Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
648491a4 by security tracker role at 2026-07-11T19:13:53+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2026-61465 (ImageMagick before 7.1.2-26 and 6.9.13-51 is
missing a check for
CVE-2026-61454 (The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before
2.0.4 embed ...)
TODO: check
CVE-2026-61448 (Parse Server is affected by a stored cross-site scripting
(XSS) vulner ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-61447 (PraisonAI before 1.6.78 contains a remote code execution
vulnerability ...)
TODO: check
CVE-2026-61445 (PraisonAI before 4.6.78 contains arbitrary file write and
command exec ...)
@@ -31,9 +31,9 @@ CVE-2026-60090 (PraisonAI before 4.6.78 fails to validate the
caller-controlled
CVE-2026-60088 (PraisonAI before 4.6.78 fails to validate file path references
in cust ...)
TODO: check
CVE-2026-57828 (The Joomla extension Phoca Downloads is vulnerable to an
authenticated ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-57827 (The Joomla extension RSFiles is vulnerable to an
unauthenticated arbit ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-56763 (Hono before 4.12.7 allows __proto__ key in parseBody with dot
option e ...)
TODO: check
CVE-2026-56372 (ImageMagick before 7.1.2-19 contains a heap buffer overflow
vulnerabil ...)
@@ -45,9 +45,9 @@ CVE-2026-56296 (Cap-go before 12.128.2 contains an
information disclosure vulner
CVE-2026-56240 (Capgo before 12.128.12 contains a billing authorization bypass
vulnera ...)
TODO: check
CVE-2026-1359 (The Genolve \u2013 AI image AI video generation plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10660 (The Bluetooth BAP Broadcast Assistant GATT client in
subsys/bluetooth/ ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-9738 (The Print, PDF, Email by PrintFriendly plugin for WordPress is
vulnera ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9726 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/648491a4ef4ebb7c74857c7d2af668b4e7bb3e37
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/648491a4ef4ebb7c74857c7d2af668b4e7bb3e37
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits