Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e25840f6 by Salvatore Bonaccorso at 2026-03-28T11:13:30+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -52,41 +52,41 @@ CVE-2026-4968 (A vulnerability was determined in
SourceCodester Diary App 1.0. T
CVE-2026-4966 (A flaw has been found in itsourcecode Free Hotel Reservation
System 1. ...)
NOT-FOR-US: itsourcecode System
CVE-2026-4965 (A vulnerability was detected in letta-ai letta 0.16.4. This
issue affe ...)
- TODO: check
+ NOT-FOR-US: letta-ai letta
CVE-2026-4964 (A security vulnerability has been detected in letta-ai letta
0.16.4. T ...)
- TODO: check
+ NOT-FOR-US: letta-ai letta
CVE-2026-4963 (A weakness has been identified in huggingface smolagents
1.25.0.dev0. ...)
- TODO: check
+ NOT-FOR-US: huggingface smolagents
CVE-2026-4962 (A security flaw has been discovered in UltraVNC up to 1.6.4.0.
Affecte ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2026-4961 (A vulnerability was identified in Tenda AC6 15.03.05.16.
Affected by t ...)
NOT-FOR-US: Tenda
CVE-2026-4960 (A vulnerability was determined in Tenda AC6 15.03.05.16.
Affected is t ...)
NOT-FOR-US: Tenda
CVE-2026-4959 (A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts
the fu ...)
- TODO: check
+ NOT-FOR-US: OpenBMB XAgent
CVE-2026-4958 (A vulnerability has been found in OpenBMB XAgent 1.0.0. This
affects t ...)
- TODO: check
+ NOT-FOR-US: OpenBMB XAgent
CVE-2026-4957 (A flaw has been found in OpenBMB XAgent 1.0.0. The impacted
element is ...)
- TODO: check
+ NOT-FOR-US: OpenBMB XAgent
CVE-2026-4956 (A vulnerability was detected in Shenzhen Ruiming Technology
Streamax C ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Ruiming Technology Streamax Crocus
CVE-2026-4955 (A vulnerability was found in Shenzhen Ruiming Technology
Streamax Croc ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Ruiming Technology Streamax Crocus
CVE-2026-4954 (A security vulnerability has been detected in mingSoft MCMS up
to 5.5. ...)
- TODO: check
+ NOT-FOR-US: mingSoft MCMS
CVE-2026-4953 (A weakness has been identified in mingSoft MCMS up to 5.5.0.
This issu ...)
- TODO: check
+ NOT-FOR-US: mingSoft MCMS
CVE-2026-4933 (Incorrect Authorization vulnerability in Drupal Unpublished
Node Permi ...)
NOT-FOR-US: Drupal core and addons
CVE-2026-4910 (A security vulnerability has been detected in Shenzhen Ruiming
Technol ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Ruiming Technology Streamax Crocus
CVE-2026-4909 (A weakness has been identified in code-projects Exam Form
Submission 1 ...)
NOT-FOR-US: code-projects
CVE-2026-4908 (A security flaw has been discovered in code-projects Simple
Laundry Sy ...)
NOT-FOR-US: code-projects
CVE-2026-4907 (A vulnerability was identified in Page-Replica Page Replica up
to e4a7 ...)
- TODO: check
+ NOT-FOR-US: Page-Replica Page Replica
CVE-2026-4906 (A vulnerability was determined in Tenda AC5 15.03.06.47. The
affected ...)
NOT-FOR-US: Tenda
CVE-2026-4905 (A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is
the fu ...)
@@ -104,13 +104,13 @@ CVE-2026-4899 (A security flaw has been discovered in
code-projects Online Food
CVE-2026-4898 (A vulnerability was identified in code-projects Online Food
Ordering S ...)
NOT-FOR-US: code-projects
CVE-2026-4622 (OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm
Series ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2026-4621 (Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm
Series ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2026-4620 (OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm
Series ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2026-4619 (Path Traversal vulnerability in NEC Platforms, Ltd. Aterm
Series allow ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2026-4393 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Automated Lo ...)
NOT-FOR-US: Drupal core and addons
CVE-2026-4346 (The vulnerability affecting TL-WR850N v3 allows cleartext
storage of a ...)
@@ -118,7 +118,7 @@ CVE-2026-4346 (The vulnerability affecting TL-WR850N v3
allows cleartext storage
CVE-2026-4340
REJECTED
CVE-2026-4309 (Missing Authorization vulnerability in NEC Platforms, Ltd.
Aterm Serie ...)
- TODO: check
+ NOT-FOR-US: NEC
CVE-2026-4248 (The Ultimate Member plugin for WordPress is vulnerable to
Sensitive In ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3622 (The vulnerability exists in the UPnP component of TL-WR841N
v14, where ...)
@@ -142,81 +142,81 @@ CVE-2026-3526 (Incorrect Authorization vulnerability in
Drupal File Access Fix (
CVE-2026-3525 (Incorrect Authorization vulnerability in Drupal File Access Fix
(depre ...)
NOT-FOR-US: Drupal core and addons
CVE-2026-3457 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Thales Sentinel LDK Runtime on Windows
CVE-2026-3098 (The Smart Slider 3 plugin for WordPress is vulnerable to
Arbitrary Fil ...)
NOT-FOR-US: WordPress plugin
CVE-2026-34475 (Varnish Cache before 8.0.1 and Varnish Enterprise before
6.0.16r12, in ...)
TODO: check
CVE-2026-34411 (Appsmith versions prior to 1.98 expose sensitive instance
management A ...)
- TODO: check
+ NOT-FOR-US: Appsmith
CVE-2026-34391 (Fleet is open source device management software. Prior to
4.81.1, a vu ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-34389 (Fleet is open source device management software. Prior to
4.81.0, Flee ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-34388 (Fleet is open source device management software. Prior to
4.81.0, a de ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-34387 (Fleet is open source device management software. Prior to
4.81.1, a co ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-34386 (Fleet is open source device management software. Prior to
4.81.0, a SQ ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-34385 (Fleet is open source device management software. Prior to
4.81.0, a se ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-34375 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34374 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34369 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34368 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34364 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34362 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34353 (In OCaml through 4.14.3, Bigarray.reshape allows an integer
overflow, ...)
TODO: check
CVE-2026-34352 (In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows
other users ...)
TODO: check
CVE-2026-34247 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34245 (WWBN AVideo is an open source video platform. In versions up
to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34226 (Happy DOM is a JavaScript implementation of a web browser
without its ...)
- TODO: check
+ NOT-FOR-US: Happy DOM
CVE-2026-34205 (Home Assistant is open source home automation software that
puts local ...)
- TODO: check
+ NOT-FOR-US: Home Assistant
CVE-2026-34046 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33996 (LibJWT is a C JSON Web Token Library. Starting in version
3.0.0 and pr ...)
TODO: check
CVE-2026-33994 (Locutus brings stdlibs of other programming languages to
JavaScript fo ...)
- TODO: check
+ NOT-FOR-US: Node Locutus
CVE-2026-33993 (Locutus brings stdlibs of other programming languages to
JavaScript fo ...)
- TODO: check
+ NOT-FOR-US: Node Locutus
CVE-2026-33992 (pyLoad is a free and open-source download manager written in
Python. P ...)
TODO: check
CVE-2026-33991 (WeGIA is a web manager for charitable institutions. Prior to
version 3 ...)
NOT-FOR-US: WeGIA
CVE-2026-33989 (Mobile Next is an MCP server for mobile development and
automation. Pr ...)
- TODO: check
+ NOT-FOR-US: Mobile Next
CVE-2026-33981 (changedetection.io is a free open source web page change
detection too ...)
- TODO: check
+ NOT-FOR-US: changedetection.io
CVE-2026-33980 (Azure Data Explorer MCP Server is a Model Context Protocol
(MCP) serve ...)
