Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e980723a by security tracker role at 2026-05-07T19:14:07+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,13 +13,13 @@ CVE-2026-8086 (A vulnerability was identified in OSGeo gdal
up to 3.13.0dev-4. T
CVE-2026-8084 (A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4.
This v ...)
TODO: check
CVE-2026-8083 (A vulnerability was found in SourceCodester Pharmacy Sales and
Invento ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8081 (A vulnerability has been found in router-for-me CLIProxyAPI
6.9.29. Af ...)
TODO: check
CVE-2026-8080 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2026-7821 (Improper certificate validation in Ivanti EPMM beforeversions
12.6.1.1 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-7415 (The MQTT broker embedded in Yarbo firmware v2.3.9 is configured
to all ...)
TODO: check
CVE-2026-7414 (Yarbo firmware v2.3.9 contains hardcoded administrative
credentials em ...)
@@ -27,7 +27,7 @@ CVE-2026-7414 (Yarbo firmware v2.3.9 contains hardcoded
administrative credentia
CVE-2026-7413 (A hidden, persistent backdoor was found in Yarbo firmware
v2.3.9 that ...)
TODO: check
CVE-2026-6973 (An Improper Input Validation in Ivanti EPMMbeforeversions
12.6.1.1, 12 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-6805 (Vulnerability on the external sharing feature in Cryptobox
allows an a ...)
TODO: check
CVE-2026-6795 (URL redirection to untrusted site ('open redirect')
vulnerability in D ...)
@@ -39,19 +39,19 @@ CVE-2026-6002 (Improper neutralization of Script-Related
HTML tags in a web page
CVE-2026-5791 (Cross-Site request forgery (CSRF) vulnerability in DivvyDrive
Informat ...)
TODO: check
CVE-2026-5788 (An Improper Access Control in Ivanti EPMM beforeversions
12.6.1.1, 12. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-5787 (An Improper Certificate Validation in Ivanti EPMM before
versions 12.6 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-5786 (An Improper Access Control vulnerability in Ivanti EPMM before
version ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-5784 (Improper neutralization of input during web page generation
('cross-si ...)
TODO: check
CVE-2026-44742 (Postorius through 1.3.13 does not escape HTML in the message
subject w ...)
TODO: check
CVE-2026-44407 (A remote denial-of-service vulnerability exists in the ZTE
Cloud PC cl ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-44406 (ZTE Cloud PC clientuSmartView contains a DLL hijacking
vulnerability; ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-44349 (Daptin is a GraphQL/JSON-API headless CMS. Prior to version
0.11.5, pr ...)
TODO: check
CVE-2026-44264 (Weblate is a web based localization tool. Prior to version
5.17.1, the ...)
@@ -97,7 +97,7 @@ CVE-2026-41642 (GoBGP is an open source Border Gateway
Protocol (BGP) implementa
CVE-2026-41589 (Wish is an SSH server with defaults and a collection of
middlewares. F ...)
TODO: check
CVE-2026-41554 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-41519 (Weblate is a web based localization tool. Prior to version
5.17.1, whe ...)
TODO: check
CVE-2026-41505 (RELATE is a web-based courseware package. Prior to commit
2f68e16, REL ...)
@@ -115,7 +115,7 @@ CVE-2026-36458 (ChestnutCMS v1.5.10 has a SQL injection
vulnerability. The conte
CVE-2026-36388 (A Cross-Site Scripting (XSS) vulnerability was found in
PHPGurukal Hos ...)
TODO: check
CVE-2026-36387 (A Remote Code Execution vulnerability was found in CODEASTRO
Membershi ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-36341 (Cross-Site Scripting (XSS) vulnerability exists in Webkul
Krayin CRM v ...)
TODO: check
CVE-2026-33589 (Lack of user input validation in the file upload functionality
of Open ...)
@@ -133,27 +133,27 @@ CVE-2026-30495 (The Optoma CinemaX P2 projector (firmware
TVOS-04.24.010.04.01,
CVE-2026-28201 (An improper input validation, together with an overly
permissive defau ...)
TODO: check
CVE-2026-27421 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27416 (Missing Authorization vulnerability in bPlugins PDF Poster
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27415 (Cross-Site Request Forgery (CSRF) vulnerability in
PluginUs.Net BEAR a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27329 (Authorization Bypass Through User-Controlled Key vulnerability
in YITH ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25468 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25436 (Missing Authorization vulnerability in WProyal Royal Elementor
Addons ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-9661 (OS command injection vulneravility in the management gui
(maintenance ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2025-68604 (Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL
allows Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68060 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67202 (Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for
Sidekiq, ...)
TODO: check
CVE-2025-66105 (Missing Authorization vulnerability in Magepeople inc. Bus
Ticket Book ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-65122 (Regex Denial of Service in youtube-regex npm package through
version 1 ...)
TODO: check
CVE-2025-63706 (NPM package next-npm-version1.0.1 is vulnerable to Command
injection.)
@@ -165,15 +165,15 @@ CVE-2025-63704 (NPM package query-parser-string 1.0.0 is
vulnerable to Prototype
CVE-2025-63703 (npm package parse-ini v1.0.6 is vulnerable to Prototype
Pollution in i ...)
TODO: check
CVE-2025-62127 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-4397 (Medtronic MyCareLink Patient Monitor uses per-product
credentials that ...)
TODO: check
CVE-2025-4386 (Medtronic MyCareLink Patient Monitor has an internal serial
interface, ...)
TODO: check
CVE-2025-2514 (Improper restriction of excessive authentication attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2025-1978 (Remote Code Execution Vulnerability in Hitachi Storage
Navigator and t ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2025-14341 (Improperly controlled modification of Dynamically-Determined
object at ...)
TODO: check
CVE-2024-43384 (A low privileged remote attacker can gainthe root password due
to impr ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e980723adf89fd0de34c00a6e96bd081168c5bf2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e980723adf89fd0de34c00a6e96bd081168c5bf2
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
