Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d18e217b by Salvatore Bonaccorso at 2026-05-29T08:02:27+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,7 +43,7 @@ CVE-2026-9813 (FlowIntel up to version 3.3.0contains a
server-side request forge
CVE-2026-9807 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-9806 (A stored cross-site scripting (XSS) vulnerability exists in the
notifi ...)
- TODO: check
+ NOT-FOR-US: CTI Transmute
CVE-2026-9804 (A flaw was found in KubeVirt's virt-exportserver component. An
attacke ...)
NOT-FOR-US: KubeVirt
CVE-2026-9658 (Plack::Middleware::Security::Common versions before 0.13.1 for
Perl di ...)
@@ -73,7 +73,7 @@ CVE-2026-9090 (Casdoor versions 2.362.0 and earlier contain a
vulnerability that
CVE-2026-9015 (The Equalize Digital Accessibility Checker \u2013 WCAG, ADA,
EAA and S ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8990 (A user with physical access to a smartphone can
bypassauthentication m ...)
- TODO: check
+ NOT-FOR-US: View Concept Kidsview
CVE-2026-8980 (The Mennekes Amtron series (firmware versions \u2264 5.22.3) is
vulner ...)
NOT-FOR-US: Mennekes Amtron series
CVE-2026-8979 (The Mennekes Amtron series (firmware versions \u2264 5.22.3) is
vulner ...)
@@ -107,7 +107,7 @@ CVE-2026-7048 (The Photo Gallery by 10Web \u2013
Mobile-Friendly Image Gallery p
CVE-2026-6937 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6720 (When calicoctl is invoked with --log-level=info or
--log-level=debug, ...)
- TODO: check
+ NOT-FOR-US: Calico
CVE-2026-6455 (The WP Contact Form 7 DB Handler plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6427 (The a3 Lazy Load plugin for WordPress is vulnerable to Stored
Cross-Si ...)
@@ -121,9 +121,9 @@ CVE-2026-4377 (DlinkDWR-X1820 router uses weak default
password generated from i
CVE-2026-4334 (The Shariff Wrapper plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2026-49238 (An issue was discovered in Canonical Multipass before version
1.16.3. ...)
- TODO: check
+ NOT-FOR-US: Multipass
CVE-2026-49237 (An issue was discovered in Canonical Multipass for macOS
before versio ...)
- TODO: check
+ NOT-FOR-US: Multipass
CVE-2026-48735 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.12 ...)
TODO: check
CVE-2026-48526 (PyJWT is a JSON Web Token implementation in Python. Prior to
2.13.0, w ...)
@@ -154,13 +154,13 @@ CVE-2026-47760 (TinyMCE is an open source rich text
editor. From 6.8.0 to before
CVE-2026-47759 (TinyMCE is an open source rich text editor. Prior to 5.11.1,
7.9.3, an ...)
TODO: check
CVE-2026-47676 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-47675 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-47674 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-47673 (Hono is a Web application framework that provides support for
any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-47337 (Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a
possible N ...)
TODO: check
CVE-2026-47336 (Ubuntu Linux 6.8 contains SAUCE patches with a possible use of
an unin ...)
@@ -186,65 +186,65 @@ CVE-2026-47327 (Ubuntu Linux 6.8, 6.17 and 7.0 contain
SAUCE patches with a poss
CVE-2026-47326 (Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a
memory lea ...)
TODO: check
CVE-2026-47136 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-47074 (Improper Certificate Validation vulnerability in ex-aws
ex_aws_sns (Ex ...)
TODO: check
CVE-2026-46685 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-46561 (pyLoad is a free and open-source download manager written in
Python. P ...)
TODO: check
CVE-2026-46526 (Local Deep Research is an AI-powered research assistant for
deep, iter ...)
- TODO: check
+ NOT-FOR-US: Local Deep Research
CVE-2026-46509 (deepobj provides get, set, delete deep objects in javascript.
Prior to ...)
- TODO: check
+ NOT-FOR-US: deepobj
CVE-2026-45787 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
- TODO: check
+ NOT-FOR-US: electerm
CVE-2026-45374 (CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior
to 0.8. ...)
- TODO: check
+ NOT-FOR-US: CodeWhale
CVE-2026-45373 (CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior
to 0.8. ...)
- TODO: check
+ NOT-FOR-US: CodeWhale
CVE-2026-45353 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
- TODO: check
+ NOT-FOR-US: electerm
CVE-2026-45348 (pyLoad is a free and open-source download manager written in
Python. P ...)
TODO: check
CVE-2026-45332 (Automad is a flat-file content management system and template
engine. ...)
- TODO: check
+ NOT-FOR-US: Automad
CVE-2026-45323 (MeshCore Card provides MeshCore Lovelace card for Home
Assistant. Prio ...)
- TODO: check
+ NOT-FOR-US: MeshCore Card
CVE-2026-45311 (CodeWhale is a DeepSeek + MiMo coding agent in terminal. From
0.3.0 to ...)
- TODO: check
+ NOT-FOR-US: CodeWhale
CVE-2026-45310 (CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior
to 0.8. ...)
- TODO: check
+ NOT-FOR-US: CodeWhale
CVE-2026-45307 (Speakr is a personal, self-hosted web application designed for
transcr ...)
- TODO: check
+ NOT-FOR-US: Speakr
CVE-2026-45306 (pyLoad is a free and open-source download manager written in
Python. P ...)
TODO: check
CVE-2026-45297 (OpenReplay is a self-hosted session replay suite. Prior to
1.26.0, the ...)
- TODO: check
+ NOT-FOR-US: OpenReplay
CVE-2026-45296 (OpenReplay is a self-hosted session replay suite. Prior to
1.26.0, Ope ...)
- TODO: check
+ NOT-FOR-US: OpenReplay
CVE-2026-45292 (opentelemetry-java is the Java implementation of the
OpenTelemetry API ...)
TODO: check
CVE-2026-45261 (GitButler is a modern Git-based version control interface for
AI-power ...)
- TODO: check
+ NOT-FOR-US: GitButler
CVE-2026-45078 (Synapse is an open source Matrix homeserver implementation.
Prior to 1 ...)
TODO: check
CVE-2026-45076 (Synapse is an open source Matrix homeserver implementation.
Prior to 1 ...)
TODO: check
CVE-2026-45058 (electerm is an open-sourced
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
- TODO: check
+ NOT-FOR-US: electerm
CVE-2026-45044 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-45042 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-45041 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-45040 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-45039 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-45021 (Kuma is a modern Envoy-based service mesh that can run on
every cloud ...)
- TODO: check
+ NOT-FOR-US: Kuma
CVE-2026-45017 (Python Liquid is a Python engine for the Liquid template
language. Pri ...)
TODO: check
CVE-2026-44798 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
@@ -1027,9 +1027,9 @@ CVE-2026-9791 (A flaw was found in Keycloak. An
authenticated user with existing
CVE-2026-9789 (A Local Privilege Escalation (LPE) vulnerability affects Acer
NitroSen ...)
NOT-FOR-US: Acer
CVE-2026-9739 (Vulnerable to DNS rebinding attacks when using SSE
(http://b/499408790 ...)
- TODO: check
+ NOT-FOR-US: googleapis mcp-toolbox
CVE-2026-9673 (Versions of the package json-2-csv from 3.15.0 and before
5.5.11 are v ...)
- TODO: check
+ NOT-FOR-US: json-2-csv
CVE-2026-9644 (The LiveSmart Video Chat Live Video Chat plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9241 (The FOX \u2013 Currency Switcher Professional for WooCommerce
plugin f ...)
@@ -1063,7 +1063,7 @@ CVE-2026-5737 (The Independent Analytics plugin for
WordPress is vulnerable to S
CVE-2026-4888 (The Everest Forms \u2013 Contact Form, Payment Form, Quiz,
Survey & Cu ...)
NOT-FOR-US: WordPress plugin
CVE-2026-49009 (Northern.tech Mender Server v4.1.0, v4.0.1 and below, and
fixed in v4. ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender Server
CVE-2026-48792 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
NOT-FOR-US: pam_usb
CVE-2026-48066 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
@@ -1105,7 +1105,7 @@ CVE-2026-45136 (claude-code-cache-fix is a cache
optimization proxy for Claude C
CVE-2026-45134 (LangSmith Client SDKs provide SDK's for interacting with the
LangSmith ...)
NOT-FOR-US: LangSmith Client
CVE-2026-45108 (Himmelblau is an interoperability suite for Microsoft Azure
Entra ID a ...)
- TODO: check
+ NOT-FOR-US: Himmelblau
CVE-2026-45104 (MapServer is a system for developing web-based GIS
applications. From ...)
TODO: check
CVE-2026-45102 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
@@ -1339,7 +1339,7 @@ CVE-2026-48146 (Budibase is an open-source low-code
platform. Prior to 3.39.0, t
CVE-2026-48128 (Budibase is an open-source low-code platform. Prior to 3.39.0,
the exe ...)
NOT-FOR-US: Budibase
CVE-2026-48027 (Nx Console is the user interface for Nx & Lerna. On 19 May
2026, a mal ...)
- TODO: check
+ NOT-FOR-US: Nx Console
CVE-2026-47119 (Agent Zero before version 1.15 contains a stored cross-site
scripting ...)
NOT-FOR-US: Agent Zero
CVE-2026-47118 (Agent Zero before version 1.15 contains a path traversal
vulnerability ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d18e217b7b0000272f2229db93e6aec60380a0f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d18e217b7b0000272f2229db93e6aec60380a0f7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
