Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
74d05252 by Moritz Muehlenhoff at 2026-07-04T00:05:38+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -73,9 +73,9 @@ CVE-2026-35159 (Dell Client Platform BIOS contains an
Authentication Bypass by P
CVE-2026-26355 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
NOT-FOR-US: Dell / EMC
CVE-2026-14631 (webpack-dev-server versions 5.2.5 and earlier terminate the
whole Node ...)
- TODO: check
+ NOT-FOR-US: Node webpack-dev-server
CVE-2026-14620 (webpack-dev-server versions 5.2.5 and earlier expose two
internal deve ...)
- TODO: check
+ NOT-FOR-US: Node webpack-dev-server
CVE-2026-14615 (A flaw was found in the Fine-Grained Admin Permissions (FGAP)
v2 imple ...)
- keycloak <itp> (bug #1088287)
CVE-2026-14614 (A flaw was found in the ClientResource component of Keycloak's
admin s ...)
@@ -93,11 +93,11 @@ CVE-2026-14544 (A flaw was found in HPLIP (HP Linux Imaging
and Printing Softwar
- hplip <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2496772
CVE-2026-14460 (Missing Authorization vulnerability in TUBITAK BILGEM Software
Technol ...)
- TODO: check
+ NOT-FOR-US: TUBITAK BILGEM
CVE-2026-14459 (Improper neutralization of argument delimiters in a command
('argument ...)
- TODO: check
+ NOT-FOR-US: TUBITAK BILGEM
CVE-2026-13341 (A vulnerability exists in the Kong Konnect Model Context
Protocol (MCP ...)
- TODO: check
+ NOT-FOR-US: Kong Konnect Model Context Protocol
CVE-2026-11900 (The Ad Inserter \u2013 Ad Manager & AdSense Ads plugin for
WordPress i ...)
NOT-FOR-US: WordPress plugin
CVE-2026-11778 (The The CURCY \u2013 Multi Currency for WooCommerce \u2013
Smoothly on ...)
@@ -633,13 +633,13 @@ CVE-2026-27402 (Unauthenticated Cross Site Scripting
(XSS) in Kids Life | Childr
CVE-2026-27060 (Contributor PHP Object Injection in ARMember Premium <= 7.0
versions.)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-14449 (u5CMSthroughv12.8.8 is vulnerable to reflected XSS via the
\u2018thank ...)
- TODO: check
+ NOT-FOR-US: u5CMSthroughv12.8.8
CVE-2026-14336 (PIA's OIDC issuer allowlist for Jenkins tokens uses a bare
string-pref ...)
- TODO: check
+ NOT-FOR-US: PIA OIDC
CVE-2026-14029 (The Groundhogg \u2014 CRM, Newsletters, and Marketing
Automation plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13743 (CubeSpace CW0057 Reaction Wheel firmware versions prior to
5.0.20 are ...)
- TODO: check
+ NOT-FOR-US: CubeSpace
CVE-2026-13459 (The JetFormBuilder \u2014 Dynamic Blocks Form Builder plugin
for WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13369 (The Ninja Forms - File Uploads plugin for WordPress is
vulnerable to A ...)
@@ -653,11 +653,11 @@ CVE-2026-12657 (The LatePoint \u2013 Calendar Booking
Plugin for Appointments an
CVE-2026-12472 (The Kirki \u2013 Freeform Page Builder, Website Builder &
Customizer p ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12168 (An improper validation vulnerability for driver
`GFAC_Sys_x64.sys` in ...)
- TODO: check
+ NOT-FOR-US: GameFirst Anti-Cheat
CVE-2026-12167 (The Minifilter communication port for driver
`GFAC_Sys_x64.sys` in Lit ...)
- TODO: check
+ NOT-FOR-US: GameFirst Anti-Cheat
CVE-2026-12166 (A NULL pointer dereference vulnerability for driver
`GFAC_Sys_x64.sys` ...)
- TODO: check
+ NOT-FOR-US: GameFirst Anti-Cheat
CVE-2026-12134 (The JoomSport \u2013 for Sports: Team & League, Football,
Hockey & mor ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12122 (The Kirki \u2013 Freeform Page Builder, Website Builder &
Customizer p ...)
@@ -693,11 +693,11 @@ CVE-2025-66076 (Unauthenticated Broken Access Control in
Woostify Sites Library
CVE-2025-58902 (Unauthenticated Local File Inclusion in Lighthouse <= 1.2.12
versions.)
NOT-FOR-US: WordPress plugin or theme
CVE-2024-58352 (Landray OA contains an unauthenticated HQL injection
vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Landray OA
CVE-2024-14037 (Redsea Cloud eHR contains an arbitrary file upload
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Redsea Cloud eHR
CVE-2022-50973 (Yonyou KSOA 9.0 contains an unauthenticated arbitrary file
upload vuln ...)
- TODO: check
+ NOT-FOR-US: Yonyou KSOA
CVE-2026-53358 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
- linux 7.0.12-1
[trixie] - linux 6.12.94-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d052524588d9203894d7cbd1a49addfd0d7c3c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74d052524588d9203894d7cbd1a49addfd0d7c3c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits