Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f08519dd by Moritz Muehlenhoff at 2026-07-02T09:32:59+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,13 +3,13 @@ CVE-2026-5821 (The Image Optimizer plugin for WordPress is
vulnerable to arbitra
CVE-2026-5348 (The Academy LMS \u2013 WordPress LMS Plugin for Complete
eLearning Sol ...)
NOT-FOR-US: WordPress plugin
CVE-2026-58593 (NodeBB does not bind the claimed author of an inbound
ActivityPub obje ...)
- TODO: check
+ NOT-FOR-US: NodeBB
CVE-2026-58592 (Ladybird contains a dangling-reference memory-safety flaw in
its WebAs ...)
- TODO: check
+ - ladybird <itp> (bug #1088305)
CVE-2026-58457 (Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02)
contains an ...)
- TODO: check
+ NOT-FOR-US: Shenzhen Aitemi
CVE-2026-58263 (Jodit Editor is a WYSIWYG editor with written in pure
TypeScript file ...)
- TODO: check
+ NOT-FOR-US: Jodit Editor
CVE-2026-57278 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
NOT-FOR-US: GeoVision
CVE-2026-57277 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
@@ -41,7 +41,7 @@ CVE-2026-57265 (GeoWebPlayer (also called "Web Plugin" in the
GV-VMS documentati
CVE-2026-57264 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
NOT-FOR-US: GeoVision
CVE-2026-55886 (Jodit Editor is a WYSIWYG editor with written in pure
TypeScript file ...)
- TODO: check
+ NOT-FOR-US: Jodit Editor
CVE-2026-55794 (Craft CMS is a content management system (CMS). In versions
5.9.0 and ...)
TODO: check
CVE-2026-55793 (Craft CMS is a content management system (CMS). In versions
5.0.0-RC1 ...)
@@ -65,7 +65,7 @@ CVE-2026-54908 (Pion DTLS is a Go implementation of Datagram
Transport Layer Sec
CVE-2026-54786 (Wasmtime is a runtime for WebAssembly. All versions prior to
24.0.10; ...)
TODO: check
CVE-2026-54756 (Jodit Editor is a WYSIWYG editor with written in pure
TypeScript file ...)
- TODO: check
+ NOT-FOR-US: Jodit Editor
CVE-2026-54720 (Silverstripe Framework is a PHP framework which powers the
Silverstrip ...)
TODO: check
CVE-2026-54712 (OpenTelemetry Java Instrumentation provides OpenTelemetry
auto-instrum ...)
@@ -73,15 +73,15 @@ CVE-2026-54712 (OpenTelemetry Java Instrumentation provides
OpenTelemetry auto-i
CVE-2026-54704 (OpenTelemetry Java Instrumentation provides OpenTelemetry
auto-instrum ...)
TODO: check
CVE-2026-54263 (Wagtail is an open source content management system built on
Django. I ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2026-54262 (Wagtail is an open source content management system built on
Django. I ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2026-54261 (Wagtail is an open source content management system built on
Django. I ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2026-54260 (Wagtail is an open source content management system built on
Django. I ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2026-54259 (Wagtail is an open source content management system built on
Django. I ...)
- TODO: check
+ NOT-FOR-US: Wagtail
CVE-2026-54164 (API Platform Core is a system to create hypermedia-driven REST
and Gra ...)
TODO: check
CVE-2026-54074 (Tina is a headless content management system. @tinacms/cli
versions pr ...)
@@ -413,29 +413,29 @@ CVE-2026-54428 (Allocation of resources without limits or
throttling in the HTTP
CVE-2026-54399 (Uncontrolled Resource Consumption vulnerability in the
HTTP/1.1 messag ...)
TODO: check
CVE-2026-53909 (MCO does not correctly validate types of uploaded files. File
upload v ...)
- TODO: check
+ NOT-FOR-US: MyComplianceOffice MCO
CVE-2026-53908 (MCO is vulnerable to User Enumeration through
authentication-related f ...)
- TODO: check
+ NOT-FOR-US: MyComplianceOffice MCO
CVE-2026-53907 (MCO is vulnerable to Stored Cross\u2011Site Scripting (XSS)
via the ap ...)
