Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c5b109b6 by Moritz Muehlenhoff at 2026-07-09T22:35:06+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -256,20 +256,20 @@ CVE-2026-15191 (A flaw has been found in mettle
sendportal up to 3.0.1. This vul
CVE-2026-15190 (A vulnerability was detected in SourceCodester Simple and Nice
Shoppin ...)
NOT-FOR-US: SourceCodester
CVE-2026-15189 (A security vulnerability has been detected in aerostackdev
aerostack-m ...)
- TODO: check
+ NOT-FOR-US: aerostack-mcp
CVE-2026-15188 (A weakness has been identified in manjurulhoque
django-job-portal up t ...)
- TODO: check
+ NOT-FOR-US: django-job-portal
CVE-2026-15187 (A security flaw has been discovered in enquirer up to 2.4.1.
Affected ...)
- TODO: check
+ NOT-FOR-US: enquirer
CVE-2026-15186 (A vulnerability was identified in macrozheng mall up to 1.0.3.
This im ...)
- TODO: check
+ NOT-FOR-US: macrozheng mall
CVE-2026-15185 (A vulnerability was determined in GPAC 26.03-DEV. This affects
the fun ...)
- gpac <removed>
[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
CVE-2026-15184 (A vulnerability was found in GNU LibreDWG up to 0.13.4. The
impacted e ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2026-15182 (A vulnerability has been found in GNU LibreDWG up to 0.13.4.
The affec ...)
- TODO: check
+ - libredwg <itp> (bug #595191)
CVE-2026-15158 (The Blocksy Companion plugin for WordPress is vulnerable to
Arbitrary ...)
NOT-FOR-US: WordPress plugin
CVE-2026-15000 (The Connect Contact Form 7 and Mailchimp plugin for WordPress
is vulne ...)
@@ -283,7 +283,7 @@ CVE-2026-14342 (The Mail Mint \u2013 Email Marketing,
Newsletter, Email Automati
CVE-2026-14278
REJECTED
CVE-2026-14261 (A vulnerability in the Xerte Online Tools allows for
authentication by ...)
- TODO: check
+ NOT-FOR-US: Xerte Online Tools
CVE-2026-14245 (The miniOrange OTP Login, Verification and SMS Notifications
plugin fo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13771 (The Customer Reviews for WooCommerce plugin for WordPress is
vulnerabl ...)
@@ -291,9 +291,9 @@ CVE-2026-13771 (The Customer Reviews for WooCommerce plugin
for WordPress is vul
CVE-2026-13492 (The UsersWP plugin for WordPress is vulnerable to Arbitrary
File Delet ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13462 (PayRange Android app, version 7.0.7 and below, contains an SSL
bypass ...)
- TODO: check
+ NOT-FOR-US: PayRange Android app
CVE-2026-13461 (When coupled with the SSL bypass vulnerability, JavaScript can
be inje ...)
- TODO: check
+ NOT-FOR-US: PayRange Android app
CVE-2026-13450 (The GamiPress \u2013 Gamification plugin to reward points,
achievement ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13441 (The EventPrime \u2013 Events Calendar, Bookings and Tickets
plugin for ...)
@@ -307,7 +307,7 @@ CVE-2026-13080 (The WPFunnels \u2013 Funnel Builder for
WooCommerce with Checkou
CVE-2026-13011 (The ERP: Complete HR, Accounting & CRM Suite with Recruitment
and WooC ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12879 (An Improper Input Validation vulnerability in BigQuery DAO in
Google C ...)
- TODO: check
+ NOT-FOR-US: Google Cloud Apigee
CVE-2026-12593 (The implementation of an internalandundocumentedDashboardAPI
endpoint( ...)
TODO: check
CVE-2026-12590 (Impact: In body-parser versions prior to 1.20.6 (1.x line) and
2.3.0 ( ...)
@@ -323,7 +323,7 @@ CVE-2026-12406 (The User Frontend: AI Powered Frontend
Posting, User Directory,
CVE-2026-12170 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and
Marketing Auto ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12116 (A vulnerability in the Xerte Online Tools allows for RCE
through the a ...)
- TODO: check
+ NOT-FOR-US: Xerte Online Tools
CVE-2026-11404 (Cesanta Mongoose before 7.22 contains an out-of-bounds read in
the bui ...)
TODO: check
CVE-2026-11359 (The Memberships and User Profiles for WooCommerce \u2013
ProfileGrid W ...)
@@ -347,7 +347,7 @@ CVE-2026-0280 (An IPv6 packet processing vulnerability in
the dataplane of Palo
CVE-2026-0279 (Multiple cross site scripting vulnerabilities in the
User-ID\u2122 Aut ...)
NOT-FOR-US: Palo Alto Networks
CVE-2025-63579 (Unauthorized use of Kyocera printers, allows all information
stored in ...)
- TODO: check
+ NOT-FOR-US: Kyocera
CVE-2026-57825
- opam 2.5.2-1
NOTE: https://github.com/ocaml/opam/releases/tag/2.5.2
@@ -470,13 +470,13 @@ CVE-2026-57481 (Parse Server is an open source backend
that can be deployed to a
CVE-2026-57480 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-56669 (Elysia is a Typescript framework for request validation, type
inferenc ...)
- TODO: check
+ NOT-FOR-US: Elysia
CVE-2026-55878 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0
before 2 ...)
- TODO: check
+ NOT-FOR-US: Symfony UX
CVE-2026-55877 (Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0
before 2 ...)
- TODO: check
+ NOT-FOR-US: Symfony UX
CVE-2026-55849 (@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of
Materials ...)
