Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0581123d by security tracker role at 2026-06-09T19:14:31+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
CVE-2026-9279 (Logseq exposes an IPC handler that allows the renderer process
to exec ...)
TODO: check
CVE-2026-9213 (A vulnerability inthe affectedNETGEAR gaming routers
allowsattackers w ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-9212 (Insufficient authentication and input validation in thelisted
NETGEAR ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-9211 (An unauthenticated user on the local network can gain control
of the r ...)
TODO: check
CVE-2026-9210 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-8863 (Multiple version of UEFI SHIM bootloaders are vulnerable to
SecureBoo ...)
TODO: check
CVE-2026-8677 (The Prime Elementor Addons \u2013 Lightweight Elementor Widgets
for Fa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8599 (The MailerPress \u2013 Email Marketing, Newsletter, Email
Automation & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8365 (The Blocksy theme for WordPress is vulnerable to PHP Object
Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8045 (CWE-611 Improper Restriction of XML External Entity Reference
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-8025 (Improper neutralization of special elements used in an SQL
command ('S ...)
TODO: check
CVE-2026-7542 (The Slider Revolution plugin for WordPress is vulnerable to
Sensitive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7486 (Improper neutralization of special elements used in an SQL
command ('S ...)
TODO: check
CVE-2026-6899 (Check for certificate revocation only considers the first
matching CRL ...)
TODO: check
CVE-2026-5068 (A remote, unauthenticated BLE peer can trigger a 2-byte
out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-52902 (A path traversal vulnerability was found in awxkit, the CLI
tool for A ...)
TODO: check
CVE-2026-50636 (The RemoteControl API methods invite_participants and
remind_participa ...)
@@ -35,15 +35,15 @@ CVE-2026-50636 (The RemoteControl API methods
invite_participants and remind_par
CVE-2026-50635 (LimeSurvey constructs account password-reset links from the
client-sup ...)
TODO: check
CVE-2026-50512 (Missing authentication for critical function in Microsoft PC
Manager a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-50511 (Improper link resolution before file access ('link following')
in Micr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-50508 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-50507 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-4058 (The User Frontend: AI Powered Frontend Posting, User Directory,
Profil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49959 (Hermes WebUI before version 0.51.311 contains a remote code
execution ...)
TODO: check
CVE-2026-49958 (Hermes WebUI before version 0.51.303 contains a time-of-check
time-of- ...)
@@ -57,7 +57,7 @@ CVE-2026-49955 (Hermes WebUI before version 0.51.270 contains
a resource exhaust
CVE-2026-49948 (Mem0 versions through 0.2.8, fixed in commit ae7f406, contain
a missin ...)
TODO: check
CVE-2026-49938 (A improper access control vulnerability in Fortinet
FortiPortal 7.4.0 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-49848 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
TODO: check
CVE-2026-49847 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
@@ -73,163 +73,163 @@ CVE-2026-49840 (FreeSWITCH is a Software Defined Telecom
Stack enabling the digi
CVE-2026-49762 (Uncontrolled Resource Consumption vulnerability in the Elixir
standard ...)
TODO: check
CVE-2026-49742 (Backend users with file download permissions were able to
download fil ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-49741 (Backend users with write access to the form_definition
database table ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-49740 (TYPO3's cache frontend (VariableFrontend) and persistent
key-value sto ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-49738 (The path allowance check in GeneralUtility::isAllowedAbsPath()
perform ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-49475 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
TODO: check
CVE-2026-49472 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
TODO: check
CVE-2026-49161 (Improper access control in Microsoft PC Manager allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-49160 (Uncontrolled resource consumption in HTTP/2 allows an
unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48583 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48578 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48576 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48575 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48574 (Heap-based buffer overflow in Windows Media allows an
unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48573 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48570 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48569 (Improper input validation in Visual Studio Code allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48568 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48566 (Out-of-bounds read in Windows DWM Core Library allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48565 (Untrusted search path in Windows Narrator Braille allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48563 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48562 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48560 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-48304 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48301 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48300 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48299 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48297 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48293 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48289 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48288 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48280 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48271 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48268 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48266 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48265 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48264 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48258 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48256 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48251 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48250 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47993 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47991 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47990 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47989 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47987 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47986 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47985 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47983 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47982 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47981 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47980 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47978 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47977 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47975 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47974 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47973 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47972 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47970 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47966 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47962 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47958 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47957 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47956 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47954 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47953 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47951 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47950 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47949 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47948 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47947 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47946 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47945 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47944 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47943 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47942 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47941 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47939 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47936 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47935 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47901 (Logseq is vulnerable to a sandbox escape flaw where plugins
running in ...)