- TODO: check
+ NOT-FOR-US: MyComplianceOffice MCO
CVE-2026-53906 (MCO is vulnerable to Path Disclosure and Path Traversal in
file handli ...)
- TODO: check
+ NOT-FOR-US: MyComplianceOffice MCO
CVE-2026-53905 (MCO does not properly enforce authorization checks in the
/customer/se ...)
- TODO: check
+ NOT-FOR-US: MyComplianceOffice MCO
CVE-2026-53904 (MCO is vulnerable to Account Denial of Service due to improper
impleme ...)
- TODO: check
+ NOT-FOR-US: MyComplianceOffice MCO
CVE-2026-53903 (MCO is vulnerable to an Insecure Direct Object Reference
(IDOR) vulner ...)
- TODO: check
+ NOT-FOR-US: MyComplianceOffice MCO
CVE-2026-53902 (MCO does not properly enforce authorization checks in the
/customer/se ...)
- TODO: check
+ NOT-FOR-US: MyComplianceOffice MCO
CVE-2026-53467 (ImageMagick is free and open-source software used for editing
and mani ...)
TODO: check
CVE-2026-53466 (ImageMagick is free and open-source software used for editing
and mani ...)
TODO: check
CVE-2026-51947 (An issue in Pivotal CRM 6.6.4.08 and systems using
patch-ghi-15381-cwe ...)
- TODO: check
+ NOT-FOR-US: Pivotal CRM
CVE-2026-51946 (SQL Injection vulnerability in GoAdminGroup GoAdmin (last
release v1.2 ...)
- TODO: check
+ NOT-FOR-US: GoAdminGroup GoAdmin
CVE-2026-50043 (Improper neutralization of special elements used in an OS
command ('OS ...)
TODO: check
CVE-2026-49119 (Gradio before 6.16.0 contain a path traversal vulnerability in
the Fil ...)
@@ -455,49 +455,49 @@ CVE-2026-41121 (Dell Device Management Agent, versions
prior to DDMA 26.05, cont
CVE-2026-38142 (An unauthenticated command injection vulnerability in the
/goform/fast ...)
NOT-FOR-US: Tenda
CVE-2026-34117 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34116 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34115 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34114 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34113 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34112 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34111 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34110 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34109 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34108 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34107 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34106 (Guardian language-system passes the id GET parameter directly
into a P ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34105 (Guardian language-system passes the id GET parameter directly
into an ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34104 (Guardian language-system passes the name GET parameter
directly into a ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34103 (Guardian language-system passes the id GET parameter directly
into an ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34102 (Guardian language-system passes the id GET parameter directly
into an ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34101 (Guardian language-system passes the id GET parameter directly
into an ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34100 (Guardian language-system passes the id GET parameter directly
into an ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34099 (Guardian language-system passes the id GET parameter directly
into an ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34098 (Guardian language-system fails to sanitize the id GET
parameter before ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34097 (Guardian language-system fails to sanitize the id GET
parameter before ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-34096 (Guardian language-system fails to sanitize the name GET
parameter befo ...)
- TODO: check
+ NOT-FOR-US: Guardian language-system
CVE-2026-2891 (The following Poly Voice IP devices, CCX, Trio, and Edge E,
might be i ...)
NOT-FOR-US: HP
CVE-2026-27435 (Missing Authorization vulnerability in WofficeIO Woffice
allows Exploi ...)
@@ -595,7 +595,8 @@ CVE-2026-12576 (DVP80ES3 with Improper Enforcement of
Message Integrity During T
CVE-2026-12575 (DVP80ES3 with Improper Resource Shutdown or Release
vulnerability.)
NOT-FOR-US: Delta Electronics
CVE-2026-12480 (Keras versions up to and including 3.13.2 are vulnerable to an
arbitra ...)
- TODO: check
+ - keras <removed>
+ [bullseye] - keras <end-of-life> (EOL in bullseye LTS)
CVE-2026-12435 (The Motors \u2013 Car Dealership & Classified Listings Plugin
plugin f ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12408 (The Slim SEO \u2013 A Fast & Automated SEO Plugin For
WordPress plugin ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f08519dde6f071a7e6a1939c4190aebe3c93b448
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f08519dde6f071a7e6a1939c4190aebe3c93b448
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits