[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 3 13:11:34 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
22fe93f9 by Salvatore Bonaccorso at 2026-04-03T14:11:11+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24,7 +24,7 @@ CVE-2026-35508 (Shynet before 0.14.0 allows XSS in urldisplay and iconify templa
CVE-2026-35507 (Shynet before 0.14.0 allows Host header injection in the password rese ...)
- shynet <itp> (bug #1087598)
CVE-2026-35467 (The stored API keys in temporary browser client is not marked as prote ...)
- TODO: check
+ NOT-FOR-US: CERTCC cveClient
CVE-2026-35466 (XSS vulnerability in cveInterface.js allows for inject HTML to be pass ...)
NOT-FOR-US: CERTCC cveClient
CVE-2026-35383 (Bentley Systems iTwin Platform exposed a Cesium ion access token in th ...)
@@ -74,17 +74,17 @@ CVE-2026-30251 (A reflected cross-site scripting (XSS) vulnerability in the logi
CVE-2026-28815 (A remote attacker can supply a short X-Wing HPKE encapsulated key and ...)
NOT-FOR-US: Apple
CVE-2026-26135 (Server-side request forgery (ssrf) in Azure Custom Locations Resource ...)
- TODO: check
+ NOT-FOR-US: Microsof
CVE-2025-15620 (HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 con ...)
- TODO: check
+ NOT-FOR-US: HiOS Switch Platform
CVE-2024-14034 (Hirschmann HiEOS devices versions prior to 01.1.00 contain an authenti ...)
- TODO: check
+ NOT-FOR-US: Hirschmann HiEOS devices
CVE-2024-14033 (Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, B ...)
- TODO: check
+ NOT-FOR-US: Hirschmann
CVE-2023-7343 (HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contai ...)
- TODO: check
+ NOT-FOR-US: HiSecOS web server
CVE-2022-4986 (Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial ...)
- TODO: check
+ NOT-FOR-US: Hirschmann
CVE-2026-5266
- mediawiki 1:1.43.8+dfsg-1
[bookworm] - mediawiki <not-affected> (Vulnerable code not present, Echo not yet bundled)
@@ -221,11 +221,11 @@ CVE-2026-5327 (A security flaw has been discovered in efforthye fast-filesystem-
CVE-2026-5326 (A vulnerability was identified in SourceCodester Leave Application Sys ...)
NOT-FOR-US: SourceCodester
CVE-2026-5246 (A vulnerability was determined in Cesanta Mongoose up to 7.20. Affecte ...)
- TODO: check
+ NOT-FOR-US: Cesanta Mongoose
CVE-2026-5245 (A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts ...)
- TODO: check
+ NOT-FOR-US: Cesanta Mongoose
CVE-2026-5244 (A vulnerability has been found in Cesanta Mongoose up to 7.20. This af ...)
- TODO: check
+ NOT-FOR-US: Cesanta Mongoose
CVE-2026-5032 (The W3 Total Cache plugin for WordPress is vulnerable to information e ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4636 (A flaw was found in Keycloak. An authenticated user with the uma_prote ...)
@@ -446,7 +446,7 @@ CVE-2026-34601 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2
CVE-2026-34598 (YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a sto ...)
NOT-FOR-US: YesWiki
CVE-2026-34593 (Ash Framework is a declarative, extensible framework for building Elix ...)
- TODO: check
+ NOT-FOR-US: Ash Framework
CVE-2026-34591 (Poetry is a dependency manager for Python. From version 1.4.0 to befor ...)
- poetry <unfixed>
NOTE: https://github.com/python-poetry/poetry/security/advisories/GHSA-2599-h6xx-hpxp
@@ -570,35 +570,35 @@ CVE-2026-2699 (Customer Managed ShareFile Storage Zones Controller (SZC) allows
CVE-2026-29782 (OpenSTAManager is an open source management software for technical ass ...)
NOT-FOR-US: OpenSTAManager
CVE-2026-29144 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29143 (SEPPmail Secure Email Gateway before version 15.0.3 does not properly ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29142 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29141 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29140 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29139 (SEPPmail Secure Email Gateway before version 15.0.3 allows account tak ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29138 (SEPPmail Secure Email Gateway before version 15.0.3 allows attackers w ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29137 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29136 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29135 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29134 (SEPPmail Secure Email Gateway before version 15.0.3 allows an external ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29133 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29132 (SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-29131 (SEPPmail Secure Email Gateway before version 15.0.3 allows attackers w ...)
