Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec2cc6e8 by Moritz Muehlenhoff at 2026-06-19T12:50:04+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2026-55225
+ NOT-FOR-US: Strimzi
CVE-2026-3865
NOT-FOR-US: Kubernetes CSI Driver for SMB
CVE-2026-9822 (The WP Hotel Booking WordPress plugin before 2.3.1 does not
enforce ca ...)
@@ -29,23 +31,23 @@ CVE-2026-56131 (libexpat before 2.8.2 lacks handler call
depth tracking for call
- expat <unfixed>
NOTE: https://github.com/libexpat/libexpat/pull/1267
CVE-2026-56099 (OpenBSD before commit 6a23123 (2026-06-18) contains an
out-of-bounds r ...)
- TODO: check
+ NOT-FOR-US: OpenBSD
CVE-2026-56078 (PraisonAI before 1.5.115 contains a path traversal
vulnerability in Mu ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-56077 (PraisonAI before 1.5.115 contains an information disclosure
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-56076 (PraisonAI before 1.5.128 contains a cross-origin agent
execution vulne ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-56075 (PraisonAI before 4.5.128 contains an arbitrary shell command
execution ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-56074 (PraisonAI before 1.5.128 caches tool approval decisions by
tool name o ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-54414 (FileRise before 3.16.0 is vulnerable to path traversal in the
shared-f ...)
TODO: check
CVE-2026-54130 (Missing authentication for critical function in M365 Copilot
allows an ...)
NOT-FOR-US: Microsoft
CVE-2026-54017 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-52866 (An attacker within BLE communication range can monopolize the
device's ...)
TODO: check
CVE-2026-50034 (An attacker within BLE communication range can passively
intercept wi ...)
@@ -55,13 +57,13 @@ CVE-2026-4328 (The Advanced Import plugin for WordPress is
vulnerable to Server-
CVE-2026-49454 (Relyra is a strict-by-default SAML 2.0 Service Provider
library for El ...)
TODO: check
CVE-2026-49257 (mcp-pinot is a Python-based Model Context Protocol (MCP)
server for in ...)
- TODO: check
+ NOT-FOR-US: mcp-pinot
CVE-2026-49252 (deepstream is a server that allows clients and backend
services to syn ...)
TODO: check
CVE-2026-49248 (OneDev is a Git server with CI/CD, kanban, and packages. In
versions 1 ...)
TODO: check
CVE-2026-49205 (phpMyFAQ is an open source FAQ web application. Versions prior
to 4.1 ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-48983 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
TODO: check
CVE-2026-48982 (pam_usb provides hardware authentication for Linux using
ordinary remo ...)
@@ -71,17 +73,17 @@ CVE-2026-48981 (pam_usb provides hardware authentication
for Linux using ordinar
CVE-2026-48980 (pam_usb provides hardware authentication for Linux using
removable med ...)
TODO: check
CVE-2026-48716 (nanobot is a personal AI assistant. In versions 0.1.5.post3
and prior, ...)
- TODO: check
+ NOT-FOR-US: nanobot
CVE-2026-47847 (Bitnami MariaDB Galera container images and Helm chart are
affected by ...)
- TODO: check
+ NOT-FOR-US: Bitnami container
CVE-2026-47846 (Bitnami Cassandra container images are affected by a retained
default ...)
- TODO: check
+ NOT-FOR-US: Bitnami container
CVE-2026-47647 (Improper access control in Microsoft Dynamics 365 allows an
authorized ...)
NOT-FOR-US: Microsoft
CVE-2026-47633 (Exposure of sensitive information to an unauthorized actor in
Cost Man ...)
NOT-FOR-US: Microsoft
CVE-2026-46699 (conda-smithy is a tool for combining a conda recipe with
configuration ...)
- TODO: check
+ NOT-FOR-US: conda-smithy
CVE-2026-45696 (OpenEXR is the reference implementation and specification for
the EXR ...)
- openexr <unfixed>
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhf
@@ -103,7 +105,7 @@ CVE-2026-2842
CVE-2026-25865 (Punto Switcher through 4.5.0.583 contains an unquoted search
path elem ...)
TODO: check
CVE-2026-22674 (Hashgraph Guardian through 3.5.0, fixed in commit ba8c566,
contains a ...)
- TODO: check
+ NOT-FOR-US: Hashgraph Guardian
CVE-2026-1856 (The Appointment Booking Calendar plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12644 (Versions of the package ts-deepmerge before 8.0.0 are
vulnerable to Un ...)
@@ -113,19 +115,19 @@ CVE-2026-12430 (The Blocksy Companion plugin for
WordPress is vulnerable to Stor
CVE-2026-12157 (The BetterDocs - Knowledge Base Docs & FAQ Solution for
Elementor & Bl ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12050 (SQL injection in pgAdmin 4's named restore point endpoint
(POST /brows ...)
- TODO: check
+ - pgadmin4 <itp> (bug #834129)
CVE-2026-12049 (Open redirect in pgAdmin 4's multi-factor authentication flow.
The MFA ...)
- TODO: check
+ - pgadmin4 <itp> (bug #834129)
CVE-2026-12048 (Stored cross-site scripting in pgAdmin 4's error-rendering and
plan-no ...)
- TODO: check
+ - pgadmin4 <itp> (bug #834129)
CVE-2026-12047 (HTML injection in pgAdmin 4's cloud deployment module. The
verify_cred ...)
- TODO: check
+ - pgadmin4 <itp> (bug #834129)
CVE-2026-12046 (Two state-mutating endpoints in pgAdmin 4's SQL Editor
blueprint -- DE ...)
- TODO: check
+ - pgadmin4 <itp> (bug #834129)
CVE-2026-12045 (Read-only transaction bypass in the pgAdmin 4 AI Assistant
allows an a ...)
- TODO: check
+ - pgadmin4 <itp> (bug #834129)
CVE-2026-12044 (SQL injection in pgAdmin 4 across every dialog template that
renders ` ...)
- TODO: check
+ - pgadmin4 <itp> (bug #834129)
CVE-2026-11989 (The Bit integrations \u2013 Form Integration, Webhook,
Spreadsheets, C ...)
NOT-FOR-US: WordPress plugin
CVE-2026-11775 (The User Admin Simplifier plugin for WordPress is vulnerable
to Cross- ...)
@@ -137,7 +139,7 @@ CVE-2026-10779 (The Classified Listing \u2013 Classified
ads & Business Director
CVE-2026-10746
REJECTED
CVE-2026-10720 (Canonical MicroCeph versions from the squid and tentacle track
are vul ...)
- TODO: check
+ NOT-FOR-US: MicroCeph
CVE-2026-10034 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable
to author ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7737 (DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual
Storage Pl ...)
@@ -283,11 +285,11 @@ CVE-2026-44691 (In Eclipse Theia versions prior to
1.69.0, custom task definitio
CVE-2026-44688 (In Eclipse Theia versions prior to 1.71.0, the AI chat agent
processed ...)
TODO: check
CVE-2026-40457 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
LMS (LA ...)
- TODO: check
+ NOT-FOR-US: LMS (LAN Management System)
CVE-2026-40456 (An OS Command Injection vulnerability exists in LMS (LAN
Management Sy ...)
- TODO: check
+ NOT-FOR-US: LMS (LAN Management System)
CVE-2026-40455 (An SQL Injection vulnerability exists in LMS (LAN Management
System) b ...)
- TODO: check
+ NOT-FOR-US: LMS (LAN Management System)
CVE-2026-38718 (InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042
(including ...)
NOT-FOR-US: InHand Networks IR912
CVE-2026-38717 (InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042
(including ...)
@@ -311,7 +313,7 @@ CVE-2026-12527 (A broken authorization boundary in the RTSP
media delivery pipel
CVE-2026-12475
REJECTED
CVE-2026-12390 (In AzeoTech DAQFactory versions 21.1 and prior, a Type
Confusion vulne ...)
- TODO: check
+ NOT-FOR-US: AzeoTech DAQFactory
CVE-2026-12137 (The SysBasics Customize My Account for WooCommerce \u2013
Dashboard, E ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12136 (The Customize My Account For Woocommerce plugin for WordPress
is vulne ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec2cc6e8364c3d037a217c81f7fde455510af1e3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec2cc6e8364c3d037a217c81f7fde455510af1e3
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
