Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d1e663d by Moritz Muehlenhoff at 2026-03-12T11:18:56+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2026-4014 (A security flaw has been discovered in
itsourcecode Cafe Reservat
CVE-2026-4013 (A vulnerability was identified in SourceCodester Web-based
Pharmacy Pr ...)
NOT-FOR-US: SourceCodester
CVE-2026-4012 (A vulnerability was determined in rxi fe up to
ed4cda96bd582cbb0852096 ...)
- TODO: check
+ NOT-FOR-US: rxi fe
CVE-2026-4010 (A vulnerability was found in ThakeeNathees pocketlang up to
cc73ca61b1 ...)
NOT-FOR-US: ThakeeNathees pocketlang
CVE-2026-4009 (A vulnerability has been found in jarikomppa soloud up to
20200207. Im ...)
@@ -19,7 +19,7 @@ CVE-2026-3993 (A security vulnerability has been detected in
itsourcecode Payrol
CVE-2026-3992 (A weakness has been identified in CodeGenieApp
serverless-express up t ...)
NOT-FOR-US: CodeGenieApp serverless-express
CVE-2026-3990 (A security flaw has been discovered in CesiumGS CesiumJS up to
1.137.0 ...)
- TODO: check
+ NOT-FOR-US: CesiumJS
CVE-2026-3984 (A weakness has been identified in Campcodes Division Regional
Athletic ...)
NOT-FOR-US: Campcodes
CVE-2026-3983 (A security flaw has been discovered in Campcodes Division
Regional Ath ...)
@@ -170,17 +170,17 @@ CVE-2026-3657 (The My Sticky Bar plugin for WordPress is
vulnerable to SQL injec
CVE-2026-3226 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2026-32136 (AdGuard Home is a network-wide software for blocking ads and
tracking. ...)
- TODO: check
+ NOT-FOR-US: AdGuard Home
CVE-2026-32133 (2FAuth is a web app to manage Two-Factor Authentication (2FA)
accounts ...)
- TODO: check
+ NOT-FOR-US: 2FAuth
CVE-2026-32132 (ZITADEL is an open source identity management platform. Prior
to 3.4.8 ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-32131 (ZITADEL is an open source identity management platform. Prior
to 3.4.8 ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-32130 (ZITADEL is an open source identity management platform. From
2.68.0 to ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-32128 (FastGPT is an AI Agent building platform. In 4.14.7 and
earlier, FastG ...)
- TODO: check
+ NOT-FOR-US: FastGPT
CVE-2026-32127 (OpenEMR is a free and open source electronic health records
and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-32126 (OpenEMR is a free and open source electronic health records
and medica ...)
@@ -200,25 +200,25 @@ CVE-2026-32118 (OpenEMR is a free and open source
electronic health records and
CVE-2026-32117 (The grafanacubism-panel plugin allows use of cubism.js in
Grafana. In ...)
TODO: check
CVE-2026-32112 (ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the
ha-mcp OAut ...)
- TODO: check
+ NOT-FOR-US: ha-mcp
CVE-2026-32111 (ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the
ha-mcp OAut ...)
- TODO: check
+ NOT-FOR-US: ha-mcp
CVE-2026-32110 (SiYuan is a personal knowledge management system. Prior to
3.6.0, the ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-32109 (Copyparty is a portable file server. Prior to 1.20.12, if an
attacker ...)
- TODO: check
+ NOT-FOR-US: Copyparty
CVE-2026-32108 (Copyparty is a portable file server. Prior to 1.20.12, there
was a mis ...)
- TODO: check
+ NOT-FOR-US: Copyparty
CVE-2026-32106 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
- TODO: check
+ NOT-FOR-US: StudioCMS
CVE-2026-32104 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
- TODO: check
+ NOT-FOR-US: StudioCMS
CVE-2026-32103 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
- TODO: check
+ NOT-FOR-US: StudioCMS
CVE-2026-32102 (OliveTin gives access to predefined shell commands from a web
interfac ...)
- TODO: check
+ NOT-FOR-US: OliveTin
CVE-2026-32101 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
- TODO: check
+ NOT-FOR-US: StudioCMS
CVE-2026-31988 (yauzl (aka Yet Another Unzip Library) version 3.2.0 for
Node.js contai ...)
TODO: check
CVE-2026-2808 (HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10
and 1.22. ...)
@@ -666,7 +666,7 @@ CVE-2026-31812 (Quinn is a pure-Rust, async-compatible
implementation of the IET
CVE-2026-31809 (SiYuan is a personal knowledge management system. Prior to
3.5.10, SiY ...)
NOT-FOR-US: SiYuan
CVE-2026-31808 (file-type detects the file type of a file, stream, or data.
Prior to 2 ...)
- TODO: check
+ NOT-FOR-US: Node file-type
CVE-2026-31807 (SiYuan is a personal knowledge management system. Prior to
3.5.10, SiY ...)
NOT-FOR-US: SiYuan
CVE-2026-31801 (zot is ancontainer image/artifact registry based on the Open
Container ...)
@@ -690,7 +690,7 @@ CVE-2026-30953 (LinkAce is a self-hosted archive to collect
website links. When
CVE-2026-30952 (liquidjs is a Shopify / GitHub Pages compatible template
engine in pur ...)
TODO: check
CVE-2026-30951 (Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Sequelize
CVE-2026-30949 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-30948 (Parse Server is an open source backend that can be deployed to
any inf ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d1e663d917a355fcad5e700a1c350d460750ce3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d1e663d917a355fcad5e700a1c350d460750ce3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