TODO: check
CVE-2026-47900 (Logseq is vulnerable to a stored cross-site scripting (XSS). A
malicio ...)
@@ -237,373 +237,373 @@ CVE-2026-47900 (Logseq is vulnerable to a stored
cross-site scripting (XSS). A m
CVE-2026-47899 (The Electron preload script in Logseq exposes an API method
that allow ...)
TODO: check
CVE-2026-47656 (Protection mechanism failure in Windows Boot Manager allows an
authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47654 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47653 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47652 (Out-of-bounds read in Windows Hyper-V allows an unauthorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47648 (Untrusted search path in Windows Storage allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47643 (External control of file name or path in Azure Stack Edge
allows an un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47641 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47640 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47639 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47638 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47637 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47636 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47635 (Access of resource using incompatible type ('type confusion')
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47634 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47631 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47352 (Authenticated backend users were able to retrieve file
metadata via se ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-47351 (Backend users were able to insert arbitrary records and files
into the ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-47350 (Backend users were able to move records to a different page
without ha ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-47349 (Backend users with access to the Recycler module were able to
restore ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-47348 (Editors with access to create or modify page content were able
to incl ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-47347 (Applications that use GeneralUtility::sanitizeLocalUrl to
allow only l ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-47346 (Backend users with file write permissions were able to upload
form def ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-47343 (Non-privileged backend users with file mount access were able
to perfo ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-47298 (Improper authorization in Microsoft Office SharePoint allows
an author ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47293 (Use after free in Microsoft Office Click-To-Run allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47292 (Inclusion of functionality from untrusted control sphere in
Visual Stu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47291 (Integer overflow or wraparound in Windows HTTP.sys allows an
unauthori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47289 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47288 (Integer overflow or wraparound in Windows Kerberos allows an
authorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47287 (Relative path traversal in Visual Studio Code allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47284 (Exposure of sensitive information to an unauthorized actor in
Visual S ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-47281 (Improper input validation in Visual Studio Code allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-46749 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-46748 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-46747 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-46746 (A vulnerability has been identified in SINEC INS (All versions
< V1.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-46492 (md-fileserver allows for local viewing of markdown files in a
browser. ...)
TODO: check
CVE-2026-45771 (FreeSWITCH is a Software Defined Telecom Stack enabling the
digital tr ...)
TODO: check
CVE-2026-45658 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45657 (Use after free in Windows Kernel allows an unauthorized
attacker to ex ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45656 (Protection mechanism failure in Windows UEFI allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45655 (Protection mechanism failure in Windows BitLocker allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45654 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45653 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45650 (User interface (ui) misrepresentation of critical information
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45649 (Improper access control in Office for Android allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45648 (Stack-based buffer overflow in Active Directory Domain
Services allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45647 (Time-of-check time-of-use (toctou) race condition in Microsoft
Defende ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45645 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45644 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45643 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45642 (Improper input validation in Microsoft Azure Attestation
service and D ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45641 (Out-of-bounds read in Windows Hyper-V allows an unauthorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45640 (Use after free in Windows Bluetooth Port Driver allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45639 (Out-of-bounds read in Windows RDP allows an unauthorized
attacker to d ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45638 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45637 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45636 (Heap-based buffer overflow in Windows NTFS allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45635 (Use after free in Universal Plug and Play (upnp.dll) allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45634 (Out-of-bounds read in Windows DHCP Server allows an authorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45608 (Out-of-bounds read in Windows DHCP Server allows an authorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45607 (Out-of-bounds read in Windows Hyper-V allows an unauthorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45606 (Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll)
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45605 (Use after free in Windows Bluetooth Service allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45604 (Out-of-bounds read in Windows Application Identity (AppID)
Subsystem a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45603 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45602 (No cwe for this issue in Windows DHCP Server allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45601 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45600 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45599 (Use after free in Universal Plug and Play (upnp.dll) allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45598 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45597 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45596 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45595 (Protection mechanism failure in Windows Mark of the Web (MOTW)
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45594 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45593 (Use after free in Windows SDK allows an authorized attacker to
elevate ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45592 (Integer overflow or wraparound in Windows Internet
(wininet.dll) allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45591 (Uncontrolled resource consumption in ASP.NET Core allows an
unauthoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45588 (Protection mechanism failure in Windows Secure Boot allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45586 (Improper link resolution before file access ('link following')
in Wind ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45583 (Improper control of generation of code ('code injection') in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45504 (Server-side request forgery (ssrf) in Microsoft Exchange
Server allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45503 (Improper authorization in Microsoft Exchange Server allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45502 (Server-side request forgery (ssrf) in Microsoft Exchange
Server allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45501 (Server-side request forgery (ssrf) in Microsoft Exchange
Server allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45500 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45491 (Improper link resolution before file access ('link following')
