Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ce5b67b3 by Salvatore Bonaccorso at 2026-05-29T21:42:57+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,19 +23,19 @@ CVE-2026-9189 (The Contact Form 7 \u2013 PayPal & Stripe
Add-on plugin for WordP
CVE-2026-9051 (There is an authentication bypass vulnerability in the NI
SystemLink E ...)
NOT-FOR-US: National Instruments
CVE-2026-8326 (Path traversal vulnerability in Remote Spark
(https://www.Remotespark. ...)
- TODO: check
+ NOT-FOR-US: Remote Spark
CVE-2026-7786 (Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to
Wi-Fi/Et ...)
- TODO: check
+ NOT-FOR-US: Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485
to Wi-Fi/Ethernet Converter device firmware
CVE-2026-6824 (A stored cross-site scripting (XSS) vulnerability exists in
certain 1x ...)
- TODO: check
+ NOT-FOR-US: CP Plus
CVE-2026-6075 (The Media Library Assistant plugin for WordPress is vulnerable
to Cros ...)
NOT-FOR-US: WordPress plugin
CVE-2026-5768 (The Frontier X2 device allows unauthenticated BLE read/write
access to ...)
- TODO: check
+ NOT-FOR-US: Frontier X2 device
CVE-2026-5386 (The affectedKMW CCTV Security Cameras arevulnerable to a
critical unau ...)
- TODO: check
+ NOT-FOR-US: KMW CCTV Security Cameras
CVE-2026-4776 (An SQL injection vulnerability exists in Mautic's API contact
filterin ...)
- TODO: check
+ NOT-FOR-US: Mautic
CVE-2026-4290 (The WP Travel Pro plugin for WordPress is vulnerable to
arbitrary user ...)
NOT-FOR-US: WordPress plugin
CVE-2026-49386 (In JetBrains YouTrack before 2026.1.13570 improper access
control allo ...)
@@ -81,123 +81,123 @@ CVE-2026-49367 (In JetBrains IntelliJ IDEA before
2026.1.1 command execution was
CVE-2026-49366 (In JetBrains IntelliJ IDEA before 2026.1.1 command injection
was possi ...)
TODO: check
CVE-2026-49325 (Improper handling of physical conditions in the bike-shutdown
control ...)
- TODO: check
+ NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
CVE-2026-49324 (Uncontrolled resource consumption in the Wireless Control
Module (WCM) ...)
- TODO: check
+ NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
CVE-2026-49323 (Weak authentication between the Wireless Control Module (WCM)
and the ...)
- TODO: check
+ NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
CVE-2026-49322 (Weak authentication in the Wireless Control Module (WCM) of
the Indian ...)
- TODO: check
+ NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
CVE-2026-49318 (Incorrect behavior order in the Infotainment / Digital Round
display o ...)
- TODO: check
+ NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
CVE-2026-49317 (Incorrect behavior order in the Infotainment / Digital Round
display o ...)
- TODO: check
+ NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
CVE-2026-49316 (Expected behavior violation in the in-vehicle network of the
Indian Mo ...)
- TODO: check
+ NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
CVE-2026-49201 (The upload.cgi binary, responsible for processing device
backups, cont ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2026-49200 (The acer_cgi.log file in the device firmware is accessible
without aut ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2026-49199 (Crafted MQTT messages can trigger command injection, resulting
in root ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2026-49198 (Improper access control in the MQTT broker allows wildcard
topic subsc ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2026-49197 (Web endpoints intended for the Acer Connect app improperly
validate th ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2026-49196 (The Wi-Fi device blocking feature fails to sanitize MAC
address input, ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2026-49195 (Unauthenticated Debug Service. The /sbin/mtk_dut binary is
exposed on ...)
- TODO: check
+ NOT-FOR-US: Acer
CVE-2026-48527 (HAX CMS helps manage microsite universe with PHP or NodeJs
backends. V ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2026-48501 (GitHub CLI (gh) is GitHub\u2019s official command line tool.
