Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ced5bc1 by Moritz Muehlenhoff at 2026-05-07T23:06:29+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,19 +29,19 @@ CVE-2026-8080 (Improper Neutralization of Input During Web
Page Generation (XSS
CVE-2026-7821 (Improper certificate validation in Ivanti EPMM beforeversions
12.6.1.1 ...)
NOT-FOR-US: Ivanti
CVE-2026-7415 (The MQTT broker embedded in Yarbo firmware v2.3.9 is configured
to all ...)
- TODO: check
+ NOT-FOR-US: Yarbo
CVE-2026-7414 (Yarbo firmware v2.3.9 contains hardcoded administrative
credentials em ...)
- TODO: check
+ NOT-FOR-US: Yarbo
CVE-2026-7413 (A hidden, persistent backdoor was found in Yarbo firmware
v2.3.9 that ...)
- TODO: check
+ NOT-FOR-US: Yarbo
CVE-2026-6973 (An Improper Input Validation in Ivanti EPMMbeforeversions
12.6.1.1, 12 ...)
NOT-FOR-US: Ivanti
CVE-2026-6805 (Vulnerability on the external sharing feature in Cryptobox
allows an a ...)
TODO: check
CVE-2026-6795 (URL redirection to untrusted site ('open redirect')
vulnerability in D ...)
- TODO: check
+ NOT-FOR-US: DivvyDrive
CVE-2026-6508 (Origin Validation Error vulnerability in TUBITAK BILGEM
Software Techn ...)
- TODO: check
+ NOT-FOR-US: TUBITAK
CVE-2026-6002 (Improper neutralization of Script-Related HTML tags in a web
page (bas ...)
TODO: check
CVE-2026-5791 (Cross-Site request forgery (CSRF) vulnerability in DivvyDrive
Informat ...)
@@ -63,9 +63,9 @@ CVE-2026-44406 (ZTE Cloud PC clientuSmartView contains a DLL
hijacking vulnerabi
CVE-2026-44349 (Daptin is a GraphQL/JSON-API headless CMS. Prior to version
0.11.5, pr ...)
TODO: check
CVE-2026-44264 (Weblate is a web based localization tool. Prior to version
5.17.1, the ...)
- TODO: check
+ - weblate <itp> (bug #745661)
CVE-2026-44263 (Weblate is a web based localization tool. Prior to version
5.17.1, the ...)
- TODO: check
+ - weblate <itp> (bug #745661)
CVE-2026-44244 (GitPython is a python library used to interact with Git
repositories. ...)
TODO: check
CVE-2026-44243 (GitPython is a python library used to interact with Git
repositories. ...)
@@ -73,23 +73,23 @@ CVE-2026-44243 (GitPython is a python library used to
interact with Git reposito
CVE-2026-42285 (GoBGP is an open source Border Gateway Protocol (BGP)
implementation i ...)
TODO: check
CVE-2026-42214 (Notepad Next is a cross-platform, reimplementation of
Notepad++. Prior ...)
- TODO: check
+ NOT-FOR-US: Notepad Next
CVE-2026-41906 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-41905 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-41904 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-41903 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-41902 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-41689 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-41688 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-41687 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-41654 (Weblate is a web based localization tool. Prior to version
5.17.1, an ...)
TODO: check
CVE-2026-41653 (BentoPDF is a client-side PDF toolkit that is self hostable.
Prior to ...)
@@ -107,39 +107,39 @@ CVE-2026-41589 (Wish is an SSH server with defaults and a
collection of middlewa
CVE-2026-41554 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-41519 (Weblate is a web based localization tool. Prior to version
5.17.1, whe ...)
- TODO: check
+ - weblate <itp> (bug #745661)
CVE-2026-41505 (RELATE is a web-based courseware package. Prior to commit
2f68e16, REL ...)
- TODO: check
+ NOT-FOR-US: RELATE
CVE-2026-41490 (Dagster is an orchestration platform for the development,
production, ...)
- TODO: check
+ NOT-FOR-US: Dagster
CVE-2026-41422 (Daptin is a GraphQL/JSON-API headless CMS. Prior to version
0.11.4, th ...)
TODO: check
CVE-2026-3953 (Improper neutralization of input during web page generation
('cross-si ...)
TODO: check
CVE-2026-37709 (Insecure Permissions vulnerability in grokability snipe-it
v.8.4.0 and ...)
- TODO: check
+ - snipe-it <itp> (bug #1005172)
CVE-2026-36458 (ChestnutCMS v1.5.10 has a SQL injection vulnerability. The
content par ...)
- TODO: check
+ NOT-FOR-US: ChestnutCMS
CVE-2026-36388 (A Cross-Site Scripting (XSS) vulnerability was found in
PHPGurukal Hos ...)
- TODO: check
+ NOT-FOR-US: PHPGurukal
CVE-2026-36387 (A Remote Code Execution vulnerability was found in CODEASTRO
Membershi ...)
NOT-FOR-US: CodeAstro
CVE-2026-36341 (Cross-Site Scripting (XSS) vulnerability exists in Webkul
Krayin CRM v ...)
- TODO: check
+ NOT-FOR-US: Webkul Krayin CRM
CVE-2026-33589 (Lack of user input validation in the file upload functionality
of Open ...)
- TODO: check
+ NOT-FOR-US: Open Notebook
CVE-2026-33588 (Lack of user input validation in the file upload functionality
of Open ...)
- TODO: check
+ NOT-FOR-US: Open Notebook
CVE-2026-33587 (Lack of user input sanitisation in Open Notebook v1.8.3 allows
the app ...)
- TODO: check
+ NOT-FOR-US: Open Notebook
CVE-2026-32686 (Uncontrolled Resource Consumption vulnerability in ericmj
decimal allo ...)
- TODO: check
+ NOT-FOR-US: decimal Elixir library
CVE-2026-30496 (The Optoma CinemaX P2 projector (firmware
TVOS-04.24.010.04.01, Androi ...)
- TODO: check
+ NOT-FOR-US: Optoma CinemaX P2 projector
CVE-2026-30495 (The Optoma CinemaX P2 projector (firmware
TVOS-04.24.010.04.01, Androi ...)
- TODO: check
+ NOT-FOR-US: Optoma CinemaX P2 projector
CVE-2026-28201 (An improper input validation, together with an overly
permissive defau ...)
- TODO: check
+ NOT-FOR-US: Open Notebook
CVE-2026-27421 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27416 (Missing Authorization vulnerability in bPlugins PDF Poster
allows Expl ...)
@@ -175,9 +175,9 @@ CVE-2025-63703 (npm package parse-ini v1.0.6 is vulnerable
to Prototype Pollutio
CVE-2025-62127 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-4397 (Medtronic MyCareLink Patient Monitor uses per-product
credentials that ...)
- TODO: check
+ NOT-FOR-US: Medtronic MyCareLink Patient Monitor
CVE-2025-4386 (Medtronic MyCareLink Patient Monitor has an internal serial
interface, ...)
- TODO: check
+ NOT-FOR-US: Medtronic MyCareLink Patient Monitor
CVE-2025-2514 (Improper restriction of excessive authentication attempts
vulnerabilit ...)
NOT-FOR-US: Hitachi
CVE-2025-1978 (Remote Code Execution Vulnerability in Hitachi Storage
Navigator and t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ced5bc1118f3af929282f83aa87bc5e08ab6349
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ced5bc1118f3af929282f83aa87bc5e08ab6349
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