in .NET ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45490 (Improper authorization in .NET allows an authorized attacker
to elevat ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45487 (Time-of-check time-of-use (TOCTOU) race condition in Program
Compatibi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45486 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45485 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45484 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45483 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45482 (Improper limitation of a pathname to a restricted directory
('path tra ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45481 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45479 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45476 (Use after free in Linux MANA Driver allows an authorized
attacker to e ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45475 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45474 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45472 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45471 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45469 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45468 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45467 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45466 (Heap-based buffer overflow in Microsoft Office Word allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45465 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45464 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45463 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45462 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45461 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45460 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45459 (Protection mechanism failure in Microsoft Office Excel allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45458 (Access of resource using incompatible type ('type confusion')
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45457 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45456 (Access of resource using incompatible type ('type confusion')
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45455 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45454 (Improper limitation of a pathname to a restricted directory
('path tra ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45453 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44824 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44823 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44822 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44821 (Out-of-bounds read in Microsoft Office allows an unauthorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44820 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44819 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44818 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44817 (Integer underflow (wrap or wraparound) in Microsoft Office
Excel allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44815 (Stack-based buffer overflow in Windows DHCP Client allows an
unauthori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44814 (Out-of-bounds read in Windows DWM Core Library allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44813 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44812 (Integer overflow or wraparound in Windows Win32K - GRFX allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44811 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44810 (Improper authentication in Windows Cryptographic Services
allows an un ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44809 (Use after free in Windows Common Log File System Driver allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44808 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44807 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44805 (Use after free in Windows Network Controller (NC) Host Agent
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44804 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44803 (Integer overflow or wraparound in Windows Win32K - GRFX allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44802 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44801 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44799 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-44275 (Dell/Alienware Purchased Apps, versions prior to 1.1.32.0,
contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-44083 (An authorization bypass through user-controlled key
vulnerability has ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-42993 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42992 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42991 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42989 (Improper link resolution before file access ('link following')
in Winl ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42987 (Use after free in Windows Deployment Services allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42986 (Use after free in Microsoft Graphics Component allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42985 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42984 (Use after free in Windows Kernel allows an authorized attacker
to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42983 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42981 (Integer underflow (wrap or wraparound) in Windows Performance
Monitor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42980 (Integer underflow (wrap or wraparound) in Windows NT OS Kernel
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42979 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42978 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42977 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42974 (Integer underflow (wrap or wraparound) in Windows Performance
Monitor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42973 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42972 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42971 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42970 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42969 (Use of uninitialized resource in Windows Push Notifications
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42968 (Out-of-bounds read in Windows Telephony Service allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42916 (Integer underflow (wrap or wraparound) in Windows NT OS Kernel
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42915 (Incorrect calculation of buffer size in Windows TCP/IP allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42914 (Windows Kerberos Denial of Service Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42913 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42912 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42911 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42910 (Out-of-bounds write in Windows Hotpatch Monitoring Service
allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42909 (Heap-based buffer overflow in Remote Desktop Client allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42908 (Out-of-bounds read in Windows RDP allows an unauthorized
attacker to d ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42907 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42906 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42905 (Use after free in Windows DWM Core Library allows an
authorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42904 (Heap-based buffer overflow in Windows TCP/IP allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42903 (Null pointer dereference in Windows Kerberos allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42902 (Improper authorization in Microsoft PowerToys allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42837 (Buffer over-read in Windows Projected File System Filter
Driver allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42836 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42835 (Improper neutralization of special elements in output used by
a downst ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42829 (Improper access control in Windows Administrator Protection
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42828 (Buffer over-read in Windows Projected File System Filter
Driver allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42599 (Svelte is a performance oriented web framework. Prior to
version 5.55. ...)
TODO: check
CVE-2026-42573 (Svelte is a performance oriented web framework. Prior to
version 5.55. ...)
@@ -613,47 +613,47 @@ CVE-2026-42570 (Svelte devalue is a JavaScript library
that serializes values in
CVE-2026-42567 (Svelte is a performance oriented web framework. From version
5.51.5 to ...)
