Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b8eb175f by Moritz Muehlenhoff at 2026-07-09T22:09:10+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,41 +25,41 @@ CVE-2026-7558 (The Age Verification & Identity Verification
by Token of Trust pl
CVE-2026-6910 (The Bookero.pl \u2013 system rezerwacji online plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2026-61474 (An improper authorization check in MISP\u2019s attribute
creation endp ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-61344 (The Superior Court of California Hearing Reminder Service at
https://w ...)
- TODO: check
+ NOT-FOR-US: Superior Court of California Hearing Reminder Service
CVE-2026-61343 (LibreBooking's email template editor save action passes the
submitted ...)
- TODO: check
+ NOT-FOR-US: LibreBooking
CVE-2026-60109 (Zeek before 8.0.9 contains a null pointer dereference
vulnerability in ...)
- TODO: check
+ - zeek <removed>
CVE-2026-60108 (Zeek before 8.0.9 contains an uncontrolled memory consumption
vulnerab ...)
- TODO: check
+ - zeek <removed>
CVE-2026-60095 (Vinchin Backup & Recovery through 9.0.0.86562 contains a stack
buffer ...)
- TODO: check
+ NOT-FOR-US: Vinchin Backup & Recovery
CVE-2026-60094 (Vinchin Backup & Recovery through 9.0.0.86562 contains a heap
buffer o ...)
- TODO: check
+ NOT-FOR-US: Vinchin Backup & Recovery
CVE-2026-5955 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: BiEticaret
CVE-2026-5793 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: BiEticaret
CVE-2026-5005 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Twiser OKRs & Goals
CVE-2026-59827 (Metabase is an open-source business intelligence and embedded
analytic ...)
- TODO: check
+ NOT-FOR-US: Metabase
CVE-2026-59826 (Metabase is an open-source business intelligence and embedded
analytic ...)
- TODO: check
+ NOT-FOR-US: Metabae
CVE-2026-59817 (Ghost is a Node.js content management system. From 6.27.0
before 6.44. ...)
- TODO: check
+ - ghost <itp> (bug #892150)
CVE-2026-59734 (Coolify is an open-source and self-hostable tool for managing
servers, ...)
- TODO: check
+ NOT-FOR-US: Coolify
CVE-2026-59726 (Ruflo is an agent meta-harness for Claude Code and Codex.
Prior to 3.1 ...)
- TODO: check
+ NOT-FOR-US: Ruflo
CVE-2026-59721 (Hoppscotch is an open source API development ecosystem. Prior
to 2026. ...)
- TODO: check
+ NOT-FOR-US: Hoppscotch
CVE-2026-59720 (Hoppscotch is an open source API development ecosystem. Prior
to 2026. ...)
- TODO: check
+ NOT-FOR-US: Hoppscotch
CVE-2026-59715 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59692 (A stack buffer overflow vulnerability was found in GStreamer's
DTLS pl ...)
TODO: check
CVE-2026-59691 (A heap buffer overflow vulnerability was found in GStreamer's
rfbsrc p ...)
@@ -67,37 +67,37 @@ CVE-2026-59691 (A heap buffer overflow vulnerability was
found in GStreamer's rf
CVE-2026-59269 (A user authenticating to Kubernetes clusters via the Pinniped
Supervis ...)
TODO: check
CVE-2026-59227 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59226 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59225 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59224 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59223 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59222 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59221 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59220 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59219 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59218 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59217 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59216 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59215 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59214 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59213 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59212 (Open WebUI is an extensible, feature-rich, and user-friendly
self-host ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-59209 (n8n is an open source workflow automation platform. Prior to
1.123.61, ...)
TODO: check
CVE-2026-59208 (n8n is an open source workflow automation platform. Prior to
2.27.4 an ...)
@@ -107,13 +107,13 @@ CVE-2026-59207 (n8n is an open source workflow automation
platform. Prior to 2.2
CVE-2026-59206 (n8n is an open source workflow automation platform. Prior to
1.123.61, ...)
TODO: check
CVE-2026-59149 (Mockoon provides way to design and run mock APIs. Prior to
9.7.0, a FI ...)
- TODO: check
+ NOT-FOR-US: Mockoon
CVE-2026-59148 (Mockoon provides way to design and run mock APIs. Prior to
9.7.0, Mock ...)
- TODO: check
+ NOT-FOR-US: Mockoon
CVE-2026-58459 (gpsd through release-3.27.5, fixed at commit 4c06658, contains
a comma ...)
TODO: check
CVE-2026-58378 (Allwinner H616 TV Box TV98 has ADB enabled and exposed to the
network ...)
- TODO: check
+ NOT-FOR-US: Allwinner
CVE-2026-58307 (Out-of-bounds read, Reachable assertion vulnerability in
Samsung Open ...)
NOT-FOR-US: Samsung
CVE-2026-58306 (Heap-based buffer overflow vulnerability in Samsung Open
Source Escarg ...)
@@ -125,7 +125,7 @@ CVE-2026-58304 (Out-of-bounds read, Out-of-bounds write
vulnerability in Samsung
CVE-2026-58303 (Stack-based buffer overflow vulnerability in Samsung Open
Source Escar ...)
NOT-FOR-US: Samsung
CVE-2026-58198 (ChatterBot is a machine learning, conversational dialog engine
for cre ...)
- TODO: check
+ NOT-FOR-US: ChatterBot
CVE-2026-58125
REJECTED
CVE-2026-57111 (Permissive Cross-Origin Resource Sharing (CORS) in the REST
API (helix ...)
@@ -159,15 +159,15 @@ CVE-2026-54798 (A vulnerability has been identified in
CPCI85 Central Processing
CVE-2026-54695 (Pipecat is an open-source Python framework for building
real-time voic ...)
TODO: check
CVE-2026-54005 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-54004 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-54003 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-54002 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-53987 (The Tag plugin for GLPI 11 before 2.14.4 stores the tag name
without H ...)
- TODO: check
+ NOT-FOR-US: GLPI plugin
CVE-2026-51606 (An improper input handling vulnerability in the RTSP service
of Tenda ...)
NOT-FOR-US: Tenda
CVE-2026-51605 (A stack-based buffer overflow vulnerability in the RTSP
service of Ten ...)
@@ -183,15 +183,15 @@ CVE-2026-51601 (Tenda CP3 V3.0 firmware V31.1.9.91
contains a stack-based buffer
CVE-2026-51600 (Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the
Content-Lengt ...)
NOT-FOR-US: Tenda
CVE-2026-51599 (An insufficient input validation vulnerability in the RTSP
service of ...)
- TODO: check
+ NOT-FOR-US: MERCURY
CVE-2026-51598 (An input validation vulnerability in the RTSP service of
MERCURY MIPC2 ...)
- TODO: check
+ NOT-FOR-US: MERCURY
CVE-2026-51597 (MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does
not imp ...)
- TODO: check
+ NOT-FOR-US: MERCURY
CVE-2026-50644 (SOPlanning is vulnerable to SQL injection in the audit
retention confi ...)
TODO: check
CVE-2026-50188 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-4653 (The Block, Suspend, Report for BuddyPress plugin for WordPress
is vuln ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4298 (The DSGVO All in one for WP plugin for WordPress is vulnerable
to Miss ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8eb175ff7189baaeda089e083d2c48e750ba017
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8eb175ff7189baaeda089e083d2c48e750ba017
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits