Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3064d51f by Salvatore Bonaccorso at 2026-03-16T22:55:44+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -77,19 +77,19 @@ CVE-2026-3644 (The fix for CVE-2026-0672, which rejected
control characters in h
CVE-2026-3476 (A Code Injection vulnerability affecting SOLIDWORKS Desktop
from Relea ...)
NOT-FOR-US: Dassault Systemes
CVE-2026-3111 (Insecure Direct Object Reference (IDOR) vulnerability in Campus
Educat ...)
- TODO: check
+ NOT-FOR-US: Campus Educativa
CVE-2026-3110 (Insecure Direct Object Reference (IDOR) vulnerability in Campus
Educat ...)
- TODO: check
+ NOT-FOR-US: Campus Educativa
CVE-2026-3024 (Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma
web appl ...)
- TODO: check
+ NOT-FOR-US: Wakyma web application
CVE-2026-3023 (Non-relational SQL injection vulnerability (NoSQLi) in the
Wakyma web ...)
- TODO: check
+ NOT-FOR-US: Wakyma web application
CVE-2026-3022 (Non-relational SQL injection vulnerability (NoSQLi) in the
Wakyma web ...)
- TODO: check
+ NOT-FOR-US: Wakyma web application
CVE-2026-3021 (Non-relational SQL injection vulnerability (NoSQLi) in the
Wakyma web ...)
- TODO: check
+ NOT-FOR-US: Wakyma web application
CVE-2026-3020 (Identity based authorization bypass vulnerability (IDOR) that
allows a ...)
- TODO: check
+ NOT-FOR-US: Wakyma web application
CVE-2026-32587 (Missing Authorization vulnerability in Saad Iqbal WP EasyPay
allows Ex ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-32583 (Missing Authorization vulnerability in Webnus Inc. Modern
Events Calen ...)
@@ -135,15 +135,15 @@ CVE-2026-2455 (Mattermost versions 11.3.x <= 11.3.0,
11.2.x <= 11.2.2, 10.11.x <
CVE-2026-2326
REJECTED
CVE-2026-29521 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a
cross-s ...)
- TODO: check
+ NOT-FOR-US: Hereta
CVE-2026-29520 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a
reflect ...)
- TODO: check
+ NOT-FOR-US: Hereta
CVE-2026-29516 (Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and
prior c ...)
- TODO: check
+ NOT-FOR-US: Buffalo TeraStation NAS TS5400R firmware
CVE-2026-29513 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a
stored ...)
- TODO: check
+ NOT-FOR-US: Hereta
CVE-2026-29510 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a
stored ...)
- TODO: check
+ NOT-FOR-US: Hereta
CVE-2026-28498 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
TODO: check
CVE-2026-28490 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
@@ -189,31 +189,31 @@ CVE-2025-69727 (An Incorrect Access Control vulnerability
exists in INDEX-EDUCAT
CVE-2025-69693 (Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder
(libavco ...)
TODO: check
CVE-2025-69246 (Raytha CMS does not have any brute force protection mechanism
implemen ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69245 (Raytha CMS is vulnerable to Reflected XSS via
returnUrlparameter in lo ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69243 (Raytha CMS is vulnerable to User Enumeration in password reset
functio ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69242 (Raytha CMS is vulnerable to reflected XSS via the
backToListUrlparamet ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69241 (Raytha CMS is vulnerable to Stored XSS viaFirstName and
LastNameparame ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69240 (Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or
`Host` he ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69239 (Raytha CMS is vulnerable to Server-Side Request Forgery in
the\u201cTh ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69238 (Raytha CMS is vulnerable to Cross-Site Request Forgery across
multiple ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69237 (Raytha CMS is vulnerable to Stored XSS viaFieldValues[0].Value
paramet ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69236 (Raytha CMS is vulnerable to Stored XSS via
FieldValues[1].Value parame ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69196 (FastMCP is the standard framework for building MCP
applications. Prior ...)
- TODO: check
+ NOT-FOR-US: FastMCP
CVE-2025-68971 (In Forgejo through 13.0.3, the attachment component allows a
denial of ...)
TODO: check
CVE-2025-66687 (Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due
to miss ...)
- TODO: check
+ NOT-FOR-US: Doom Launcher
CVE-2025-65734 (An authenticated arbitrary file upload vulnerability in the
Courses/Wo ...)
TODO: check
CVE-2025-62319 (Boolean-Based SQL Injection is a type of blind SQL injection
where an ...)
@@ -257,7 +257,7 @@ CVE-2025-15553 (Non-working logout functionality in
Truesec\u2019s LAPSWebUI bef
CVE-2025-15552 (Insufficient Session Expiration in Truesec\u2019s LAPSWebUI
before ver ...)
TODO: check
CVE-2025-15540 ("Functions" module in Raytha CMS allows privileged users
towrite custo ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-11500 (Tinycontrol devices such as tcPDU andLAN Controllers LK3.5,
LK3.9 and ...)
TODO: check
CVE-2025-10685 (Heap-based buffer overflow vulnerability in Softing Industrial
Automat ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3064d51fcabe21a38bcc38eedff89f2f50976a9a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3064d51fcabe21a38bcc38eedff89f2f50976a9a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