TODO: check
CVE-2026-41986 (Logic bypass vulnerability in the file system. Impact:
Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41985 (UAF vulnerability in the package management module.Impact:
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41984 (UAF vulnerability in the package management module.Impact:
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41983 (DoS vulnerability in the browser kernel.Impact: Successful
exploitatio ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41982 (Race condition vulnerability in the IPC module.Impact:
Successful expl ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41981 (Out-of-bounds write vulnerability in the IPC module.Impact:
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41977 (DoS vulnerability in the log service.Impact: Successful
exploitation o ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41976 (Permission control vulnerability in the audio
framework.Impact: Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41974 (Permission control vulnerability in service
notifications.Impact: Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41973 (Permission control vulnerability in calls.Impact: Successful
exploitat ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41972 (Path traversal vulnerability in the SMS app.Impact: Successful
exploit ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41116 (Dell Inventory Collector Client, versions prior to 13.8.0,
contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-41108 (Heap-based buffer overflow in Microsoft Windows DNS allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41098 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41092 (Improper access control in Microsoft Kinect allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41031 (A Stored Cross-Site Scripting vulnerability in Vinna Process
Monitor V ...)
TODO: check
CVE-2026-40639 (Dell Client Platform BIOS contains a Weak Encoding for
Password vulner ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-40409 (Windows Universal Disk Format File System Driver (UDFS)
Elevation of P ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40404 (Windows Universal Disk Format File System Driver (UDFS)
Elevation of P ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40376 (Improper input validation in Visual Studio Code allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40371 (Improper handling of insufficient permissions or privileges in
Microso ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-3088 (Unauthenticated users on the local network can cause the router
to bec ...)
TODO: check
CVE-2026-39170 (SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF)
via craf ...)
@@ -661,83 +661,83 @@ CVE-2026-39170 (SemCms 5.0 is vulnerable to Cross Site
Request Forgery (CSRF) vi
CVE-2026-39169 (SEMCMS 5.0 is vulnerable to unauthorized access in
SEMCMS_copy.php.)
TODO: check
CVE-2026-38615 (DedeCMS V5.7.118 is vulnerable to Command Execution in
file_manage_con ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2026-36823 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36822 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36821 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36820 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36819 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36818 (Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was
discovere ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36817 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36816 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36815 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36813 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36811 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36810 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36809 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36808 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36807 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36806 (Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was
discover ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36805 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36803 (Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36802 (Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36801 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36800 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36799 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36798 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36797 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36796 (Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36794 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36793 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36792 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36791 (Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was
discovered ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36784 (Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router
v1.0.0.5(4 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36783 (Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router
v1.0.0.5(4 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36779 (Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router
v1.0.0.5(4 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36778 (Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router
v1.0.0.5(4 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36777 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36773 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36772 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36771 (Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router
v1.0.0.3(2 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36770 (Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3
was disc ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-36728 (A markdown based cross-site scripting (XSS) vulnerability in
the AI as ...)
TODO: check
CVE-2026-36727 (An insecure authentication vulnerability in the
/api/social-sign-in en ...)
@@ -759,81 +759,81 @@ CVE-2026-36720 (Insecure permissions in bookcars v8.3
allows authenticated attac
CVE-2026-36719 (An information disclosure vulnerability in the
/api/v1/user/info endpo ...)
TODO: check
CVE-2026-34905 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-34708 (InCopy versions 21.3, 20.5.3 and earlier are affected by a
Stack-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34707 (InCopy versions 21.3, 20.5.3 and earlier are affected by a
Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34706 (InCopy versions 21.3, 20.5.3 and earlier are affected by an
out-of-bou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34705 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34704 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a N ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34703 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a N ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34702 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a S ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34701 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34700 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34699 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34698 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34697 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a S ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34696 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a U ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34695 (InDesign Desktop versions 21.3, 20.5.3 and earlier are
affected by a S ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34694 (Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34693 (Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34692 (Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34691 (Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0
and earl ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34335 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34033 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-34031 (Unrestricted Upload of File with Dangerous Type vulnerability
in Apach ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-33828 (Trust boundary violation in Windows Attestation allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33582 (Unrestricted Upload of File with Dangerous Type vulnerability
in Apach ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-33113 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32193 (Improper limitation of a pathname to a restricted directory
('path tra ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-30141 (An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A
buffer overf ...)
TODO: check
CVE-2026-2638 (A vulnerability in the quarantine and restore workflow of the
X-VPN ma ...)
TODO: check
CVE-2026-28301 (A vulnerability in which an attacker can provide a crafted
external UR ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2026-28262 (Dell iDRAC Tools, versions prior to 11.4.1.0, contains an
Improper Lin ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-28237 (Unrestricted resource allocation in AMD uProf may be
exploitable to co ...)
TODO: check
CVE-2026-26142 (Deserialization of untrusted data in Nuance PowerScribe allows
an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-25699 (Exposure of Private Personal Information to an Unauthorized
Actor vuln ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-25688 (Improper Neutralization of Alternate XSS Syntax vulnerability
in Apach ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-25089 (A improper neutralization of special elements used in an os
command (' ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-24349 (A vulnerability has been identified in SIMATIC WinCC Unified
PC Runtim ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-24181 (NVIDIA DALI contains a vulnerability in a component where an
attacker ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24180 (NVIDIA DALI contains a vulnerability in a component where an
attacker ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24065 (Waves Central for macOS versions 13.0.9 through 16.5.5 contain
a local ...)
TODO: check
CVE-2026-24064 (Waves Central for macOS versions 13.0.9 through 16.5.5 contain
a local ...)
@@ -857,51 +857,51 @@ CVE-2026-11786 (A flaw was found in 389 Directory Server.
The LDIF parser reads
CVE-2026-11785 (A flaw was found in 389 Directory Server. A type confusion in
the SSO ...)
TODO: check
CVE-2026-11764 (When creating an export of all reusable media, the secrets of
connecte ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-11616 (The Events Calendar for GeoDirectory plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11607 (Backend users with access to the Form Framework were able to
use files ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-10731 (SQL injection in the \u2018two_steps_auth_code\u2019 parameter
process ...)
TODO: check
CVE-2026-10727 (An OS command injection vulnerability in Ivanti EPMM
before12.9.0.1, 1 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-10523 (An Authentication Bypass vulnerability (CWE-288)in
IvantiSentry before ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-10520 (An OS Command Injection vulnerabilityin IvantiSentry
beforetheR10.5.2, ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-10045 (Shenzhen Kangda Xin Intelligent Network Technology Company's
router, m ...)
TODO: check
CVE-2026-0466 (Improper access control in AMD uProf may allow a local attacker
with u ...)
TODO: check
CVE-2026-0420 (An improper implementation of TLS certificate validation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0419 (Insufficient input validation in NETGEAR JR6150 (AC750 WiFi
Router 802 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0418 (Insufficient configuration management in the listed
devicesallows auth ...)
TODO: check
CVE-2026-0417 (Insufficient input validation vulnerability in
NETGEARdevicesallows au ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0416 (Authenticated administrators connected to the local network can
modify ...)
TODO: check
CVE-2026-0415 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0414 (Insufficient input validation vulnerability in thelisted
NETGEAR model ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0413 (Insufficient input validation of buffers vulnerability in
thelisted NE ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0412 (Insufficient input validation vulnerability in NETGEAR JR6150
(AC750 W ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0411 (An information disclosure vulnerability in theNETGEAROrbi
satellites c ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0410 (Authenticated administrators connected to the local network can
gain ...)
TODO: check
CVE-2026-0409 (ANETGEARsecurity issue that could allow an attacker with
ability to in ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-67862 (An Internal Asset Exposed to Unsafe Debug Access Level or
State vulner ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-62858 (A buffer overflow vulnerability has been reported to affect
several QN ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-55659 (A NULL pointer dereference in the ctts_box_write function
(isomedia/bo ...)
TODO: check
CVE-2025-55658 (GPAC MP4Box v2.4 was discovered to contain a floating point
exception ...)
@@ -917,7 +917,7 @@ CVE-2025-52293 (A segmentation violaton in the
gf_hevc_read_sps_bs_internal func
CVE-2025-52292 (A stack buffer overflow in the filein_process function
(in_file.c) of ...)
TODO: check
CVE-2025-40808 (A vulnerability has been identified in SIPROTEC 5 6MD84
(CP300) (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2023-43688 (An issue was discovered in Malwarebytes 4.x and 5.x (and
Nebula 2020-1 ...)
TODO: check
CVE-2023-43686 (An issue was discovered in Malwarebytes 4.x and 5.x (and
Nebula 2020-1 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0581123dcb97ae0d291e48d42cf5ccd63905a710
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0581123dcb97ae0d291e48d42cf5ccd63905a710
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