- TODO: check
+ NOT-FOR-US: SEPPmail Secure Email Gateway
CVE-2026-28805 (OpenSTAManager is an open source management software for technical ass ...)
- TODO: check
+ NOT-FOR-US: OpenSTAManager
CVE-2026-28728 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
NOT-FOR-US: Acronis
CVE-2026-27774 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
@@ -613,13 +613,13 @@ CVE-2026-26961 (Rack is a modular Ruby web server interface. Prior to versions 2
NOTE: Fixed by: https://github.com/rack/rack/commit/10626530f3c54a0cd54bee1150e851aa238249e4 (v3.1.21)
NOTE: Fixed by: https://github.com/rack/rack/commit/d3804939c47304cf1e64558f1d713d3116396ae9 (v2.2.23)
CVE-2026-26928 (SzafirHostdownloads necessary files in the context of the initiating w ...)
- TODO: check
+ NOT-FOR-US: SzafirHost
CVE-2026-26927 (Szafir SDK Web is a browser plug-in that can run SzafirHost applicatio ...)
- TODO: check
+ NOT-FOR-US: Szafir SDK Web
CVE-2026-26895 (User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 all ...)
- TODO: check
+ NOT-FOR-US: osTicket
CVE-2026-25212 (An issue was discovered in Percona PMM before 3.7. Because an internal ...)
- TODO: check
+ NOT-FOR-US: Percona PMM
CVE-2026-0688 (The Webmention plugin for WordPress is vulnerable to Server-Side Reque ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0686 (The Webmention plugin for WordPress is vulnerable to Server-Side Reque ...)
@@ -659,7 +659,7 @@ CVE-2024-40858 (A permissions issue was addressed with additional restrictions.
CVE-2024-40849 (A race condition was addressed with additional validation. This issue ...)
NOT-FOR-US: Apple
CVE-2023-7342 (HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privil ...)
- TODO: check
+ NOT-FOR-US: HiSecOS web server
CVE-2026-27456 [util-linux: mount(8) TOCTOU symlink attack via loop device]
- util-linux 2.42-1
NOTE: https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g
@@ -1035,7 +1035,7 @@ CVE-2026-30287 (An arbitrary file overwrite vulnerability in Deep Thought Indust
CVE-2026-30273 (pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerabili ...)
NOT-FOR-US: pandas-ai
CVE-2026-2265 (An unauthenticated remote code execution (RCE) vulnerability exists in ...)
- TODO: check
+ NOT-FOR-US: Replicator Node module
CVE-2026-29598 (Multiple stored cross-site scripting (XSS) vulnerabilities in the subm ...)
NOT-FOR-US: Acora CMS
CVE-2026-29014 (MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP ...)
@@ -1053,7 +1053,7 @@ CVE-2026-25834 (Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade
CVE-2026-25833 (Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow ...)
TODO: check
CVE-2026-25601 (A vulnerability was identified in MEPIS RM, an industrial software pro ...)
- TODO: check
+ NOT-FOR-US: Metronik d.o.o. MEPIS RM
CVE-2026-24096 (Insufficient permission validation on multiple REST API Quick Setup en ...)
TODO: check
CVE-2026-23899 (An improper access check allows unauthorized access to webservice endp ...)
@@ -1073,57 +1073,57 @@ CVE-2026-21630 (Improperly built order clauses lead to a SQL injection vulnerabi
CVE-2026-21629 (The ajax component was excluded from the default logged-in-user check ...)
NOT-FOR-US: Joomla
CVE-2026-20174 (A vulnerability in the Metadata update feature of Cisco Nexus Dashboar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20160 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20155 (A vulnerability in the web-based management interface of Cisco Evolved ...)
NOT-FOR-US: Cisco
CVE-2026-20151 (A vulnerability in the web interface of Cisco Smart Software Manager O ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20097 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20096 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20095 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20094 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20093 (A vulnerability in the change password functionality of Cisco Integrat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20090 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20089 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20088 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20087 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20085 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20042 (A vulnerability in the configuration backup feature of Cisco Nexus Das ...)
NOT-FOR-US: Cisco
CVE-2026-20041 (A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Ins ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-1879 (A vulnerability was detected in Harvard University IQSS Dataverse up t ...)
- TODO: check
+ NOT-FOR-US: Harvard University IQSS Dataverse
CVE-2026-0932 (Blind server-side request forgery (SSRF) vulnerability in legacy conne ...)
NOT-FOR-US: M-Files
CVE-2026-0522 (A local file inclusion vulnerability in the upload/download flow of th ...)
- TODO: check
+ NOT-FOR-US: VertiGIS FM application
CVE-2025-67807 (The login mechanism of Sage DPW 2025_06_004 displays distinct response ...)
- TODO: check
+ NOT-FOR-US: Sage DPW
CVE-2025-67806 (The login mechanism of Sage DPW 2021_06_004 displays distinct response ...)
- TODO: check
+ NOT-FOR-US: Sage DPW
CVE-2025-67805 (A non-default configuration in Sage DPW 2025_06_004 allows unauthentic ...)
- TODO: check
+ NOT-FOR-US: Sage DPW
CVE-2025-13535 (The King Addons for Elementor plugin for WordPress is vulnerable to mu ...)
NOT-FOR-US: WordPress plugin
CVE-2024-53828 (Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a ...)
NOT-FOR-US: Ericsson
CVE-2024-43028 (A command injection vulnerability in the component /jmreport/show of j ...)
- TODO: check
+ NOT-FOR-US: jeecg boot
CVE-2024-40489 (There is an injection vulnerability in jeecg boot versions 3.0.0 to 3. ...)
- TODO: check
+ NOT-FOR-US: jeecg boot
CVE-2026-23411 (In the Linux kernel, the following vulnerability has been resolved: a ...)
- linux 6.19.6-2
[trixie] - linux 6.12.74-2
@@ -1672,43 +1672,43 @@ CVE-2026-2123 (A security audit identified a privilege escalation vulnerability
CVE-2026-29870 (A directory traversal vulnerability in the agentic-context-engine proj ...)
NOT-FOR-US: agentic-context-engine project
CVE-2026-24165 (NVIDIA BioNeMo contains a vulnerability where a user could cause a des ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24164 (NVIDIA BioNeMo contains a vulnerability where a user could cause a des ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24154 (NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24153 (NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks tr ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24148 (NVIDIA Jetson for JetPack contains a vulnerability in the system initi ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-22569 (An incorrect startup configuration of affected versions of Zscaler Cli ...)
NOT-FOR-US: Zscaler
CVE-2026-22561 (Uncontrolled search path elements in Anthropic Claude for Windows inst ...)
- TODO: check
+ NOT-FOR-US: Anthropic Claude
CVE-2026-20915 (Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) befo ...)
TODO: check
CVE-2026-1579 (The MAVLink communication protocol does not require cryptographic aut ...)
- TODO: check
+ NOT-FOR-US: PX4 Autopilot
CVE-2026-0596 (A command injection vulnerability exists in mlflow/mlflow when serving ...)
NOT-FOR-US: mlflow
CVE-2025-71282 (XenForo before 2.3.7 discloses filesystem paths through exception mess ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2025-71281 (XenForo before 2.3.7 does not properly restrict methods callable from ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2025-71280 (XenForo before 2.3.7 allows information disclosure via local account p ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2025-71279 (XenForo before 2.3.7 contains a security issue affecting Passkeys that ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2025-71278 (XenForo before 2.3.5 allows OAuth2 client applications to request unau ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2025-62184 (Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored C ...)
- TODO: check
+ NOT-FOR-US: Pega Platform
CVE-2025-41357 (Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Serve ...)
- TODO: check
+ NOT-FOR-US: Anon Proxy Server
CVE-2025-41356 (Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Serve ...)
- TODO: check
+ NOT-FOR-US: Anon Proxy Server
CVE-2025-41355 (Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Serve ...)
- TODO: check
+ NOT-FOR-US: Anon Proxy Server
CVE-2025-15484 (The Order Notification for WooCommerce WordPress plugin before 3.6.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14213 (Cato Networks\u2019 Socket versions prior to 25 contain a command inje ...)
@@ -1722,7 +1722,7 @@ CVE-2025-10553 (A Stored Cross-site Scripting (XSS) vulnerability affecting Fact
CVE-2025-10551 (A Stored Cross-site Scripting (XSS) vulnerability affecting Document M ...)
NOT-FOR-US: Dassault Systemes
CVE-2024-58342 (XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially c ...)
- TODO: check
+ NOT-FOR-US: XenForo
CVE-2026-34956
- openvswitch 3.7.1-1 (bug #1132449)
NOTE: https://www.openwall.com/lists/oss-security/2026/03/31/15
@@ -2017,15 +2017,15 @@ CVE-2026-28505 (Tautulli is a Python based monitoring and tracking tool for Plex
CVE-2026-28228 (OpenOlat is an open source web-based e-learning platform for teaching, ...)
NOT-FOR-US: OpenOlat
CVE-2026-27697 (baserCMS is a website development framework. Prior to version 5.2.3, b ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2026-27599 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)
- TODO: check
+ NOT-FOR-US: CI4MS
CVE-2026-27018 (Gotenberg is an API for converting document formats. Prior to version ...)
- TODO: check
+ NOT-FOR-US: Gotenberg
CVE-2026-25627 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2026-21861 (baserCMS is a website development framework. Prior to version 5.2.3, b ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2026-1877 (The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1834 (The Ibtana \u2013 WordPress Website Builder plugin for WordPress is vu ...)
@@ -2035,7 +2035,7 @@ CVE-2026-1797 (The Appointment Booking and Scheduler Plugin \u2013 Truebooker pl
CVE-2026-1710 (The WooPayments: Integrated WooCommerce Payments plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2025-32957 (baserCMS is a website development framework. Prior to version 5.2.3, t ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2026-5170 (A user with access to the cluster with a limited set of privilege acti ...)
- mongodb <removed>
NOTE: https://jira.mongodb.org/browse/SERVER-101758
@@ -2221,31 +2221,31 @@ CVE-2025-3716 (User enumeration in ESET Protect (on-prem) viaResponse Timing.)
CVE-2025-15379 (A command injection vulnerability exists in MLflow's model serving con ...)
NOT-FOR-US: mlflow
CVE-2019-25655 (Device Monitoring Studio 8.10.00.8925 contains a denial of service vul ...)
- TODO: check
+ NOT-FOR-US: Device Monitoring Studio
CVE-2019-25654 (Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Core FTP/SFTP Server
CVE-2019-25653 (Navicat for Oracle 12.1.15 contains a denial of service vulnerability ...)
- TODO: check
+ NOT-FOR-US: Navicat for Oracle
CVE-2018-25235 (NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability i ...)
- TODO: check
+ NOT-FOR-US: NetworkActiv Web Server
CVE-2018-25234 (SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability ...)
- TODO: check
+ NOT-FOR-US: SmartFTP Client
CVE-2018-25233 (WebDrive 18.00.5057 contains a denial of service vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: WebDrive
CVE-2018-25232 (Softros LAN Messenger 9.2 contains a denial of service vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Softros LAN Messenger
CVE-2018-25231 (HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: HeidiSQL
CVE-2018-25230 (Free IP Switcher 3.1 contains a buffer overflow vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: Free IP Switcher
CVE-2018-25229 (BulletProof FTP Server 2019.0.0.50 contains a denial of service vulner ...)
- TODO: check
+ NOT-FOR-US: BulletProof FTP Server
CVE-2018-25228 (NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgr ...)
- TODO: check
+ NOT-FOR-US: NetSetMan
CVE-2018-25227 (Valentina Studio 9.0.4 contains a denial of service vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Valentina Studio
CVE-2018-25226 (FTPShell Server 6.83 contains a buffer overflow vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: FTPShell Server
CVE-2026-4981
NOT-FOR-US: Red Hat Advanced Cluster Security
CVE-2026-35545 [SVG Animate FUNCIRI Attribute Bypass]
@@ -12295,7 +12295,7 @@ CVE-2025-70244 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via
CVE-2025-70242 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the we ...)
NOT-FOR-US: D-Link
CVE-2025-66413 (Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is ...)
- TODO: check
+ NOT-FOR-US: Git for Windows
CVE-2025-36920 (In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible o ...)
NOT-FOR-US: Google devices
CVE-2025-22850 (Time-of-check time-of-use race condition in the UEFI PdaSmm module for ...)
@@ -18086,7 +18086,7 @@ CVE-2026-27696 (changedetection.io is a free open source web page change detecti
CVE-2026-27645 (changedetection.io is a free open source web page change detection too ...)
NOT-FOR-US: changedetection.io
CVE-2026-27641 (Flask-Reuploaded provides file uploads for Flask. A critical path trav ...)
- TODO: check
+ NOT-FOR-US: Flask-Reuploaded
CVE-2026-27640 (tfplan2md is software for converting Terraform plan JSON files into hu ...)
NOT-FOR-US: tfplan2md
CVE-2026-27639 (Mercator is an open source web application designed to enable mapping ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22fe93f912f0dba436ee295e06c3592c73e344c0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22fe93f912f0dba436ee295e06c3592c73e344c0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/38d5aefa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list