Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8ae7336f by Moritz Muehlenhoff at 2026-05-07T23:18:33+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -34,9 +34,9 @@ CVE-2026-8084 (A vulnerability was determined in OSGeo gdal
up to 3.13.0dev-4. T
CVE-2026-8083 (A vulnerability was found in SourceCodester Pharmacy Sales and
Invento ...)
NOT-FOR-US: SourceCodester
CVE-2026-8081 (A vulnerability has been found in router-for-me CLIProxyAPI
6.9.29. Af ...)
- TODO: check
+ NOT-FOR-US: CLIProxyAPI
CVE-2026-8080 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-7821 (Improper certificate validation in Ivanti EPMM beforeversions
12.6.1.1 ...)
NOT-FOR-US: Ivanti
CVE-2026-7415 (The MQTT broker embedded in Yarbo firmware v2.3.9 is configured
to all ...)
@@ -48,15 +48,15 @@ CVE-2026-7413 (A hidden, persistent backdoor was found in
Yarbo firmware v2.3.9
CVE-2026-6973 (An Improper Input Validation in Ivanti EPMMbeforeversions
12.6.1.1, 12 ...)
NOT-FOR-US: Ivanti
CVE-2026-6805 (Vulnerability on the external sharing feature in Cryptobox
allows an a ...)
- TODO: check
+ NOT-FOR-US: Cryptobox
CVE-2026-6795 (URL redirection to untrusted site ('open redirect')
vulnerability in D ...)
NOT-FOR-US: DivvyDrive
CVE-2026-6508 (Origin Validation Error vulnerability in TUBITAK BILGEM
Software Techn ...)
NOT-FOR-US: TUBITAK
CVE-2026-6002 (Improper neutralization of Script-Related HTML tags in a web
page (bas ...)
- TODO: check
+ NOT-FOR-US: DivvyDrive
CVE-2026-5791 (Cross-Site request forgery (CSRF) vulnerability in DivvyDrive
Informat ...)
- TODO: check
+ NOT-FOR-US: DivvyDrive
CVE-2026-5788 (An Improper Access Control in Ivanti EPMM beforeversions
12.6.1.1, 12. ...)
NOT-FOR-US: Ivanti
CVE-2026-5787 (An Improper Certificate Validation in Ivanti EPMM before
versions 12.6 ...)
@@ -64,7 +64,7 @@ CVE-2026-5787 (An Improper Certificate Validation in Ivanti
EPMM before versions
CVE-2026-5786 (An Improper Access Control vulnerability in Ivanti EPMM before
version ...)
NOT-FOR-US: Ivanti
CVE-2026-5784 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: DivvyDrive
CVE-2026-44742 (Postorius through 1.3.13 does not escape HTML in the message
subject w ...)
TODO: check
CVE-2026-44407 (A remote denial-of-service vulnerability exists in the ZTE
Cloud PC cl ...)
@@ -72,7 +72,7 @@ CVE-2026-44407 (A remote denial-of-service vulnerability
exists in the ZTE Cloud
CVE-2026-44406 (ZTE Cloud PC clientuSmartView contains a DLL hijacking
vulnerability; ...)
NOT-FOR-US: ZTE
CVE-2026-44349 (Daptin is a GraphQL/JSON-API headless CMS. Prior to version
0.11.5, pr ...)
- TODO: check
+ NOT-FOR-US: Daptin
CVE-2026-44264 (Weblate is a web based localization tool. Prior to version
5.17.1, the ...)
- weblate <itp> (bug #745661)
CVE-2026-44263 (Weblate is a web based localization tool. Prior to version
5.17.1, the ...)
@@ -102,19 +102,19 @@ CVE-2026-41688 (Wallos is an open-source, self-hostable
personal subscription tr
CVE-2026-41687 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
NOT-FOR-US: Wallos
CVE-2026-41654 (Weblate is a web based localization tool. Prior to version
5.17.1, an ...)
- TODO: check
+ - weblate <itp> (bug #745661)
CVE-2026-41653 (BentoPDF is a client-side PDF toolkit that is self hostable.
Prior to ...)
- TODO: check
+ NOT-FOR-US: BentoPDF
CVE-2026-41650 (fast-xml-parser allows users to process XML from JS object
without C/C ...)
TODO: check
CVE-2026-41644 (monetr is a budgeting application for recurring expenses.
Prior to ver ...)
- TODO: check
+ NOT-FOR-US: monetr
CVE-2026-41643 (GoBGP is an open source Border Gateway Protocol (BGP)
implementation i ...)
TODO: check
CVE-2026-41642 (GoBGP is an open source Border Gateway Protocol (BGP)
implementation i ...)
TODO: check
CVE-2026-41589 (Wish is an SSH server with defaults and a collection of
middlewares. F ...)
- TODO: check
+ NOT-FOR-US: Wish SSH
CVE-2026-41554 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-41519 (Weblate is a web based localization tool. Prior to version
5.17.1, whe ...)
@@ -124,9 +124,9 @@ CVE-2026-41505 (RELATE is a web-based courseware package.
Prior to commit 2f68e1
CVE-2026-41490 (Dagster is an orchestration platform for the development,
production, ...)
NOT-FOR-US: Dagster
CVE-2026-41422 (Daptin is a GraphQL/JSON-API headless CMS. Prior to version
0.11.4, th ...)
- TODO: check
+ NOT-FOR-US: Daptin
CVE-2026-3953 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Proticaret E-Commerce
CVE-2026-37709 (Insecure Permissions vulnerability in grokability snipe-it
v.8.4.0 and ...)
- snipe-it <itp> (bug #1005172)
CVE-2026-36458 (ChestnutCMS v1.5.10 has a SQL injection vulnerability. The
content par ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ae7336f9fdd4ff2dac9b1fd75d28a445a81c58a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ae7336f9fdd4ff2dac9b1fd75d28a445a81c58a
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
