Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
06946bc2 by security tracker role at 2026-03-28T08:14:04+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,35 +17,35 @@ CVE-2026-4990 (A security vulnerability has been detected
in chatwoot up to 4.11
CVE-2026-4988 (A security flaw has been discovered in Open5GS 2.7.6. This
issue affec ...)
TODO: check
CVE-2026-4987 (The SureForms \u2013 Contact Form, Payment Form & Other Custom
Form Bu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4985 (A vulnerability was identified in dloebl CGIF up to 0.5.2. This
vulner ...)
TODO: check
CVE-2026-4984 (The Twilio integration webhook handler accepts any POST request
withou ...)
TODO: check
CVE-2026-4982 (A user with permission "update world" in any Venueless world is
able t ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-4980 (A local file disclosure vulnerability in the XInclude
processing compo ...)
TODO: check
CVE-2026-4976 (A vulnerability was found in Totolink LR350
9.3.5u.6369_B20220309. Thi ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-4975 (A vulnerability has been found in Tenda AC15 15.03.05.19. This
affects ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4974 (A flaw has been found in Tenda AC7 15.03.06.44. Affected by
this issue ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4973 (A vulnerability was detected in SourceCodester Online Quiz
System up t ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-4972 (A security vulnerability has been detected in code-projects
Online Rev ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4971 (A weakness has been identified in SourceCodester Note Taking
App up to ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-4970 (A security flaw has been discovered in code-projects Social
Networking ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4969 (A vulnerability was identified in code-projects Social
Networking Site ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4968 (A vulnerability was determined in SourceCodester Diary App 1.0.
The af ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-4966 (A flaw has been found in itsourcecode Free Hotel Reservation
System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4965 (A vulnerability was detected in letta-ai letta 0.16.4. This
issue affe ...)
TODO: check
CVE-2026-4964 (A security vulnerability has been detected in letta-ai letta
0.16.4. T ...)
@@ -55,9 +55,9 @@ CVE-2026-4963 (A weakness has been identified in huggingface
smolagents 1.25.0.d
CVE-2026-4962 (A security flaw has been discovered in UltraVNC up to 1.6.4.0.
Affecte ...)
TODO: check
CVE-2026-4961 (A vulnerability was identified in Tenda AC6 15.03.05.16.
Affected by t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4960 (A vulnerability was determined in Tenda AC6 15.03.05.16.
Affected is t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4959 (A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts
the fu ...)
TODO: check
CVE-2026-4958 (A vulnerability has been found in OpenBMB XAgent 1.0.0. This
affects t ...)
@@ -73,31 +73,31 @@ CVE-2026-4954 (A security vulnerability has been detected
in mingSoft MCMS up to
CVE-2026-4953 (A weakness has been identified in mingSoft MCMS up to 5.5.0.
This issu ...)
TODO: check
CVE-2026-4933 (Incorrect Authorization vulnerability in Drupal Unpublished
Node Permi ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-4910 (A security vulnerability has been detected in Shenzhen Ruiming
Technol ...)
TODO: check
CVE-2026-4909 (A weakness has been identified in code-projects Exam Form
Submission 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4908 (A security flaw has been discovered in code-projects Simple
Laundry Sy ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4907 (A vulnerability was identified in Page-Replica Page Replica up
to e4a7 ...)
TODO: check
CVE-2026-4906 (A vulnerability was determined in Tenda AC5 15.03.06.47. The
affected ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4905 (A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is
the fu ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4904 (A vulnerability has been found in Tenda AC5 15.03.06.47. This
issue af ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4903 (A flaw has been found in Tenda AC5 15.03.06.47. This
vulnerability aff ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4902 (A vulnerability was detected in Tenda AC5 15.03.06.47. This
affects th ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4900 (A weakness has been identified in code-projects Online Food
Ordering S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4899 (A security flaw has been discovered in code-projects Online
Food Order ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4898 (A vulnerability was identified in code-projects Online Food
Ordering S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4622 (OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm
Series ...)
TODO: check
CVE-2026-4621 (Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm
Series ...)
@@ -107,39 +107,39 @@ CVE-2026-4620 (OS Command Injection vulnerability in NEC
Platforms, Ltd. Aterm S
CVE-2026-4619 (Path Traversal vulnerability in NEC Platforms, Ltd. Aterm
Series allow ...)
TODO: check
CVE-2026-4393 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Automated Lo ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-4346 (The vulnerability affecting TL-WR850N v3 allows cleartext
storage of a ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-4340
REJECTED
CVE-2026-4309 (Missing Authorization vulnerability in NEC Platforms, Ltd.
Aterm Serie ...)
TODO: check
CVE-2026-4248 (The Ultimate Member plugin for WordPress is vulnerable to
Sensitive In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3622 (The vulnerability exists in the UPnP component of TL-WR841N
v14, where ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-3573 (Incorrect Authorization vulnerability in Drupal AI (Artificial
Intelli ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3532 (Improper Handling of Case Sensitivity vulnerability in Drupal
OpenID C ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3531 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3530 (Server-Side Request Forgery (SSRF) vulnerability in Drupal
OpenID Conn ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3529 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3528 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3527 (Missing Authentication for Critical Function vulnerability in
Drupal A ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3526 (Incorrect Authorization vulnerability in Drupal File Access Fix
(depre ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3525 (Incorrect Authorization vulnerability in Drupal File Access Fix
(depre ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3457 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2026-3098 (The Smart Slider 3 plugin for WordPress is vulnerable to
Arbitrary Fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-34475 (Varnish Cache before 8.0.1 and Varnish Enterprise before
6.0.16r12, in ...)
TODO: check
CVE-2026-34411 (Appsmith versions prior to 1.98 expose sensitive instance
management A ...)
@@ -191,7 +191,7 @@ CVE-2026-33993 (Locutus brings stdlibs of other programming
languages to JavaScr
CVE-2026-33992 (pyLoad is a free and open-source download manager written in
Python. P ...)
TODO: check
CVE-2026-33991 (WeGIA is a web manager for charitable institutions. Prior to
version 3 ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-33989 (Mobile Next is an MCP server for mobile development and
automation. Pr ...)
TODO: check
CVE-2026-33981 (changedetection.io is a free open source web page change
detection too ...)
@@ -429,7 +429,7 @@ CVE-2026-32669 (Code injection vulnerability exists in
BUFFALO Wi-Fi router prod
CVE-2026-32241 (Flannel is a network fabric for containers, designed for
Kubernetes. T ...)
TODO: check
CVE-2026-32187 (Microsoft Edge (Chromium-based) Defense in Depth Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-31951 (LibreChat is a ChatGPT clone with additional features. In
versions 0.8 ...)
TODO: check
CVE-2026-31950 (LibreChat is a ChatGPT clone with additional features. In
versions 0.8 ...)
@@ -443,35 +443,35 @@ CVE-2026-30689 (A blog.admin v.8.0 and before system's
getinfobytoken API interf
CVE-2026-30637 (Server-Side Request Forgery (SSRF) vulnerability exists in the
AnnounC ...)
TODO: check
CVE-2026-30576 (A Business Logic vulnerability exists in SourceCodester
Pharmacy Produ ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30575 (A Business Logic vulnerability exists in SourceCodester
Pharmacy Produ ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30574 (A Business Logic vulnerability exists in SourceCodester
Pharmacy Produ ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30571 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30570 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30569 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30568 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30567 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30534 (A SQL Injection vulnerability exists in SourceCodester Online
Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30533 (A SQL Injection vulnerability exists in SourceCodester Online
Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30532 (A SQL Injection vulnerability exists in SourceCodester Online
Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30531 (A SQL Injection vulnerability exists in SourceCodester Online
Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30530 (A SQL Injection vulnerability exists in SourceCodester Online
Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30529 (A SQL Injection vulnerability exists in SourceCodester Online
Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30527 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
SourceCode ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30407
REJECTED
CVE-2026-30304 (In its design for automatic terminal command execution, AI
Code offers ...)
@@ -511,7 +511,7 @@ CVE-2026-27876 (A chained attack via SQL Expressions and a
Grafana Enterprise pl
CVE-2026-27650 (OS Command Injection vulnerability exists in BUFFALO Wi-Fi
router prod ...)
TODO: check
CVE-2026-27309 (Substance3D - Stager versions 3.1.7 and earlier are affected
by a Use ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-26061 (Fleet is open source device management software. Prior to
4.81.0, Flee ...)
TODO: check
CVE-2026-26060 (Fleet is open source device management software. Prior to
4.81.0, a vu ...)
@@ -525,21 +525,21 @@ CVE-2026-25099 (Bludit\u2019s API plugin allows an
authenticated attacker with a
CVE-2026-23399 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
TODO: check
CVE-2026-22744 (InRedisFilterExpressionConverterofspring-ai-redis-store, when
a user-c ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-22743 (Spring AI'sspring-ai-neo4j-storecontains a Cypher injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-22742 (Spring AI's spring-ai-bedrock-conversecontains a Server-Side
Request F ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-22738 (In Spring AI, a SpEL injection vulnerability exists
inSimpleVectorStor ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-1679 (The eswifi socket offload driver copies user-provided payloads
into a ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-1496 (Vulnerable versions of Coverity Connect lack an error handler
in the a ...)
- TODO: check
+ NOT-FOR-US: Black Duck
CVE-2026-1307 (The Ninja Forms - The Contact Form Builder That Grows With You
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0748 (In the Drupal 7 Internationalization (i18n) module, the
i18n_node subm ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-69988 (BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect
Access Cont ...)
TODO: check
CVE-2025-69986 (A buffer overflow vulnerability exists in the ONVIF
GetStreamUri funct ...)
@@ -555,25 +555,25 @@ CVE-2025-15615 (Wazuh Manager authd service in
wazuh-manager packages through ve
CVE-2025-15612 (Wazuh provisioning scripts and Dockerfiles contain an insecure
transpo ...)
TODO: check
CVE-2025-15445 (The Restaurant Cafeteria WordPress theme through 0.4.6 exposes
insecur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15381 (In the latest version of mlflow/mlflow, when the `basic-auth`
app is e ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2025-13478 (Cache misconfiguration vulnerability in OpenText Identity
Manager on W ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-12886 (The Oxygen Theme theme for WordPress is vulnerable to
Server-Side Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-14028 (Use after free vulnerability in Softing smartLink HW-DP or
smartLink H ...)
- TODO: check
+ NOT-FOR-US: Softing
CVE-2024-11604 (Insertion of Sensitive Information into Log File vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2023-7340 (Wazuh authd contains a heap-buffer overflow vulnerability that
allows ...)
TODO: check
CVE-2023-7339 (Stack-based buffer overflow vulnerability in Softing Industrial
Automa ...)
- TODO: check
+ NOT-FOR-US: Softing
CVE-2019-25652 (UniFi Network Controller before version 5.10.22 and 5.11.x
before 5.11 ...)
TODO: check
CVE-2019-25651 (Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding
5.6.42), ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti
CVE-2026-33375 (The Grafana MSSQL data source plugin contains a logic flaw
that allows ...)
NOT-FOR-US: Grafana MMSQL Data Source Plugin
CVE-2026-28377 (A vulnerability in Grafana Tempo exposes the S3 SSE-C
encryption key i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06946bc29e6c36be387feacbb438298b3a115670
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06946bc29e6c36be387feacbb438298b3a115670
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
