Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
939ddc0c by Salvatore Bonaccorso at 2026-04-03T10:41:13+02:00
Process batch of NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,51 +26,51 @@ CVE-2026-35507 (Shynet before 0.14.0 allows Host header
injection in the passwor
CVE-2026-35467 (The stored API keys in temporary browser client is not marked
as prote ...)
TODO: check
CVE-2026-35466 (XSS vulnerability in cveInterface.js allows for inject HTML to
be pass ...)
- TODO: check
+ NOT-FOR-US: CERTCC cveClient
CVE-2026-35383 (Bentley Systems iTwin Platform exposed a Cesium ion access
token in th ...)
- TODO: check
+ NOT-FOR-US: Bentley Systems iTwin Platform
CVE-2026-35053 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-34932 (hoppscotch is an open source API development ecosystem. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-34931 (hoppscotch is an open source API development ecosystem. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-34848 (hoppscotch is an open source API development ecosystem. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-34847 (hoppscotch is an open source API development ecosystem. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-34840 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-34838 (Group-Office is an enterprise customer relationship management
and gro ...)
- TODO: check
+ NOT-FOR-US: Group-Office
CVE-2026-34834 (Bulwark Webmail is a self-hosted webmail client for Stalwart
Mail Serv ...)
- TODO: check
+ NOT-FOR-US: Bulwark Webmail
CVE-2026-34833 (Bulwark Webmail is a self-hosted webmail client for Stalwart
Mail Serv ...)
- TODO: check
+ NOT-FOR-US: Bulwark Webmail
CVE-2026-34832 (Scoold is a Q&A and a knowledge sharing platform for teams.
Prior to v ...)
- TODO: check
+ NOT-FOR-US: Scoold
CVE-2026-34825 (NocoBase is an AI-powered no-code/low-code platform for
building busin ...)
- TODO: check
+ NOT-FOR-US: NocoBase
CVE-2026-34762 (Ella Core is a 5G core designed for private networks. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-34761 (Ella Core is a 5G core designed for private networks. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-34760 (vLLM is an inference and serving engine for large language
models (LLM ...)
TODO: check
CVE-2026-33107 (Server-side request forgery (ssrf) in Azure Databricks allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Azure Databricks
CVE-2026-33105 (Improper authorization in Microsoft Azure Kubernetes Service
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32213 (Improper authorization in Azure AI Foundry allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32211 (Missing authentication for critical function in Azure MCP
Server allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32173 (Improper authentication in Azure SRE Agent allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-30252 (Multiple reflected cross-site scripting (XSS) vulnerabilities
in the l ...)
- TODO: check
+ NOT-FOR-US: Interzen Consulting S.r.l ZenShare Suite
CVE-2026-30251 (A reflected cross-site scripting (XSS) vulnerability in the
login_newp ...)
- TODO: check
+ NOT-FOR-US: Interzen Consulting S.r.l ZenShare Suite
CVE-2026-28815 (A remote attacker can supply a short X-Wing HPKE encapsulated
key and ...)
NOT-FOR-US: Apple
CVE-2026-26135 (Server-side request forgery (ssrf) in Azure Custom Locations
Resource ...)
@@ -255,7 +255,7 @@ CVE-2026-34829 (Rack is a modular Ruby web server
interface. Prior to versions 2
NOTE: Fixed by:
https://github.com/rack/rack/commit/367a2a0ec6fbef605c9412dadfd5763b7867441f
(v3.1.21)
NOTE: Fixed by:
https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de
(v2.2.23)
CVE-2026-34828 (listmonk is a standalone, self-hosted, newsletter and mailing
list man ...)
- TODO: check
+ NOT-FOR-US: listmonk
CVE-2026-34827 (Rack is a modular Ruby web server interface. From versions
3.0.0.beta1 ...)
[experimental] - ruby-rack 3.2.6-1
- ruby-rack <unfixed>
@@ -270,73 +270,73 @@ CVE-2026-34826 (Rack is a modular Ruby web server
interface. Prior to versions 2
NOTE: Fixed by:
https://github.com/rack/rack/commit/345a4cfa51f451e58b2931322998e04f3cf6dc0d
(v3.1.21)
NOTE: Fixed by:
https://github.com/rack/rack/commit/94a7ca91a750ced0e445f39fabbc8ee6d2ab3bf1
(v2.2.23)
CVE-2026-34823 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34822 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34821 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34820 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34819 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34818 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34817 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34816 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34815 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34814 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34813 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34812 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34811 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34810 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34809 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34808 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34807 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34806 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34805 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34804 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34803 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34802 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34801 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34800 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34799 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34798 (Endian Firewall version 3.3.25 and prior allow stored
cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34797 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34796 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34795 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34794 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34793 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34792 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34791 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34790 (Endian Firewall version 3.3.25 and prior allow authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34786 (Rack is a modular Ruby web server interface. Prior to versions
2.2.23, ...)
[experimental] - ruby-rack 3.2.6-1
- ruby-rack <unfixed>
@@ -359,65 +359,65 @@ CVE-2026-34763 (Rack is a modular Ruby web server
interface. Prior to versions 2
NOTE: Fixed by:
https://github.com/rack/rack/commit/29b17c58e55539b5b9c1afd0d86266e54150193f
(v3.1.21)
NOTE: Fixed by:
https://github.com/rack/rack/commit/7796548b545601accdfe8f4079088bd44d0a3495
(v2.2.23)
CVE-2026-34759 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-34758 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-34752 (Haraka is a Node.js mail server. Prior to version 3.1.4,
sending an em ...)
- TODO: check
+ NOT-FOR-US: Haraka
CVE-2026-34745 (Fireshare facilitates self-hosted media and link sharing.
Prior to ver ...)
- TODO: check
+ NOT-FOR-US: Fireshare
CVE-2026-34742 (The Go MCP SDK used Go's standard encoding/json. Prior to
version 1.4. ...)
- TODO: check
+ NOT-FOR-US: Go MCP SDK
CVE-2026-34736 (Open edX Platform enables the authoring and delivery of online
learnin ...)
- TODO: check
+ NOT-FOR-US: Open edX
CVE-2026-34735 (The Hytale Modding Wiki is a free service for Hytale mods to
host thei ...)
- TODO: check
+ NOT-FOR-US: Hytale Modding Wiki
CVE-2026-34730 (Copier is a library and CLI app for rendering project
templates. Prior ...)
- TODO: check
+ NOT-FOR-US: Copier library and CLI app
CVE-2026-34729 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.1 ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-34728 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.1 ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-34726 (Copier is a library and CLI app for rendering project
templates. Prior ...)
- TODO: check
+ NOT-FOR-US: Copier library and CLI app
CVE-2026-34725 (DbGate is cross-platform database manager. From version 7.0.0
to befor ...)
- TODO: check
+ NOT-FOR-US: DbGate
CVE-2026-34717 (OpenProject is an open-source, web-based project management
software. ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2026-34715 (ewe is a Gleam web server. Prior to version 3.0.6, the
encode_headers ...)
- TODO: check
+ NOT-FOR-US: ewe
CVE-2026-34610 (The leancrypto library is a cryptographic library that
exclusively con ...)
TODO: check
CVE-2026-34608 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging
Platform. ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2026-34606 (Frappe Learning Management System (LMS) is a learning system
that help ...)
- TODO: check
+ NOT-FOR-US: Frappe Learning Management System (LMS)
CVE-2026-34601 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level
2 Core) ...)
TODO: check
CVE-2026-34598 (YesWiki is a wiki system written in PHP. Prior to version
4.6.0, a sto ...)
- TODO: check
+ NOT-FOR-US: YesWiki
CVE-2026-34593 (Ash Framework is a declarative, extensible framework for
building Elix ...)
TODO: check
CVE-2026-34591 (Poetry is a dependency manager for Python. From version 1.4.0
to befor ...)
TODO: check
CVE-2026-34590 (Postiz is an AI social media scheduling tool. Prior to version
2.21.4, ...)
- TODO: check
+ NOT-FOR-US: Postiz
CVE-2026-34584 (listmonk is a standalone, self-hosted, newsletter and mailing
list man ...)
- TODO: check
+ NOT-FOR-US: listmonk
CVE-2026-34581 (goshs is a SimpleHTTPServer written in Go. From version 1.1.0
to befor ...)
- TODO: check
+ NOT-FOR-US: goshs
CVE-2026-34577 (Postiz is an AI social media scheduling tool. Prior to version
2.21.3, ...)
- TODO: check
+ NOT-FOR-US: Postiz
CVE-2026-34576 (Postiz is an AI social media scheduling tool. Prior to version
2.21.3, ...)
- TODO: check
+ NOT-FOR-US: Postiz
CVE-2026-34526 (SillyTavern is a locally installed user interface that allows
users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-34524 (SillyTavern is a locally installed user interface that allows
users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-34523 (SillyTavern is a locally installed user interface that allows
users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-34522 (SillyTavern is a locally installed user interface that allows
users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-34426 (OpenClaw versions prior to commit b57b680contain an approval
bypass vu ...)
NOT-FOR-US: OpenClaw
CVE-2026-34425 (OpenClaw versions prior to commit 8aceaf5 contain a preflight
validati ...)
@@ -442,33 +442,33 @@ CVE-2026-34119 (A heap-based buffer overflow
vulnerability was identified in TP-
CVE-2026-34118 (A heap-based buffer overflow vulnerability was identified in
TP-Link T ...)
NOT-FOR-US: TPLink
CVE-2026-34083 (Signal K Server is a server application that runs on a central
hub in ...)
- TODO: check
+ NOT-FOR-US: Signal K Server
CVE-2026-33951 (Signal K Server is a server application that runs on a central
hub in ...)
- TODO: check
+ NOT-FOR-US: Signal K Server
CVE-2026-33950 (Signal K Server is a server application that runs on a central
hub in ...)
- TODO: check
+ NOT-FOR-US: Signal K Server
CVE-2026-33746 (Convoy is a KVM server management panel for hosting
businesses. From v ...)
- TODO: check
+ NOT-FOR-US: Convoy
CVE-2026-33641 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
TODO: check
CVE-2026-33617 (An unauthenticated remote attacker can access a configuration
file con ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2026-33616 (An unauthenticated remote attacker can exploit an
unauthenticated blin ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2026-33615 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2026-33614 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2026-33613 (Due to the improper neutralisation of special elements used in
an OS c ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2026-33544 (Tinyauth is an authentication and authorization server. Prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Tinyauth
CVE-2026-33533 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
TODO: check
CVE-2026-33271 (Local privilege escalation due to insecure folder permissions.
The fol ...)
NOT-FOR-US: Acronis
CVE-2026-32871 (FastMCP is a Pythonic way to build MCP servers and clients.
Prior to v ...)
- TODO: check
+ NOT-FOR-US: FastMCP
CVE-2026-32762 (Rack is a modular Ruby web server interface. From versions
3.0.0.beta1 ...)
[experimental] - ruby-rack 3.2.6-1
- ruby-rack <unfixed>
@@ -476,9 +476,9 @@ CVE-2026-32762 (Rack is a modular Ruby web server
interface. From versions 3.0.0
NOTE: Fixed by:
https://github.com/rack/rack/commit/27e06c695f3a47bdd9d21a1a7e8d97e12c52c255
(v3.2.6)
NOTE: Fixed by:
https://github.com/rack/rack/commit/9df5d34d4f496b22b8d07e919447e9dfa3240d41
(v3.1.21)
CVE-2026-32629 (phpMyFAQ is an open source FAQ web application. Prior to
version 4.1.1 ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-32145 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: gleam-wisp wisp
CVE-2026-31937 (Suricata is a network IDS, IPS and NSM engine. Prior to
version 7.0.15 ...)
- suricata 1:8.0.1-1
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg
@@ -500,11 +500,11 @@ CVE-2026-31931 (Suricata is a network IDS, IPS and NSM
engine. From version 8.0.
- suricata 1:8.0.4-1
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3
CVE-2026-30867 (CocoaMQTT is a MQTT 5.0 client library for iOS and macOS
written in Sw ...)
- TODO: check
+ NOT-FOR-US: CocoaMQTT
CVE-2026-30603 (An issue in the firmware update mechanism of Qianniao
QN-L23PA0904 v20 ...)
- TODO: check
+ NOT-FOR-US: Qianniao
CVE-2026-30332 (A Time-of-Check to Time-of-Use (TOCTOU) race condition
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Balena Etcher for Windows
CVE-2026-2737 (A vulnerability exists in Progress Flowmon versions prior to
12.5.8 an ...)
NOT-FOR-US: Progress Software
CVE-2026-2701 (Authenticated user can upload a malicious file to the server
and execu ...)
@@ -512,7 +512,7 @@ CVE-2026-2701 (Authenticated user can upload a malicious
file to the server and
CVE-2026-2699 (Customer Managed ShareFile Storage Zones Controller (SZC)
allows an un ...)
NOT-FOR-US: Progress Software
CVE-2026-29782 (OpenSTAManager is an open source management software for
technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2026-29144 (SEPPmail Secure Email Gateway before version 15.0.3 allows an
attacker ...)
TODO: check
CVE-2026-29143 (SEPPmail Secure Email Gateway before version 15.0.3 does not
properly ...)
@@ -790,19 +790,19 @@ CVE-2026-34513 (AIOHTTP is an asynchronous HTTP
client/server framework for asyn
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
NOTE: Fixed by:
https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98
(v3.13.4)
CVE-2026-34456 (Reviactyl is an open-source game server management panel built
using L ...)
- TODO: check
+ NOT-FOR-US: Reviactyl
CVE-2026-34455 (Hi.Events is an open-source event management and ticket
selling platfo ...)
- TODO: check
+ NOT-FOR-US: Hi.Events
CVE-2026-32929 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds
read in VS6 ...)
