Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5fe989bf by Salvatore Bonaccorso at 2026-03-06T22:32:15+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,11 +19,11 @@ CVE-2026-30833 (Rocket.Chat is an open-source, secure,
fully customizable commun
CVE-2026-30831 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
NOT-FOR-US: Rocket.Chat
CVE-2026-2754 (Navtor NavBox exposes sensitive configuration and operational
data due ...)
- TODO: check
+ NOT-FOR-US: Navtor NavBox
CVE-2026-2753 (An Absolute Path Traversal vulnerability exists in Navtor
NavBox. The ...)
- TODO: check
+ NOT-FOR-US: Navtor NavBox
CVE-2026-2752 (Navtor NavBox allows information disclosure via the
/api/ais-data endp ...)
- TODO: check
+ NOT-FOR-US: Navtor NavBox
CVE-2026-29783 (The shell tool within GitHub Copilot CLI versions prior to and
includi ...)
NOT-FOR-US: GitHub Copilot CLI
CVE-2026-29178 (Lemmy, a link aggregator and forum for the fediverse, is
vulnerable to ...)
@@ -47,41 +47,41 @@ CVE-2026-29063 (Immutable.js provides many Persistent
Immutable data structures.
NOTE: Fixed by:
https://github.com/immutable-js/immutable-js/commit/faeb58b0cc71ed351dc51f672a95ae21bc859ef5
(v4.3.8)
NOTE: Fixed by:
https://github.com/immutable-js/immutable-js/commit/94bcd3c79972db4afffd8d1e5aab415880098b05
(v4.3.8)
CVE-2026-28514 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2026-28106 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in K ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-28080 (Missing Authorization vulnerability in Rank Math Rank Math SEO
PRO all ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27777 (Charging station authentication identifiers are publicly
accessible vi ...)
- TODO: check
+ NOT-FOR-US: Mobiliti e-mobi.hu
CVE-2026-27764 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
- TODO: check
+ NOT-FOR-US: Mobiliti e-mobi.hu
CVE-2026-27123
REJECTED
CVE-2026-27027 (Charging station authentication identifiers are publicly
accessible vi ...)
- TODO: check
+ NOT-FOR-US: Everon OCPP Backends
CVE-2026-26288 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
- TODO: check
+ NOT-FOR-US: Everon OCPP Backends
CVE-2026-26051 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
- TODO: check
+ NOT-FOR-US: Mobiliti e-mobi.hu
CVE-2026-26018 (CoreDNS is a DNS server that chains plugins. Prior to version
1.14.2, ...)
TODO: check
CVE-2026-26017 (CoreDNS is a DNS server that chains plugins. Prior to version
1.14.2, ...)
TODO: check
CVE-2026-24696 (The WebSocket Application Programming Interface lacks
restrictions on ...)
- TODO: check
+ NOT-FOR-US: Everon OCPP Backends
CVE-2026-23925 (An authenticated Zabbix user (User role) with template/host
write perm ...)
TODO: check
CVE-2026-20882 (The WebSocket Application Programming Interface lacks
restrictions on ...)
- TODO: check
+ NOT-FOR-US: Mobiliti e-mobi.hu
CVE-2026-20748 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
- TODO: check
+ NOT-FOR-US: Everon OCPP Backends
CVE-2026-1799
REJECTED
CVE-2026-1468 (QuickCMS is vulnerable to Cross-Site Request Forgery across
multiple e ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-70363 (Incorrect access control in the REST API of Ibexa & Ciril
GROUP eZ Pla ...)
- TODO: check
+ NOT-FOR-US: Ibexa & Ciril GROUP eZ Platform / Ciril Platform
CVE-2025-69654 (A crafted JavaScript input executed with the QuickJS release
2025-09-1 ...)
TODO: check
CVE-2025-69653 (A crafted JavaScript input can trigger an internal assertion
failure i ...)
@@ -107,79 +107,79 @@ CVE-2024-35644 (Improper Neutralization of Input During
Web Page Generation (XSS
CVE-2022-4947
REJECTED
CVE-2018-25200 (OOP CMS BLOG 1.0 contains a cross-site request forgery
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: OOP CMS BLOG
CVE-2018-25199 (OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that
allow una ...)
- TODO: check
+ NOT-FOR-US: OOP CMS BLOG
CVE-2018-25198 (eToolz 3.4.8.0 contains a denial of service vulnerability that
allows ...)