Prior to ...)
TODO: check
CVE-2026-47745 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0,
the admi ...)
- TODO: check
+ NOT-FOR-US: Shopper
CVE-2026-47744 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0,
two dist ...)
- TODO: check
+ NOT-FOR-US: Shopper
CVE-2026-47742 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0,
Sub-form ...)
- TODO: check
+ NOT-FOR-US: Shopper
CVE-2026-47741 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0,
CreateOr ...)
- TODO: check
+ NOT-FOR-US: Shopper
CVE-2026-47740 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0,
Multiple ...)
- TODO: check
+ NOT-FOR-US: Shopper
CVE-2026-47696 (WWBN AVideo is an open source video platform. In 29.0 and
earlier, plu ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-47694 (WWBN AVideo is an open source video platform. In 29.0 and
earlier, AVi ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-47179 (Arcane is an interface for managing Docker containers, images,
network ...)
- TODO: check
+ NOT-FOR-US: Arcane
CVE-2026-47125 (Arcane is an interface for managing Docker containers, images,
network ...)
- TODO: check
+ NOT-FOR-US: Arcane
CVE-2026-46579 (A flaw was found in the OpenShift Router. When a Route has
`insecureEd ...)
- TODO: check
+ NOT-FOR-US: Red Hat OpenShift Router
CVE-2026-46510 (form-data-objectizer converts FormData to object. Prior to
1.0.1, form ...)
- TODO: check
+ NOT-FOR-US: form-data-objectizer
CVE-2026-46376 (FreePBX is an open source IP PBX. From 15.0.42 to before
16.0.45 and 1 ...)
- TODO: check
+ NOT-FOR-US: FreePBX
CVE-2026-46372 (SillyTavern is a locally installed user interface that allows
users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-46344 (liboqs is a C-language cryptographic library that provides
implementat ...)
TODO: check
CVE-2026-46337 (WWBN AVideo is an open source video platform. In 29.0 and
earlier, an ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-45731 (WWBN AVideo is an open source video platform. In 29.0 and
earlier, vie ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-45707 (n8n-MCP is an MCP server that provides AI assistants access to
n8n nod ...)
- TODO: check
+ NOT-FOR-US: n8n-MCP
CVE-2026-45668 (Trilium Notes is a cross-platform, hierarchical note taking
applicatio ...)
- TODO: check
+ NOT-FOR-US: Trilium Notes
CVE-2026-45663 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In 0.29 ...)
- TODO: check
+ NOT-FOR-US: Dokploy
CVE-2026-45662 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In 0.29 ...)
- TODO: check
+ NOT-FOR-US: Dokploy
CVE-2026-45661 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In 0.26 ...)
- TODO: check
+ NOT-FOR-US: Dokploy
CVE-2026-45660 (Statamic is a Laravel and Git powered content management
system (CMS). ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2026-45633 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In 0.26 ...)
- TODO: check
+ NOT-FOR-US: Dokploy
CVE-2026-45632 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In 0.26 ...)
- TODO: check
+ NOT-FOR-US: Dokploy
CVE-2026-45631 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
From 0. ...)
- TODO: check
+ NOT-FOR-US: Dokploy
CVE-2026-45630 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In 0.28 ...)
- TODO: check
+ NOT-FOR-US: Dokploy
CVE-2026-45629 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In 0.28 ...)
- TODO: check
+ NOT-FOR-US: Dokploy
CVE-2026-45628 (Dokploy is a free, self-hostable Platform as a Service (PaaS).
In 0.29 ...)
- TODO: check
+ NOT-FOR-US: Dokploy
CVE-2026-45627 (Arcane is an interface for managing Docker containers, images,
network ...)
- TODO: check
+ NOT-FOR-US: Arcane
CVE-2026-45626 (Arcane is an interface for managing Docker containers, images,
network ...)
