Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
867d84f8 by Salvatore Bonaccorso at 2026-03-18T22:35:36+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-3278 (Improper neutralization of input during web page
generation ('cro
CVE-2026-3090 (The Post SMTP \u2013 Complete Email Deliverability and SMTP
Solution w ...)
NOT-FOR-US: WordPress plugin
CVE-2026-33265 (In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for
both the Li ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2026-33004 (Jenkins LoadNinja Plugin 2.1 and earlier does not mask
LoadNinja API k ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-33003 (Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API
keys une ...)
@@ -71,19 +71,19 @@ CVE-2026-31963 (HTSlib is a library for reading and writing
bioinformatics file
CVE-2026-31962 (HTSlib is a library for reading and writing bioinformatics
file format ...)
TODO: check
CVE-2026-30704 (The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
exposes an ...)
- TODO: check
+ NOT-FOR-US: WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
CVE-2026-30703 (A command injection vulnerability exists in the web management
interfa ...)
- TODO: check
+ NOT-FOR-US: WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
CVE-2026-30702 (The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
implements ...)
- TODO: check
+ NOT-FOR-US: WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
CVE-2026-30701 (The web interface of the WiFi Extender WDR201A (HW V2.1, FW
LFMZX28040 ...)
- TODO: check
+ NOT-FOR-US: WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
CVE-2026-30695 (A Cross-Site Scripting (XSS) vulnerability exists in the
web-based con ...)
- TODO: check
+ NOT-FOR-US: Zucchetti
CVE-2026-30345 (A zip slip vulnerability in the Admin import functionality of
CTFd v3. ...)
- TODO: check
+ NOT-FOR-US: CTFd
CVE-2026-30048 (A stored cross-site scripting (XSS) vulnerability exists in
the NotCha ...)
- TODO: check
+ NOT-FOR-US: NotChatbot WebChat widget
CVE-2026-2992 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2991 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
@@ -93,11 +93,11 @@ CVE-2026-2559 (The Post SMTP plugin for WordPress is
vulnerable to unauthorized
CVE-2026-2512 (The Code Embed plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2026-29859 (An arbitrary file upload vulnerability in aaPanel v7.57.0
allows attac ...)
- TODO: check
+ NOT-FOR-US: aaPanel
CVE-2026-29858 (A lack of path validation in aaPanel v7.57.0 allows attackers
to execu ...)
- TODO: check
+ NOT-FOR-US: aaPanel
CVE-2026-29856 (An issue in the VirtualHost configuration handling/parser
component of ...)
- TODO: check
+ NOT-FOR-US: aaPanel
CVE-2026-27135 (nghttp2 is an implementation of the Hypertext Transfer
Protocol versio ...)
TODO: check
CVE-2026-26948 (Dell Integrated Dell Remote Access Controller 9, 14G versions
prior to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/867d84f88710ff33243bceaac238a3a535cd4f21
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/867d84f88710ff33243bceaac238a3a535cd4f21
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