- TODO: check
+ NOT-FOR-US: cyclonedx-npm
CVE-2026-55778 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-55760 (Handlebars.java provides logic-less and semantic Mustache
templates wi ...)
@@ -534,15 +534,15 @@ CVE-2026-54527 (JupyterLab Git is a Git extension for
JupyterLab. From 0.30.0b3
CVE-2026-54499 (Stanza is a Stanford NLP Python library for tokenization,
sentence seg ...)
TODO: check
CVE-2026-53624 (Fiber is an Express inspired web framework written in Go.
Prior to 3.4 ...)
- TODO: check
+ NOT-FOR-US: Fiber
CVE-2026-52200 (An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: Generic OEM UZ801_v2.1 4G LTE Router
CVE-2026-51535 (In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion
(Denial of Ser ...)
TODO: check
CVE-2026-49866 (libp2p is a JavaScript Implementation of libp2p networking
stack. Prio ...)
TODO: check
CVE-2026-48492 (Snipe-IT is an IT asset/license management system. Prior to
version 8. ...)
- TODO: check
+ - snipe-it <itp> (bug #1005172)
CVE-2026-47840 (A network attacker positioned between UAA and its LDAP
directory can i ...)
TODO: check
CVE-2026-47831 (Use of a cryptographically weak random number generator in the
Generat ...)
@@ -558,35 +558,35 @@ CVE-2026-47826 (The blobs.yml path key traversal
vulnerability in the BOSH CLI t
CVE-2026-47646 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: Microsoft
CVE-2026-45045 (Fiber is an Express inspired web framework written in Go.
Prior to 3.3 ...)
- TODO: check
+ NOT-FOR-US: Fiber
CVE-2026-44512 (Open Neural Network Exchange (ONNX) is an open standard for
machine le ...)
TODO: check
CVE-2026-44332 (Fiber is an Express inspired web framework written in Go.
Prior to 3.3 ...)
- TODO: check
+ NOT-FOR-US: Fiber
CVE-2026-44161 (Fluentd collects events from various data sources and writes
them to f ...)
- TODO: check
+ NOT-FOR-US: Fluentd
CVE-2026-44160 (Fluentd collects events from various data sources and writes
them to f ...)
- TODO: check
+ NOT-FOR-US: Fluentd
CVE-2026-44025 (Fluentd collects events from various data sources and writes
them to f ...)
- TODO: check
+ NOT-FOR-US: Fluentd
CVE-2026-44024 (Fluentd collects events from various data sources and writes
them to f ...)
- TODO: check
+ NOT-FOR-US: Fluentd
CVE-2026-41857 (A compromised or malicious BOSH Director can execute arbitrary
shell c ...)
- TODO: check
+ NOT-FOR-US: BOSH
CVE-2026-39179 (A SQL injection vulnerability in SOGo before 5.12.7 allows
authenticat ...)
TODO: check
CVE-2026-39178 (A SQL injection vulnerability in SOGo before 5.12.7 allows
authenticat ...)
TODO: check
CVE-2026-36028 (A protection mechanism failure in the Code 27 Companion Hub
allows an ...)
- TODO: check
+ NOT-FOR-US: Code 27 Companion Hub
CVE-2026-36027 (An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a
physicall ...)
- TODO: check
+ NOT-FOR-US: Code 27 Companion Hub
CVE-2026-35552 (In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and
UDiTH Portal ...)
- TODO: check
+ NOT-FOR-US: CAXperts UPVWebServices
CVE-2026-35211 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2026-35210 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2026-31309 (Improper authorization in the /tequilapi/config/user endpoint
of Myste ...)
TODO: check
CVE-2026-15174 (Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0
to 4.6.6 ...)
@@ -614,9 +614,9 @@ CVE-2026-15164 (Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0
to 4.4.16 allows den
CVE-2026-15163 (Multiple protocol dissector infinite loops in Wireshark 4.6.0
to 4.6.6 ...)
NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-15154 (A flaw was found in `guardrails-detectors`, a component of Red
Hat Ope ...)
- TODO: check
+ NOT-FOR-US: Red Hat OpenShift AI
CVE-2026-15138 (A security vulnerability has been detected in tumf
mcp-text-editor up ...)
- TODO: check
+ NOT-FOR-US: mcp-text-editor
CVE-2026-15137 (A weakness has been identified in code-projects Interview
Management S ...)
NOT-FOR-US: code-projects
CVE-2026-15135 (A security flaw has been discovered in code-projects Online
Food Order ...)
@@ -624,13 +624,13 @@ CVE-2026-15135 (A security flaw has been discovered in
code-projects Online Food
CVE-2026-15134 (A vulnerability was determined in CodeAstro Simple Online
Leave Manage ...)
NOT-FOR-US: CodeAstro
CVE-2026-15105 (A flaw has been found in davenardella snap7 up to 1.4.3. This
affects ...)
- TODO: check
+ NOT-FOR-US: davenardella snap7
CVE-2026-14896 (HashiCorp Nomad and Nomad Enterprise are vulnerable to a
cross-namespa ...)
- TODO: check
+ - nomad <removed>
CVE-2026-14891 (HashiCorp Nomad and Nomad Enterprise are vulnerable to a
sandbox escap ...)
- TODO: check
+ - nomad <removed>
CVE-2026-14373 (HashiCorp Nomad and Nomad Enterprise did not enforce the
allow_privile ...)
- TODO: check
+ - nomad <removed>
CVE-2026-14361 (The consul-template library before version 0.42.1 is
vulnerable to a p ...)
TODO: check
CVE-2026-13320 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b109b6fd2bf02c02c6c235499aee057282f1f8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5b109b6fd2bf02c02c6c235499aee057282f1f8
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits