[Git][security-tracker-team/security-tracker][master] Process batch of NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 3 09:41:31 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
939ddc0c by Salvatore Bonaccorso at 2026-04-03T10:41:13+02:00
Process batch of NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,51 +26,51 @@ CVE-2026-35507 (Shynet before 0.14.0 allows Host header injection in the passwor
CVE-2026-35467 (The stored API keys in temporary browser client is not marked as prote ...)
TODO: check
CVE-2026-35466 (XSS vulnerability in cveInterface.js allows for inject HTML to be pass ...)
- TODO: check
+ NOT-FOR-US: CERTCC cveClient
CVE-2026-35383 (Bentley Systems iTwin Platform exposed a Cesium ion access token in th ...)
- TODO: check
+ NOT-FOR-US: Bentley Systems iTwin Platform
CVE-2026-35053 (OneUptime is an open-source monitoring and observability platform. Pri ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-34932 (hoppscotch is an open source API development ecosystem. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-34931 (hoppscotch is an open source API development ecosystem. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-34848 (hoppscotch is an open source API development ecosystem. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-34847 (hoppscotch is an open source API development ecosystem. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-34840 (OneUptime is an open-source monitoring and observability platform. Pri ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-34838 (Group-Office is an enterprise customer relationship management and gro ...)
- TODO: check
+ NOT-FOR-US: Group-Office
CVE-2026-34834 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...)
- TODO: check
+ NOT-FOR-US: Bulwark Webmail
CVE-2026-34833 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...)
- TODO: check
+ NOT-FOR-US: Bulwark Webmail
CVE-2026-34832 (Scoold is a Q&A and a knowledge sharing platform for teams. Prior to v ...)
- TODO: check
+ NOT-FOR-US: Scoold
CVE-2026-34825 (NocoBase is an AI-powered no-code/low-code platform for building busin ...)
- TODO: check
+ NOT-FOR-US: NocoBase
CVE-2026-34762 (Ella Core is a 5G core designed for private networks. Prior to version ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-34761 (Ella Core is a 5G core designed for private networks. Prior to version ...)
- TODO: check
+ NOT-FOR-US: Ella Core
CVE-2026-34760 (vLLM is an inference and serving engine for large language models (LLM ...)
TODO: check
CVE-2026-33107 (Server-side request forgery (ssrf) in Azure Databricks allows an unaut ...)
- TODO: check
+ NOT-FOR-US: Azure Databricks
CVE-2026-33105 (Improper authorization in Microsoft Azure Kubernetes Service allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32213 (Improper authorization in Azure AI Foundry allows an unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32211 (Missing authentication for critical function in Azure MCP Server allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32173 (Improper authentication in Azure SRE Agent allows an unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-30252 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the l ...)
- TODO: check
+ NOT-FOR-US: Interzen Consulting S.r.l ZenShare Suite
CVE-2026-30251 (A reflected cross-site scripting (XSS) vulnerability in the login_newp ...)
- TODO: check
+ NOT-FOR-US: Interzen Consulting S.r.l ZenShare Suite
CVE-2026-28815 (A remote attacker can supply a short X-Wing HPKE encapsulated key and ...)
NOT-FOR-US: Apple
CVE-2026-26135 (Server-side request forgery (ssrf) in Azure Custom Locations Resource ...)
@@ -255,7 +255,7 @@ CVE-2026-34829 (Rack is a modular Ruby web server interface. Prior to versions 2
NOTE: Fixed by: https://github.com/rack/rack/commit/367a2a0ec6fbef605c9412dadfd5763b7867441f (v3.1.21)
NOTE: Fixed by: https://github.com/rack/rack/commit/c42e357995065aa0c144eba0215a689d8105e4de (v2.2.23)
CVE-2026-34828 (listmonk is a standalone, self-hosted, newsletter and mailing list man ...)
- TODO: check
+ NOT-FOR-US: listmonk
CVE-2026-34827 (Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 ...)
