Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
74d05252 by Moritz Muehlenhoff at 2026-07-04T00:05:38+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -73,9 +73,9 @@ CVE-2026-35159 (Dell Client Platform BIOS contains an 
Authentication Bypass by P
 CVE-2026-26355 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-14631 (webpack-dev-server versions 5.2.5 and earlier terminate the 
whole Node ...)
-       TODO: check
+       NOT-FOR-US: Node webpack-dev-server
 CVE-2026-14620 (webpack-dev-server versions 5.2.5 and earlier expose two 
internal deve ...)
-       TODO: check
+       NOT-FOR-US: Node webpack-dev-server
 CVE-2026-14615 (A flaw was found in the Fine-Grained Admin Permissions (FGAP) 
v2 imple ...)
        - keycloak <itp> (bug #1088287)
 CVE-2026-14614 (A flaw was found in the ClientResource component of Keycloak's 
admin s ...)
@@ -93,11 +93,11 @@ CVE-2026-14544 (A flaw was found in HPLIP (HP Linux Imaging 
and Printing Softwar
        - hplip <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2496772
 CVE-2026-14460 (Missing Authorization vulnerability in TUBITAK BILGEM Software 
Technol ...)
-       TODO: check
+       NOT-FOR-US: TUBITAK BILGEM
 CVE-2026-14459 (Improper neutralization of argument delimiters in a command 
('argument ...)
-       TODO: check
+       NOT-FOR-US: TUBITAK BILGEM
 CVE-2026-13341 (A vulnerability exists in the Kong Konnect Model Context 
Protocol (MCP ...)
-       TODO: check
+       NOT-FOR-US: Kong Konnect Model Context Protocol
 CVE-2026-11900 (The Ad Inserter \u2013 Ad Manager & AdSense Ads plugin for 
WordPress i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-11778 (The The CURCY \u2013 Multi Currency for WooCommerce \u2013 
Smoothly on ...)
@@ -633,13 +633,13 @@ CVE-2026-27402 (Unauthenticated Cross Site Scripting 
(XSS) in Kids Life | Childr
 CVE-2026-27060 (Contributor PHP Object Injection in ARMember Premium <= 7.0 
versions.)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-14449 (u5CMSthroughv12.8.8 is vulnerable to reflected XSS via the 
\u2018thank ...)
-       TODO: check
+       NOT-FOR-US: u5CMSthroughv12.8.8
 CVE-2026-14336 (PIA's OIDC issuer allowlist for Jenkins tokens uses a bare 
string-pref ...)
-       TODO: check
+       NOT-FOR-US: PIA OIDC
 CVE-2026-14029 (The Groundhogg \u2014 CRM, Newsletters, and Marketing 
Automation plugi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13743 (CubeSpace CW0057 Reaction Wheel firmware versions prior to 
5.0.20 are  ...)
-       TODO: check
+       NOT-FOR-US: CubeSpace
 CVE-2026-13459 (The JetFormBuilder \u2014 Dynamic Blocks Form Builder plugin 
for WordP ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-13369 (The Ninja Forms - File Uploads plugin for WordPress is 
vulnerable to A ...)
@@ -653,11 +653,11 @@ CVE-2026-12657 (The LatePoint \u2013 Calendar Booking 
Plugin for Appointments an
 CVE-2026-12472 (The Kirki \u2013 Freeform Page Builder, Website Builder & 
Customizer p ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12168 (An improper validation vulnerability for driver 
`GFAC_Sys_x64.sys` in  ...)
-       TODO: check
+       NOT-FOR-US: GameFirst Anti-Cheat
 CVE-2026-12167 (The Minifilter communication port for driver 
`GFAC_Sys_x64.sys` in Lit ...)
-       TODO: check
+       NOT-FOR-US: GameFirst Anti-Cheat
 CVE-2026-12166 (A NULL pointer dereference vulnerability for driver 
`GFAC_Sys_x64.sys` ...)
-       TODO: check
+       NOT-FOR-US: GameFirst Anti-Cheat
 CVE-2026-12134 (The JoomSport \u2013 for Sports: Team & League, Football, 
Hockey & mor ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12122 (The Kirki \u2013 Freeform Page Builder, Website Builder & 
Customizer p ...)
@@ -693,11 +693,11 @@ CVE-2025-66076 (Unauthenticated Broken Access Control in 
Woostify Sites Library
 CVE-2025-58902 (Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12 
versions.)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2024-58352 (Landray OA contains an unauthenticated HQL injection 
vulnerability tha ...)
-       TODO: check
+       NOT-FOR-US: Landray OA
 CVE-2024-14037 (Redsea Cloud eHR contains an arbitrary file upload 
vulnerability that  ...)
-       TODO: check
+       NOT-FOR-US: Redsea Cloud eHR
 CVE-2022-50973 (Yonyou KSOA 9.0 contains an unauthenticated arbitrary file 
upload vuln ...)
-       TODO: check
+       NOT-FOR-US: Yonyou KSOA
 CVE-2026-53358 (In the Linux kernel, the following vulnerability has been 
resolved:  B ...)
        - linux 7.0.12-1
        [trixie] - linux 6.12.94-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d052524588d9203894d7cbd1a49addfd0d7c3c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d052524588d9203894d7cbd1a49addfd0d7c3c
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to