Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc15bcdd by Moritz Muehlenhoff at 2026-03-12T22:38:16+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,9 +29,9 @@ CVE-2026-3059 (SGLang's multimodal generation module is
vulnerable to unauthenti
CVE-2026-32274 (Black is the uncompromising Python code formatter. Prior to
26.3.1, Bl ...)
TODO: check
CVE-2026-32269 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-32260 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
From 2.7.0 ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-32259 (ImageMagick is free and open-source software used for editing
and mani ...)
TODO: check
CVE-2026-32251 (Tolgee is an open-source localization platform. Prior to
3.166.3, the ...)
@@ -39,7 +39,7 @@ CVE-2026-32251 (Tolgee is an open-source localization
platform. Prior to 3.166.3
CVE-2026-32249 (Vim is an open source, command line text editor. From 9.1.0011
to befo ...)
TODO: check
CVE-2026-32248 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-32247 (Graphiti is a framework for building and querying temporal
context gra ...)
TODO: check
CVE-2026-32246 (Tinyauth is an authentication and authorization server. Prior
to 5.0.3 ...)
@@ -47,35 +47,35 @@ CVE-2026-32246 (Tinyauth is an authentication and
authorization server. Prior to
CVE-2026-32245 (Tinyauth is an authentication and authorization server. Prior
to 5.0.3 ...)
TODO: check
CVE-2026-32242 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-32240 (Cap'n Proto is a data interchange format and capability-based
RPC syst ...)
TODO: check
CVE-2026-32239 (Cap'n Proto is a data interchange format and capability-based
RPC syst ...)
TODO: check
CVE-2026-32237 (Backstage is an open framework for building developer portals.
Prior t ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2026-32236 (Backstage is an open framework for building developer portals.
Prior t ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2026-32235 (Backstage is an open framework for building developer portals.
Prior t ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2026-32232 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is
a Dangl ...)
- TODO: check
+ NOT-FOR-US: ZeptoClaw
CVE-2026-32231 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the
generic webh ...)
- TODO: check
+ NOT-FOR-US: ZeptoClaw
CVE-2026-32230 (Uptime Kuma is an open source, self-hosted monitoring tool.
From 2.0.0 ...)
TODO: check
CVE-2026-32142 (Shopware is an open commerce platform. /api/_info/config route
exposes ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2026-32141 (flatted is a circular JSON parser. Prior to 3.4.0, flatted's
parse() f ...)
TODO: check
CVE-2026-32140 (Dataease is an open source data visualization analysis tool.
Prior to ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-32139 (Dataease is an open source data visualization analysis tool.
In DataEa ...)
NOT-FOR-US: DataEase
CVE-2026-32138 (NEXULEAN is a cybersecurity portfolio & service platform for
an Ethica ...)
TODO: check
CVE-2026-32137 (Dataease is an open source data visualization analysis tool.
Prior to ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-32129 (soroban-poseidon provides Poseidon and Poseidon2 cryptographic
hash fu ...)
TODO: check
CVE-2026-32116 (Magic Wormhole makes it possible to get arbitrary-sized files
and dire ...)
@@ -97,63 +97,63 @@ CVE-2026-2514 (In Progress Flowmon ADS versions prior to
12.5.5 and 13.0.3, a vu
CVE-2026-2513 (A vulnerability exists in Progress Flowmon ADS versions prior
to 12.5. ...)
NOT-FOR-US: Progress Software
CVE-2026-29066 (Tina is a headless content management system. Prior to 2.1.8,
the Tina ...)
- TODO: check
+ NOT-FOR-US: Tina CMS (different from src:tina)
CVE-2026-28793 (Tina is a headless content management system. Prior to 2.1.8,
the Tina ...)
- TODO: check
+ NOT-FOR-US: Tina CMS (different from src:tina)
CVE-2026-28792 (Tina is a headless content management system. Prior to 2.1.8 ,
the Tin ...)
- TODO: check
+ NOT-FOR-US: Tina CMS (different from src:tina)
CVE-2026-28791 (Tina is a headless content management system. Prior to 2.1.7,
a path t ...)
- TODO: check
+ NOT-FOR-US: Tina CMS (different from src:tina)
CVE-2026-28384 (An improper sanitization of the compression_algorithm
parameter in Can ...)
TODO: check
CVE-2026-28256 (A Use of Hard-coded, Security-relevant Constants vulnerability
in Tran ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2026-28255 (A Use of Hard-coded Credentials vulnerability in Trane Tracer
SC, Trac ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2026-28254 (A Missing Authorization vulnerability in Trane Tracer SC,
Tracer SC+, ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2026-28253 (A Memory Allocation with Excessive Size Value vulnerability in
Trane T ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2026-28252 (A Use of a Broken or Risky Cryptographic Algorithm
vulnerability in Tr ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2026-27940 (llama.cpp is an inference of several LLM models in C/C++.
Prior to b81 ...)
TODO: check
CVE-2026-26795 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a
command inject ...)
- TODO: check
+ NOT-FOR-US: GL-iNet GL-AR300M16
CVE-2026-26794 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL
injection ...)
- TODO: check
+ NOT-FOR-US: GL-iNet GL-AR300M16
CVE-2026-26793 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a
command inject ...)
- TODO: check
+ NOT-FOR-US: GL-iNet GL-AR300M16
CVE-2026-26792 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple
command ...)
- TODO: check
+ NOT-FOR-US: GL-iNet GL-AR300M16
CVE-2026-26791 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a
command inject ...)
- TODO: check
+ NOT-FOR-US: GL-iNet GL-AR300M16
CVE-2026-25529 (Postal is an open source SMTP server. Postal versions less
than 3.3.5 ...)
- TODO: check
+ NOT-FOR-US: Postal SMTP server (not the same as src:postal)
CVE-2026-24125 (Tina is a headless content management system. Prior to 2.1.2,
TinaCMS ...)
- TODO: check
+ NOT-FOR-US: Tina
CVE-2026-21887 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2026-21708 (A vulnerability allowing a Backup Viewer to perform remote
code execut ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21672 (A vulnerability allowing local privilege escalation on
Windows-based V ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21671 (A vulnerability allowing an authenticated user with the Backup
Adminis ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21670 (A vulnerability allowing a low-privileged user to extract
saved SSH cr ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21669 (A vulnerability allowing an authenticated domain user to
perform remot ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21668 (A vulnerability allowing an authenticated domain user to
bypass restri ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21667 (A vulnerability allowing an authenticated domain user to
perform remot ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21666 (A vulnerability allowing an authenticated domain user to
perform remot ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-1525 (Undici allows duplicate HTTPContent-Lengthheaders when they are
provid ...)
TODO: check
CVE-2026-0809 (Use of a custom token encoding algorithm in Streamsoft
Presti\u017c so ...)
- TODO: check
+ NOT-FOR-US: Streamsoft Prestiz
CVE-2025-70873 (An information disclosure issue in the zipfileInflate function
in the ...)
TODO: check
CVE-2025-70245 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10
via the cu ...)
@@ -167,87 +167,87 @@ CVE-2025-13913 (Inductive Automation Ignition Softwareis
vulnerable to an unauth
CVE-2025-13462 (The "tarfile" module would still apply normalization of
AREGTYPE (\x00 ...)
TODO: check
CVE-2019-25543 (Netartmedia Real Estate Portal 5.0 contains an SQL injection
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25542 (Netartmedia Real Estate Portal 5.0 contains a SQL injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25541 (Netartmedia PHP Mall 4.1 contains multiple SQL injection
vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25540 (Netartmedia PHP Mall 4.1 contains multiple SQL injection
vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25539 (202CMS v10 beta contains a blind SQL injection vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: 202CMS
CVE-2019-25538 (202CMS v10 beta contains an SQL injection vulnerability that
allows un ...)
- TODO: check
+ NOT-FOR-US: 202CMS
CVE-2019-25537 (Netartmedia Event Portal 2.0 contains a time-based blind SQL
injection ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25536 (Netartmedia PHP Real Estate Agency 4.0 contains an SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25535 (Netartmedia PHP Dating Site contains a SQL injection
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25534 (Netartmedia PHP Car Dealer contains an SQL injection
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25533 (Netartmedia PHP Business Directory 4.2 contains an SQL
injection vulne ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25532 (Netartmedia Jobs Portal 6.1 contains an SQL injection
vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25531 (Netartmedia Deals Portal contains an SQL injection
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25530 (uHotelBooking System contains an SQL injection vulnerability
that allo ...)
- TODO: check
+ NOT-FOR-US: uHotelBooking System
CVE-2019-25529 (Placeto CMS Alpha rv.4 contains an SQL injection vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: Placeto CMS
CVE-2019-25528 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: Inout EasyRooms Ultimate Edition
CVE-2019-25527 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: Inout EasyRooms Ultimate Edition
CVE-2019-25526 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: Inout EasyRooms Ultimate Edition
CVE-2019-25525 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: Inout EasyRooms Ultimate Edition
CVE-2019-25524 (XooGallery Latest contains an SQL injection vulnerability that
allows ...)
- TODO: check
+ NOT-FOR-US: XooDigital
CVE-2019-25523 (XooGallery Latest contains an SQL injection vulnerability that
allows ...)
- TODO: check
+ NOT-FOR-US: XooDigital
CVE-2019-25522 (XooGallery Latest contains multiple SQL injection
vulnerabilities that ...)
- TODO: check
+ NOT-FOR-US: XooDigital
CVE-2019-25521 (XooGallery Latest contains an SQL injection vulnerability that
allows ...)
- TODO: check
+ NOT-FOR-US: XooDigital
CVE-2019-25520 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an
authentication b ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25519 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25518 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25517 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25516 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25515 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an
authentication b ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25514 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25513 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25512 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25511 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25510 (Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an
authentication b ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25509 (XooDigital Latest contains an SQL injection vulnerability that
allows ...)
- TODO: check
+ NOT-FOR-US: XooDigital
CVE-2019-25508 (Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL
injection vul ...)
- TODO: check
+ NOT-FOR-US: Jettweb Php Hazir Ilan Sitesi Scripti
CVE-2019-25488 (Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL
injection vu ...)
- TODO: check
+ NOT-FOR-US: (Jettweb Hazir Rent A Car Scripti
CVE-2019-25482 (Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Rent A Car Sitesi Scripti
CVE-2019-25481 (iScripts ReserveLogic contains an SQL injection vulnerability
that all ...)
- TODO: check
+ NOT-FOR-US: iScripts ReserveLogic
CVE-2019-25479 (Inout RealEstate contains an SQL injection vulnerability that
allows u ...)
- TODO: check
+ NOT-FOR-US: Inout RealEstate
CVE-2019-25473 (Clinic Pro contains a SQL injection vulnerability that allows
authenti ...)
- TODO: check
+ NOT-FOR-US: Clinic Pro
CVE-2026-28356 (multipart is a fast multipart/form-data parser for python.
Prior to 1. ...)
{DSA-6161-1}
- multipart 1.3.1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc15bcdd26b68cd79855187764595adc833a08db
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc15bcdd26b68cd79855187764595adc833a08db
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
