Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1c51d46 by security tracker role at 2026-05-26T19:13:31+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2026-9566 (A vulnerability was identified in teableio
teable up to 1.9.x. Th
CVE-2026-9565 (A vulnerability was determined in haojing8312 WorkClaw up to
0.6.4. Th ...)
TODO: check
CVE-2026-9564 (A vulnerability was found in SourceCodester/oretnom23 Hospitals
Patien ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-9562 (A vulnerability has been found in sambitraj
STUDENT-MANAGEMENT-SYSTEM ...)
TODO: check
CVE-2026-9560 (Privilege escalation via background service of OpenVPN Connect
3.5.1 t ...)
@@ -23,81 +23,81 @@ CVE-2026-9550 (A vulnerability was determined in Acrel
Electrical EEMS Enterpris
CVE-2026-9544 (A vulnerability was found in Shenzhen Sixun Software Sixun
Shanghui Gr ...)
TODO: check
CVE-2026-9543 (A vulnerability has been found in Totolink N300RH
6.1c.1353_B20190305. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-9542 (A weakness has been identified in CodeAstro Leave Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-9541 (A security flaw has been discovered in Squirrel up to 3.2.
Impacted is ...)
TODO: check
CVE-2026-9540 (A vulnerability was identified in vllm-project vllm 0.19.0.
This issue ...)
TODO: check
CVE-2026-9170 (IBM Web Server Plug-ins for WebSphere Application Server and
WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8890 (code100x contains an authentication bypass vulnerability in the
Mobile ...)
TODO: check
CVE-2026-8856 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service
in con ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8855 (IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code
execution an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8854 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service
via th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8852 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service
via th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8850 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service
via th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8835 (IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer
derefere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8834 (IBM HTTP Server 8.5, and 9.0 contains a buffer overflow
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8633 (IBM Web Server Plug-ins for WebSphere Application Server and
WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8620 (IBM Web Server Plug-ins for WebSphere Application Server and
WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8479 (IEC 60870-5-104 used in bidirectional mode in RTU500 is
vulnerable for ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2026-8174 (Zohocorp Zoho Mail wordpress plugin is vulnerable toCross-Site
request ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2026-8047 (The affected products perform improper length checking when
parsing in ...)
TODO: check
CVE-2026-8046 (The affected products insufficiently verify authorization when
deletin ...)
TODO: check
CVE-2026-7454 (A maliciously crafted WRL file, when parsed through Autodesk
3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-7453 (A maliciously crafted WRL file, when parsed through Autodesk
3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-7452 (A maliciously crafted WRL file, when parsed through Autodesk
3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-7451 (A maliciously crafted TIF file, when parsed through Autodesk
3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-7450 (A maliciously crafted PAR file, when parsed through Autodesk
3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-7374 (A flaw was found in KubeVirt's virt-handler component. This
vulnerabil ...)
TODO: check
CVE-2026-7310 (A heap-based buffer overflow vulnerability exists in XML parser
functi ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2026-7251 (Eppendorf BioFlo 320is vulnerable to due to VNC server using a
hard-co ...)
TODO: check
CVE-2026-4051 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim
Fix 021 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-48905 (Lack of input filtering leads to an XSS vector in the HTML
filter code ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48904 (An improper access check allows privelege escalation through
the com_u ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48903 (Inadequate content filtering within the checkAttribute methods
leads t ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48902 (The password and username reset features created plain http
links for ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48901 (The InputFilter::getInstance() method omitted a security
sensitive par ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48900 (An improper access check allowed low privileged users to edit
the task ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48899 (An improper access check allows privilege escalation through
the com_u ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48898 (An improper access check allows privilege escalation through
the com_u ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48897 (Insufficient state checks lead to a vector that allows to
bypass 2FA c ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48896 (Insufficient state checks lead to a vector that allows to
bypass 2FA c ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48864 (A flaw was found in libsolv. This heap buffer overflow occurs
during t ...)
TODO: check
CVE-2026-48697 (FastNetMon Community Edition through 1.2.9 does not verify TLS
certifi ...)
@@ -105,7 +105,7 @@ CVE-2026-48697 (FastNetMon Community Edition through 1.2.9
does not verify TLS c
CVE-2026-48696 (FastNetMon Community Edition through 1.2.9 has a buffer
overflow, a di ...)
TODO: check
CVE-2026-48695 (FastNetMon Community Edition through 1.2.9 contains an OS
command inje ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2026-48694 (FastNetMon Community Edition through 1.2.9 contains a
configuration in ...)
TODO: check
CVE-2026-48693 (FastNetMon Community Edition through 1.2.9 is vulnerable to a
local sy ...)
@@ -177,7 +177,7 @@ CVE-2026-44776 (Kavita is a cross platform reading server.
Prior to 0.9.0, the d
CVE-2026-44775 (Kavita is a cross platform reading server. Prior to 0.9.0, the
ReaderC ...)
TODO: check
CVE-2026-44749 (The SAP Gateway allows attackers to inject content into error
messages ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44730 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
TODO: check
CVE-2026-44729 (Twenty is an open source CRM. In 1.18.0 and earlier, the file
serving ...)
@@ -205,7 +205,7 @@ CVE-2026-44469 (The affected product extracts installation
files to a temporary
CVE-2026-44468 (The affected product creates a directory with insecure default
permiss ...)
TODO: check
CVE-2026-44410 (This vulnerability stems from a business logic flaw.Attackers
can expl ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-44314 (Traccar is an open source GPS tracking system. Prior to
6.13.0, Device ...)
TODO: check
CVE-2026-43982 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.6 ...)
@@ -237,45 +237,45 @@ CVE-2026-41164 (nuts-node is the reference implementation
of the Nuts specificat
CVE-2026-40564 (Files or Directories Accessible to External Parties,
Server-Side Reque ...)
TODO: check
CVE-2026-40384 (An improper validation of the search parameter of the
com_media files ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-40383 (An improper validation of user-supplied input leads to a local
file in ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-40034 (gix-submodule before 0.82.0 incorrectly validates the update
field in ...)
TODO: check
CVE-2026-40033 (FreeRDP before 3.26.0 contains a heap-buffer-overflow
vulnerability in ...)
TODO: check
CVE-2026-3660 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim
Fix 021 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3603 (IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001
through Int ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-39661 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39655 (Missing Authorization vulnerability in TeconceTheme Mayosis
Core allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39642 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-38587 (An Insecure Direct Object Reference (IDOR) vulnerability was
discovere ...)
TODO: check
CVE-2026-35223 (An improper access check allows unauthorized access to
com_config webs ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-35222 (Improperly validated order clauses lead to a SQL injection
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-35221 (Improperly built filter clauses lead to a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-35220 (Lack of CSRF token validation lead to a CSRF attack vector in
the admi ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-30895 (Lack of output escaping leads to a XSS vector in the readmore
links fo ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-30894 (Lack of output escaping leads to a XSS vector in the content
history c ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-2264 (A vulnerability in the Google Cloud
ApigeeSetIntegrationRequestpolicy ...)
TODO: check
CVE-2026-27427 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25901 (Lack of output escaping leads to a XSS vector in the
multilingual asso ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-25900 (Lack of output escaping leads to a XSS vector in the feed
modules.)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-25713 (MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow
vulnerabilit ...)
TODO: check
CVE-2026-25112 (A high-severity vulnerability in the deployment of Genetec
RabbitMQ th ...)
@@ -283,11 +283,11 @@ CVE-2026-25112 (A high-severity vulnerability in the
deployment of Genetec Rabbi
CVE-2026-25104 (MediaArea MediaInfoLib LXF parsing heap-based buffer overflow
vulnerab ...)
TODO: check
CVE-2026-24638 (Missing Authorization vulnerability in Webful Creations
RepairBuddy al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24590 (Missing Authorization vulnerability in VideoWhisper.Com Paid
Videochat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24212 (NVIDIA Isaac Launchable for Linux contains a vulnerability
where sensi ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24201 (NVIDIA vGPU software contains a vulnerability in the virtual
GPU manag ...)
TODO: check
CVE-2026-24200 (NVIDIA vGPU software contains a vulnerability in the virtual
GPU manag ...)
@@ -317,25 +317,25 @@ CVE-2026-24187 (NVIDIA Display Driver for Linux contains
a vulnerability where a
CVE-2026-24182 (NVIDIA Display Driver for Windows and Linux contains a
vulnerability w ...)
TODO: check
CVE-2026-24162 (NVIDIA Transformers4Rec for Linux contains a vulnerability
where an at ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-36221 (IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through
Interim Fix ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36220 (IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through
Interim Fix ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36148 (IBM Financial Transaction Manager for SWIFT Services for
Multiplatform ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36145 (IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not
properly res ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36126 (IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos
Transform ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33221 (NVIDIA Display Driver for Windows and Linux contains a
vulnerability i ...)
TODO: check
CVE-2025-14290 (IBM webMethods Integration (on prem) -Integration Server 10.15
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13755 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for
Linux, UN ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-11482 (An Allocation of Resources Without Limits or Throttling
vulnerability ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2026-45836 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 7.0.7-1
[trixie] - linux 6.12.90-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1c51d46934ba0c31a9041fe403285d4b36d0cf6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1c51d46934ba0c31a9041fe403285d4b36d0cf6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
