
+CVE-2026-48684 (FastNetMon Community Edition through 1.2.9 contains an out-of-bounds r ...)
+ TODO: check
+CVE-2026-48683 (FastNetMon Community Edition through 1.2.9 contains an out-of-bounds r ...)
+ TODO: check
+CVE-2026-48136 (When Compliance is enabled on Check Point Multi-Domain Management, an ...)
+ TODO: check
+CVE-2026-48135 (A Check Point HTTP-based service can incorrectly handle malformed HTTP ...)
+ TODO: check
+CVE-2026-48134 (When the DLP is active, the UserCheck Web Portal contains an input-han ...)
+ TODO: check
+CVE-2026-48133 (When the Identity Awareness blade is enabled with Browser-Based Authen ...)
+ TODO: check
+CVE-2026-48132 (The Security Gateway does not correctly validate a length value in cer ...)
+ TODO: check
+CVE-2026-48131 (The VPN service may mishandle an unexpected IKE fragment value receive ...)
+ TODO: check
+CVE-2026-48126 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.8 ...)
+ TODO: check
+CVE-2026-48091
+ REJECTED
+CVE-2026-47728 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink ...)
+ TODO: check
+CVE-2026-47716 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, In affec ...)
+ TODO: check
+CVE-2026-47715 (Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink ...)
+ TODO: check
+CVE-2026-47202 (Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improp ...)
+ TODO: check
+CVE-2026-46624 (Twenty is an open source CRM. From 1.7.7 through 1.16.7, a critical Re ...)
+ TODO: check
+CVE-2026-46620 (e107 is a content management system (CMS). Prior to 2.3.5, e107 CMS do ...)
+ TODO: check
+CVE-2026-46431 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.7 ...)
+ TODO: check
+CVE-2026-46430 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.7 ...)
+ TODO: check
+CVE-2026-46368 (luci-app-https-dns-proxy through 2025.12.29-5 \u2014 an optional LuCI ...)
+ TODO: check
+CVE-2026-45728 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.7 ...)
+ TODO: check
+CVE-2026-45721 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.7 ...)
+ TODO: check
+CVE-2026-45247 (Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 c ...)
+ TODO: check
+CVE-2026-45082 (Karakeep is a elf-hostable bookmark-everything app. A Server-Side Requ ...)
+ TODO: check
+CVE-2026-44776 (Kavita is a cross platform reading server. Prior to 0.9.0, the downloa ...)
+ TODO: check
+CVE-2026-44775 (Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderC ...)
+ TODO: check
+CVE-2026-44749 (The SAP Gateway allows attackers to inject content into error messages ...)
+ TODO: check
+CVE-2026-44730 (OpenCTI is an open source platform for managing cyber threat intellige ...)
+ TODO: check
+CVE-2026-44729 (Twenty is an open source CRM. In 1.18.0 and earlier, the file serving ...)
+ TODO: check
+CVE-2026-44728 (Babel is a compiler for writing next generation JavaScript. From 7.12. ...)
+ TODO: check
+CVE-2026-44723 (Vowpal Wabbit is a machine learning system. The workflow .github/workf ...)
+ TODO: check
+CVE-2026-44707 (Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, ...)
+ TODO: check
+CVE-2026-44706 (Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, ...)
+ TODO: check
+CVE-2026-44680 (MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of ...)
+ TODO: check
+CVE-2026-44669 (FACTION is a PenTesting Report Generation and Collaboration Framework. ...)
+ TODO: check
+CVE-2026-44668 (FACTION is a PenTesting Report Generation and Collaboration Framework. ...)
+ TODO: check
+CVE-2026-44667 (FACTION is a PenTesting Report Generation and Collaboration Framework. ...)
+ TODO: check
+CVE-2026-44502 (Bugsink is a self-hosted error tracking tool. Prior to 2.1.3, Bugsink\ ...)
+ TODO: check
+CVE-2026-44469 (The affected product extracts installation files to a temporary direct ...)
+ TODO: check
+CVE-2026-44468 (The affected product creates a directory with insecure default permiss ...)
+ TODO: check
+CVE-2026-44410 (This vulnerability stems from a business logic flaw.Attackers can expl ...)
+ TODO: check
+CVE-2026-44314 (Traccar is an open source GPS tracking system. Prior to 6.13.0, Device ...)
+ TODO: check
+CVE-2026-43982 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.6 ...)
+ TODO: check
+CVE-2026-43981 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.6 ...)
+ TODO: check
+CVE-2026-43936 (e107 is a content management system (CMS). Prior to 2.3.4, you can acc ...)
+ TODO: check
+CVE-2026-43935 (e107 is a content management system (CMS). Prior to 2.3.4, a Host Head ...)
+ TODO: check
+CVE-2026-43934 (e107 is a content management system (CMS). Prior to 2.3.4, a Broken Ac ...)
+ TODO: check
+CVE-2026-43919
+ REJECTED
+CVE-2026-42785 (OpenKM 6.3.12 contains a remote code execution vulnerability that allo ...)
+ TODO: check
+CVE-2026-42448 (Magic Wormhole makes it possible to get arbitrary-sized files and dire ...)
+ TODO: check
+CVE-2026-42425 (OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability tha ...)
+ TODO: check
+CVE-2026-42347
+ REJECTED
+CVE-2026-41917 (OpenKM 6.3.12 contains a local file inclusion vulnerability in the adm ...)
+ TODO: check
+CVE-2026-41401 (libyang before 5.2.6 contains a heap use-after-free write vulnerabilit ...)
+ TODO: check
+CVE-2026-41164 (nuts-node is the reference implementation of the Nuts specification. P ...)
+ TODO: check
+CVE-2026-40564 (Files or Directories Accessible to External Parties, Server-Side Reque ...)
+ TODO: check
+CVE-2026-40384 (An improper validation of the search parameter of the com_media files ...)
+ TODO: check
+CVE-2026-40383 (An improper validation of user-supplied input leads to a local file in ...)
+ TODO: check
+CVE-2026-40034 (gix-submodule before 0.82.0 incorrectly validates the update field in ...)
+ TODO: check
+CVE-2026-40033 (FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in ...)
+ TODO: check
+CVE-2026-3660 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021 ...)
+ TODO: check
+CVE-2026-3603 (IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Int ...)
+ TODO: check
+CVE-2026-39661 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2026-39655 (Missing Authorization vulnerability in TeconceTheme Mayosis Core allow ...)
+ TODO: check
+CVE-2026-39642 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2026-38587 (An Insecure Direct Object Reference (IDOR) vulnerability was discovere ...)
+ TODO: check
+CVE-2026-35223 (An improper access check allows unauthorized access to com_config webs ...)
+ TODO: check
+CVE-2026-35222 (Improperly validated order clauses lead to a SQL injection vulnerabili ...)
+ TODO: check
+CVE-2026-35221 (Improperly built filter clauses lead to a SQL injection vulnerability ...)
+ TODO: check
+CVE-2026-35220 (Lack of CSRF token validation lead to a CSRF attack vector in the admi ...)
+ TODO: check
+CVE-2026-30895 (Lack of output escaping leads to a XSS vector in the readmore links fo ...)
+ TODO: check
+CVE-2026-30894 (Lack of output escaping leads to a XSS vector in the content history c ...)
+ TODO: check
+CVE-2026-2264 (A vulnerability in the Google Cloud ApigeeSetIntegrationRequestpolicy ...)
+ TODO: check
+CVE-2026-27427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2026-25901 (Lack of output escaping leads to a XSS vector in the multilingual asso ...)
+ TODO: check
+CVE-2026-25900 (Lack of output escaping leads to a XSS vector in the feed modules.)
+ TODO: check
+CVE-2026-25713 (MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerabilit ...)
+ TODO: check
+CVE-2026-25112 (A high-severity vulnerability in the deployment of Genetec RabbitMQ th ...)
+ TODO: check
+CVE-2026-25104 (MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerab ...)
+ TODO: check
+CVE-2026-24638 (Missing Authorization vulnerability in Webful Creations RepairBuddy al ...)
+ TODO: check
+CVE-2026-24590 (Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat ...)
+ TODO: check
+CVE-2026-24212 (NVIDIA Isaac Launchable for Linux contains a vulnerability where sensi ...)
+ TODO: check
+CVE-2026-24201 (NVIDIA vGPU software contains a vulnerability in the virtual GPU manag ...)
+ TODO: check
+CVE-2026-24200 (NVIDIA vGPU software contains a vulnerability in the virtual GPU manag ...)
+ TODO: check
+CVE-2026-24199 (NVIDIA Display Driver for Linux contains a vulnerability in a kernel m ...)
+ TODO: check
+CVE-2026-24198 (NVIDIA GPU Display Driver for Linux contains a vulnerability where an ...)
+ TODO: check
+CVE-2026-24197 (NVIDIA Display Driver for Linux contains a vulnerability in the Multi- ...)
+ TODO: check
+CVE-2026-24196 (NVIDIA Display Driver for Linux contains a vulnerability where a user ...)
+ TODO: check
+CVE-2026-24195 (NVIDIA Display Driver for Linux contains a vulnerability in UVM, where ...)
+ TODO: check
+CVE-2026-24194 (NVIDIA Display Driver for Linux contains a vulnerability in a kernel m ...)
+ TODO: check
+CVE-2026-24193 (NVIDIA Display Driver for Windows and Linux contains a vulnerability w ...)
+ TODO: check
+CVE-2026-24192 (NVIDIA Display Driver for Linux contains a vulnerability where an atta ...)
+ TODO: check
+CVE-2026-24191 (NVIDIA Display Driver for Windows contains a vulnerability where an at ...)
+ TODO: check
+CVE-2026-24190 (NVIDIA Display Driver for Windows and Linux contains a vulnerability i ...)
+ TODO: check
+CVE-2026-24187 (NVIDIA Display Driver for Linux contains a vulnerability where an atta ...)
+ TODO: check
+CVE-2026-24182 (NVIDIA Display Driver for Windows and Linux contains a vulnerability w ...)
+ TODO: check
+CVE-2026-24162 (NVIDIA Transformers4Rec for Linux contains a vulnerability where an at ...)
+ TODO: check
+CVE-2025-36221 (IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix ...)
+ TODO: check
+CVE-2025-36220 (IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix ...)
+ TODO: check
+CVE-2025-36148 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
+ TODO: check
+CVE-2025-36145 (IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly res ...)
+ TODO: check
+CVE-2025-36126 (IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transform ...)
+ TODO: check
+CVE-2025-33221 (NVIDIA Display Driver for Windows and Linux contains a vulnerability i ...)
+ TODO: check
+CVE-2025-14290 (IBM webMethods Integration (on prem) -Integration Server 10.15 through ...)
+ TODO: check
+CVE-2025-13755 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UN ...)
+ TODO: check
+CVE-2025-11482 (An Allocation of Resources Without Limits or Throttling vulnerability ...)
+ TODO: check
+CVE-2026-45836 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 7.0.7-1
[trixie] - linux 6.12.90-1
NOTE: https://git.kernel.org/linus/78a88d43dab8d23aeef934ed8ce34d40e6b3d613 (7.1-rc3)
-CVE-2026-45835 [Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()]
+CVE-2026-45835 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/0a120d96166301d7a95be75b52f843837dbd1219 (7.1-rc3)
-CVE-2026-45834 [Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()]
+CVE-2026-45834 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 7.0.7-1
[trixie] - linux 6.12.88-1
NOTE: https://git.kernel.org/linus/2ff1a41a912de8517b4482e946dd951b7d80edbf (7.1-rc3)
@@ -17,18 +355,23 @@ CVE-2026-1933 [Missing access check on reparse point operations]
[bullseye] - samba <not-affected> (Vulnerable code introduced later)
NOTE: https://www.samba.org/samba/security/CVE-2026-1933.html
CVE-2026-2340 [vfs_worm does not block directory modification]
+ {DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-2340.html
CVE-2026-3012 [group policy certificate enrollment uses http:// without validation]
+ {DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-3012.html
CVE-2026-3238 [unauthenticated udp packet crashes AD DC nbt server]
+ {DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-3238.html
-CVE-2026-4480 [Unauthenticated Remote Code Execution using print command]
+CVE-2026-4480 (A flaw was found in the Samba printing subsystem. Samba passes the cli ...)
+ {DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-4480.html
CVE-2026-4408 [Remote Code Execution in SAMR when check password script contains %u substitution placeholder]
+ {DSA-6297-1}
- samba 2:4.24.3+dfsg-1
NOTE: https://www.samba.org/samba/security/CVE-2026-4408.html
CVE-2026-9534 (A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the ...)
