Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e255969 by security tracker role at 2026-03-26T20:17:55+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,17 +7,17 @@ CVE-2026-4897 (A flaw was found in polkit. A local user can
exploit this by prov
CVE-2026-4887 (A flaw was found in GIMP. This issue is a heap buffer over-read
in GIM ...)
TODO: check
CVE-2026-4877 (A security flaw has been discovered in itsourcecode Payroll
Management ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4876 (A vulnerability was identified in itsourcecode Free Hotel
Reservation ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4875 (A vulnerability was determined in itsourcecode Free Hotel
Reservation ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4867 (Impact: A bad regular expression is generated any time you
have three ...)
TODO: check
CVE-2026-4862 (A security vulnerability has been detected in UTT HiPER 1250GW
up to 3 ...)
TODO: check
CVE-2026-4861 (A weakness has been identified in Wavlink WL-NU516U1 260227.
This vuln ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2026-4860 (A security flaw has been discovered in 648540858
wvp-GB28181-pro up to ...)
TODO: check
CVE-2026-4809 (plank/laravel-mediable through version 6.4.0 can allow upload
of a dan ...)
@@ -131,7 +131,7 @@ CVE-2026-33009 (EVerest is an EV charging software stack.
Versions prior to 2026
CVE-2026-32857 (Firecrawl version 2.8.0 and prior contain a server-side
request forger ...)
TODO: check
CVE-2026-32846 (OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains
a path t ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32287 (Boolean XPath expressions that evaluate to true can cause an
infinite ...)
TODO: check
CVE-2026-32286 (The DataRow.Decode function fails to properly validate field
lengths. ...)
@@ -149,11 +149,11 @@ CVE-2026-30457 (An issue in the /parser/dwoo component of
Daylight Studio FuelCM
CVE-2026-30162 (Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via
crafted lin ...)
TODO: check
CVE-2026-2511 (The JS Help Desk \u2013 AI-Powered Support & Ticketing System
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2389 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2231 (The Fluent Booking plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29976 (Buffer Overflow vulnerability in ZerBea hcxpcapngtool v.
7.0.1-43-g2ee ...)
TODO: check
CVE-2026-29969 (A cross-site scripting (XSS) vulnerability in the
wff_cols_pref.css.as ...)
@@ -171,9 +171,9 @@ CVE-2026-29044 (EVerest is an EV charging software stack.
Prior to version 2026.
CVE-2026-28503 (Tandoor Recipes is an application for managing recipes,
planning meals ...)
TODO: check
CVE-2026-28298 (SolarWinds Observability Self-Hosted was found to be affected
by a sto ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2026-28297 (SolarWinds Observability Self-Hosted was found to be affected
by a sto ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2026-27828 (EVerest is an EV charging software stack. Prior to version
2026.02.0, ...)
TODO: check
CVE-2026-27816 (EVerest is an EV charging software stack. Prior to versions to
2026.02 ...)
@@ -185,9 +185,9 @@ CVE-2026-27814 (EVerest is an EV charging software stack.
Versions prior to 2026
CVE-2026-27813 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
TODO: check
CVE-2026-27664 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-27663 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-26213 (thingino-firmware versions up to the firmware-2026-03-16
release conta ...)
TODO: check
CVE-2026-26074 (EVerest is an EV charging software stack. Versions prior to
2026.02.0 ...)
@@ -213,41 +213,41 @@ CVE-2026-22593 (EVerest is an EV charging software stack.
Prior to version 2026.
CVE-2026-1961 (A flaw was found in Foreman. A remote attacker could exploit a
command ...)
TODO: check
CVE-2026-1032 (The Conditional Menus plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-55277 (HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated
Versions ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55276 (HCL Aftermarket DPC is affected by Internal IP Disclosure
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55275 (HCL Aftermarket DPC is affected by Admin Session Concurrency
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55274 (HCL Aftermarket DPC is affected by Cross-Origin Resource
Sharing vulne ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55273 (HCL Aftermarket DPC is affected by Cross Domain Script Include
vulnera ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55272 (HCL Aftermarket DPC is affected by Banner Disclosure
vulnerability whe ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55271 (HCL Aftermarket DPC is affected by HTTP Response Splitting
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55270 (HCL Aftermarket DPC is affected by Improper Input Validation
which all ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55269 (HCL Aftermarket DPC is affected by Weak Password Policy
vulnerability, ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55268 (HCL Aftermarket DPC is affected by Spamming Vulnerability
which can al ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55267 (HCL Aftermarket DPC is affected by Unrestricted File Upload
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55266 (HCL Aftermarket DPC is affected by Session Fixation which
allows attac ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55265 (HCL Aftermarket DPC is affected by File Discovery which allows
attacke ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55264 (HCL Aftermarket DPC is affected by Failure to Invalidate
Session on Pa ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55263 (HCL Aftermarket DPC is affected by Hardcoded Sensitive Data
which allo ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55262 (HCL Aftermarket DPC is affected by SQL Injection which allows
attacker ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-55261 (HCL Aftermarket DPC is affected by Missing Functional Level
Access Con ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-41368 (Problem in the Small HTTP Server v3.06.36 service. An
authenticated pa ...)
TODO: check
CVE-2025-41359 (Vulnerability related to an unquoted service path in Small
HTTP Server ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e255969102d0eaa4836ff102b076f228ebfbefb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e255969102d0eaa4836ff102b076f228ebfbefb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
