Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
808934ed by Salvatore Bonaccorso at 2026-04-01T10:33:12+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -74,25 +74,25 @@ CVE-2026-5186 (A weakness has been identified in Nothings
stb up to 2.30. This i
CVE-2026-4947 (Addressed a potential insecure direct object reference (IDOR)
vulnerab ...)
NOT-FOR-US: Foxit
CVE-2026-4819 (In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit
logging ...)
- TODO: check
+ NOT-FOR-US: Search Guard FLX
CVE-2026-4818 (In Search Guard FLX versions from 3.0.0 up to 4.0.1, there
exists an i ...)
- TODO: check
+ NOT-FOR-US: Search Guard FLX
CVE-2026-4800 (Impact: The fix for CVE-2021-23337
(https://github.com/advisories/GHS ...)
TODO: check
CVE-2026-4799 (In Search Guard FLX up to version 4.0.1, it is possible to use
special ...)
- TODO: check
+ NOT-FOR-US: Search Guard FLX
CVE-2026-4748 (A regression in the way hashes were calculated caused rules
containing ...)
- TODO: check
+ NOT-FOR-US: FreeBSD
CVE-2026-4668 (The Booking for Appointments and Events Calendar - Amelia
plugin for W ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4400 (Insecure Direct Object Reference (IDOR) vulnerability in
1millionbot M ...)
- TODO: check
+ NOT-FOR-US: 1millionbot Millie chat
CVE-2026-4399 (Prompt injection vulnerability in 1millionbot Millie chatbot
that occu ...)
- TODO: check
+ NOT-FOR-US: 1millionbot Millie chatbot
CVE-2026-4374 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
NOT-FOR-US: RTI Connext
CVE-2026-4317 (SQL inyection (SQLi) vulnerability in Umami Software web
application t ...)
- TODO: check
+ NOT-FOR-US: Umami Software web application
CVE-2026-4267 (The Query Monitor \u2013 The developer tools panel for
WordPress plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3831 (The Database for Contact Form 7, WPforms, Elementor forms
plugin for W ...)
@@ -130,89 +130,89 @@ CVE-2026-3107 (Stored Cross-Site Scripting (XSS) in
Teampass versions prior to 3
CVE-2026-3106 (Blind Cross-Site Scripting (XSS) in Teampass, versions prior to
3.1.5. ...)
TODO: check
CVE-2026-35057 (XenForo before 2.3.10 and before 2.2.19 is vulnerable to
stored cross- ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2026-35056 (XenForo before 2.3.9 and before 2.2.18 allows remote code
execution (R ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2026-35055 (XenForo before 2.3.9 and before 2.2.18 is vulnerable to
cross-site scr ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2026-35054 (XenForo before 2.3.9 is vulnerable to stored cross-site
scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2026-34887 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-34784 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-34740 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34739 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34738 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34737 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34733 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34732 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34731 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34716 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34613 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34611 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34605 (SiYuan is a personal knowledge management system. From version
3.6.0 t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-34595 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-34586 (PdfDing is a selfhosted PDF manager, viewer and editor
offering a seam ...)
TODO: check
CVE-2026-34585 (SiYuan is a personal knowledge management system. Prior to
version 3.6 ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-34574 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-34573 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-34556 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34555 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34554 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34553 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34552 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34551 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34550 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34549 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34548 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34547 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34546 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34542 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34541 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34540 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34539 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34537 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34536 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34535 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34534 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34533 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
- TODO: check
+ NOT-FOR-US: iccDEV
CVE-2026-34532 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-34509 (OpenClaw before 2026.3.8 contains a sender allowlist bypass
vulnerabil ...)
@@ -228,7 +228,7 @@ CVE-2026-34504 (OpenClaw before 2026.3.28 contains a
server-side request forgery
CVE-2026-34503 (OpenClaw before 2026.3.28 fails to disconnect active WebSocket
session ...)
NOT-FOR-US: OpenClaw
CVE-2026-34453 (SiYuan is a personal knowledge management system. Prior to
version 3.6 ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-34452 (The Claude SDK for Python provides access to the Claude API
from Pytho ...)
TODO: check
CVE-2026-34451 (Claude SDK for TypeScript provides access to the Claude API
from serve ...)
@@ -236,39 +236,39 @@ CVE-2026-34451 (Claude SDK for TypeScript provides access
to the Claude API from
CVE-2026-34450 (The Claude SDK for Python provides access to the Claude API
from Pytho ...)
TODO: check
CVE-2026-34449 (SiYuan is a personal knowledge management system. Prior to
version 3.6 ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-34448 (SiYuan is a personal knowledge management system. Prior to
version 3.6 ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-34443 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-34442 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-34441 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
TODO: check
CVE-2026-34406 (APTRS (Automated Penetration Testing Reporting System) is a
Python and ...)
- TODO: check
+ NOT-FOR-US: APTRS (Automated Penetration Testing Reporting System)
CVE-2026-34405 (Nuxt OG Image generates OG Images with Vue templates in Nuxt.
Prior to ...)
TODO: check
CVE-2026-34404 (Nuxt OG Image generates OG Images with Vue templates in Nuxt.
Prior to ...)
TODO: check
CVE-2026-34401 (XML Notepad is a Windows program that provides a simple
intuitive User ...)
- TODO: check
+ NOT-FOR-US: XML Notepad
CVE-2026-34400 (Alerta is a monitoring tool. Prior to version 9.1.0, the Query
string ...)
TODO: check
CVE-2026-34396 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34395 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34394 (WWBN AVideo is an open source video platform. In versions 26.0
and pri ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-34384 (Admidio is an open-source user management solution. Prior to
version 5 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-34383 (Admidio is an open-source user management solution. Prior to
version 5 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-34382 (Admidio is an open-source user management solution. From
version 5.0.0 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-34381 (Admidio is an open-source user management solution. From
version 5.0.0 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-34377 (ZEBRA is a Zcash node written entirely in Rust. Prior to
zebrad versio ...)
TODO: check
CVE-2026-34373 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -276,11 +276,11 @@ CVE-2026-34373 (Parse Server is an open source backend
that can be deployed to a
CVE-2026-34372 (Sulu is an open-source PHP content management system based on
the Symf ...)
TODO: check
CVE-2026-34367 (InvoiceShelf is an open-source web & mobile app that helps
track expen ...)
- TODO: check
+ NOT-FOR-US: InvoiceShelf
CVE-2026-34366 (InvoiceShelf is an open-source web & mobile app that helps
track expen ...)
- TODO: check
+ NOT-FOR-US: InvoiceShelf
CVE-2026-34365 (InvoiceShelf is an open-source web & mobile app that helps
track expen ...)
- TODO: check
+ NOT-FOR-US: InvoiceShelf
CVE-2026-34363 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-34361 (HAPI FHIR is a complete implementation of the HL7 FHIR
standard for he ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/808934ed7e426a70efb65169099c356c2d146d19
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/808934ed7e426a70efb65169099c356c2d146d19
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
