[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 02 Jun 2026 09:00:20 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d5806a9e by Moritz Muehlenhoff at 2026-06-02T16:28:01+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,9 +7,9 @@ CVE-2026-8293 (The Really Simple Security  WordPress plugin 
before 9.5.10.1 does
 CVE-2026-8206 (The Kirki \u2013 Freeform Page Builder, Website Builder & 
Customizer p ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-49491 (Pixa Bank 2.0 contains an SQL injection vulnerability that 
allows unau ...)
-       TODO: check
+       NOT-FOR-US: Pixa Bank
 CVE-2026-49433 (The DeepAI endpoint 'https://api.deepai.org/change_user_email' 
accepts ...)
-       TODO: check
+       NOT-FOR-US: DeepAI
 CVE-2026-49140 (Nanobot prior to version 0.2.1 contains a denial of service 
vulnerabil ...)
        NOT-FOR-US: Nanobot
 CVE-2026-49139 (Nanobot prior to version 0.2.1 contains a server-side request 
forgery  ...)
@@ -17,7 +17,7 @@ CVE-2026-49139 (Nanobot prior to version 0.2.1 contains a 
server-side request fo
 CVE-2026-49138 (Nanobot prior to version 0.2.1 contains a server-side request 
forgery  ...)
        NOT-FOR-US: Nanobot
 CVE-2026-49136 (Banana Slides through 0.4.0, patched in commit e8bc490, 
contains a pat ...)
-       TODO: check
+       NOT-FOR-US: Banana Slides
 CVE-2026-49135 (CodexBar prior to 0.32.0 contains an insecure temporary file 
handling  ...)
        NOT-FOR-US: CodexBar
 CVE-2026-49134 (CodexBar prior to 0.32.0 contains a privilege escalation 
vulnerability ...)
@@ -91,31 +91,31 @@ CVE-2026-24087 (Memory corruption while processing fastboot 
OEM commands.)
 CVE-2026-24085 (Memory Corruption when processing display command line 
information due ...)
        NOT-FOR-US: Qualcomm
 CVE-2026-10583 (A security vulnerability has been detected in nextlevelbuilder 
GoClaw  ...)
-       TODO: check
+       NOT-FOR-US: GoClaw
 CVE-2026-10581 (A flaw has been found in DedeCMS 5.7.88. Affected by this 
vulnerabilit ...)
        NOT-FOR-US: DedeCMS
 CVE-2026-10568 (A vulnerability was detected in itsourcecode Fees Management 
System 1. ...)
        NOT-FOR-US: itsourcecode System
 CVE-2026-10567 (A security vulnerability has been detected in 1Panel-dev 
CordysCRM up  ...)
-       TODO: check
+       NOT-FOR-US: CordysCRM
 CVE-2026-10566 (A weakness has been identified in FoundationAgents MetaGPT up 
to 0.8.2 ...)
-       TODO: check
+       NOT-FOR-US: MetaGPT
 CVE-2026-10565 (A security flaw has been discovered in Open5GS up to 2.7.6. 
The impact ...)
-       TODO: check
+       - open5gs <itp> (bug #1094791)
 CVE-2026-10559 (A flaw has been found in SourceCodester Pizzafy Ecommerce 
System 1.0.  ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-10558 (A vulnerability was detected in SourceCodester Pizzafy 
Ecommerce Syste ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-10550 (A weakness has been identified in elunez eladmin up to 2.7. 
This vulne ...)
-       TODO: check
+       NOT-FOR-US: eladmin
 CVE-2026-10548 (A security flaw has been discovered in NousResearch 
hermes-agent up to ...)
-       TODO: check
+       NOT-FOR-US: NousResearch hermes-agent
 CVE-2026-10529 (A weakness has been identified in westboy CicadasCMS up to 
2431154dac8 ...)
-       TODO: check
+       NOT-FOR-US: CicadasCMS
 CVE-2026-10528 (A security flaw has been discovered in Orthanc DICOM Server up 
to 1.12 ...)
        TODO: check
 CVE-2026-10514 (A vulnerability has been found in 1Panel-dev CordysCRM up to 
1.6.2. Th ...)
-       TODO: check
+       NOT-FOR-US: CordysCRM
 CVE-2026-10510 (Cross-Site Scripting (XSS) in GeniexWebView component in 
Transsion AI  ...)
        NOT-FOR-US: TECNO Mobile
 CVE-2026-10302 (A flaw has been found in itsourcecode Fees Management System 
1.0. The  ...)
@@ -123,7 +123,7 @@ CVE-2026-10302 (A flaw has been found in itsourcecode Fees 
Management System 1.0
 CVE-2026-10301 (A vulnerability was detected in itsourcecode Fees Management 
System 1. ...)
        NOT-FOR-US: itsourcecode System
 CVE-2026-10300 (A security vulnerability has been detected in SGLang 
0.5.10.post1. Imp ...)
-       TODO: check
+       NOT-FOR-US: SGLang
 CVE-2026-10299 (A weakness has been identified in code-projects Online 
Hospital Manage ...)