- TODO: check
+ NOT-FOR-US: eToolz
CVE-2018-25197 (PlayJoom 0.10.1 contains an SQL injection vulnerability that
allows un ...)
- TODO: check
+ NOT-FOR-US: PlayJoom
CVE-2018-25196 (ServerZilla 1.0 contains an SQL injection vulnerability that
allows un ...)
- TODO: check
+ NOT-FOR-US: ServerZilla
CVE-2018-25194 (Nominas 0.27 contains an SQL injection vulnerability that
allows unaut ...)
- TODO: check
+ NOT-FOR-US: Nominas
CVE-2018-25193 (Mongoose Web Server 6.9 contains a denial of service
vulnerability tha ...)
TODO: check
CVE-2018-25192 (GPS Tracking System 2.12 contains an SQL injection
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: GPS Tracking System
CVE-2018-25191 (Facturation System 1.0 contains an SQL injection vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: Facturation System
CVE-2018-25190 (Easyndexer 1.0 contains a cross-site request forgery
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Easyndexer
CVE-2018-25189 (Data Center Audit 2.6.2 contains an SQL injection
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Data Center Audit
CVE-2018-25188 (Webiness Inventory 2.3 contains an SQL injection vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: Webiness Inventory
CVE-2018-25187 (Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing
unauthent ...)
- TODO: check
+ NOT-FOR-US: Tina4 Stack
CVE-2018-25186 (Tina4 Stack 1.0.3 contains a cross-site request forgery
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Tina4 Stack
CVE-2018-25184 (Surreal ToDo 0.6.1.2 contains a local file inclusion
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Surreal ToDo
CVE-2018-25182 (Silurus Classifieds Script 2.0 contains an SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Silurus Classifieds Script
CVE-2018-25181 (Musicco 2.0.0 contains a path traversal vulnerability that
allows unau ...)
- TODO: check
+ NOT-FOR-US: Musicco
CVE-2018-25180 (Maitra 1.7.2 contains an sql injection vulnerability that
allows authe ...)
- TODO: check
+ NOT-FOR-US: Maitra
CVE-2018-25179 (Gumbo CMS 0.99 contains an SQL injection vulnerability that
allows una ...)
- TODO: check
+ NOT-FOR-US: Gumbo CMS
CVE-2018-25178 (Easyndexer 1.0 contains an arbitrary file download
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Easyndexer
CVE-2018-25177 (Data Center Audit 2.6.2 contains a cross-site request forgery
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Data Center Audit
CVE-2018-25176 (Alive Parish 2.0.4 contains an SQL injection vulnerability
that allows ...)
- TODO: check
+ NOT-FOR-US: Alive Parish
CVE-2018-25175 (Alienor Web Libre 2.0 contains an SQL injection vulnerability
that all ...)
- TODO: check
+ NOT-FOR-US: Alienor Web Libre
CVE-2018-25174 (ABC ERP 0.6.4 contains a cross-site request forgery
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: ABC ERP
CVE-2018-25173 (Rmedia SMS 1.0 contains an SQL injection vulnerability that
allows una ...)
- TODO: check
+ NOT-FOR-US: Rmedia SMS
CVE-2018-25172 (Pedidos 1.0 contains an SQL injection vulnerability that
allows unauth ...)
- TODO: check
+ NOT-FOR-US: Pedidos
CVE-2018-25171 (EdTv 2 contains an SQL injection vulnerability that allows
unauthentic ...)
- TODO: check
+ NOT-FOR-US: EdTv
CVE-2018-25170 (DoceboLMS 1.2 contains an SQL injection vulnerability that
allows unau ...)
- TODO: check
+ NOT-FOR-US: DoceboLMS
CVE-2018-25169 (AMPPS 2.7 contains a denial of service vulnerability that
allows remot ...)
- TODO: check
+ NOT-FOR-US: AMPPS
CVE-2018-25168 (Precurio Intranet Portal 2.0 contains a cross-site request
forgery vul ...)
- TODO: check
+ NOT-FOR-US: Precurio Intranet Portal
CVE-2018-25167 (Net-Billetterie 2.9 contains an SQL injection vulnerability in
the log ...)
- TODO: check
+ NOT-FOR-US: Net-Billetterie
CVE-2018-25166 (Meneame English Pligg 5.8 contains an SQL injection
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Meneame English Pligg
CVE-2018-25165 (Galaxy Forces MMORPG 0.5.8 contains an SQL injection
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Galaxy Forces MMORPG
CVE-2018-25164 (EverSync 0.5 contains an arbitrary file download vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: EverSync
CVE-2018-25163 (BitZoom 1.0 contains an SQL injection vulnerability that
allows unauth ...)
- TODO: check
+ NOT-FOR-US: BitZoom
CVE-2018-25162 (2-Plan Team 1.0.4 contains an arbitrary file upload
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: 2-Plan Team
CVE-2018-25161 (Warranty Tracking System 11.06.3 contains an SQL injection
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Warranty Tracking System
CVE-2026-27139
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
@@ -327,17 +327,17 @@ CVE-2026-28802 (Authlib is a Python library which builds
OAuth and OpenID Connec
NOTE: Introduced with:
https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75
(v1.6.0)
NOTE: Fixed by:
https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7
(v1.6.7)
CVE-2026-28801 (Natro Macro is an open-source Bee Swarm Simulator macro
written in Aut ...)
- TODO: check
+ NOT-FOR-US: Natro Macro
CVE-2026-28800 (Natro Macro is an open-source Bee Swarm Simulator macro
written in Aut ...)
- TODO: check
+ NOT-FOR-US: Natro Macro
CVE-2026-28799 (PJSIP is a free and open source multimedia communication
library writt ...)
TODO: check
CVE-2026-28795 (OpenChatBI is an intelligent chat-based BI tool powered by
large langu ...)
NOT-FOR-US: OpenChatBI
CVE-2026-28794 (oRPC is an tool that helps build APIs that are end-to-end
type-safe an ...)
- TODO: check
+ NOT-FOR-US: oRPC
CVE-2026-28787 (OneUptime is a solution for monitoring and managing online
services. I ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-28785 (Ghostfolio is an open source wealth management software. Prior
to vers ...)
NOT-FOR-US: Ghostfolio
CVE-2026-28727 (Local privilege escalation due to insecure Unix socket
permissions. Th ...)
@@ -379,13 +379,13 @@ CVE-2026-28710 (Sensitive information disclosure and
manipulation due to imprope
CVE-2026-28709 (Unauthorized resource manipulation due to improper
authorization check ...)
NOT-FOR-US: Acronis
CVE-2026-28685 (Kimai is a web-based multi-user time-tracking application.
Prior to ve ...)
- TODO: check
+ NOT-FOR-US: Kimai
CVE-2026-28683 (Gokapi is a self-hosted file sharing server with automatic
expiration ...)
NOT-FOR-US: Gokapi
CVE-2026-28682 (Gokapi is a self-hosted file sharing server with automatic
expiration ...)
NOT-FOR-US: Gokapi
CVE-2026-28681 (Internet Routing Registry daemon version 4 is an IRR database
server, ...)
- TODO: check
+ NOT-FOR-US: Internet Routing Registry daemon (iird)
CVE-2026-28680 (Ghostfolio is an open source wealth management software. Prior
to vers ...)
NOT-FOR-US: Ghostfolio
CVE-2026-28679 (Home-Gallery.org is a self-hosted open-source web gallery to
browse pe ...)
@@ -409,7 +409,7 @@ CVE-2026-28501 (WWBN AVideo is an open source video
platform. Prior to version 2
CVE-2026-28497 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for
Win32. Pri ...)
NOT-FOR-US: TinyWeb
CVE-2026-28492 (File Browser provides a file managing interface within a
specified dir ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-28486 (OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a
path traver ...)
NOT-FOR-US: OpenClaw
CVE-2026-28485 (OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce
mandator ...)
@@ -483,23 +483,23 @@ CVE-2026-28447 (OpenClaw versions 2026.1.29-beta.1 prior
to 2026.2.1 contain a p
CVE-2026-28446 (OpenClaw versions prior to 2026.2.1 with the voice-call
extension inst ...)
NOT-FOR-US: OpenClaw
CVE-2026-28443 (OpenReplay is a self-hosted session replay suite. Prior to
version 1.2 ...)
- TODO: check
+ NOT-FOR-US: OpenReplay
CVE-2026-28442 (ZimaOS is a fork of CasaOS, an operating system for Zima
devices and x ...)
- TODO: check
+ NOT-FOR-US: ZimaOS
CVE-2026-28438 (CocoIndex is a data transformation framework for AI. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: CocoIndex
CVE-2026-28436 (Frappe is a full-stack web application framework. Prior to
versions 16 ...)
NOT-FOR-US: Frappe
CVE-2026-28429 (Talishar is a fan-made Flesh and Blood project. Prior to
commit 6be387 ...)
- TODO: check
+ NOT-FOR-US: Talishar
CVE-2026-28428 (Talishar is a fan-made Flesh and Blood project. Prior to
commit a9c218 ...)
- TODO: check
+ NOT-FOR-US: Talishar
CVE-2026-28413 (Products.isurlinportal is a replacement for isURLInPortal
method in Pl ...)
- TODO: check
+ NOT-FOR-US: Products.isurlinportal for Plone
CVE-2026-28410 (The Graph is an indexing protocol for querying networks like
Ethereum, ...)
TODO: check
CVE-2026-28405 (MarkUs is a web application for the submission and grading of
student ...)
- TODO: check
+ NOT-FOR-US: MarkUs
CVE-2026-28395 (OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an
improper ne ...)
NOT-FOR-US: OpenClaw
CVE-2026-28394 (OpenClaw versions prior to 2026.2.15 contain a denial of
service vulne ...)
@@ -511,55 +511,55 @@ CVE-2026-28392 (OpenClaw versions prior to 2026.2.14
contain a privilege escalat
CVE-2026-28391 (OpenClaw versions prior to 2026.2.2 fail to properly validate
Windows ...)
NOT-FOR-US: OpenClaw
CVE-2026-27807 (MarkUs is a web application for the submission and grading of
student ...)
- TODO: check
+ NOT-FOR-US: MarkUs
CVE-2026-27778 (The WebSocket Application Programming Interface lacks
restrictions on ...)
- TODO: check
+ NOT-FOR-US: ePower epower.ie
CVE-2026-27770 (Charging station authentication identifiers are publicly
accessible vi ...)
- TODO: check
+ NOT-FOR-US: ePower epower.ie
CVE-2026-27605 (Chartbrew is an open-source web application that can connect
directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-27603 (Chartbrew is an open-source web application that can connect
directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-27005 (Chartbrew is an open-source web application that can connect
directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-26125 (Payment Orchestrator Service Elevation of Privilege
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26124 ('.../...//' in Azure Compute Gallery allows an authorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26122 (Initialization of a resource with an insecure default in Azure
Compute ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-25962 (MarkUs is a web application for the submission and grading of
student ...)
- TODO: check
+ NOT-FOR-US: MarkUs
CVE-2026-25888 (Chartbrew is an open-source web application that can connect
directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-25887 (Chartbrew is an open-source web application that can connect
directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-25877 (Chartbrew is an open-source web application that can connect
directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-24912 (The WebSocket backend uses charging station identifiers to
uniquely as ...)
- TODO: check
+ NOT-FOR-US: ePower epower.ie
CVE-2026-23651 (Permissive regular expression in Azure Compute Gallery allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-22723 (Inappropriate user token revocation due to a logic error in
the token ...)
- TODO: check
+ NOT-FOR-US: Cloudfoundry
CVE-2026-22552 (WebSocket endpoints lack proper authentication mechanisms,
enabling at ...)
- TODO: check
+ NOT-FOR-US: ePower epower.ie
CVE-2026-21622 (Insufficient Session Expiration vulnerability in hexpm
hexpm/hexpm ('E ...)
- TODO: check
+ NOT-FOR-US: hexpm
CVE-2026-21536 (Microsoft Devices Pricing Program Remote Code Execution
Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-1128 (The WP eCommerce WordPress plugin through 3.15.1 does not have
CSRF ch ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0848 (NLTK versions <=3.9.2 are vulnerable to arbitrary code
execution due t ...)
TODO: check
CVE-2025-70995 (An issue in Aranda Service Desk Web Edition (ASDK API 8.6)
allows auth ...)
- TODO: check
+ NOT-FOR-US: Aranda Service Desk Web Edition
CVE-2025-70949 (An observable timing discrepancy in @perfood/couch-auth
v0.26.0 allows ...)
- TODO: check
+ NOT-FOR-US: perfood/couch-auth
CVE-2025-70948 (A host header injection vulnerability in the mailer component
of @perf ...)
- TODO: check
+ NOT-FOR-US: perfood/couch-auth
CVE-2025-70614 (OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2
contain ...)
- TODO: check
+ NOT-FOR-US: OpenCode Systems OC Messaging / USSD Gateway OC
CVE-2025-59544 (Chamilo is a learning management system. Prior to version
1.11.34, the ...)