[experimental] - ruby-rack 3.2.6-1
- ruby-rack <unfixed>
@@ -270,73 +270,73 @@ CVE-2026-34826 (Rack is a modular Ruby web server interface. Prior to versions 2
NOTE: Fixed by: https://github.com/rack/rack/commit/345a4cfa51f451e58b2931322998e04f3cf6dc0d (v3.1.21)
NOTE: Fixed by: https://github.com/rack/rack/commit/94a7ca91a750ced0e445f39fabbc8ee6d2ab3bf1 (v2.2.23)
CVE-2026-34823 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34822 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34821 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34820 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34819 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34818 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34817 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34816 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34815 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34814 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34813 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34812 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34811 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34810 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34809 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34808 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34807 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34806 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34805 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34804 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34803 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34802 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34801 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34800 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34799 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34798 (Endian Firewall version 3.3.25 and prior allow stored cross-site scrip ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34797 (Endian Firewall version 3.3.25 and prior allow authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34796 (Endian Firewall version 3.3.25 and prior allow authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34795 (Endian Firewall version 3.3.25 and prior allow authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34794 (Endian Firewall version 3.3.25 and prior allow authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34793 (Endian Firewall version 3.3.25 and prior allow authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34792 (Endian Firewall version 3.3.25 and prior allow authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34791 (Endian Firewall version 3.3.25 and prior allow authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34790 (Endian Firewall version 3.3.25 and prior allow authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Endian Firewall
CVE-2026-34786 (Rack is a modular Ruby web server interface. Prior to versions 2.2.23, ...)
[experimental] - ruby-rack 3.2.6-1
- ruby-rack <unfixed>
@@ -359,65 +359,65 @@ CVE-2026-34763 (Rack is a modular Ruby web server interface. Prior to versions 2
NOTE: Fixed by: https://github.com/rack/rack/commit/29b17c58e55539b5b9c1afd0d86266e54150193f (v3.1.21)
NOTE: Fixed by: https://github.com/rack/rack/commit/7796548b545601accdfe8f4079088bd44d0a3495 (v2.2.23)
CVE-2026-34759 (OneUptime is an open-source monitoring and observability platform. Pri ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-34758 (OneUptime is an open-source monitoring and observability platform. Pri ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-34752 (Haraka is a Node.js mail server. Prior to version 3.1.4, sending an em ...)
- TODO: check
+ NOT-FOR-US: Haraka
CVE-2026-34745 (Fireshare facilitates self-hosted media and link sharing. Prior to ver ...)
- TODO: check
+ NOT-FOR-US: Fireshare
CVE-2026-34742 (The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4. ...)
- TODO: check
+ NOT-FOR-US: Go MCP SDK
CVE-2026-34736 (Open edX Platform enables the authoring and delivery of online learnin ...)
- TODO: check
+ NOT-FOR-US: Open edX
CVE-2026-34735 (The Hytale Modding Wiki is a free service for Hytale mods to host thei ...)
- TODO: check
+ NOT-FOR-US: Hytale Modding Wiki
CVE-2026-34730 (Copier is a library and CLI app for rendering project templates. Prior ...)
- TODO: check
+ NOT-FOR-US: Copier library and CLI app
CVE-2026-34729 (phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1 ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-34728 (phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1 ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-34726 (Copier is a library and CLI app for rendering project templates. Prior ...)
- TODO: check
+ NOT-FOR-US: Copier library and CLI app
CVE-2026-34725 (DbGate is cross-platform database manager. From version 7.0.0 to befor ...)
- TODO: check
+ NOT-FOR-US: DbGate
CVE-2026-34717 (OpenProject is an open-source, web-based project management software. ...)
- TODO: check
+ NOT-FOR-US: OpenProject
CVE-2026-34715 (ewe is a Gleam web server. Prior to version 3.0.6, the encode_headers ...)
- TODO: check
+ NOT-FOR-US: ewe
CVE-2026-34610 (The leancrypto library is a cryptographic library that exclusively con ...)
TODO: check
CVE-2026-34608 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2026-34606 (Frappe Learning Management System (LMS) is a learning system that help ...)
- TODO: check
+ NOT-FOR-US: Frappe Learning Management System (LMS)
CVE-2026-34601 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
TODO: check
CVE-2026-34598 (YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a sto ...)
- TODO: check
+ NOT-FOR-US: YesWiki
CVE-2026-34593 (Ash Framework is a declarative, extensible framework for building Elix ...)
TODO: check
CVE-2026-34591 (Poetry is a dependency manager for Python. From version 1.4.0 to befor ...)
TODO: check
CVE-2026-34590 (Postiz is an AI social media scheduling tool. Prior to version 2.21.4, ...)
- TODO: check
+ NOT-FOR-US: Postiz
CVE-2026-34584 (listmonk is a standalone, self-hosted, newsletter and mailing list man ...)
- TODO: check
+ NOT-FOR-US: listmonk
CVE-2026-34581 (goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to befor ...)
