Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
11d5e3e8 by Salvatore Bonaccorso at 2026-02-27T09:54:54+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -61,7 +61,7 @@ CVE-2026-3262 (A vulnerability has been found in go2ismail
Asp.Net-Core-Inventor
CVE-2026-3261 (A flaw has been found in itsourcecode School Management System
1.0. Th ...)
NOT-FOR-US: itsourcecode System
CVE-2026-3037 (An OS command injection vulnerability exists in XWEB Pro
version 1.12. ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-2428 (The Fluent Forms Pro Add On Pack plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-28370 (In the query parser in OpenStack Vitrage before 12.0.1,
13.0.0, 14.0.0 ...)
@@ -75,15 +75,15 @@ CVE-2026-28364 (In OCaml before 4.14.3 and 5.x before
5.4.1, a buffer over-read
CVE-2026-28363 (In OpenClaw before 2026.2.23, tools.exec.safeBins validation
for sort ...)
NOT-FOR-US: OpenClaw
CVE-2026-28280 (osctrl is an osquery management solution. Prior to version
0.5.0, a st ...)
- TODO: check
+ NOT-FOR-US: osctrl
CVE-2026-28279 (osctrl is an osquery management solution. Prior to version
0.5.0, an O ...)
- TODO: check
+ NOT-FOR-US: osctrl
CVE-2026-28276 (Initiative is a self-hosted project management platform. An
access con ...)
- TODO: check
+ NOT-FOR-US: Initiative
CVE-2026-28275 (Initiative is a self-hosted project management platform.
Versions of t ...)
- TODO: check
+ NOT-FOR-US: Initiative
CVE-2026-28274 (Initiative is a self-hosted project management platform.
Versions of t ...)
- TODO: check
+ NOT-FOR-US: Initiative
CVE-2026-28269 (Kiteworks is a private data network (PDN). Prior to version
9.2.0, avu ...)
NOT-FOR-US: Kiteworks
CVE-2026-28230 (SteVe is an open-source EV charging station management system.
In vers ...)
@@ -99,27 +99,27 @@ CVE-2026-28219 (Discourse is an open source discussion
platform. Prior to versio
CVE-2026-28218 (Discourse is an open source discussion platform. Prior to
versions 202 ...)
NOT-FOR-US: Discourse
CVE-2026-28217 (hoppscotch is an open source API development ecosystem. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-28216 (hoppscotch is an open source API development ecosystem. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-28215 (hoppscotch is an open source API development ecosystem. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-28213 (EverShop is a TypeScript-first eCommerce platform. Versions
prior to 2 ...)
NOT-FOR-US: EverShop
CVE-2026-28211 (The NVDA Dev & Test Toolbox is an NVDA add-on for gathering
tools to h ...)
- TODO: check
+ NOT-FOR-US: NVDA Dev & Test Toolbox
CVE-2026-28208 (Junrar is an open source java RAR archive library. Prior to
version 7. ...)
- TODO: check
+ NOT-FOR-US: Junrar
CVE-2026-28207 (Zen C is a systems programming language that compiles to
human-readabl ...)
TODO: check
CVE-2026-27839 (wger is a free, open-source workout and fitness manager. In
versions u ...)
- TODO: check
+ NOT-FOR-US: wger
CVE-2026-27838 (wger is a free, open-source workout and fitness manager. Five
routine ...)
- TODO: check
+ NOT-FOR-US: wger
CVE-2026-27835 (wger is a free, open-source workout and fitness manager. In
versions u ...)
- TODO: check
+ NOT-FOR-US: wger
CVE-2026-27776 (IM-LogicDesigner module of intra-mart Accel Platform contains
insecure ...)
- TODO: check
+ NOT-FOR-US: IM-LogicDesigner module of intra-mart Accel Platform
CVE-2026-27773 (Charging station authentication identifiers are publicly
accessible vi ...)
TODO: check
CVE-2026-27772 (WebSocket endpoints lack proper authentication mechanisms,
enabling a ...)
@@ -127,13 +127,13 @@ CVE-2026-27772 (WebSocket endpoints lack proper
authentication mechanisms, enabl
CVE-2026-27767 (WebSocket endpoints lack proper authentication mechanisms,
enabling a ...)
TODO: check
CVE-2026-27653 (The installers for multiple products provided by Soliton
Systems K.K. ...)
- TODO: check
+ NOT-FOR-US: Soliton
CVE-2026-27652 (The WebSocket backend uses charging station identifiers to
uniquely a ...)
TODO: check
CVE-2026-27647 (The WebSocket backend uses charging station identifiers to
uniquely a ...)
TODO: check
CVE-2026-27638 (Actual is a local-first personal finance tool. Prior to
version 26.2.1 ...)
- TODO: check
+ NOT-FOR-US: Actual
CVE-2026-27457 (Weblate is a web based localization tool. Prior to version
5.16.1, the ...)
TODO: check
CVE-2026-27449 (Umbraco Engage is a business intelligence platform. A
vulnerability ha ...)
@@ -171,53 +171,53 @@ CVE-2026-25774 (Charging station authentication
identifiers are publicly accessi
CVE-2026-25741 (Zulip is an open-source team collaboration tool. Prior to
commit bf28c ...)
TODO: check
CVE-2026-25721 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-25711 (The WebSocket backend uses charging station identifiers to
uniquely a ...)
TODO: check
CVE-2026-25196 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-25195 (An OS command injection vulnerability exists in XWEB Pro
version 1 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-25114 (The WebSocket Application Programming Interface lacks
restrictions on ...)
TODO: check
CVE-2026-25113 (The WebSocket Application Programming Interface lacks
restrictions on ...)
TODO: check
CVE-2026-25111 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-25109 (An OS command injection vulnerability exists in XWEB Pro
version 1. ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-25105 (An OS command injection vulnerability exists in XWEB Pro
version ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-25085 (A vulnerability exists in Copeland XWEB Pro version 1.12.1 and
prior, ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-25037 (An OS command injection vulnerability exists in XWEB Pro
version 1.1 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-24731 (WebSocket endpoints lack proper authentication mechanisms,
enabling a ...)
TODO: check
CVE-2026-24695 (An OS command injection vulnerability exists in XWEB Pro
version ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-24689 (An OS command injection vulnerability exists in XWEB Pro
version 1.1 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-24663 (An OS command injection vulnerability exists in XWEB Pro
version 1.12. ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-24517 (An OS command injection vulnerability exists in XWEB Pro
version 1. ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-24498 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
TODO: check
CVE-2026-24497 (Stack-based Buffer Overflow vulnerability in SimTech Systems,
Inc. Thi ...)
TODO: check
CVE-2026-24452 (An OS command injection vulnerability exists in XWEB Pro
version 1.1 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-24445 (The WebSocket Application Programming Interface lacks
restrictions on ...)
TODO: check
CVE-2026-23702 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-22890 (Charging station authentication identifiers are publicly
accessible vi ...)
TODO: check
CVE-2026-22878 (Charging station authentication identifiers are publicly
accessible vi ...)
TODO: check
CVE-2026-22877 (An arbitrary file-read vulnerability exists in XWEB Pro
version 1.12.1 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-22207 (OpenViking through version 0.1.18, prior to
commit0251c70,contains a b ...)
TODO: check
CVE-2026-22206 (SPIP versions prior to 4.4.10 contain a SQL injection
vulnerability th ...)
@@ -225,17 +225,17 @@ CVE-2026-22206 (SPIP versions prior to 4.4.10 contain a
SQL injection vulnerabil
CVE-2026-22205 (SPIP versions prior to 4.4.10 contain an authentication bypass
vulnera ...)
TODO: check
CVE-2026-21718 (An authentication bypass vulnerability exists in Copeland XWEB
Pro ve ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-21389 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-20910 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-20902 (An OS command injection vulnerability exists in XWEB Pro
version 1 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-20895 (The WebSocket backend uses charging station identifiers to
uniquely a ...)
TODO: check
CVE-2026-20797 (A stack based buffer overflow exists in an API route of XWEB
Pro versi ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-20792 (The WebSocket Application Programming Interface lacks
restrictions on ...)
TODO: check
CVE-2026-20791 (Charging station authentication identifiers are publicly
accessible vi ...)
@@ -243,9 +243,9 @@ CVE-2026-20791 (Charging station authentication identifiers
are publicly accessi
CVE-2026-20781 (WebSocket endpoints lack proper authentication mechanisms,
enabling a ...)
TODO: check
CVE-2026-20764 (An OS command injection vulnerability exists in XWEB Pro
version 1.12 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-20742 (An OS command injection vulnerability exists in XWEB Pro
version 1.1 ...)
- TODO: check
+ NOT-FOR-US: XWEB Pro
CVE-2026-20733 (Charging station authentication identifiers are publicly
accessible vi ...)
TODO: check
CVE-2026-1585 (An unquoted Windows service executable path vulnerability in IJ
Scan U ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d5e3e8752e89a6491509d2d28abb72d7558fc1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11d5e3e8752e89a6491509d2d28abb72d7558fc1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