        NOT-FOR-US: code-projects
 CVE-2026-10298 (A security flaw has been discovered in ggml-org whisper.cpp up 
to 1.8. ...)
@@ -137,11 +137,11 @@ CVE-2026-10295 (A vulnerability was found in 
SourceCodester Customer Review App
 CVE-2026-10294 (A vulnerability has been found in PackageKit up to 1.3.5. 
Affected is  ...)
        TODO: check
 CVE-2026-10293 (A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. 
This imp ...)
-       TODO: check
+       NOT-FOR-US: UTT
 CVE-2026-10292 (A vulnerability was detected in UTT HiPER 1200GW up to 
2.5.3-170306. T ...)
-       TODO: check
+       NOT-FOR-US: UTT
 CVE-2026-10291 (A security vulnerability has been detected in Enderfga 
claw-orchestrat ...)
-       TODO: check
+       NOT-FOR-US: Enderfga claw-orchestrator
 CVE-2026-10290 (A weakness has been identified in code-projects Hotel and 
Tourism Rese ...)
        NOT-FOR-US: code-projects
 CVE-2026-10289 (A security flaw has been discovered in code-projects Hotel and 
Tourism ...)
@@ -153,9 +153,9 @@ CVE-2026-10287 (A vulnerability was determined in 
SourceCodester SEO Meta Tag Ex
 CVE-2026-10286 (A vulnerability was found in CodeAstro Payroll System 1.0. 
This affect ...)
        NOT-FOR-US: CodeAstro
 CVE-2026-10285 (A vulnerability has been found in DevaslanPHP 
project-management up to ...)
-       TODO: check
+       NOT-FOR-US: DevaslanPHP project-management
 CVE-2026-10284 (A flaw has been found in DevaslanPHP project-management up to 
2.0.0-be ...)
-       TODO: check
+       NOT-FOR-US: DevaslanPHP project-management
 CVE-2026-10100 (The Simple Custom Login Page plugin for WordPress is 
vulnerable to Sto ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-0100 (In Load of LoadedArsc.cpp, there is a possible out of bounds 
write due ...)
@@ -249,7 +249,7 @@ CVE-2026-0016 (In updateProvidersWhenServiceRemoved of 
CredentialManagerService.
 CVE-2026-0009 (In multiple locations, there is a possible tapjacking due to a 
logic e ...)
        NOT-FOR-US: Android
 CVE-2025-70099 (A NULL pointer dereference in the ext4_dir_en_get_name_len 
function in ...)
-       TODO: check
+       NOT-FOR-US: lwext4
 CVE-2025-59614 (Memory Corruption when sending random number generator command 
with in ...)
        NOT-FOR-US: Qualcomm
 CVE-2025-59613 (Memory Corruption when output buffer size is smaller than 
input buffer ...)
@@ -291,27 +291,27 @@ CVE-2025-22426 (In many functions of ComputerEngine.java, 
there is a possible wa
 CVE-2025-22424 (In multiple locations, there is a possible way to reveal 
images across ...)
        NOT-FOR-US: Android
 CVE-2019-25718 (Dr\xe4ger Infinity Explorer C700 contains a privilege 
escalation vulne ...)
-       TODO: check
+       NOT-FOR-US: Draeger Infinity
 CVE-2019-25716 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors 
contain ...)
-       TODO: check
+       NOT-FOR-US: Draeger Infinity
 CVE-2018-25435 (ZeusCart 4.0 contains a cross-site request forgery 
vulnerability that  ...)
-       TODO: check
+       NOT-FOR-US: ZeusCart
 CVE-2018-25434 (WP AutoSuggest 0.24 contains an SQL injection vulnerability 
that allow ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2018-25433 (Joomla Component JE Photo Gallery 1.1 contains an SQL 
injection vulner ...)
-       TODO: check
+       NOT-FOR-US: Joomla addon
 CVE-2018-25432 (Arm Whois 3.11 contains a buffer overflow vulnerability that 
allows lo ...)
-       TODO: check
+       NOT-FOR-US: Arm whois
 CVE-2018-25431 (No-Cms 1.0 contains an SQL injection vulnerability in the 
order_by par ...)
-       TODO: check
+       NOT-FOR-US: No-Cms
 CVE-2018-25430 (Paroiciel 11.20 contains an SQL injection vulnerability that 
allows au ...)
-       TODO: check
+       NOT-FOR-US: Paroiciel
 CVE-2018-25429 (Paroiciel 11.20 contains an SQL injection vulnerability that 
allows au ...)
-       TODO: check
+       NOT-FOR-US: Paroiciel
 CVE-2018-25428 (Paroiciel 11.20 contains an SQL injection vulnerability that 
allows un ...)
-       TODO: check
+       NOT-FOR-US: Paroiciel
 CVE-2018-25427 (Arm Whois 3.11 contains a stack-based buffer overflow 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: Arm whois
 CVE-2026-XXXX [Font Alias Stack-based Buffer Overflow]
        - xorg-server <unfixed> (bug #1138680)
        - xwayland <unfixed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5806a9ecdbc579114bfb1a172a5a10ff51d7b97

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5806a9ecdbc579114bfb1a172a5a10ff51d7b97
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to