- TODO: check
+ NOT-FOR-US: goshs
CVE-2026-34577 (Postiz is an AI social media scheduling tool. Prior to version 2.21.3, ...)
- TODO: check
+ NOT-FOR-US: Postiz
CVE-2026-34576 (Postiz is an AI social media scheduling tool. Prior to version 2.21.3, ...)
- TODO: check
+ NOT-FOR-US: Postiz
CVE-2026-34526 (SillyTavern is a locally installed user interface that allows users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-34524 (SillyTavern is a locally installed user interface that allows users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-34523 (SillyTavern is a locally installed user interface that allows users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-34522 (SillyTavern is a locally installed user interface that allows users to ...)
- TODO: check
+ NOT-FOR-US: SillyTavern
CVE-2026-34426 (OpenClaw versions prior to commit b57b680contain an approval bypass vu ...)
NOT-FOR-US: OpenClaw
CVE-2026-34425 (OpenClaw versions prior to commit 8aceaf5 contain a preflight validati ...)
@@ -442,33 +442,33 @@ CVE-2026-34119 (A heap-based buffer overflow vulnerability was identified in TP-
CVE-2026-34118 (A heap-based buffer overflow vulnerability was identified in TP-Link T ...)
NOT-FOR-US: TPLink
CVE-2026-34083 (Signal K Server is a server application that runs on a central hub in ...)
- TODO: check
+ NOT-FOR-US: Signal K Server
CVE-2026-33951 (Signal K Server is a server application that runs on a central hub in ...)
- TODO: check
+ NOT-FOR-US: Signal K Server
CVE-2026-33950 (Signal K Server is a server application that runs on a central hub in ...)
- TODO: check
+ NOT-FOR-US: Signal K Server
CVE-2026-33746 (Convoy is a KVM server management panel for hosting businesses. From v ...)
- TODO: check
+ NOT-FOR-US: Convoy
CVE-2026-33641 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
TODO: check
CVE-2026-33617 (An unauthenticated remote attacker can access a configuration file con ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2026-33616 (An unauthenticated remote attacker can exploit an unauthenticated blin ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2026-33615 (An unauthenticated remote attacker can exploit an unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2026-33614 (An unauthenticated remote attacker can exploit an unauthenticated SQL ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2026-33613 (Due to the improper neutralisation of special elements used in an OS c ...)
- TODO: check
+ NOT-FOR-US: MB connect line GmbH
CVE-2026-33544 (Tinyauth is an authentication and authorization server. Prior to versi ...)
- TODO: check
+ NOT-FOR-US: Tinyauth
CVE-2026-33533 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
TODO: check
CVE-2026-33271 (Local privilege escalation due to insecure folder permissions. The fol ...)
NOT-FOR-US: Acronis
CVE-2026-32871 (FastMCP is a Pythonic way to build MCP servers and clients. Prior to v ...)
- TODO: check
+ NOT-FOR-US: FastMCP
CVE-2026-32762 (Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 ...)
[experimental] - ruby-rack 3.2.6-1
- ruby-rack <unfixed>
@@ -476,9 +476,9 @@ CVE-2026-32762 (Rack is a modular Ruby web server interface. From versions 3.0.0
NOTE: Fixed by: https://github.com/rack/rack/commit/27e06c695f3a47bdd9d21a1a7e8d97e12c52c255 (v3.2.6)
NOTE: Fixed by: https://github.com/rack/rack/commit/9df5d34d4f496b22b8d07e919447e9dfa3240d41 (v3.1.21)
CVE-2026-32629 (phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1 ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-32145 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- TODO: check
+ NOT-FOR-US: gleam-wisp wisp
CVE-2026-31937 (Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15 ...)
- suricata 1:8.0.1-1
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg
@@ -500,11 +500,11 @@ CVE-2026-31931 (Suricata is a network IDS, IPS and NSM engine. From version 8.0.
- suricata 1:8.0.4-1
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3
CVE-2026-30867 (CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Sw ...)
- TODO: check
+ NOT-FOR-US: CocoaMQTT
CVE-2026-30603 (An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20 ...)
- TODO: check
+ NOT-FOR-US: Qianniao
CVE-2026-30332 (A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Balena Etcher for Windows
CVE-2026-2737 (A vulnerability exists in Progress Flowmon versions prior to 12.5.8 an ...)
NOT-FOR-US: Progress Software
CVE-2026-2701 (Authenticated user can upload a malicious file to the server and execu ...)