NOT-FOR-US: Chamilo LMS
CVE-2025-59543 (Chamilo is a learning management system. Prior to version
1.11.34, the ...)
@@ -701,11 +701,11 @@ CVE-2026-25921 (Gogs is an open source self-hosted Git
service. Prior to version
CVE-2026-25048 (xgrammar is an open-source library for efficient, flexible,
and portab ...)
TODO: check
CVE-2026-24457 (An unsafe parsing of OpenMQ's configuration, allows a remote
attacker ...)
- TODO: check
+ NOT-FOR-US: OpenMQ
CVE-2026-21628 (A improperly secured file management feature allows uploads of
dangero ...)
NOT-FOR-US: Joomla
CVE-2026-21621 (Incorrect Authorization vulnerability in hexpm hexpm/hexpm
('Elixir.He ...)
- TODO: check
+ NOT-FOR-US: hexpm
CVE-2026-1720 (The WowOptin: Next-Gen Popup Maker \u2013 Create Stunning
Popups and O ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1605 (In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5,
class Gzi ...)
@@ -714,7 +714,7 @@ CVE-2026-1605 (In Eclipse Jetty, versions 12.0.0-12.0.31
and 12.1.0-12.0.5, clas
CVE-2025-7375 (A denial-of-service (DoS) vulnerability was identified in Omada
EAP610 ...)
NOT-FOR-US: TPLink
CVE-2025-70616 (A stack buffer overflow vulnerability exists in the Wincor
Nixdorf wnB ...)
- TODO: check
+ NOT-FOR-US: Wincor Nixdorf
CVE-2025-70233 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
NOT-FOR-US: D-Link
CVE-2025-70232 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
@@ -740,13 +740,13 @@ CVE-2025-69534 (Python-Markdown version 3.8 contain a
vulnerability where malfor
NOTE:
https://github.com/python/cpython/commit/381159b2beabbd6b3c0babe4d7ba7fbdeb23ce06
(v3.14.0b2)
NOTE:
https://github.com/python/cpython/commit/aa0c3d1098e7fdcc74b753aadf18dd07ddbc76b0
(v3.13.4)
CVE-2025-64166 (Mercurius is a GraphQL adapter for Fastify. Prior to version
16.4.0, a ...)
- TODO: check
+ NOT-FOR-US: Mercurius
CVE-2025-45691 (An Arbitrary File Read vulnerability exists in the
ImageTextPromptValu ...)
TODO: check
CVE-2025-29165 (An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker
to escal ...)
NOT-FOR-US: D-Link
CVE-2025-13476 (Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows
v25.6.0.0\u ...)
- TODO: check
+ NOT-FOR-US: Viber
CVE-2025-13350 (Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage
collector but b ...)
- linux <not-affected> (Ubuntu-specific backport issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/03/05/7
@@ -756,7 +756,7 @@ CVE-2025-11143 (The Jetty URI parser has some key
differences to other common pa
- jetty <removed>
NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh
CVE-2024-43035 (Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to
read arb ...)
- TODO: check
+ NOT-FOR-US: Fonoster
CVE-2026-3523 (The Apocalypse Meow plugin for WordPress is vulnerable to SQL
Injectio ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3072 (The Media Library Assistant plugin for WordPress is vulnerable
to unau ...)
@@ -1749,11 +1749,11 @@ CVE-2025-59784 (2N Access Commander version 3.4.1 and
prior is vulnerable to log
CVE-2025-59783 (API endpoint for user synchronization in 2N Access Commander
version 3 ...)
NOT-FOR-US: 2N Access Commander
CVE-2025-40896 (The server certificate was not verified when an Arc agent
connected to ...)
- TODO: check
+ NOT-FOR-US: Arc
CVE-2025-40895 (A Stored HTML Injection vulnerability was discovered in the
CMC's Sens ...)
- TODO: check
+ NOT-FOR-US: CMC
CVE-2025-40894 (A Stored HTML Injection vulnerability was discovered in the
Alerted No ...)
- TODO: check
+ NOT-FOR-US: Guardian, CMC
CVE-2025-15558 (Docker CLI for Windows searches for plugin binaries in
C:\ProgramData\ ...)
NOT-FOR-US: Docker CLI for Windows
CVE-2025-12801 (A vulnerability was recently discovered in the rpc.mountd
daemon in th ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fe989bf767969592dbcf046cf1f0bbd0eb8fff5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fe989bf767969592dbcf046cf1f0bbd0eb8fff5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