@@ -668,7 +1011,7 @@ CVE-2026-9294 (A vulnerability was identified in Edimax BR-6428NS 1.10. The impa
NOT-FOR-US: Edimax
CVE-2018-25358 (D-Link DIR601 2.02NA contains a credential disclosure vulnerability th ...)
NOT-FOR-US: D-Link
-CVE-2018-25357 (Dolibarr ERP CRM 7.0.3 contains a remote code evaluation vulnerability ...)
+CVE-2018-25357 (Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability ...)
- dolibarr <removed>
CVE-2018-25356 (SIPp 3.6 and earlier contains a local buffer overflow vulnerability in ...)
NOT-FOR-US: SIPp
@@ -2263,9 +2606,11 @@ CVE-2026-4883 (The Piotnet Forms plugin for WordPress is vulnerable to arbitrary
CVE-2026-4630 (A flaw was found in Keycloak. An authenticated client could exploit an ...)
- keycloak <itp> (bug #1088287)
CVE-2026-47784 (In memcached before 1.6.42, password data for SASL password database a ...)
+ {DLA-4601-1}
- memcached 1.6.42-1 (bug #1137214)
NOTE: Fixed by: https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed (1.6.42)
CVE-2026-47783 (In memcached before 1.6.42, username data for SASL password database a ...)
+ {DLA-4601-1}
- memcached 1.6.42-1 (bug #1137214)
NOTE: Fixed by: https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed (1.6.42)
CVE-2026-47358 (Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forg ...)
@@ -2599,7 +2944,7 @@ CVE-2026-46529
NOTE: Fixed by: https://github.com/mate-desktop/atril/commit/b989b7922a454ed81f8bb14786a958828513f576 (1.28.4)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/papers/-/commit/1b82bf627b4d8b414a57b55a9095e6d361799d6c
NOTE: No security impact in evince-gtk3 since affected code not built in binary package.
-CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. ...)
+CVE-2026-8975 (Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 a ...)
{DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
@@ -2607,7 +2952,7 @@ CVE-2026-8975 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8975
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8975
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8975
-CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. ...)
+CVE-2026-8974 (Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some ...)
{DSA-6288-1 DSA-6283-1 DLA-4594-1 DLA-4592-1}
- firefox 151.0-1
- firefox-esr 140.11.0esr-1
@@ -2615,7 +2960,7 @@ CVE-2026-8974 (Memory safety bugs present in Thunderbird 140.10 and Thunderbird
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/#CVE-2026-8974
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/#CVE-2026-8974
-CVE-2026-8973 (Memory safety bugs present in Thunderbird 150. Some of these bugs show ...)
+CVE-2026-8973 (Memory safety bugs present in Firefox 150. Some of these bugs showed e ...)
- firefox 151.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8973
CVE-2026-8972 (Privilege escalation in the WebRTC: Audio/Video component. This vulner ...)
@@ -2977,11 +3322,11 @@ CVE-2026-45230 (DumbAssets through 1.0.11 contains a path traversal vulnerabilit
NOT-FOR-US: DumbAssets
CVE-2026-42822 (Improper authentication in Azure Local Disconnected Operations allows ...)
NOT-FOR-US: Microsoft
-CVE-2026-41949 (Dify version 1.14.1 and prior contain an authorization bypass vulnerab ...)
+CVE-2026-41949 (Dify before version 1.14.2 contains an authorization bypass vulnerabil ...)
NOT-FOR-US: Dify
CVE-2026-41948 (Dify version 1.14.1 and prior contain a path traversal vulnerability t ...)
NOT-FOR-US: Dify
-CVE-2026-41947 (Dify version 1.14.1 and prior contains an authorization bypass vulnera ...)
+CVE-2026-41947 (Dify before version 1.14.2 contains an authorization bypass vulnerabil ...)
NOT-FOR-US: Dify
CVE-2026-41119 (Dell Live Optics Windows and Personal Edition collectors contain an im ...)
NOT-FOR-US: Dell / EMC
@@ -3663,7 +4008,7 @@ CVE-2025-67437 (Medical Management System a81df1ce700a9662cb136b27af47f4cbde6415
NOT-FOR-US: Medical Management System
CVE-2025-14972 (* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devic ...)
NOT-FOR-US: Silicon Labs
-CVE-2021-47968 (Podcast Generator 3.1 contains a persistent cross-site scripting vulne ...)
+CVE-2021-47968 (Podcast Generator 3.1 is vulnerable to persistent cross-site scripting ...)
NOT-FOR-US: Podcast Generator
CVE-2021-47967 (PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilit ...)
NOT-FOR-US: PHP Timeclock
@@ -5349,7 +5694,7 @@ CVE-2026-25107 (ELECOM wireless LAN access point devices use a hard-coded crypto
NOT-FOR-US: ELECOM
CVE-2026-24464 (When running in Appliance mode, a directory traversal vulnerability ex ...)
NOT-FOR-US: F5
-CVE-2026-22677 (Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vu ...)
+CVE-2026-22677 (Hermes WebUI prior to 0.51.44 contains a path traversal vulnerability ...)
NOT-FOR-US: Hermes WebUI
CVE-2026-21821 (The HCL BigFix SCM Reporting site contains an outdated and unsupported ...)
NOT-FOR-US: HCL
@@ -7863,7 +8208,7 @@ CVE-2022-50962 (uBidAuction 2.0.1 contains a reflected cross-site scripting vuln
NOT-FOR-US: uBidAuction
CVE-2022-50961 (WordPress Plugin IP2Location Country Blocker 2.26.7 contains a stored ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-50960 (WordPress International Sms For Contact Form 7 Integration version 1.2 ...)
+CVE-2022-50960 (WordPress International SMS for Contact Form 7 Integration version 1.2 ...)
NOT-FOR-US: WordPress plugin
CVE-2022-50959 (WordPress Contact Form Builder 1.6.1 contains a reflected cross-site s ...)
NOT-FOR-US: WordPress plugin
@@ -7885,7 +8230,7 @@ CVE-2022-50947 (WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains
NOT-FOR-US: WordPress plugin
CVE-2022-50946 (WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross- ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-50945 (WordPress 3dady real-time web stats plugin 1.0 contains a stored cross ...)
+CVE-2022-50945 (WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross ...)
NOT-FOR-US: WordPress plugin
CVE-2022-50944 (Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows ...)
NOT-FOR-US: Aero CMS
@@ -13152,7 +13497,7 @@ CVE-2026-41572 (Note Mark is an open-source note-taking application. Prior to ve
NOT-FOR-US: Note Mark
CVE-2026-41571 (Note Mark is an open-source note-taking application. In version 0.19.2 ...)
NOT-FOR-US: Note Mark
-CVE-2026-41471 (Easy PayPal Events & Tickets plugin for WordPress before version 1.4 c ...)
+CVE-2026-41471 (The Easy PayPal Events & Tickets plugin for WordPress before version 1 ...)
NOT-FOR-US: WordPress plugin
CVE-2026-40797 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
@@ -15501,7 +15846,7 @@ CVE-2018-25306 (PDFunite 0.41.0 contains a buffer overflow vulnerability that al
TODO: check
CVE-2018-25305 (librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that all ...)
TODO: check
-CVE-2018-25304 (Free Download Manager 2.0 Built 417 contains a local buffer overflow v ...)
+CVE-2018-25304 (Free Download Manager 2.0 Build 417 contains a local buffer overflow v ...)
NOT-FOR-US: Free Download Manager
CVE-2018-25303 (Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overf ...)
NOT-FOR-US: Alloksoft
@@ -16817,7 +17162,7 @@ CVE-2026-41467 (ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-sit
NOT-FOR-US: ProjeQtor
CVE-2026-41466 (ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scri ...)
NOT-FOR-US: ProjeQtor
-CVE-2026-41465 (ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulner ...)
+CVE-2026-41465 (ProjeQtor versions 7.0 through 12.4.3 contain a path traversal vulnera ...)
NOT-FOR-US: ProjeQtor
CVE-2026-41464 (ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization ...)
NOT-FOR-US: ProjeQtor
@@ -29515,7 +29860,7 @@ CVE-2026-25726 (Cloudreve is a self-hosted file management and sharing system. P
NOT-FOR-US: Cloudreve
CVE-2026-25197 (A specific endpoint allows authenticated users to pivot to other user ...)
