[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 6 10:28:53 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5e885cb9 by Moritz Muehlenhoff at 2026-02-06T11:27:42+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6,15 +6,15 @@ CVE-2026-XXXX [RUSTSEC-2026-0008]
NOTE: https://github.com/advisories/GHSA-j39j-6gw9-jw6h
NOTE: https://github.com/rust-lang/git2-rs/pull/1213
CVE-2026-2010 (A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2026-2009 (A flaw has been found in SourceCodester Gas Agency Management System 1 ...)
NOT-FOR-US: SourceCodester
CVE-2026-2008 (A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd ...)
- TODO: check
+ NOT-FOR-US: fermat-mcp
CVE-2026-2000 (A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is ...)
- TODO: check
+ NOT-FOR-US: DCN DCME-320
CVE-2026-25815 (Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP creden ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-25698
REJECTED
CVE-2026-25697
@@ -30,47 +30,47 @@ CVE-2026-25693
CVE-2026-25692
REJECTED
CVE-2026-24302 (Azure Arc Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24300 (Azure Front Door Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23623 (Collabora Online is a collaborative online office suite based on Libre ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2026-21626 (Access control settings for forum post custom fields are not applied t ...)
NOT-FOR-US: Joomla
CVE-2026-21532 (Azure Function Information Disclosure Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-1998 (A flaw has been found in micropython up to 1.27.0. This vulnerability ...)
TODO: check
CVE-2026-1991 (A vulnerability was detected in libuvc up to 0.0.7. Affected is the fu ...)
TODO: check
CVE-2026-1990 (A security vulnerability has been detected in oatpp up to 1.3.1. This ...)
- TODO: check
+ NOT-FOR-US: oatpp
CVE-2026-1979 (A flaw has been found in mruby up to 3.4.0. This affects the function ...)
TODO: check
CVE-2026-1978 (A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected b ...)
- TODO: check
+ NOT-FOR-US: NanoCMS
CVE-2026-1977 (A security vulnerability has been detected in isaacwasserman mcp-vegal ...)
- TODO: check
+ NOT-FOR-US: mcp-vegalite-server
CVE-2026-1976 (A weakness has been identified in Free5GC up to 4.1.0. Affected is the ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-1975 (A security flaw has been discovered in Free5GC up to 4.1.0. This impac ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-1974 (A vulnerability was identified in Free5GC up to 4.1.0. This affects th ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-1973 (A vulnerability was determined in Free5GC up to 4.1.0. The impacted el ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-1972 (A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected ele ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-1971 (A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impact ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-1970 (A flaw has been found in Edimax BR-6258n up to 1.18. This issue affect ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-1964 (A vulnerability was determined in WeKan up to 8.20. This impacts an un ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1963 (A vulnerability was found in WeKan up to 8.20. This affects an unknown ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1962 (A vulnerability has been found in WeKan up to 8.20. The impacted eleme ...)
- TODO: check
+ NOT-FOR-US: WeKan
CVE-2026-1909 (The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-S ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1888 (The Docus \u2013 YouTube Video Playlist plugin for WordPress is vulner ...)
@@ -84,9 +84,9 @@ CVE-2026-1279 (The Employee Directory plugin for WordPress is vulnerable to Stor
CVE-2026-1228 (The Timeline Block \u2013 Beautiful Timeline Builder for WordPress (Ve ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0598 (A security flaw was identified in the Ansible Lightspeed API conversat ...)
- TODO: check
+ NOT-FOR-US: Ansible-lightspeed
CVE-2026-0521 (A reflected cross-site scripting (XSS) vulnerability in the PDF export ...)
- TODO: check
+ NOT-FOR-US: TYDAC MAP+
CVE-2026-0391 (User interface (ui) misrepresentation of critical information in Micro ...)
NOT-FOR-US: Microsoft
CVE-2026-0106 (In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap d ...)
@@ -96,9 +96,9 @@ CVE-2025-68458 (Webpack is a module bundler. From version 5.49.0 to before 5.104
CVE-2025-68157 (Webpack is a module bundler. From version 5.49.0 to before 5.104.0, wh ...)
TODO: check
CVE-2025-32393 (AutoGPT is a platform that allows users to create, deploy, and manage ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2025-15566 (A security issue was discovered in ingress-nginxwhere the `nginx.ingre ...)
- TODO: check
+ NOT-FOR-US: Kubernetes ingress-nginx
CVE-2025-12131 (A truncated 802.15.4 packet can lead to an assert, resulting in a deni ...)
NOT-FOR-US: Silicon Labs
CVE-2025-10753 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPres ...)
@@ -122,7 +122,7 @@ CVE-2026-1654 (The Peter's Date Countdown plugin for WordPress is vulnerable to
CVE-2026-1523 (Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from ...)
NOT-FOR-US: Digitek
CVE-2026-1517 (A vulnerability was identified in iomad up to 5.0. Affected is an unkn ...)
- TODO: check
+ NOT-FOR-US: iomad
CVE-2026-1319 (The Robin Image Optimizer \u2013 Unlimited Image Optimization & WebP C ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1301 (In builds with PubSub and JSON enabled, a crafted JSON message can cau ...)
@@ -222,67 +222,67 @@ CVE-2025-13416 (The ProfileGrid \u2013 User Profiles, Groups and Communities plu
CVE-2025-13379 (IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. ...)
NOT-FOR-US: IBM
CVE-2020-37152 (PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (X ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2020-37151 (phpMyChat Plus 1.98 contains a SQL injection vulnerability in the delu ...)
- TODO: check
+ NOT-FOR-US: phpMyChat Plus
CVE-2020-37150 (Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to acc ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2020-37149 (Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request for ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2020-37148 (P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a store ...)
- TODO: check
+ NOT-FOR-US: P5
CVE-2020-37145 (HRSALE 1.1.8 contains a cross-site request forgery vulnerability that ...)
- TODO: check
+ NOT-FOR-US: HRSALE
CVE-2020-37144 (Exagate SYSGuard 6001 contains a cross-site request forgery vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Exagate
CVE-2020-37143 (ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerabil ...)
- TODO: check
+ NOT-FOR-US: ProficySCADA
CVE-2020-37142 (10-Strike Network Inventory Explorer 8.54 contains a structured except ...)
- TODO: check
+ NOT-FOR-US: 10-Strike Network Inventory Explorer
CVE-2020-37140 (Everest, later referred to as AIDA64, 5.50.2100 contains a denial of s ...)
- TODO: check
+ NOT-FOR-US: Everest
CVE-2020-37139 (Odin Secure FTP Expert 7.6.3 contains a local denial of service vulner ...)
- TODO: check
+ NOT-FOR-US: Odin Secure FTP Expert
CVE-2020-37138 (10-Strike Network Inventory Explorer 9.03 contains a buffer overflow v ...)
- TODO: check
+ NOT-FOR-US: 10-Strike Network Inventory Explorer
CVE-2020-37137 (PHP-Fusion 9.03.50 contains a remote code execution vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2020-37136 (ZOC Terminal 7.25.5 contains a denial of service vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: ZOC Terminal
CVE-2020-37134 (UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2020-37133 (UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability i ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2020-37132 (UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability i ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2020-37131 (Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vu ...)
- TODO: check
+ NOT-FOR-US: Nsauditor
CVE-2020-37130 (Nsauditor 3.2.0.0 contains a denial of service vulnerability in the re ...)
- TODO: check
+ NOT-FOR-US: Nsauditor
CVE-2020-37129 (Memu Play 7.1.3 contains an insecure folder permissions vulnerability ...)
- TODO: check
+ NOT-FOR-US: Memu Play
CVE-2020-37128 (ZOC Terminal 7.25.5 contains a script processing vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: ZOC Terminal
CVE-2020-37127 (Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the d ...)
TODO: check
CVE-2020-37126 (Free Desktop Clock 3.0 contains a stack overflow vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Free Desktop Clock
CVE-2020-37125 (Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulner ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2020-37124 (B64dec 1.1.2 contains a buffer overflow vulnerability that allows atta ...)
TODO: check
CVE-2020-37123 (Pinger 1.0 contains a remote code execution vulnerability that allows ...)
TODO: check
CVE-2020-37121 (CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: CODE::BLOCKS
CVE-2020-37120 (Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Rubo DICOM Viewer
CVE-2020-37119 (Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nsauditor
CVE-2020-37118 (P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery v ...)
- TODO: check
+ NOT-FOR-US: P5
CVE-2020-37117 (jizhiCMS 1.6.7 contains a file download vulnerability in the admin plu ...)
- TODO: check
+ NOT-FOR-US: jizhiCMS
CVE-2026-21727
- grafana <removed>
CVE-2026-25585 (iccDEV provides a set of libraries and tools that allow for the intera ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e885cb9060fd0d2c70f852f4815a70ec66292f3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e885cb9060fd0d2c70f852f4815a70ec66292f3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260206/715d192e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list