Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
59a6fd76 by Moritz Muehlenhoff at 2026-07-03T10:31:29+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,17 +45,17 @@ CVE-2026-58467 (Cockpit CMS before release 364 contains a
path traversal and loc
CVE-2026-58466 (AutoBangumi before 3.2.8 contains a hard-coded default
credentials vul ...)
NOT-FOR-US: AutoBangumi
CVE-2026-58460 (react-native-receive-sharing-intent contains a path traversal
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Gardynreact-native-receive-sharing-intent
CVE-2026-57100 (Server-side request forgery (ssrf) in Microsoft Entra
Provisioning Ser ...)
NOT-FOR-US: Microsoft
CVE-2026-55726 (The Azure Blob Storage container used for Gardyn device logs
is public ...)
- TODO: check
+ NOT-FOR-US: Gardyn
CVE-2026-54998 (Incorrect authorization in Microsoft Exchange Online allows an
authori ...)
NOT-FOR-US: Microsoft
CVE-2026-54477 (The admin panel lacks standard security headers, enabling
clickjacking ...)
TODO: check
CVE-2026-52830 (fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1,
fast-mcp- ...)
- TODO: check
+ NOT-FOR-US: fast-mcp-telegram
CVE-2026-52192 (An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a
remote at ...)
NOT-FOR-US: UTT
CVE-2026-52191 (Buffer Overflow vulnerability in UTT nv518G
nv518GV3v3.2.7-210919-1613 ...)
@@ -81,9 +81,9 @@ CVE-2026-45499 (Server-side request forgery (ssrf) in Azure
OpenAI allows an aut
CVE-2026-41106 (Url redirection to untrusted site ('open redirect') in M365
Copilot al ...)
NOT-FOR-US: Microsoft
CVE-2026-38972 (Notepad3 through 6.25.822.1 contains a DLL search-order
hijacking vuln ...)
- TODO: check
+ NOT-FOR-US: Notepad3
CVE-2026-38971 (ardupilot through Plane-4.6.3 was found to contain an
out-of-bounds re ...)
- TODO: check
+ NOT-FOR-US: ardupilot
CVE-2026-38970 (pdfcpu through v0.11.1 contains an uncontrolled-recursion
denial-of-se ...)
TODO: check
CVE-2026-38969 (ruby webrick through v1.9.2 WEBrick reparses trailer
Content-Length in ...)
@@ -97,7 +97,7 @@ CVE-2026-14352 (The AR for WooCommerce plugin for WordPress
is vulnerable to Dir
CVE-2026-14327 (The AR for WordPress plugin for WordPress is vulnerable to
Directory T ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13768 (Gardyn devices expose a privileged iothubowner key. Access to
this key ...)
- TODO: check
+ NOT-FOR-US: Gardyn
CVE-2026-13728 (In exception circumstances, WatchGuard Fireware OS on a
FireCluster ma ...)
NOT-FOR-US: WatchGuard
CVE-2026-13722 (WatchGuard Fireware OS contains a firmware validation bypass
when proc ...)
@@ -14060,7 +14060,7 @@ CVE-2026-9863 (Fortra BoKS Manager contains an OS
command injection vulnerabilit
CVE-2026-9862 (Fortra's Core Privileged Access Manager (BoKS)contains an OS
command i ...)
NOT-FOR-US: Fortra
CVE-2026-9595 (Impact: When a user-configured proxy on webpack-dev-server has
a broad ...)
- TODO: check
+ NOT-FOR-US: Node webpack-dev-server
CVE-2026-9278 (The Form Builder CP WordPress plugin before 1.2.47 does not
properly s ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8935 (The WP MAPS PRO WordPress plugin before 6.1.1 registers an
unauthentic ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a6fd76a191eff551c18d0acf5f684afb7233bf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a6fd76a191eff551c18d0acf5f684afb7233bf
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits