Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
59a6fd76 by Moritz Muehlenhoff at 2026-07-03T10:31:29+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,17 +45,17 @@ CVE-2026-58467 (Cockpit CMS before release 364 contains a 
path traversal and loc
 CVE-2026-58466 (AutoBangumi before 3.2.8 contains a hard-coded default 
credentials vul ...)
        NOT-FOR-US: AutoBangumi
 CVE-2026-58460 (react-native-receive-sharing-intent contains a path traversal 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Gardynreact-native-receive-sharing-intent
 CVE-2026-57100 (Server-side request forgery (ssrf) in Microsoft Entra 
Provisioning Ser ...)
        NOT-FOR-US: Microsoft
 CVE-2026-55726 (The Azure Blob Storage container used for Gardyn device logs 
is public ...)
-       TODO: check
+       NOT-FOR-US: Gardyn
 CVE-2026-54998 (Incorrect authorization in Microsoft Exchange Online allows an 
authori ...)
        NOT-FOR-US: Microsoft
 CVE-2026-54477 (The admin panel lacks standard security headers, enabling 
clickjacking ...)
        TODO: check
 CVE-2026-52830 (fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, 
fast-mcp- ...)
-       TODO: check
+       NOT-FOR-US: fast-mcp-telegram
 CVE-2026-52192 (An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a 
remote at ...)
        NOT-FOR-US: UTT
 CVE-2026-52191 (Buffer Overflow vulnerability in UTT nv518G 
nv518GV3v3.2.7-210919-1613 ...)
@@ -81,9 +81,9 @@ CVE-2026-45499 (Server-side request forgery (ssrf) in Azure 
OpenAI allows an aut
 CVE-2026-41106 (Url redirection to untrusted site ('open redirect') in M365 
Copilot al ...)
        NOT-FOR-US: Microsoft
 CVE-2026-38972 (Notepad3 through 6.25.822.1 contains a DLL search-order 
hijacking vuln ...)
-       TODO: check
+       NOT-FOR-US: Notepad3
 CVE-2026-38971 (ardupilot through Plane-4.6.3 was found to contain an 
out-of-bounds re ...)
-       TODO: check
+       NOT-FOR-US: ardupilot
 CVE-2026-38970 (pdfcpu through v0.11.1 contains an uncontrolled-recursion 
denial-of-se ...)
        TODO: check
 CVE-2026-38969 (ruby webrick through v1.9.2 WEBrick reparses trailer 
Content-Length in ...)
@@ -97,7 +97,7 @@ CVE-2026-14352 (The AR for WooCommerce plugin for WordPress 
is vulnerable to Dir
 CVE-2026-14327 (The AR for WordPress plugin for WordPress is vulnerable to 
Directory T ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13768 (Gardyn devices expose a privileged iothubowner key. Access to 
this key ...)
-       TODO: check
+       NOT-FOR-US: Gardyn
 CVE-2026-13728 (In exception circumstances, WatchGuard Fireware OS on a 
FireCluster ma ...)
        NOT-FOR-US: WatchGuard
 CVE-2026-13722 (WatchGuard Fireware OS contains a firmware validation bypass 
when proc ...)
@@ -14060,7 +14060,7 @@ CVE-2026-9863 (Fortra BoKS Manager contains an OS 
command injection vulnerabilit
 CVE-2026-9862 (Fortra's Core Privileged Access Manager (BoKS)contains an OS 
command i ...)
        NOT-FOR-US: Fortra
 CVE-2026-9595 (Impact: When a user-configured proxy on webpack-dev-server has 
a broad ...)
-       TODO: check
+       NOT-FOR-US: Node webpack-dev-server
 CVE-2026-9278 (The Form Builder CP WordPress plugin before 1.2.47 does not 
properly s ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-8935 (The WP MAPS PRO WordPress plugin before 6.1.1 registers an 
unauthentic ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a6fd76a191eff551c18d0acf5f684afb7233bf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a6fd76a191eff551c18d0acf5f684afb7233bf
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to