NOT-FOR-US: Gardyn
-CVE-2026-22665 (prompts.chat prior to commit 1464475 contains an identity confusion vu ...)
+CVE-2026-22665 (prompts.chat prior to commit 1464475, contains an identity confusion v ...)
NOT-FOR-US: prompts.chat
CVE-2026-22664 (prompts.chat prior to commit 30a8f04 contains a server-side request fo ...)
NOT-FOR-US: prompts.chat
@@ -37903,7 +38248,7 @@ CVE-2026-32898 (OpenClaw versions prior to 2026.2.23 contain an authorization by
NOT-FOR-US: OpenClaw
CVE-2026-32897 (OpenClaw versions prior to 2026.2.22 reuse gateway.auth.token as a fal ...)
NOT-FOR-US: OpenClaw
-CVE-2026-32896 (OpenClaw versions prior to 2026.2.21 BlueBubbles webhook handler conta ...)
+CVE-2026-32896 (The BlueBubbles webhook handler in OpenClaw versions prior to 2026.2.2 ...)
NOT-FOR-US: OpenClaw
CVE-2026-32895 (OpenClaw versions prior to 2026.2.26 fail to enforce sender authorizat ...)
NOT-FOR-US: OpenClaw
@@ -37917,7 +38262,7 @@ CVE-2026-32666 (WebCTRL systems that communicate over BACnet inherit the protoco
NOT-FOR-US: WebCTRL
CVE-2026-32663 (The WebSocket backend uses charging station identifiers to uniquely as ...)
NOT-FOR-US: WebCTRL
-CVE-2026-32067 (OpenClaw versions prior to 2026.2.26 contains an authorization bypass ...)
+CVE-2026-32067 (OpenClaw versions prior to 2026.2.26 contain an authorization bypass v ...)
NOT-FOR-US: OpenClaw
CVE-2026-32065 (OpenClaw versions prior to 2026.2.25 contain an approval-integrity byp ...)
NOT-FOR-US: OpenClaw
@@ -39915,7 +40260,7 @@ CVE-2026-33058 (Kanboard is project management software focused on Kanban method
NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh
CVE-2026-32842 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an insecur ...)
NOT-FOR-US: Edimax
-CVE-2026-32841 (Edimax GS-5008PL firmware version 1.00.54 and prior contain an authent ...)
+CVE-2026-32841 (Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authen ...)
NOT-FOR-US: Edimax
CVE-2026-32840 (Edimax GS-5008PL firmware version 1.00.54 and prior contain a stored c ...)
NOT-FOR-US: Edimax
@@ -40052,7 +40397,7 @@ CVE-2026-22317 (A command injection vulnerability in the device\u2019s Root CA c
NOT-FOR-US: Phoenix Contact
CVE-2026-22316 (A remote attacker with user privileges for the webUI can use the setti ...)
NOT-FOR-US: Phoenix Contact
-CVE-2026-22217 (OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary cod ...)
+CVE-2026-22217 (OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary co ...)
NOT-FOR-US: OpenClaw
CVE-2026-22181 (OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulne ...)
NOT-FOR-US: OpenClaw
@@ -42409,7 +42754,7 @@ CVE-2026-32094 (Shescape is a simple shell escape library for JavaScript. Prior
NOT-FOR-US: Shescape
CVE-2026-32063 (OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command inj ...)
NOT-FOR-US: OpenClaw
-CVE-2026-32062 (OpenClaw versions 2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-c ...)
+CVE-2026-32062 (OpenClaw versions 2026.2.21-2 up to, but not including, 2026.2.22, and ...)
NOT-FOR-US: OpenClaw
CVE-2026-32061 (OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerab ...)
NOT-FOR-US: OpenClaw
@@ -45245,7 +45590,7 @@ CVE-2026-28410 (The Graph is an indexing protocol for querying networks like Eth
NOT-FOR-US: graphprotocol contracts
CVE-2026-28405 (MarkUs is a web application for the submission and grading of student ...)
NOT-FOR-US: MarkUs
-CVE-2026-28395 (OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper ne ...)
+CVE-2026-28395 (OpenClaw version 2026.1.14-1 prior to 2026.2.12 contains an improper n ...)
NOT-FOR-US: OpenClaw
CVE-2026-28394 (OpenClaw versions prior to 2026.2.15 contain a denial of service vulne ...)
NOT-FOR-US: OpenClaw
@@ -48169,7 +48514,7 @@ CVE-2026-28083 (Improper Neutralization of Input During Web Page Generation ('Cr
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27510 (Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the ...)
NOT-FOR-US: Unitree Go2 firmware
-CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) ...)
+CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 (EDU) ...)
NOT-FOR-US: Unitree Go2 firmware
CVE-2026-27141 (Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a ...)
- golang-golang-x-net <not-affected> (Vulnerable code introduced later)
@@ -49200,7 +49545,7 @@ CVE-2026-22766 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain a
NOT-FOR-US: Dell / EMC
CVE-2026-22765 (Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Missi ...)
NOT-FOR-US: Dell / EMC
-CVE-2026-1773 (IEC 60870-5-104: Potential Denial of Service impact on reception of in ...)
+CVE-2026-1773 (IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on ...)
NOT-FOR-US: Hitachi Energy
CVE-2026-1772 (RTU500 web interface: An unprivileged user can read user management in ...)
NOT-FOR-US: Hitachi Energy
@@ -60105,7 +60450,7 @@ CVE-2020-37017 (CodeMeter 6.60 contains an unquoted service path vulnerability t
NOT-FOR-US: CodeMeter
CVE-2020-37016 (BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that ...)
NOT-FOR-US: BarcodeOCR
-CVE-2020-37015 (Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory travers ...)
+CVE-2020-37015 (The Ruijie Networks Switch eWeb S29_RGOS version 11.4 contains a direc ...)
NOT-FOR-US: Ruijie Networks Switch eWeb S29_RGOS
CVE-2020-37013 (Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnera ...)
NOT-FOR-US: Audio Playback Recorder
@@ -60125,7 +60470,7 @@ CVE-2020-37006 (berliCRM 1.0.24 contains a SQL injection vulnerability in the 's
NOT-FOR-US: berliCRM
CVE-2020-37005 (TimeClock Software 1.01 contains an authenticated time-based SQL injec ...)
NOT-FOR-US: TimeClock Software
-CVE-2020-37004 (Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection ...)
+CVE-2020-37004 (The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQ ...)
NOT-FOR-US: Ultimate Project Manager CRM PRO
CVE-2020-37002 (Ajenti 2.1.36 contains a post-authenticated remote command execution v ...)
- ajenti <itp> (bug #792019)
@@ -68764,11 +69109,11 @@ CVE-2026-22578
REJECTED
CVE-2026-22577
REJECTED
-CVE-2026-22190 (Panda3D versions up to and including 1.10.16 egg-mkfont contains an un ...)
+CVE-2026-22190 (The egg-mkfont utility in Panda3D versions up to and including 1.10.16 ...)
NOT-FOR-US: Panda3D
-CVE-2026-22189 (Panda3D versions up to and including 1.10.16 egg-mkfont contains a sta ...)
+CVE-2026-22189 (The egg-mkfont utility in Panda3D versions up to and including 1.10.16 ...)
NOT-FOR-US: Panda3D
-CVE-2026-22188 (Panda3D versions up to and including 1.10.16 deploy-stub contains a de ...)
+CVE-2026-22188 (The deploy-stub component in Panda3D versions up to and including 1.10 ...)
NOT-FOR-US: Panda3D
CVE-2026-22187 (Bio-Formats versions up to and including 8.3.0 perform unsafe Java des ...)
NOT-FOR-US: Bio-Formats
@@ -108230,7 +108575,7 @@ CVE-2025-10438 (Path Traversal: 'dir/../../filename' vulnerability in Yordam Inf
NOT-FOR-US: Yordam Katalog
CVE-2024-48014 (Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an O ...)
NOT-FOR-US: Dell / EMC
-CVE-2020-36851 (Rob -- W / cors-anywhere instances configured as an open proxy allow u ...)
+CVE-2020-36851 (Rob--W cors-anywhere instances configured as an open proxy allow unaut ...)
NOT-FOR-US: Rob -- W / cors-anywhere
CVE-2025-59833 (Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1. ...)
