Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ef4e51e by Salvatore Bonaccorso at 2026-07-09T10:26:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -78,9 +78,9 @@ CVE-2026-59804 (Midscene Bridge Server through 1.10.3, fixed
in commit 86f4118,
CVE-2026-59803 (rpcx through 1.9.3, fixed in commit 047aec1, contains a
denial-of-serv ...)
TODO: check
CVE-2026-59802 (PasswordPusher before 2.8.1 accepts data URI schemes in URL
push paylo ...)
- TODO: check
+ NOT-FOR-US: PasswordPusher
CVE-2026-59723 (Cline is an autonomous coding agent as an SDK, IDE extension,
or CLI a ...)
- TODO: check
+ NOT-FOR-US: Cline
CVE-2026-58525 (Improper access control in Microsoft Edge (Chromium-based)
allows an u ...)
NOT-FOR-US: Microsoft
CVE-2026-58501 (Zeep is a Python SOAP client. From 4.0.0 before 4.3.3,
Settings.forbid ...)
@@ -88,9 +88,9 @@ CVE-2026-58501 (Zeep is a Python SOAP client. From 4.0.0
before 4.3.3, Settings.
CVE-2026-58494 (Wasmtime is a runtime for WebAssembly. Prior to 24.0.11,
36.0.12, 45.0 ...)
TODO: check
CVE-2026-58192 (Appium is a cross-platform automation framework for all kinds
of apps, ...)
- TODO: check
+ NOT-FOR-US: Appium
CVE-2026-58191 (Appium is a cross-platform automation framework for all kinds
of apps, ...)
- TODO: check
+ NOT-FOR-US: Appium
CVE-2026-57481 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-57480 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -108,15 +108,15 @@ CVE-2026-55778 (Parse Server is an open source backend
that can be deployed to a
CVE-2026-55760 (Handlebars.java provides logic-less and semantic Mustache
templates wi ...)
TODO: check
CVE-2026-55596 (Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0
until 5 ...)
- TODO: check
+ NOT-FOR-US: Plate
CVE-2026-55575 (LiquidJS is a Shopify / GitHub Pages compatible template
engine in pur ...)
- TODO: check
+ NOT-FOR-US: LiquidJS
CVE-2026-55542 (Snipe-IT is an IT asset/license management system. Prior to
version 8. ...)
TODO: check
CVE-2026-55471 (HAPI FHIR is a complete implementation of the HL7 FHIR
standard for he ...)
- TODO: check
+ NOT-FOR-US: HAPI FHIR
CVE-2026-55470 (HAPI FHIR is a complete implementation of the HL7 FHIR
standard for he ...)
- TODO: check
+ NOT-FOR-US: HAPI FHIR
CVE-2026-55404 (yt-dlp and youtube-dl are command-line audio/video
downloaders. Prior ...)
TODO: check
CVE-2026-55206 (py7zr is a Python-based library and utility to support 7zip
archive co ...)
@@ -124,31 +124,31 @@ CVE-2026-55206 (py7zr is a Python-based library and
utility to support 7zip arch
CVE-2026-55195 (py7zr is a Python-based library and utility to support 7zip
archive co ...)
TODO: check
CVE-2026-54784 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54783 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54782 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54781 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54780 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54779 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54778 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54777 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54776 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54775 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54774 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54773 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54772 (CoreWCF is a port of the service side of Windows Communication
Foundat ...)
- TODO: check
+ NOT-FOR-US: CoreWCF
CVE-2026-54591 (AsyncSSH is a Python package which provides an asynchronous
client and ...)
TODO: check
CVE-2026-54590 (AsyncSSH is a Python package which provides an asynchronous
client and ...)
@@ -532,7 +532,7 @@ CVE-2026-59703 (repomix contains a local file inclusion
vulnerability in the git
CVE-2026-59702 (repomix contains a server-side request forgery vulnerability
in the PO ...)
NOT-FOR-US: repomix
CVE-2026-59262 (AFFiNE's histories GraphQL field fails to validate Doc.Read
permission ...)
- TODO: check
+ NOT-FOR-US: AFFiNE
CVE-2026-59261 (OpenClaw before 2026.5.28 contains a credential exposure
vulnerability ...)
NOT-FOR-US: OpenClaw
CVE-2026-59257 (n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before
2.28.1 conta ...)
@@ -614,41 +614,41 @@ CVE-2026-56362 (ImageMagick before 7.1.2-15 contains a
heap-buffer-overflow read
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gq5v-qf8q-fp77
TODO: chedk fixing commit
CVE-2026-56360 (n8n before versions 1.123.18 and 2.6.2 fails to verify
HMAC-SHA256 sig ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-56359 (n8n before 2.8.0 contains a cross-site scripting vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-56298 (Capgo before 12.128.2 fails to strip EXIF metadata from images
uploade ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56297 (FreeRDP before 3.22.0 contains a use-after-free vulnerability
in dvcma ...)
TODO: check
CVE-2026-56293 (Capgo before 12.128.2 contains an authorization flaw in
transfer_app() ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56284 (Capgo (Cap-go/capgo) before 12.128.2 contains an information
disclosur ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56283 (Capgo before 12.128.2 contains an html injection vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56273 (Flowise before 3.1.0 contains a path traversal vulnerability
in Faiss ...)
NOT-FOR-US: Flowise
CVE-2026-56250 (Capgo before 12.128.2 allows upload-scoped API keys to modify
the muta ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56246 (Capgo before 12.128.2 contains a broken access control
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56226 (Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase
PostgREST RP ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56220 (Capgo before 12.128.2 contains an authorization bypass
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56217 (Capgo before 12.128.2 contains a policy bypass vulnerability
in app_ve ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56086 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6,
LTS2026 r ...)
NOT-FOR-US: Dell / EMC
CVE-2026-55874 (SeaweedFS is a distributed storage system. Prior to 4.34, the
S3 API g ...)
- TODO: check
+ NOT-FOR-US: SeaweedFS
CVE-2026-55873 (SeaweedFS is a distributed storage system. In versions 4.08
through 4. ...)
- TODO: check
+ NOT-FOR-US: SeaweedFS
CVE-2026-55761 (Portainer Community Edition is a lightweight service delivery
platform ...)
TODO: check
CVE-2026-55668 (File Browser provides a web file managing interface. Prior to
2.63.16, ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-54652 (Frigate is an open source network video recorder. In version
0.17.1, t ...)
TODO: check
CVE-2026-54344 (ToolJet is an open-source low-code platform for building
internal tool ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ef4e51e5f95cb0a2567444fd683edbc997b9157
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ef4e51e5f95cb0a2567444fd683edbc997b9157
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits