Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7e2c2535 by Salvatore Bonaccorso at 2026-05-06T09:28:35+02:00
Process some new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2026-7856 (A flaw has been found in D-Link DI-8100
16.07.26A1. This affects
CVE-2026-7573 (An authorization bypass (CWE-639) in the GetUserRoles gRPC API
endpoin ...)
TODO: check
CVE-2026-7572 (An off-by-one error (CWE-193) in the ConsumeUnit16Array and
ConsumeUni ...)
- TODO: check
+ NOT-FOR-US: Velociraptor
CVE-2026-5753 (The All-in-One WP Migration Unlimited Extension plugin for
WordPress i ...)
NOT-FOR-US: WordPress plugin
CVE-2026-44405 (In Paramiko through 4.0.0 before a448945, rsakey.py allows the
SHA-1 a ...)
@@ -16,55 +16,55 @@ CVE-2026-44331 (In ProFTPD through 1.3.9a before 7666224, a
SQL injection vulner
NOTE: https://github.com/proftpd/proftpd/issues/2057
NOTE:
https://github.com/proftpd/proftpd/commit/766622456440fbca33abd7927c523673a11d1ed1
CVE-2026-41950 (Dify before version 1.14.0 contains an authorization bypass
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2026-40934 (Jupyter Server is the backend for Jupyter web applications. In
version ...)
TODO: check
CVE-2026-40331 (Masa CMS is an open source content management system. In
versions 7.2. ...)
- TODO: check
+ NOT-FOR-US: Masa CMS
CVE-2026-40330 (Masa CMS is an open source content management system. In
versions 7.2. ...)
- TODO: check
+ NOT-FOR-US: Masa CMS
CVE-2026-40329 (Masa CMS is an open source content management system. In
versions 7.5. ...)
- TODO: check
+ NOT-FOR-US: Masa CMS
CVE-2026-40280 (Gotenberg is an API-based document conversion tool. In
versions 8.30.1 ...)
- TODO: check
+ NOT-FOR-US: Gotenberg
CVE-2026-40110 (Jupyter Server is the backend for Jupyter web applications. In
version ...)
TODO: check
CVE-2026-40075 (OpenMRS Core is an open source electronic medical record
system platfo ...)
- TODO: check
+ NOT-FOR-US: OpenMRS
CVE-2026-40068 (In versions 2.1.63 through 2.1.83 of Claude Code, the folder
trust det ...)
- TODO: check
+ NOT-FOR-US: Claude Code
CVE-2026-3208 (The Mercado Pago payments for WooCommerce plugin for WordPress
is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2026-39849 (Pi-hole FTL is the core engine of the Pi-hole network-level
advertisem ...)
- TODO: check
+ NOT-FOR-US: Pi-Hole
CVE-2026-39383 (Gotenberg is an API-based document conversion tool. In version
8.29.1, ...)
- TODO: check
+ NOT-FOR-US: Gotenberg
CVE-2026-38947 (FluentCMS 1.2.3 is vulnerable to Cross Site Scripting (XSS) in
TextHTM ...)
- TODO: check
+ NOT-FOR-US: FluentCMS
CVE-2026-35579 (CoreDNS is a DNS server written in Go. In versions prior to
1.14.3, th ...)
TODO: check
CVE-2026-35453 (PhpSpreadsheet is a library for reading and writing
spreadsheet files. ...)
- TODO: check
+ NOT-FOR-US: PhpSpreadsheet
CVE-2026-35397 (Jupyter Server is the backend for Jupyter web applications. In
version ...)
TODO: check
CVE-2026-34596 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
- TODO: check
+ NOT-FOR-US: Sandboxie-Plus
CVE-2026-34527 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
- TODO: check
+ NOT-FOR-US: Sandboxie-Plus
CVE-2026-34464 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
- TODO: check
+ NOT-FOR-US: Sandboxie-Plus
CVE-2026-34462 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
- TODO: check
+ NOT-FOR-US: Sandboxie-Plus
CVE-2026-34461 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
- TODO: check
+ NOT-FOR-US: Sandboxie-Plus
CVE-2026-34459 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
- TODO: check
+ NOT-FOR-US: Sandboxie-Plus
CVE-2026-34458 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
- TODO: check
+ NOT-FOR-US: Sandboxie-Plus
CVE-2026-34084 (PhpSpreadsheet is a library for reading and writing
spreadsheet files. ...)
- TODO: check
+ NOT-FOR-US: PhpSpreadsheet
CVE-2026-33975 (Twenty is an open source CRM built with NestJS (Node.js). In
versions ...)
- TODO: check
+ NOT-FOR-US: Twenty CRM
CVE-2026-33489 (CoreDNS is a DNS server that chains plugins. In versions prior
to 1.14 ...)
TODO: check
CVE-2026-33420 (Vaultwarden is a Bitwarden-compatible server written in Rust.
In versi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e2c2535e404620fe7852aadebfe849e4c2273fd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e2c2535e404620fe7852aadebfe849e4c2273fd
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