@@ -512,7 +512,7 @@ CVE-2026-2701 (Authenticated user can upload a malicious file to the server and
CVE-2026-2699 (Customer Managed ShareFile Storage Zones Controller (SZC) allows an un ...)
NOT-FOR-US: Progress Software
CVE-2026-29782 (OpenSTAManager is an open source management software for technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2026-29144 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
TODO: check
CVE-2026-29143 (SEPPmail Secure Email Gateway before version 15.0.3 does not properly ...)
@@ -790,19 +790,19 @@ CVE-2026-34513 (AIOHTTP is an asynchronous HTTP client/server framework for asyn
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hcc4-c3v8-rx92
NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/c4d77c3533122be353b8afca8e8675e3b4cbda98 (v3.13.4)
CVE-2026-34456 (Reviactyl is an open-source game server management panel built using L ...)
- TODO: check
+ NOT-FOR-US: Reviactyl
CVE-2026-34455 (Hi.Events is an open-source event management and ticket selling platfo ...)
- TODO: check
+ NOT-FOR-US: Hi.Events
CVE-2026-32929 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6 ...)
- TODO: check
+ NOT-FOR-US: V-SFT
CVE-2026-32928 (V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflo ...)
- TODO: check
+ NOT-FOR-US: V-SFT
CVE-2026-32927 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulner ...)
- TODO: check
+ NOT-FOR-US: V-SFT
CVE-2026-32926 (V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulner ...)
- TODO: check
+ NOT-FOR-US: V-SFT
CVE-2026-32925 (V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflo ...)
- TODO: check
+ NOT-FOR-US: V-SFT
CVE-2026-2862 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
NOT-FOR-US: IBM
CVE-2026-2475 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
@@ -964,9 +964,9 @@ CVE-2026-30523 (A Business Logic vulnerability exists in SourceCodester Loan Man
CVE-2026-30522 (A Business Logic vulnerability exists in SourceCodester Loan Managemen ...)
NOT-FOR-US: SourceCodester
CVE-2026-30292 (An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF ...)
- TODO: check
+ NOT-FOR-US: Docudepot
CVE-2026-30291 (An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Re ...)
- TODO: check
+ NOT-FOR-US: Ora Tools
CVE-2026-30289 (An arbitrary file overwrite vulnerability in Tinybeans Private Family ...)
NOT-FOR-US: Tinybeans Private Family Album App
CVE-2026-30287 (An arbitrary file overwrite vulnerability in Deep Thought Industries A ...)
@@ -1571,17 +1571,17 @@ CVE-2026-30312 (DSAI-Cline's command auto-approval module contains a critical OS
CVE-2026-30311 (Ridvay Code's command auto-approval module contains a critical OS comm ...)
NOT-FOR-US: Ridvay Code
CVE-2026-30310 (In its design for automatic terminal command execution, Sixth offers t ...)
- TODO: check
+ NOT-FOR-US: Sixth
CVE-2026-30309 (InfCode's terminal auto-execution module contains a critical command f ...)
NOT-FOR-US: InfCode
CVE-2026-30290 (An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ...)
- TODO: check
+ NOT-FOR-US: InTouch Contacts & Caller ID APP
CVE-2026-30286 (An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Clo ...)
- TODO: check
+ NOT-FOR-US: Funambol
CVE-2026-30285 (An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn C ...)
- TODO: check
+ NOT-FOR-US: Zora
CVE-2026-30284 (An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorde ...)
- TODO: check
+ NOT-FOR-US: UXGROUP LLC Voice Recorder
CVE-2026-30283 (An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal ...)
NOT-FOR-US: PEAKSEL
CVE-2026-30282 (An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Sc ...)
@@ -1595,9 +1595,9 @@ CVE-2026-30279 (An arbitrary file overwrite vulnerability in Squareapps LLC My L
CVE-2026-30278 (An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navig ...)
NOT-FOR-US: FLY is FUN Aviation Navigation
CVE-2026-30277 (An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX ...)
- TODO: check
+ NOT-FOR-US: TA/UTAX Mobile Print
CVE-2026-30276 (An arbitrary file overwrite vulnerability in DeftPDF Document Translat ...)
- TODO: check
+ NOT-FOR-US: DeftPDF
CVE-2026-2950 (Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototy ...)
TODO: check
CVE-2026-2696 (The Export All URLs WordPress plugin before 5.1 generates CSV filename ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/939ddc0cda931aa1742b0abd51a7853c76f3428a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/939ddc0cda931aa1742b0abd51a7853c76f3428a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/a140e7a0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list