- TODO: check
+ NOT-FOR-US: V-SFT
CVE-2026-32928 (V-SFT versions 6.2.10.0 and prior contain a stack-based buffer
overflo ...)
- TODO: check
+ NOT-FOR-US: V-SFT
CVE-2026-32927 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds
read vulner ...)
- TODO: check
+ NOT-FOR-US: V-SFT
CVE-2026-32926 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds
read vulner ...)
- TODO: check
+ NOT-FOR-US: V-SFT
CVE-2026-32925 (V-SFT versions 6.2.10.0 and prior contain a stack-based buffer
overflo ...)
- TODO: check
+ NOT-FOR-US: V-SFT
CVE-2026-2862 (IBM Verify Identity Access Container 11.0 through 11.0.2 and
IBM Secur ...)
NOT-FOR-US: IBM
CVE-2026-2475 (IBM Verify Identity Access Container 11.0 through 11.0.2 and
IBM Secur ...)
@@ -964,9 +964,9 @@ CVE-2026-30523 (A Business Logic vulnerability exists in
SourceCodester Loan Man
CVE-2026-30522 (A Business Logic vulnerability exists in SourceCodester Loan
Managemen ...)
NOT-FOR-US: SourceCodester
CVE-2026-30292 (An arbitrary file overwrite vulnerability in Docudepot PDF
Reader: PDF ...)
- TODO: check
+ NOT-FOR-US: Docudepot
CVE-2026-30291 (An arbitrary file overwrite vulnerability in Ora Tools PDF
Reader ' Re ...)
- TODO: check
+ NOT-FOR-US: Ora Tools
CVE-2026-30289 (An arbitrary file overwrite vulnerability in Tinybeans Private
Family ...)
NOT-FOR-US: Tinybeans Private Family Album App
CVE-2026-30287 (An arbitrary file overwrite vulnerability in Deep Thought
Industries A ...)
@@ -1571,17 +1571,17 @@ CVE-2026-30312 (DSAI-Cline's command auto-approval
module contains a critical OS
CVE-2026-30311 (Ridvay Code's command auto-approval module contains a critical
OS comm ...)
NOT-FOR-US: Ridvay Code
CVE-2026-30310 (In its design for automatic terminal command execution, Sixth
offers t ...)
- TODO: check
+ NOT-FOR-US: Sixth
CVE-2026-30309 (InfCode's terminal auto-execution module contains a critical
command f ...)
NOT-FOR-US: InfCode
CVE-2026-30290 (An arbitrary file overwrite vulnerability in InTouch Contacts
& Caller ...)
- TODO: check
+ NOT-FOR-US: InTouch Contacts & Caller ID APP
CVE-2026-30286 (An arbitrary file overwrite vulnerability in Funambol, Inc.
Zefiro Clo ...)
- TODO: check
+ NOT-FOR-US: Funambol
CVE-2026-30285 (An arbitrary file overwrite vulnerability in Zora: Post,
Trade, Earn C ...)
- TODO: check
+ NOT-FOR-US: Zora
CVE-2026-30284 (An arbitrary file overwrite vulnerability in UXGROUP LLC Voice
Recorde ...)
- TODO: check
+ NOT-FOR-US: UXGROUP LLC Voice Recorder
CVE-2026-30283 (An arbitrary file overwrite vulnerability in PEAKSEL D.O.O.
NIS Animal ...)
NOT-FOR-US: PEAKSEL
CVE-2026-30282 (An arbitrary file overwrite vulnerability in UXGROUP LLC Cast
to TV Sc ...)
@@ -1595,9 +1595,9 @@ CVE-2026-30279 (An arbitrary file overwrite vulnerability
in Squareapps LLC My L
CVE-2026-30278 (An arbitrary file overwrite vulnerability in FLY is FUN
Aviation Navig ...)
NOT-FOR-US: FLY is FUN Aviation Navigation
CVE-2026-30277 (An arbitrary file overwrite vulnerability in PDF Reader App :
TA/UTAX ...)
- TODO: check
+ NOT-FOR-US: TA/UTAX Mobile Print
CVE-2026-30276 (An arbitrary file overwrite vulnerability in DeftPDF Document
Translat ...)
- TODO: check
+ NOT-FOR-US: DeftPDF
CVE-2026-2950 (Impact: Lodash versions 4.17.23 and earlier are vulnerable to
prototy ...)
TODO: check
CVE-2026-2696 (The Export All URLs WordPress plugin before 5.1 generates CSV
filename ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/939ddc0cda931aa1742b0abd51a7853c76f3428a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/939ddc0cda931aa1742b0abd51a7853c76f3428a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
