Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6b188c3e by security tracker role at 2026-04-04T07:20:15+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
CVE-2026-5485 (OS command injection in the browser-based authentication
component in ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-5484 (A weakness has been identified in BookStackApp BookStack up to
26.03. ...)
TODO: check
CVE-2026-3571 (The Pie Register \u2013 User Registration, Profiles & Content
Restrict ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-35616 (A improper access control vulnerability in Fortinet
FortiClientEMS 7.4 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-35562 (Allocation of resources without limits in the parsing
components in Am ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-35561 (Insufficient authentication security controls in the
browser-based aut ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-35560 (Improper certificate validation in the identity provider
connection co ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-35559 (Out-of-bounds write in the query processing components in
Amazon Athen ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-35558 (Improper neutralization of special elements in the
authentication comp ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-35468 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq
Proof-of ...)
TODO: check
CVE-2026-34990 (OpenPrinting CUPS is an open source printing system for Linux
and othe ...)
@@ -35,7 +35,7 @@ CVE-2026-34953 (PraisonAI is a multi-agent teams system.
Prior to version 4.5.97
CVE-2026-34952 (PraisonAI is a multi-agent teams system. Prior to version
4.5.97, the ...)
TODO: check
CVE-2026-34947 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-34939 (PraisonAI is a multi-agent teams system. Prior to version
4.5.90, MCPT ...)
TODO: check
CVE-2026-34938 (PraisonAI is a multi-agent teams system. Prior to version
1.5.90, exec ...)
@@ -53,9 +53,9 @@ CVE-2026-34933 (Avahi is a system which facilitates service
discovery on a local
CVE-2026-34824 (Mesop is a Python-based UI framework that allows users to
build web ap ...)
TODO: check
CVE-2026-34788 (Emlog is an open source website building system. In versions
2.6.2 and ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2026-34787 (Emlog is an open source website building system. In versions
2.6.2 and ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2026-34780 (Electron is a framework for writing cross-platform desktop
application ...)
TODO: check
CVE-2026-34779 (Electron is a framework for writing cross-platform desktop
application ...)
@@ -89,13 +89,13 @@ CVE-2026-34766 (Electron is a framework for writing
cross-platform desktop appli
CVE-2026-34612 (Kestra is an open-source, event-driven orchestration platform.
Prior t ...)
TODO: check
CVE-2026-34607 (Emlog is an open source website building system. In versions
2.6.2 and ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2026-34511 (OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth
state p ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-34229 (Emlog is an open source website building system. Prior to
version 2.6. ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2026-34228 (Emlog is an open source website building system. Prior to
version 2.6. ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2026-34061 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq
Proof-of ...)
TODO: check
CVE-2026-34052 (LTI JupyterHub Authenticator is a JupyterHub authenticator for
LTI. Pr ...)
@@ -111,9 +111,9 @@ CVE-2026-32662 (Development and test API endpoints are
present that mirror produ
CVE-2026-32646 (A specific administrative endpoint is accessible without
proper authen ...)
TODO: check
CVE-2026-2949 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2924 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons &
Ecosystem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-28798 (ZimaOS is a fork of CasaOS, an operating system for Zima
devices and x ...)
TODO: check
CVE-2026-28797 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation)
engine. ...)
@@ -131,7 +131,7 @@ CVE-2026-27833 (Piwigo is an open source photo gallery
application for the web.
CVE-2026-27634 (Piwigo is an open source photo gallery application for the
web. Prior ...)
TODO: check
CVE-2026-27481 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-27447 (OpenPrinting CUPS is an open source printing system for Linux
and othe ...)
TODO: check
CVE-2026-26058 (Zulip is an open-source team collaboration tool. From version
1.4.0 to ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b188c3e4f9863823d64d57a4f7de9d90ab46556
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b188c3e4f9863823d64d57a4f7de9d90ab46556
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
