Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e792f26f by Salvatore Bonaccorso at 2026-05-27T21:45:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-9689 (A flaw was found in Keycloak, an open-source
identity and access
CVE-2026-9674 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Multijob ...)
NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-9617 (PostgreSQL Anonymizer contains a vulnerability that allows a
user to g ...)
- TODO: check
+ NOT-FOR-US: PostgreSQL Anonymizer
CVE-2026-9035 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix
Pack 1 ...)
NOT-FOR-US: IBM
CVE-2026-8942 (The MetaMagic SEO Plugin plugin for WordPress is vulnerable to
Cross-S ...)
@@ -29,7 +29,7 @@ CVE-2026-8175 (IBM Aspera High-Speed Transfer Endpoint 3.7.4
through 4.4.7 Fix P
CVE-2026-8143 (The HBook plugin for WordPress is vulnerable to Stored
Cross-Site Scri ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8054 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2026-8042 (The Github Shortcode plugin for WordPress is vulnerable to
Stored Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2026-7876 (IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19)
@@ -45,7 +45,7 @@ CVE-2026-7365 (IBM Operations Analytics - Log Analysis and
IBM SmartCloud Analyt
CVE-2026-7254 (IBM OPENBMC FW1110.00 through FW1110.11is vulnerable to denial
of serv ...)
NOT-FOR-US: IBM
CVE-2026-6957 (Mattermost Plugins versions <=1.1.5 fail to sanitize filenames
receive ...)
- TODO: check
+ NOT-FOR-US: Mattermost Plugins
CVE-2026-6938 (IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization
bypass wh ...)
NOT-FOR-US: IBM
CVE-2026-6936 (IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a
denial-of-service attac ...)
@@ -143,27 +143,27 @@ CVE-2026-48906 (The vulnerability in the Tassos Framework
Plugin allows users to
CVE-2026-48877 (Insertion of Sensitive Information Into Sent Data
vulnerability in Tom ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-48545 (Gradio before version 6.15.0 contains a cookie injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2026-48544 (Taipy 4.1.1, fixed in commit 129fd40, contains a path
traversal vulner ...)
TODO: check
CVE-2026-48153 (Budibase is an open-source low-code platform. Prior to 3.39.0,
fetchTo ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-48152 (Budibase is an open-source low-code platform. Prior to 3.39.0,
the sin ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-48151 (Budibase is an open-source low-code platform. Prior to 3.39.0,
the web ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-48150 (Budibase is an open-source low-code platform. Prior to 3.39.0,
/api/pu ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-48149 (Budibase is an open-source low-code platform. Prior to 3.39.0,
the Bud ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-48148 (Budibase is an open-source low-code platform. Prior to 3.35.3,
the Ve ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-48147 (Budibase is an open-source low-code platform. Prior to 3.35.4,
the bui ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-48146 (Budibase is an open-source low-code platform. Prior to 3.39.0,
the OAu ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-48128 (Budibase is an open-source low-code platform. Prior to 3.39.0,
the exe ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-48027 (Nx Console is the user interface for Nx & Lerna. On 19 May
2026, a mal ...)
TODO: check
CVE-2026-47119 (Agent Zero before version 1.15 contains a stored cross-site
scripting ...)
@@ -173,23 +173,23 @@ CVE-2026-47118 (Agent Zero before version 1.15 contains a
path traversal vulnera
CVE-2026-47104 (libusb before version 1.0.30 contains a one-byte out-of-bounds
read vu ...)
TODO: check
CVE-2026-46427 (Budibase is an open-source low-code platform. Prior to 3.38.3,
removeS ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-46426 (Budibase is an open-source low-code platform. Prior to 3.38.2,
the fil ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-46425 (Budibase is an open-source low-code platform. Prior to 3.38.2,
package ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-46424 (Budibase is an open-source low-code platform. Prior to 3.38.2,
the pub ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-45719 (Budibase is an open-source low-code platform. Prior to 3.38.1,
the V1 ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-45718 (Budibase is an open-source low-code platform. Prior to 3.38.1,
the row ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-45717 (Budibase is an open-source low-code platform. Prior to 3.38.1,
Budibas ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-45716 (Budibase is an open-source low-code platform. Prior to 3.38.1,
the POS ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-45715 (Budibase is an open-source low-code platform. Prior to 3.38.1,
the RES ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-45571 (go-git is an extensible git implementation library written in
pure Go. ...)
TODO: check
CVE-2026-45570 (go-git is an extensible git implementation library written in
pure Go. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e792f26f48a7dbb2dd822340ba866e5ebe6ca959
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e792f26f48a7dbb2dd822340ba866e5ebe6ca959
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
