Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec29b1ca by Salvatore Bonaccorso at 2026-02-05T23:09:34+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-25630
REJECTED
CVE-2026-23797 (In Quick.Cart user passwords are stored in plaintext form. An
attacker ...)
- TODO: check
+ NOT-FOR-US: Quick.Cart
CVE-2026-23796 (Quick.Cart allows a user's session identifier to be set before
authent ...)
- TODO: check
+ NOT-FOR-US: Quick.Cart
CVE-2026-23572 (Improper access control intheTeamViewerFull and Host
clients(Windows,m ...)
NOT-FOR-US: TeamViewer
CVE-2026-1966 (YugabyteDB Anywhere displays LDAP bind passwords configured via
gflags ...)
- TODO: check
+ NOT-FOR-US: YugabyteDB
CVE-2026-1927 (The Greenshift \u2013 animation and page builder blocks plugin
for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1707 (pgAdmin versions 9.11 are affected by a Restore restriction
bypass via ...)
@@ -15,13 +15,13 @@ CVE-2026-1707 (pgAdmin versions 9.11 are affected by a
Restore restriction bypas
CVE-2026-1654 (The Peter's Date Countdown plugin for WordPress is vulnerable
to Refle ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1523 (Path Traversal vulnerability in Digitek ADT1100 and Digitek
DT950 from ...)
- TODO: check
+ NOT-FOR-US: Digitek
CVE-2026-1517 (A vulnerability was identified in iomad up to 5.0. Affected is
an unkn ...)
TODO: check
CVE-2026-1319 (The Robin Image Optimizer \u2013 Unlimited Image Optimization &
WebP C ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1301 (In builds with PubSub and JSON enabled, a crafted JSON message
can cau ...)
- TODO: check
+ NOT-FOR-US: o6 Automation
CVE-2026-1294 (The All In One Image Viewer Block plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1271 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
@@ -31,23 +31,23 @@ CVE-2026-0715 (Moxa Arm-based industrial computers running
Moxa Industrial Linux
CVE-2026-0714 (A physical attack vulnerability exists in certain Moxa
industrial comp ...)
NOT-FOR-US: Moxa
CVE-2025-70792 (Cross Site Scripting vulnerability in the
"/admin/category/create" end ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2025-70791 (Cross Site Scripting vulnerability in the
"/admin/order/abandoned" end ...)
- TODO: check
+ NOT-FOR-US: Microweber
CVE-2025-70073 (An issue in ChestnutCMS v.1.5.8 and before allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: ChestnutCMS
CVE-2025-69906 (Monstra CMS v3.0.4 contains an arbitrary file upload
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Monstra CMS
CVE-2025-69619 (A path traversal in My Text Editor v1.6.2 allows attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: My Text Editor
CVE-2025-68723 (Axigen Mail Server before 10.5.57 contains multiple stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: Axigen Mail Server
CVE-2025-68722 (Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26
contains a ...)
- TODO: check
+ NOT-FOR-US: Axigen Mail Server
CVE-2025-68721 (Axigen Mail Server before 10.5.57 contains an improper access
control ...)
- TODO: check
+ NOT-FOR-US: Axigen Mail Server
CVE-2025-68643 (Axigen Mail Server before 10.5.57 allows stored Cross-Site
Scripting ( ...)
- TODO: check
+ NOT-FOR-US: Axigen Mail Server
CVE-2025-58190 (The html.Parse function in golang.org/x/net/html has an
infinite parsi ...)
TODO: check
CVE-2025-47911 (The html.Parse function in golang.org/x/net/html has quadratic
parsing ...)
@@ -222,7 +222,7 @@ CVE-2026-25521 (Locutus brings stdlibs of other programming
languages to JavaScr
CVE-2026-25519 (OpenSlides is a free, web based presentation and assembly
system for m ...)
NOT-FOR-US: OpenSlides
CVE-2026-25518 (cert-manager adds certificates and certificate issuers as
resource typ ...)
- TODO: check
+ NOT-FOR-US: cert-manager
CVE-2026-25517 (Wagtail is an open source content management system built on
Django. P ...)
NOT-FOR-US: Wagtail CMS
CVE-2026-25514 (FacturaScripts is open-source enterprise resource planning and
account ...)
@@ -242,23 +242,23 @@ CVE-2026-25481 (Langroid is a framework for building
large-language-model-powere
CVE-2026-25198 (web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57
and prior ...)
- web2py <removed>
CVE-2026-22038 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2026-1953 (Nukegraphic CMS v3.1.2 contains a stored cross-site scripting
(XSS) vu ...)
- TODO: check
+ NOT-FOR-US: Nukegraphic CMS
CVE-2026-1898 (A vulnerability was determined in WeKan up to 8.20. This
affects an un ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1897 (A vulnerability was found in WeKan up to 8.20. Affected by this
issue ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1896 (A vulnerability has been found in WeKan up to 8.20. Affected by
this v ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1895 (A flaw has been found in WeKan up to 8.20. Affected is the
function ap ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1894 (A vulnerability was detected in WeKan up to 8.20. This impacts
an unkn ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1892 (A security vulnerability has been detected in WeKan up to 8.20.
This a ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1884 (A weakness has been identified in ZenTao up to 21.7.6-85642.
The impac ...)
- TODO: check
+ NOT-FOR-US: ZenTao
CVE-2026-1554 (XML Injection (aka Blind XPath Injection) vulnerability in
Drupal Cent ...)
NOT-FOR-US: Drupal core and addons
CVE-2026-1553 (Incorrect Authorization vulnerability in Drupal Drupal Canvas
allows F ...)
@@ -280,11 +280,11 @@ CVE-2026-0944 (Improper Check for Unusual or Exceptional
Conditions vulnerabilit
CVE-2026-0867 (The Essential Widgets plugin for WordPress is vulnerable to
Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2025-71031 (Water-Melon Melon commit 9df9292 and below is vulnerable to
Denial of ...)
- TODO: check
+ NOT-FOR-US: Water-Melon Melon
CVE-2025-62616 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2025-62615 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2025-61732 (A discrepancy between how Go and C/C++ comments were parsed
allowed fo ...)
TODO: check
CVE-2025-2134 (IBM Jazz Reporting Service could allow an authenticated user on
the ne ...)
@@ -1474,7 +1474,7 @@ CVE-2026-24449 (For WRC-X1500GS-B and WRC-X1500GSA-B, the
initial passwords can
CVE-2026-24133 (jsPDF is a library to generate PDFs in JavaScript. Prior to
4.1.0, use ...)
- jspdf <itp> (bug #998381)
CVE-2026-24051 (OpenTelemetry-Go is the Go implementation of OpenTelemetry.
The OpenTe ...)
- TODO: check
+ NOT-FOR-US: opentelemetry-go
CVE-2026-24043 (jsPDF is a library to generate PDFs in JavaScript. Prior to
4.1.0, use ...)
- jspdf <itp> (bug #998381)
CVE-2026-24040 (jsPDF is a library to generate PDFs in JavaScript. Prior to
4.1.0, the ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec29b1ca5f401ed6d2eb43ee7c7871b7c8fc0da0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec29b1ca5f401ed6d2eb43ee7c7871b7c8fc0da0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