- TODO: check
+ NOT-FOR-US: Arcane
CVE-2026-45625 (Arcane is an interface for managing Docker containers, images,
network ...)
- TODO: check
+ NOT-FOR-US: Arcane
CVE-2026-45620 (WWBN AVideo is an open source video platform. In 29.0 and
earlier, obj ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-45619 (WWBN AVideo is an open source video platform. In 29.0 and
earlier, Epg ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-45615 (mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a
memory sa ...)
- TODO: check
+ NOT-FOR-US: mouse07410/asn1c
CVE-2026-45611
REJECTED
CVE-2026-45610 (WWBN AVideo is an open source video platform. In 29.0 and
earlier, the ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-45609 (mcp-security provides Security and Authorization support for
Model Con ...)
- TODO: check
+ NOT-FOR-US: mcp-security
CVE-2026-45582 (n8n-MCP is an MCP server that provides AI assistants access to
n8n nod ...)
- TODO: check
+ NOT-FOR-US: n8n-MCP
CVE-2026-45580 (WWBN AVideo is an open source video platform. In 29.0 and
earlier, the ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-45578 (WWBN AVideo is an open source video platform. In 29.0 and
earlier, the ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-45577 (Neotoma provides versioned records that persist across agent
runs. Fro ...)
- TODO: check
+ NOT-FOR-US: Neotoma
CVE-2026-45555 (Roslyn CodeLens MCP Server is a Roslyn-based MCP server
providing sema ...)
- TODO: check
+ NOT-FOR-US: Roslyn CodeLens MCP Server
CVE-2026-45551 (Group-Office is an enterprise customer relationship management
and gro ...)
- TODO: check
+ NOT-FOR-US: Group-Office
CVE-2026-45312 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation)
engine. ...)
TODO: check
CVE-2026-45043 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
@@ -921,7 +921,7 @@ CVE-2026-46840 (Vulnerability in Oracle REST Data Services
(component: Backend-a
CVE-2026-46839 (Vulnerability in Oracle REST Data Services (component: Core).
Support ...)
NOT-FOR-US: Oracle
CVE-2026-46837 (Vulnerability in the Oracle Flow Manufacturing product of
Oracle E-Bus ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46835 (Vulnerability in the Net Service component of Oracle Database
Server. ...)
NOT-FOR-US: Oracle
CVE-2026-46834 (Vulnerability in the Net Service component of Oracle Database
Server. ...)
@@ -933,27 +933,27 @@ CVE-2026-46830 (Vulnerability in Oracle REST Data
Services (component: Mongoapi)
CVE-2026-46829 (Vulnerability in Oracle REST Data Services (component:
Mongoapi). Sup ...)
NOT-FOR-US: Oracle
CVE-2026-46828 (Vulnerability in the Oracle Payroll product of Oracle
E-Business Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46827 (Vulnerability in the Oracle Payroll product of Oracle
E-Business Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46826 (Vulnerability in the Oracle Payroll product of Oracle
E-Business Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46824 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
NOT-FOR-US: Oracle
CVE-2026-46823 (Vulnerability in the Oracle Public Sector Financials
(International) p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46822 (Vulnerability in the Oracle iAssets product of Oracle
E-Business Suite ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46821 (Vulnerability in the Oracle Financials Common Modules product
of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46820 (Vulnerability in the Oracle Financials Common Modules product
of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46819 (Vulnerability in the Oracle Internet Procurement Connector
product of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46818 (Vulnerability in the Oracle Payments product of Oracle
E-Business Suit ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46817 (Vulnerability in the Oracle Payments product of Oracle
E-Business Suit ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46775 (Vulnerability in Oracle REST Data Services (component: Core).
Support ...)
NOT-FOR-US: Oracle
CVE-2026-45410 (TREK is a collaborative travel planner. Prior to 3.0.18, early
return ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce5b67b3c5f83a080d5ab09bc862a79eb32b212e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce5b67b3c5f83a080d5ab09bc862a79eb32b212e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
