Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a8d88d13 by Salvatore Bonaccorso at 2026-07-08T09:41:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,13 +9,13 @@ CVE-2026-9700 (The Eventer plugin for WordPress is vulnerable 
to time-based SQL
 CVE-2026-9695 (An Improper Authentication vulnerability affecting DELMIA 
Apriso from  ...)
        NOT-FOR-US: Dassault Systemes
 CVE-2026-8377 (Missing Authorization vulnerability in Armiya Information 
Technologies ...)
-       TODO: check
+       NOT-FOR-US: Access Control System (GKS)
 CVE-2026-8309 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: Access Control System (GKS)
 CVE-2026-8306 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: Access Control System (GKS)
 CVE-2026-7380 (Improper neutralization of Script-Related HTML tags in a web 
page (bas ...)
-       TODO: check
+       NOT-FOR-US: Access Control System (GKS)
 CVE-2026-6101 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for 
WordPress is ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-60002 (ssh in OpenSSH before 10.4 can have a use-after-free when a 
server cha ...)
@@ -47,19 +47,19 @@ CVE-2026-59995 (sftp in OpenSSH before 10.4 does not 
properly constrain the loca
        - openssh 1:10.4p1-1
        NOTE: https://www.openssh.org/releasenotes.html#10.4p1
 CVE-2026-59800 (9Router before 0.4.44 contains an OS command injection 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-59709 (Ghostfolio's PUT 
/api/v1/portfolio/holding/:dataSource/:symbol/tags en ...)
-       TODO: check
+       NOT-FOR-US: Ghostfolio
 CVE-2026-59708 (The GET /api/v1/public/:accessId/portfolio endpoint in 
ghostfolio acce ...)
-       TODO: check
+       NOT-FOR-US: Ghostfolio
 CVE-2026-59707 (LocalAI contains an unauthenticated server-side request 
forgery vulner ...)
-       TODO: check
+       NOT-FOR-US: LocalAI
 CVE-2026-59706 (mem0 contains unauthenticated config API endpoints that expose 
LLM API ...)
-       TODO: check
+       NOT-FOR-US: mem0
 CVE-2026-59705 (mem0's openmemory/api component contains an unauthenticated 
access vul ...)
-       TODO: check
+       NOT-FOR-US: mem0
 CVE-2026-59704 (Cap's GET /api/video/ai endpoint fails to validate user 
ownership or m ...)
-       TODO: check
+       NOT-FOR-US: CapSoftware Cap
 CVE-2026-59153 (Anki is a program for creating and reviewing flashcards. Prior 
to 25.0 ...)
        TODO: check
 CVE-2026-58583 (FluxInk (formerly Sunia SPB Peripheral) Color Management 
Driver (TcnPe ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8d88d133aa45fc5601df43942a1d25976663250

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8d88d133aa45fc5601df43942a1d25976663250
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to