Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e3efbc4f by Salvatore Bonaccorso at 2026-07-10T21:29:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,41 +13,41 @@ CVE-2026-6802 (The Easy Upload Files During Checkout plugin 
for WordPress is vul
 CVE-2026-6440 (The GoodMeet \u2013 Google Meet Integration for Webinar, 
Meeting & Vid ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-6212 (Authorization bypass through User-Controlled key vulnerability 
in Tera ...)
-       TODO: check
+       NOT-FOR-US: TeraMIS
 CVE-2026-61492 (In JetBrains YouTrack before 2026.2.17394 stored XSS via 
article title ...)
        NOT-FOR-US: JetBrains
 CVE-2026-61461 (Dify before 1.16.0-rc1 contains a SQL injection vulnerability 
in the M ...)
-       TODO: check
+       NOT-FOR-US: Dify
 CVE-2026-61460 (Krayin CRM through 2.2.3 contains an insecure direct object 
reference  ...)
-       TODO: check
+       NOT-FOR-US: Krayin CRM
 CVE-2026-61459 (MCP Server Kubernetes before 3.9.0 contains an argument 
injection vuln ...)
-       TODO: check
+       NOT-FOR-US: MCP Server Kubernetes
 CVE-2026-61456 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 
fails to sa ...)
-       TODO: check
+       NOT-FOR-US: Grav API plugin for Grav CMS
 CVE-2026-61455 (Grav before 2.0.1 contains a decompression bomb vulnerability 
in ZipAr ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-61450 (Grav before 2.0.2 contains a Twig sandbox bypass that allows a 
page au ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-61444 (PraisonAI versions before 4.6.78 contain a code injection 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61441 (PraisonAI Platform (praisonai-platform) before 0.1.9 
improperly author ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61437 (PraisonAI (pip package praisonaiagents) before 1.6.78 contains 
an unsa ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61434 (PraisonAI versions before 4.6.78 contain an allowlist bypass 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61432 (PraisonAI (praisonaiagents) before 1.6.78 contains a path 
traversal vu ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-61431 (PraisonAI before 4.6.78 contains a path traversal 
vulnerability in Con ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-60091 (PraisonAI before 4.6.78 contains an unauthenticated 
server-side reques ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-60089 (PraisonAI (pip package praisonaiagents) before 1.6.78 
automatically lo ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-60086 (PraisonAI before 4.6.78 contains a prompt injection defense 
bypass vul ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-5801 (Improper neutralization of special elements used in an SQL 
command ('S ...)
-       TODO: check
+       NOT-FOR-US: SEM-PMP
 CVE-2026-59796 (In JetBrains TeamCity before 2026.1.2 pipeline modification 
was possib ...)
        NOT-FOR-US: JetBrains
 CVE-2026-59795 (In JetBrains TeamCity before 2026.1.2 stored XSS via 
unauthenticated a ...)
@@ -61,9 +61,9 @@ CVE-2026-59792 (In JetBrains IntelliJ IDEA before 2026.1.4,  
2026.2 code executi
 CVE-2026-59791 (In JetBrains YouTrack before 2026.2.17012 cSS injection via 
Mermaid di ...)
        NOT-FOR-US: JetBrains
 CVE-2026-59193 (Grav is a file-based Web platform. Prior to 2.0.0, an 
authenticated ad ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-59190 (grav-plugin-admin is an HTML user interface that provides a 
way to con ...)
-       TODO: check
+       NOT-FOR-US: grav-plugin-admin
 CVE-2026-59180 (Apprise is an open source library which allows you to send a 
notificat ...)
        TODO: check
 CVE-2026-59162 (Excelize is a Go language library for reading and writing 
Microsoft Ex ...)
@@ -73,25 +73,25 @@ CVE-2026-59161 (Excelize is a Go language library for 
reading and writing Micros
 CVE-2026-59154 (Wekan is open source kanban built with Meteor. Prior to 9.64, 
Wekan ha ...)
        TODO: check
 CVE-2026-59151 (Prowler is a cloud security platform. Prior to 5.30.3, 
Prowler's SAML  ...)
-       TODO: check
+       NOT-FOR-US: Prowler
 CVE-2026-58661 (n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) 
contains a d ...)
        NOT-FOR-US: n8n
 CVE-2026-58493 (grav-plugin-database is the database plugin for Grav CMS. 
Prior to 1.2 ...)
-       TODO: check
+       NOT-FOR-US: grav-plugin-database
 CVE-2026-58492 (grav-plugin-database is the database plugin for Grav CMS. 
Prior to 1.2 ...)
-       TODO: check
+       NOT-FOR-US: grav-plugin-database
 CVE-2026-58225 (SQL Injection vulnerability in elixir-ecto postgrex allows an 
attacker ...)
        TODO: check
 CVE-2026-57994 (phpMyFAQ before 4.1.5 applies inconsistent active=yes and 
publication- ...)
-       TODO: check
+       NOT-FOR-US: phpMyFAQ
 CVE-2026-57961 (phpMyFAQ before 4.1.5 contains a potential authenticated path 
traversa ...)
-       TODO: check
+       NOT-FOR-US: phpMyFAQ
 CVE-2026-57476 (Deloitte AI Assist for Customer exposed unauthenticated API 
endpoints  ...)
-       TODO: check
+       NOT-FOR-US: Deloitte AI Assist for Customer
 CVE-2026-57475 (Deloitte AI Assist for Customer accepted unauthenticated POST 
requests ...)
-       TODO: check
+       NOT-FOR-US: Deloitte AI Assist for Customer
 CVE-2026-57474 (Deloitte AI Assist for Customer disclosed some configuration 
informati ...)
-       TODO: check
+       NOT-FOR-US: Deloitte AI Assist for Customer
 CVE-2026-57167 (PeerTube is an ActivityPub-federated video streaming platform. 
Prior t ...)
        TODO: check
 CVE-2026-56814 (Plug.Parsers.MULTIPART, the multipart request-body parser used 
to hand ...)
@@ -99,7 +99,7 @@ CVE-2026-56814 (Plug.Parsers.MULTIPART, the multipart 
request-body parser used t
 CVE-2026-56813 (Improper Neutralization of Parameter/Argument Delimiters 
vulnerability ...)
        TODO: check
 CVE-2026-56765 (Vikunja before 2.2.1 contains an authorization flaw where the 
LinkShar ...)
-       TODO: check
+       NOT-FOR-US: Vikunja
 CVE-2026-56690 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) 
an Improp ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-56689 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) 
an Improp ...)
@@ -107,19 +107,19 @@ CVE-2026-56689 (Dell PowerFlex Manager, Version prior to 
5.1.0.1, contain(s) an
 CVE-2026-56688 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) 
an Improp ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-56676 (9Router is an AI router & token saver. Prior to 0.5.2, 9router 
validat ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-56675 (9Router is an AI router & token saver. Prior to 0.5.2, 9router 
treats  ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-56668 (ZITADEL is an open source identity management platform. Prior 
to 4.15. ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2026-56667 (ZITADEL is an open source identity management platform. Prior 
to 4.15. ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2026-56666 (ZITADEL is an open source identity management platform. Prior 
to 4.15. ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2026-56665 (ZITADEL is an open source identity management platform. Prior 
to 3.4.1 ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2026-56664 (ZITADEL is an open source identity management platform. Prior 
to 3.4.1 ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2026-56373 (ImageMagick before 7.1.2-15 contains a use-after-free 
vulnerability in ...)
        TODO: check
 CVE-2026-56366 (ImageMagick before 7.1.2-18 contains a memory leak 
vulnerability in th ...)
@@ -127,55 +127,55 @@ CVE-2026-56366 (ImageMagick before 7.1.2-18 contains a 
memory leak vulnerability
 CVE-2026-56354 (n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 
2.x branch ...)
        NOT-FOR-US: n8n
 CVE-2026-56335 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability w ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56329 (Capgo before 12.128.2 contains a cross-tenant preview 
namespace collis ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56312 (Capgo before 12.128.2 contains an improper validation 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56309 (Capgo before 12.128.2 fails to enforce plan/quota restrictions 
on the  ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56305 (Capgo before 12.128.2 contains an authentication bypass 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56279 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56261 (Crawl4AI before 0.8.7 contains a server-side request forgery 
(SSRF) vu ...)
-       TODO: check
+       NOT-FOR-US: Crawl4AI
 CVE-2026-56254 (In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, 
the end-to ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-55890 (Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's 
incompl ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-55885 (Grav is a file-based Web platform. Prior to 1.7.53, an 
authenticated a ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-55843 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.0, Use ...)
        TODO: check
 CVE-2026-55783 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
-       TODO: check
+       NOT-FOR-US: NanaZip
 CVE-2026-55782 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
-       TODO: check
+       NOT-FOR-US: NanaZip
 CVE-2026-55781 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
-       TODO: check
+       NOT-FOR-US: NanaZip
 CVE-2026-55780 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
-       TODO: check
+       NOT-FOR-US: NanaZip
 CVE-2026-55687 (ESF-IDF is the Espressif Internet of Things (IOT) Development 
Framewor ...)
        TODO: check
 CVE-2026-55672 (ZITADEL is an open source identity management platform. Prior 
to 3.4.1 ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2026-55671 (ZITADEL is an open source identity management platform. From 
4.0.0-rc. ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2026-55670 (ZITADEL is an open source identity management platform. Prior 
to 4.15. ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2026-55669 (ZITADEL is an open source identity management platform. Prior 
to 3.4.1 ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2026-55641 (9Router is an AI router & token saver. Prior to 0.5.2, 9router 
determi ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-55638 (9Router is an AI router & token saver. Prior to 0.5.2, 9router 
protect ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-55516 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.2, PAT ...)
        TODO: check
 CVE-2026-55501 (9Router is an AI router & token saver. Prior to 0.4.80, the 
dashboard  ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-55500 (9Router is an AI router & token saver. Prior to 0.4.80, the 
/api/setti ...)
-       TODO: check
+       NOT-FOR-US: 9Router
 CVE-2026-55478 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.2, POS ...)
        TODO: check
 CVE-2026-55476 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.0, POS ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3efbc4f882e069503bab208009e8398688799f4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3efbc4f882e069503bab208009e8398688799f4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to