[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 30 10:12:13 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b37575f by Moritz Muehlenhoff at 2026-04-30T11:11:13+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -153,7 +153,7 @@ CVE-2026-34965 (Cockpit CMS contains an authenticated remote code execution vuln
CVE-2026-1858 (wget2 accepts a server certificate with incorrect Key Usage (KU) or Ex ...)
TODO: check
CVE-2025-50328 (A vulnerability in B1 Free Archiver v1.5.86 allows files extracted fro ...)
- TODO: check
+ NOT-FOR-US: B1 Free Archiver
CVE-2025-13030 (All versions of the package django-mdeditor are vulnerable to Missing ...)
TODO: check
CVE-2018-25318 (Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vuln ...)
@@ -163,41 +163,41 @@ CVE-2018-25317 (Tenda W3002R/A302/W309R wireless routers version V5.07.64_en con
CVE-2018-25316 (Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerabili ...)
NOT-FOR-US: Tenda
CVE-2018-25315 (Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Alloksoft
CVE-2018-25314 (Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffe ...)
- TODO: check
+ NOT-FOR-US: Alloksoft
CVE-2018-25313 (SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy ...)
- TODO: check
+ NOT-FOR-US: SysGauge
CVE-2018-25312 (LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities t ...)
- TODO: check
+ NOT-FOR-US: LifeSize ClearSea
CVE-2018-25311 (VideoFlow Digital Video Protection DVP 2.10 contains an authenticated ...)
- TODO: check
+ NOT-FOR-US: VideoFlow Digital Video Protection
CVE-2018-25310 (VideoFlow Digital Video Protection DVP 2.10 contains an authenticated ...)
- TODO: check
+ NOT-FOR-US: VideoFlow Digital Video Protection
CVE-2018-25309 (MyBB Recent threads 17.0 contains a persistent cross-site scripting vu ...)
NOT-FOR-US: MyBB
CVE-2018-25308 (BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code ex ...)
- TODO: check
+ NOT-FOR-US: BuddyPress Xprofile Custom Fields Type
CVE-2018-25307 (SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in ...)
- TODO: check
+ NOT-FOR-US: SysGauge
CVE-2018-25306 (PDFunite 0.41.0 contains a buffer overflow vulnerability that allows l ...)
TODO: check
CVE-2018-25305 (librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that all ...)
TODO: check
CVE-2018-25304 (Free Download Manager 2.0 Built 417 contains a local buffer overflow v ...)
- TODO: check
+ NOT-FOR-US: Free Download Manager
CVE-2018-25303 (Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overf ...)
- TODO: check
+ NOT-FOR-US: Alloksoft
CVE-2018-25302 (Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exc ...)
- TODO: check
+ NOT-FOR-US: Alloksoft
CVE-2018-25301 (Easy MPEG to DVD Burner 1.7.11 contains a structured exception handlin ...)
- TODO: check
+ NOT-FOR-US: Easy MPEG to DVD Burner
CVE-2018-25300 (XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: XATABoost CMS
CVE-2018-25299 (Prime95 29.4b8 contains a local buffer overflow vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: Prime95
CVE-2018-25298 (Merge PACS 7.0 contains a cross-site request forgery vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Merge PACS
CVE-2026-5419
- gnutls28 <unfixed>
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13
@@ -347,9 +347,9 @@ CVE-2026-42412 (Missing Authorization vulnerability in weDevs WP User Frontend a
CVE-2026-42377 (Missing Authorization vulnerability in Brainstorm Force SureForms Pro ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-42249 (Ollama for Windowscontains a Remote Code Execution vulnerability in it ...)
- TODO: check
+ NOT-FOR-US: Ollama for Windows
CVE-2026-42248 (Ollama for Windows does not perform integrity or authenticity verifica ...)
- TODO: check
+ NOT-FOR-US: Ollama for Windows
CVE-2026-41952 (Local privilege escalation due to improper input validation. The follo ...)
NOT-FOR-US: Acronis
CVE-2026-41940 (cPanel and WHM versions after 11.40 contain an authentication bypass v ...)
@@ -363,7 +363,7 @@ CVE-2026-40230 (Helpy contains a stored cross-site scripting vulnerability in th
CVE-2026-40229 (Helpy contains a stored cross-site scripting vulnerability in the post ...)
NOT-FOR-US: Helpy
CVE-2026-3325 (SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the \u201cid_ ...)
- TODO: check
+ NOT-FOR-US: MegaCMS
CVE-2026-38993 (Cockpit 2.13.5 and earlier is vulnerable to directory traversal via th ...)
NOT-FOR-US: Cockpit-HQ/Cockpit
CVE-2026-38992 (Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution ...)
@@ -379,23 +379,23 @@ CVE-2026-36841 (TOTOLINK N200RE V5 was discovered to contain a command injection
CVE-2026-36837 (TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain ...)
NOT-FOR-US: TOTOLINK
CVE-2026-30893 (Wazuh is a free and open source platform used for threat prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2026-30769 (An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Pro ...)
- TODO: check
+ NOT-FOR-US: EnTech Taiwan
CVE-2026-2902 (The WP Meteor Website Speed Optimization Addon plugin for WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2810 (Netskope was notified about a potential gap in the Endpoint DLP Module ...)
NOT-FOR-US: Netskope
CVE-2026-28221 (Wazuh is a free and open source platform used for threat prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2026-27105 (Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an ...)
NOT-FOR-US: Dell / EMC
CVE-2026-26206 (Wazuh is a free and open source platform used for threat prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2026-26204 (Wazuh is a free and open source platform used for threat prevention, d ...)
- TODO: check
+ NOT-FOR-US: Wazuh
CVE-2026-26015 (DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 t ...)
- TODO: check
+ NOT-FOR-US: DocsGPT
CVE-2026-25852 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
NOT-FOR-US: Acronis
CVE-2026-22745 (Spring MVC and WebFlux applications are vulnerable to Denial of Servic ...)
@@ -411,13 +411,13 @@ CVE-2026-0205 (A post-authentication Path Traversal vulnerability in SonicOS all
CVE-2026-0204 (A vulnerability in the access control mechanism of SonicOS may allow c ...)
NOT-FOR-US: SonicWall
CVE-2025-56537 (A stored cross-site scripting (XSS) vulnerability in opennebula v6.10. ...)
- TODO: check
+ NOT-FOR-US: opennebula
CVE-2025-56536 (A stored cross-site scripting (XSS) vulnerability in opennebula v6.10. ...)
- TODO: check
+ NOT-FOR-US: opennebula
CVE-2025-56535 (A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 all ...)
- TODO: check
+ NOT-FOR-US: opennebula
CVE-2025-56534 (A cross-site scripting (XSS) vulnerability in the custom authenticator ...)
- TODO: check
+ NOT-FOR-US: opennebula
CVE-2025-10503 (The authentication endpoint accepts user-supplied input without enforc ...)
NOT-FOR-US: WSO2
CVE-2026-XXXX [RUSTSEC-2026-0112]
@@ -3020,7 +3020,7 @@ CVE-2026-23751 (Kofax Capture, now referred to as Tungsten Capture, version 6.0.
CVE-2025-70994 (Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a ...)
NOT-FOR-US: Yadea T5 Electric Bicycles
CVE-2025-66286 (An API design flaw in WebKitGTK and WPE WebKit allows untrusted web co ...)
- TODO: check
+ NOTE: webkit API limitation
CVE-2025-62373 (Pipecat is an open-source Python framework for building real-time voic ...)
TODO: check
CVE-2025-62110 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -3028,7 +3028,7 @@ CVE-2025-62110 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-62104 (Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 a ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-50229 (Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing ...)
- TODO: check
+ NOT-FOR-US: Jizhicms
CVE-2026-6856
- keycloak <itp> (bug #1088287)
CVE-2026-22020 [updated libpng in Oracle Java]
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b37575f6a92bfbe5ec63e391a7f9580dfd776a5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b37575f6a92bfbe5ec63e391a7f9580dfd776a5
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260430/c5dae673/attachment.htm>
More information about the debian-security-tracker-commits
mailing list