Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e885cb9 by Moritz Muehlenhoff at 2026-02-06T11:27:42+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6,15 +6,15 @@ CVE-2026-XXXX [RUSTSEC-2026-0008]
NOTE: https://github.com/advisories/GHSA-j39j-6gw9-jw6h
NOTE: https://github.com/rust-lang/git2-rs/pull/1213
CVE-2026-2010 (A vulnerability has been found in Sanluan PublicCMS up to
4.0.202506.d ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2026-2009 (A flaw has been found in SourceCodester Gas Agency Management
System 1 ...)
NOT-FOR-US: SourceCodester
CVE-2026-2008 (A vulnerability was detected in abhiphile fermat-mcp up to
47f11def1cd ...)
- TODO: check
+ NOT-FOR-US: fermat-mcp
CVE-2026-2000 (A vulnerability was found in DCN DCME-320 up to 20260121.
Impacted is ...)
- TODO: check
+ NOT-FOR-US: DCN DCME-320
CVE-2026-25815 (Fortinet FortiOS through 7.6.6 allows attackers to decrypt
LDAP creden ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-25698
REJECTED
CVE-2026-25697
@@ -30,47 +30,47 @@ CVE-2026-25693
CVE-2026-25692
REJECTED
CVE-2026-24302 (Azure Arc Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24300 (Azure Front Door Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23623 (Collabora Online is a collaborative online office suite based
on Libre ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2026-21626 (Access control settings for forum post custom fields are not
applied t ...)
NOT-FOR-US: Joomla
CVE-2026-21532 (Azure Function Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-1998 (A flaw has been found in micropython up to 1.27.0. This
vulnerability ...)
TODO: check
CVE-2026-1991 (A vulnerability was detected in libuvc up to 0.0.7. Affected is
the fu ...)
TODO: check
CVE-2026-1990 (A security vulnerability has been detected in oatpp up to
1.3.1. This ...)
- TODO: check
+ NOT-FOR-US: oatpp
CVE-2026-1979 (A flaw has been found in mruby up to 3.4.0. This affects the
function ...)
TODO: check
CVE-2026-1978 (A vulnerability was detected in kalyan02 NanoCMS up to 0.4.
Affected b ...)
- TODO: check
+ NOT-FOR-US: NanoCMS
CVE-2026-1977 (A security vulnerability has been detected in isaacwasserman
mcp-vegal ...)
- TODO: check
+ NOT-FOR-US: mcp-vegalite-server
CVE-2026-1976 (A weakness has been identified in Free5GC up to 4.1.0. Affected
is the ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-1975 (A security flaw has been discovered in Free5GC up to 4.1.0.
This impac ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-1974 (A vulnerability was identified in Free5GC up to 4.1.0. This
affects th ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-1973 (A vulnerability was determined in Free5GC up to 4.1.0. The
impacted el ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-1972 (A vulnerability was found in Edimax BR-6208AC 2_1.02. The
affected ele ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-1971 (A vulnerability has been found in Edimax BR-6288ACL up to 1.12.
Impact ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-1970 (A flaw has been found in Edimax BR-6258n up to 1.18. This issue
affect ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-1964 (A vulnerability was determined in WeKan up to 8.20. This
impacts an un ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1963 (A vulnerability was found in WeKan up to 8.20. This affects an
unknown ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1962 (A vulnerability has been found in WeKan up to 8.20. The
impacted eleme ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1909 (The WaveSurfer-WP plugin for WordPress is vulnerable to Stored
Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1888 (The Docus \u2013 YouTube Video Playlist plugin for WordPress is
vulner ...)
@@ -84,9 +84,9 @@ CVE-2026-1279 (The Employee Directory plugin for WordPress is
vulnerable to Stor
CVE-2026-1228 (The Timeline Block \u2013 Beautiful Timeline Builder for
WordPress (Ve ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0598 (A security flaw was identified in the Ansible Lightspeed API
conversat ...)
- TODO: check
+ NOT-FOR-US: Ansible-lightspeed
CVE-2026-0521 (A reflected cross-site scripting (XSS) vulnerability in the PDF
export ...)
- TODO: check
+ NOT-FOR-US: TYDAC MAP+
CVE-2026-0391 (User interface (ui) misrepresentation of critical information
in Micro ...)
NOT-FOR-US: Microsoft
CVE-2026-0106 (In vpu_mmap of vpu_ioctl, there is a possible arbitrary address
mmap d ...)
@@ -96,9 +96,9 @@ CVE-2025-68458 (Webpack is a module bundler. From version
5.49.0 to before 5.104
CVE-2025-68157 (Webpack is a module bundler. From version 5.49.0 to before
5.104.0, wh ...)
TODO: check
CVE-2025-32393 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2025-15566 (A security issue was discovered in ingress-nginxwhere the
`nginx.ingre ...)
- TODO: check
+ NOT-FOR-US: Kubernetes ingress-nginx
CVE-2025-12131 (A truncated 802.15.4 packet can lead to an assert, resulting
in a deni ...)
NOT-FOR-US: Silicon Labs
CVE-2025-10753 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for
WordPres ...)
@@ -122,7 +122,7 @@ CVE-2026-1654 (The Peter's Date Countdown plugin for
WordPress is vulnerable to
CVE-2026-1523 (Path Traversal vulnerability in Digitek ADT1100 and Digitek
DT950 from ...)
NOT-FOR-US: Digitek
CVE-2026-1517 (A vulnerability was identified in iomad up to 5.0. Affected is
an unkn ...)
- TODO: check
+ NOT-FOR-US: iomad
CVE-2026-1319 (The Robin Image Optimizer \u2013 Unlimited Image Optimization &
WebP C ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1301 (In builds with PubSub and JSON enabled, a crafted JSON message
can cau ...)
@@ -222,67 +222,67 @@ CVE-2025-13416 (The ProfileGrid \u2013 User Profiles,
Groups and Communities plu
CVE-2025-13379 (IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL
injection. ...)
NOT-FOR-US: IBM
CVE-2020-37152 (PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site
scripting (X ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2020-37151 (phpMyChat Plus 1.98 contains a SQL injection vulnerability in
the delu ...)
- TODO: check
+ NOT-FOR-US: phpMyChat Plus
CVE-2020-37150 (Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated
attackers to acc ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2020-37149 (Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site
request for ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2020-37148 (P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from
a store ...)
- TODO: check
+ NOT-FOR-US: P5
CVE-2020-37145 (HRSALE 1.1.8 contains a cross-site request forgery
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: HRSALE
CVE-2020-37144 (Exagate SYSGuard 6001 contains a cross-site request forgery
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Exagate
CVE-2020-37143 (ProficySCADA for iOS 5.0.25920 contains a denial of service
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: ProficySCADA
CVE-2020-37142 (10-Strike Network Inventory Explorer 8.54 contains a
structured except ...)
- TODO: check
+ NOT-FOR-US: 10-Strike Network Inventory Explorer
CVE-2020-37140 (Everest, later referred to as AIDA64, 5.50.2100 contains a
denial of s ...)
- TODO: check
+ NOT-FOR-US: Everest
CVE-2020-37139 (Odin Secure FTP Expert 7.6.3 contains a local denial of
service vulner ...)
- TODO: check
+ NOT-FOR-US: Odin Secure FTP Expert
CVE-2020-37138 (10-Strike Network Inventory Explorer 9.03 contains a buffer
overflow v ...)
- TODO: check
+ NOT-FOR-US: 10-Strike Network Inventory Explorer
CVE-2020-37137 (PHP-Fusion 9.03.50 contains a remote code execution
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2020-37136 (ZOC Terminal 7.25.5 contains a denial of service vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: ZOC Terminal
CVE-2020-37134 (UltraVNC Viewer 1.2.4.0 contains a denial of service
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2020-37133 (UltraVNC Launcher 1.2.4.0 contains a denial of service
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2020-37132 (UltraVNC Launcher 1.2.4.0 contains a denial of service
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2020-37131 (Nsauditor Product Key Explorer 4.2.2.0 contains a denial of
service vu ...)
- TODO: check
+ NOT-FOR-US: Nsauditor
CVE-2020-37130 (Nsauditor 3.2.0.0 contains a denial of service vulnerability
in the re ...)
- TODO: check
+ NOT-FOR-US: Nsauditor
CVE-2020-37129 (Memu Play 7.1.3 contains an insecure folder permissions
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Memu Play
CVE-2020-37128 (ZOC Terminal 7.25.5 contains a script processing vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: ZOC Terminal
CVE-2020-37127 (Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability
in the d ...)
TODO: check
CVE-2020-37126 (Free Desktop Clock 3.0 contains a stack overflow vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: Free Desktop Clock
CVE-2020-37125 (Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code
execution vulner ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2020-37124 (B64dec 1.1.2 contains a buffer overflow vulnerability that
allows atta ...)
TODO: check
CVE-2020-37123 (Pinger 1.0 contains a remote code execution vulnerability that
allows ...)
TODO: check
CVE-2020-37121 (CODE::BLOCKS 16.01 contains a buffer overflow vulnerability
that allow ...)
- TODO: check
+ NOT-FOR-US: CODE::BLOCKS
CVE-2020-37120 (Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: Rubo DICOM Viewer
CVE-2020-37119 (Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nsauditor
CVE-2020-37118 (P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request
forgery v ...)
- TODO: check
+ NOT-FOR-US: P5
CVE-2020-37117 (jizhiCMS 1.6.7 contains a file download vulnerability in the
admin plu ...)
- TODO: check
+ NOT-FOR-US: jizhiCMS
CVE-2026-21727
- grafana <removed>
CVE-2026-25585 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e885cb9060fd0d2c70f852f4815a70ec66292f3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e885cb9060fd0d2c70f852f4815a70ec66292f3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
