Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
504dc0ae by security tracker role at 2026-03-23T20:14:00+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,9 +7,9 @@ CVE-2026-4633 (A flaw was found in Keycloak. A remote attacker
can exploit diffe
CVE-2026-4628 (A flaw was found in Keycloak. An improper Access Control
vulnerability ...)
TODO: check
CVE-2026-4596 (A vulnerability was identified in projectworlds Lawyer
Management Syst ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2026-4595 (A vulnerability was determined in code-projects Exam Form
Submission 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4594 (A vulnerability has been found in erupts erupt up to 1.13.3.
Affected ...)
TODO: check
CVE-2026-4593 (A flaw has been found in erupts erupt bis 1.13.3. Affected by
this vul ...)
@@ -37,9 +37,9 @@ CVE-2026-4583 (A vulnerability was detected in Shenzhen HCC
Technology MPOS M6 P
CVE-2026-4582 (A security vulnerability has been detected in Shenzhen HCC
Technology ...)
TODO: check
CVE-2026-4581 (A weakness has been identified in code-projects Simple Laundry
System ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4580 (A security flaw has been discovered in code-projects Simple
Laundry Sy ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4404 (Use of hard coded credentials in GoHarbor Harbor version 2.15.0
and be ...)
TODO: check
CVE-2026-3635 (Summary When trustProxy is configured with a restrictive trust
functio ...)
@@ -123,11 +123,11 @@ CVE-2026-32968 (Due to the improper neutralisation of
special elements used in a
CVE-2026-32879 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
TODO: check
CVE-2026-32852 (MailEnable versions prior to10.55 contain a reflected
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2026-32851 (MailEnable versions prior to10.55 contain a reflected
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2026-32850 (MailEnable versions prior to10.55 contain a reflected
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: MailEnable
CVE-2026-32845 (cgltf version 1.15 and prior contain an integer overflow
vulnerability ...)
TODO: check
CVE-2026-31851 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 does ...)
@@ -151,7 +151,7 @@ CVE-2026-30007 (XnSoft NConvert 7.230 is vulnerable to
Use-After-Free via a craf
CVE-2026-30006 (XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun
via a craf ...)
TODO: check
CVE-2026-2298 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2026-28809 (XML External Entity (XXE) vulnerability in esaml (and its
forks) allow ...)
TODO: check
CVE-2026-27131 (The Sprig Plugin for Craft CMS is a reactive Twig component
framework ...)
@@ -175,25 +175,25 @@ CVE-2025-41008 (SQL injection vulnerability in Sinturno.
This vulnerability allo
CVE-2025-41007 (SQL Injection in Cuantis. This vulnerability allows an
attacker to ret ...)
TODO: check
CVE-2025-15606 (A Denial-of-Service (DoS) vulnerability in the httpd component
of TP-L ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2025-15605 (A hardcoded cryptographic key within the configuration
mechanism on TP ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2025-15519 (Improper input handling in a modem-management administrative
CLI comma ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2025-15518 (Improper input handling in a wireless-control administrative
CLI comma ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2025-15517 (A missing authentication check in the HTTP server on TP-Link
Archer NX ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2024-51226 (A stored cross-site scripting (XSS) vulnerability in the
component /ad ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51225 (A stored cross-site scripting (XSS) vulnerability in the
component /ad ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51224 (Multiple cross-site scripting (XSS) vulnerabilities in the
component / ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51223 (A stored cross-site scripting (XSS) vulnerability in the
component /ad ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-51222 (A stored cross-site scripting (XSS) vulnerability in the
component /ad ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2024-46879 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
the POS ...)
TODO: check
CVE-2024-46878 (A Cross-Site Scripting (XSS) vulnerability exists in the page
paramete ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/504dc0ae6e78a7cb325d0d0f133bfd6cfd2c623a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/504dc0ae6e78a7cb325d0d0f133bfd6cfd2c623a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