- TODO: check
+ NOT-FOR-US: Azure Data Explorer MCP Server
CVE-2026-33979 (Express XSS Sanitizer is Express 4.x and 5.x middleware which
sanitize ...)
- TODO: check
+ NOT-FOR-US: Node express-xss-sanitizer
CVE-2026-33976 (Notesnook is a note-taking app. Prior to version 3.3.11 on
Web/Desktop ...)
- TODO: check
+ NOT-FOR-US: Notesnook
CVE-2026-33955 (Notesnook is a note-taking app. Prior to version 3.3.11 on
Web/Desktop ...)
- TODO: check
+ NOT-FOR-US: Notesnook
CVE-2026-33954 (LinkAce is a self-hosted archive to collect website links. In
versions ...)
- TODO: check
+ NOT-FOR-US: LinkAce
CVE-2026-33953 (LinkAce is a self-hosted archive to collect website links.
Versions pr ...)
- TODO: check
+ NOT-FOR-US: LinkAce
CVE-2026-33946 (MCP Ruby SDK is the official Ruby SDK for Model Context
Protocol serve ...)
- TODO: check
+ NOT-FOR-US: MCP Ruby SDK
CVE-2026-33943 (Happy DOM is a JavaScript implementation of a web browser
without its ...)
- TODO: check
+ NOT-FOR-US: Happy DOM
CVE-2026-33941 (Handlebars provides the power necessary to let users build
semantic te ...)
TODO: check
CVE-2026-33940 (Handlebars provides the power necessary to let users build
semantic te ...)
@@ -230,17 +230,17 @@ CVE-2026-33937 (Handlebars provides the power necessary
to let users build seman
CVE-2026-33936 (The `ecdsa` PyPI package is a pure Python implementation of
ECC (Ellip ...)
TODO: check
CVE-2026-33935 (MyTube is a self-hosted downloader and player for several
video websit ...)
- TODO: check
+ NOT-FOR-US: MyTube
CVE-2026-33916 (Handlebars provides the power necessary to let users build
semantic te ...)
TODO: check
CVE-2026-33907 (Ella Core is a 5G core designed for private networks. Versions
prior t ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-33906 (Ella Core is a 5G core designed for private networks. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-33904 (Ella Core is a 5G core designed for private networks. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-33903 (Ella Core is a 5G core designed for private networks. Versions
prior t ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-33896 (Forge (also called `node-forge`) is a native implementation of
Transpo ...)
TODO: check
CVE-2026-33895 (Forge (also called `node-forge`) is a native implementation of
Transpo ...)
@@ -250,29 +250,29 @@ CVE-2026-33894 (Forge (also called `node-forge`) is a
native implementation of T
CVE-2026-33891 (Forge (also called `node-forge`) is a native implementation of
Transpo ...)
TODO: check
CVE-2026-33890 (MyTube is a self-hosted downloader and player for several
video websit ...)
- TODO: check
+ NOT-FOR-US: MyTube
CVE-2026-33887 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2026-33886 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2026-33885 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2026-33884 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2026-33883 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2026-33882 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2026-33881 (Windmill is an open-source developer platform for internal
code: APIs, ...)
- TODO: check
+ NOT-FOR-US: Windmill
CVE-2026-33879 (Federated Learning and Interoperability Platform (FLIP) is an
open-sou ...)
- TODO: check
+ NOT-FOR-US: Federated Learning and Interoperability Platform (FLIP)
CVE-2026-33875 (Gematik Authenticator securely authenticates users for login
to digita ...)
- TODO: check
+ NOT-FOR-US: Gematik Authenticator
CVE-2026-33874 (Gematik Authenticator securely authenticates users for login
to digita ...)
- TODO: check
+ NOT-FOR-US: Gematik Authenticator
CVE-2026-33873 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33872 (elixir-nodejs provides an Elixir API for calling Node.js
functions. A ...)
TODO: check
CVE-2026-33871 (Netty is an asynchronous, event-driven network application
framework. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e25840f699fbd9c4cc1503072e074196cffe8aab
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e25840f699fbd9c4cc1503072e074196cffe8aab
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