NOT-FOR-US: Flag Forge
@@ -119384,7 +119729,7 @@ CVE-2025-39496 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin or theme
CVE-2025-36003 (IBM Security Verify Governance Identity Manager 10.0.2 could allow a r ...)
NOT-FOR-US: IBM
-CVE-2025-34523 (A heap-based buffer overflow vulnerability exists in the exists in the ...)
+CVE-2025-34523 (A heap-based buffer overflow vulnerability exists in the network-facin ...)
NOT-FOR-US: Arcserve
CVE-2025-34522 (A heap-based buffer overflow vulnerability exists in the input parsing ...)
NOT-FOR-US: Arcserve
@@ -121652,7 +121997,7 @@ CVE-2011-10025 (Subtitle Processor 7.7.1 contains a buffer overflow vulnerabilit
NOT-FOR-US: Subtitle Processor
CVE-2011-10024 (MJM Core Player (likely now referred to as MJM Player) 2011 is vulnera ...)
NOT-FOR-US: MJM Core Player
-CVE-2011-10023 (MJM QuickPlayer (likely now referred to as MJM Player) version 2010 co ...)
+CVE-2011-10023 (MJM QuickPlayer (also known as MJM Player) version 2010 contains a sta ...)
NOT-FOR-US: MJM QuickPlayer
CVE-2011-10022 (SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer ...)
NOT-FOR-US: SPlayer
@@ -124072,7 +124417,7 @@ CVE-2025-0309 (An insufficient validation on the server connection endpoint in N
NOT-FOR-US: Netskope
CVE-2024-7402 (Netskope has identified a potential gap in its agent (Netskope Client) ...)
NOT-FOR-US: Netskope
-CVE-2012-10060 (Sysax Multi Server versions prior to 5.55 contains a stack-based buffe ...)
+CVE-2012-10060 (Sysax Multi Server versions prior to 5.55 contain a stack-based buffer ...)
NOT-FOR-US: Sysax Multi Server
CVE-2012-10059 (Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authent ...)
- dolibarr <removed>
@@ -125724,7 +126069,7 @@ CVE-2012-10049 (WebPageTest version 2.6 and earlier contains an arbitrary file u
NOT-FOR-US: WebPageTest
CVE-2012-10048 (Zenoss Core 3.x contains a command injection vulnerability in the show ...)
- zenoss <itp> (bug #361253)
-CVE-2012-10047 (Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a ...)
+CVE-2012-10047 (Cyclope Employee Surveillance Solution versions 6.x are vulnerable to ...)
NOT-FOR-US: Cyclope Employee Surveillance Solution
CVE-2012-10046 (The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2 ...)
NOT-FOR-US: E-Mail Security Virtual Appliance (ESVA)
@@ -126556,7 +126901,7 @@ CVE-2012-10029 (Nagios XI Network Monitor prior to Graph Explorer component vers
NOT-FOR-US: Nagios XI
CVE-2012-10028 (Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its ...)
NOT-FOR-US: Netwin SurgeFTP
-CVE-2012-10027 (WP-Property plugin for WordPress through version 1.35.0 contains an un ...)
+CVE-2012-10027 (WP-Property plugin for WordPress up to and including version 1.35.0 co ...)
NOT-FOR-US: WordPress plugin
CVE-2012-10026 (The WordPress plugin Asset-Manager version 2.0 and below contains an u ...)
NOT-FOR-US: WordPress plugin
@@ -161918,8 +162263,8 @@ CVE-2025-22372 (Insufficiently Protected Credentials vulnerability in SicommNet
NOT-FOR-US: SicommNet BASEC
CVE-2025-22371 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: SicommNet BASEC
-CVE-2025-1782
- REJECTED
+CVE-2025-1782 (In HylaFAX Enterprise Web Interface and AvantFAX, the language form el ...)
+ TODO: check
CVE-2024-49825 (IBM Robotic Process Automation and Robotic Process Automation for Clou ...)
NOT-FOR-US: IBM
CVE-2024-49709 (Internet Starter, one of SoftCOM iKSORIS system modules,allows for set ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bd0ce357b6c6baf7ddcc45d3e4ad27fe5b9f7a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bd0ce357b6c6baf7ddcc45d3e4ad27fe5b9f7a0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260526/2c52ac1e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list