Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
83b92f9f by Salvatore Bonaccorso at 2026-07-16T09:31:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,43 +1,43 @@
CVE-2026-63175 (PlaywrightCapture stored capture-specific configuration and
runtime da ...)
- TODO: check
+ NOT-FOR-US: PlaywrightCapture
CVE-2026-62361 (listmonk is a standalone, self-hosted, newsletter and mailing
list man ...)
- TODO: check
+ NOT-FOR-US: listmonk
CVE-2026-62355 (TDengine is an open source, time-series database optimized for
Interne ...)
- TODO: check
+ NOT-FOR-US: TDengine
CVE-2026-62353 (TDengine is a time-series database optimized for Internet of
Things de ...)
- TODO: check
+ NOT-FOR-US: TDengine
CVE-2026-62351 (TDengine is a time-series database optimized for Internet of
Things de ...)
- TODO: check
+ NOT-FOR-US: TDengine
CVE-2026-62350 (TDengine is an open source, time-series database optimized for
Interne ...)
- TODO: check
+ NOT-FOR-US: TDengine
CVE-2026-62349 (TDengine is an open source, time-series database optimized for
Interne ...)
- TODO: check
+ NOT-FOR-US: TDengine
CVE-2026-62348 (TDengine is a time-series database optimized for Internet of
Things de ...)
- TODO: check
+ NOT-FOR-US: TDengine
CVE-2026-62314 (Anubis is a Web AI Firewall Utility that challenges users'
connections ...)
- TODO: check
+ NOT-FOR-US: Anubis
CVE-2026-62312 (9Router is an AI router & token saver. Prior to 0.5.2, 9Router
allows ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-59950 (The MCP Python SDK, called mcp on PyPI, is a Python
implementation of ...)
- TODO: check
+ NOT-FOR-US: MCP Python SDK
CVE-2026-56743 (Cilium is a networking, observability, and security solution.
From 1.1 ...)
TODO: check
CVE-2026-56742 (Cilium is a networking, observability, and security solution.
Prior to ...)
TODO: check
CVE-2026-56679 (9Router is an AI router & token saver. Prior to 0.5.4, the
PATCH /api/ ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-56678 (9Router is an AI router & token saver. Prior to 0.5.6, the
Kiro API-ke ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-55652 (Wekan is open source kanban built with Meteor. Prior to 9.46,
header-l ...)
TODO: check
CVE-2026-55608 (n8n-MCP is an MCP server that provides AI assistants access to
n8n nod ...)
NOT-FOR-US: n8n
CVE-2026-55576 (MaaAssistantArknights is a one-click tool for daily Arknights
tasks. I ...)
- TODO: check
+ NOT-FOR-US: MaaAssistantArknights
CVE-2026-55445 (Qinglong is a timed task management platform supporting
Python3, JavaS ...)
- TODO: check
+ NOT-FOR-US: Qinglong
CVE-2026-55410 (NocoBase is an AI-powered no-code/low-code platform for
building busin ...)
- TODO: check
+ NOT-FOR-US: NocoBase
CVE-2026-55399 (CVE-2026-55399 is a resource exhaustion vulnerability in the
Secure Ac ...)
NOT-FOR-US: Absolute Software
CVE-2026-55398 (CVE-2026-55398 is a memory management vulnerability in Secure
Access c ...)
@@ -45,7 +45,7 @@ CVE-2026-55398 (CVE-2026-55398 is a memory management
vulnerability in Secure Ac
CVE-2026-55234 (Wekan is open source kanban built with Meteor. Prior to 9.37,
Wekan DD ...)
TODO: check
CVE-2026-54458 (WWBN AVideo is an open source video platform. Versions prior
to 29.0 c ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-54052 (n8n-MCP is an MCP server that provides AI assistants access to
n8n nod ...)
NOT-FOR-US: n8n
CVE-2026-53447 (Wekan is open source kanban built with Meteor. Prior to 9.35,
the Weka ...)
@@ -65,19 +65,19 @@ CVE-2026-52891 (Wekan is open source kanban built with
Meteor. Prior to 9.07, We
CVE-2026-52890 (Wekan is open source kanban built with Meteor. Prior to 9.31,
Wekan al ...)
TODO: check
CVE-2026-52888 (NocoBase is an AI-powered no-code/low-code platform for
building busin ...)
- TODO: check
+ NOT-FOR-US: NocoBase
CVE-2026-52887 (NocoBase is an AI-powered no-code/low-code platform for
building busin ...)
- TODO: check
+ NOT-FOR-US: NocoBase
CVE-2026-52870 (The MCP Python SDK, called mcp on PyPI, is a Python
implementation of ...)
- TODO: check
+ NOT-FOR-US: MCP Python SDK
CVE-2026-52869 (The MCP Python SDK, called mcp on PyPI, is a Python
implementation of ...)
- TODO: check
+ NOT-FOR-US: MCP Python SDK
CVE-2026-51380 (Buffer Overflow vulnerability in Tenda AC10 v3 (firmware
V03.03.16.09) ...)
NOT-FOR-US: Tenda
CVE-2026-50183 (WWBN AVideo is an open source video platform. Versions 29.0
and below ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-50182 (WWBN AVideo is an open source video platform. Versions prior
to 29.0 c ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-50144 (ncnn is a high-performance neural network inference framework
optimize ...)
TODO: check
CVE-2026-50124 (DataEase is an open source data visualization and analysis
tool. Prior ...)
@@ -433,23 +433,23 @@ CVE-2026-59762 (When an HTTP/2 profile is configured on a
virtual server, undisc
CVE-2026-59259 (n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a
permission ...)
NOT-FOR-US: n8n
CVE-2026-59258 (immich before 3.0.3 contains a broken access control
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: immich
CVE-2026-59255 (BloodHound through 9.4.0, fixed in commit 8f79035, contains a
missing ...)
- TODO: check
+ NOT-FOR-US: BloodHound
CVE-2026-59254 (n8n before 2.28.1 contains an information disclosure
vulnerability whe ...)
NOT-FOR-US: n8n
CVE-2026-59236 (Authorization Bypass Through User-Controlled Key (CWE-639) in
the Exce ...)
- TODO: check
+ NOT-FOR-US: prospero-flow-crm
CVE-2026-59235 (Missing Authorization (CWE-862) in BankAccountListController
(app/Http ...)
- TODO: check
+ NOT-FOR-US: prospero-flow-crm
CVE-2026-58660 (Kanboard through 1.2.52, fixed in commit 564cc30,
BoardAjaxController ...)
TODO: check
CVE-2026-58659 (PyTorch Lightning through 2.6.5, fixed in commit d710d68,
contains a r ...)
- TODO: check
+ NOT-FOR-US: PyTorch Lightning
CVE-2026-58658 (GPUStack through 2.2.1, fixed in commit 4e20551, contains an
unauthent ...)
- TODO: check
+ NOT-FOR-US: GPUStack
CVE-2026-58655 (The bundled Grav Flex Objects plugin
(getgrav/grav-plugin-flex-objects ...)
- TODO: check
+ NOT-FOR-US: Grav Flex Objects plugin
CVE-2026-58559 (DoS vulnerability in the vibration service.Impact: Successful
exploita ...)
NOT-FOR-US: Huawei
CVE-2026-58558 (Permission control vulnerability in the file system.Impact:
Successful ...)
@@ -475,7 +475,7 @@ CVE-2026-58549 (Out-of-bounds read vulnerability in the
image codec module. Impa
CVE-2026-58077 (The Joomla extension 4Analytics is vulnerable to an
unauthenticated st ...)
NOT-FOR-US: Joomla
CVE-2026-57996 (phpMyFAQ before 4.1.5 contains a privilege escalation
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-57833 (The Joomla extension 4Analytics is vulnerable to an
unauthenticated st ...)
NOT-FOR-US: Joomla
CVE-2026-57832 (The Joomla extension EDocman is vulnerable to an
unauthenticated SQL i ...)
@@ -485,17 +485,17 @@ CVE-2026-57831 (The Joomla extension DP Calendar is
vulnerable to an unauthentic
CVE-2026-57821 (A SQL Injection vulnerability exists in Apache Fineract's
Office Searc ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-56764 (Hono before 4.11.10 contains a timing attack vulnerability in
the basi ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-56699 (Wazuh Manager before 5.0.0-beta3 fails to escape the
DataValue.index f ...)
- TODO: check
+ NOT-FOR-US: Wazuh Manager
CVE-2026-56687 (Dell ThinOS 10, versions prior to 2605_10.2100, contain an
Obsolete Fe ...)
NOT-FOR-US: Dell / EMC
CVE-2026-56434 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_http_ ...)
TODO: check
CVE-2026-56400 (open-webui before 0.3.14 contains a cross-origin resource
sharing misc ...)
- TODO: check
+ NOT-FOR-US: open-webui
CVE-2026-56398 (Open WebUI before 0.9.5 contains a stored cross-site scripting
vulnera ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-56375 (ImageMagick through 7.1.2-18 contains a memory leak
vulnerability in t ...)
TODO: check
CVE-2026-56353 (n8n contains an authentication bypass in the Chat Trigger node
when co ...)
@@ -505,7 +505,7 @@ CVE-2026-56352 (n8n before 2.19.3 contains a file path
restriction bypass in the
CVE-2026-56349 (n8n before version 2.10.0 contains an input validation
vulnerability i ...)
NOT-FOR-US: n8n
CVE-2026-56339 (Capgo (Cap-go/capgo) before 12.128.2 contains an information
disclosur ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56287 (A boolean-based SQL Injection vulnerability exists in Apache
Fineract' ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-56087 (Dell ThinOS 10, versions prior to 2605_10.2100 contain a
Protection Me ...)
@@ -513,15 +513,15 @@ CVE-2026-56087 (Dell ThinOS 10, versions prior to
2605_10.2100 contain a Protect
CVE-2026-55723 (When NGINX Ingress Controller is configured with Custom
Resource Defin ...)
NOT-FOR-US: F5
CVE-2026-55242 (ERPNext is a free and open source Enterprise Resource Planning
tool. P ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2026-54563 (Cloudreve is a self-hosted file management and sharing system.
Prior t ...)
- TODO: check
+ NOT-FOR-US: Cloudreve
CVE-2026-54562 (Cloudreve is a self-hosted file management and sharing system.
Prior t ...)
- TODO: check
+ NOT-FOR-US: Cloudreve
CVE-2026-54560 (Cloudreve is a self-hosted file management and sharing system.
From 4. ...)
- TODO: check
+ NOT-FOR-US: Cloudreve
CVE-2026-54443 (Dashy is a self-hostable personal dashboard. From 1.9.4 until
3.2.0, t ...)
- TODO: check
+ NOT-FOR-US: Dashy
CVE-2026-53518 (Better Auth is an authentication and authorization library for
TypeScr ...)
TODO: check
CVE-2026-53517 (Better Auth is an authentication and authorization library for
TypeScr ...)
@@ -539,9 +539,9 @@ CVE-2026-53512 (Better Auth is an authentication and
authorization library for T
CVE-2026-52865 (When NGINX Ingress Controller processes Ingress or
TransportServer res ...)
NOT-FOR-US: F5
CVE-2026-52843 (Lightpanda is a headless browser designed for AI and
automation. Prior ...)
- TODO: check
+ NOT-FOR-US: Lightpanda
CVE-2026-52842 (Lightpanda is a headless browser designed for AI and
automation. Prior ...)
- TODO: check
+ NOT-FOR-US: Lightpanda
CVE-2026-50562 (FastGPT is a knowledge-based AI application platform. At
commit 22ebfa ...)
TODO: check
CVE-2026-50148 (Metabase is an open-source business intelligence and embedded
analytic ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b92f9fbba6c9f17dea7e57953b864be15e21d3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83b92f9fbba6c9f17dea7e57953b864be15e21d3
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits