[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Feb 21 09:32:58 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3d465124 by Salvatore Bonaccorso at 2026-02-21T10:32:35+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2026-2492 (TensorFlow HDF5 Library Uncontrolled Search Path Element Local Pr
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-116/
NOTE: Fixed by: https://github.com/tensorflow/tensorflow/commit/46e7f7fb144fd11cf6d17c23dd47620328d77082 (v2.21.0-rc0)
CVE-2026-2490 (RustDesk Client for Windows Transfer File Link Following Information D ...)
- TODO: check
+ NOT-FOR-US: RustDesk Client for Windows
CVE-2026-2048 (GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulner ...)
TODO: check
CVE-2026-2047 (GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Executio ...)
@@ -91,69 +91,69 @@ CVE-2026-27452 (ASN.1 TypeScript ESM library, including codecs for Basic Encodin
CVE-2026-27212 (Swiper is a free and mobile touch slider with hardware accelerated tra ...)
NOT-FOR-US: Swiper
CVE-2026-27211 (Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Ver ...)
- TODO: check
+ NOT-FOR-US: Cloud Hypervisor
CVE-2026-27210 (Pannellum is a lightweight, free, and open source panorama viewer for ...)
NOT-FOR-US: Pannellum
CVE-2026-27205 (Flask is a web server gateway interface (WSGI) web application framewo ...)
TODO: check
CVE-2026-27203 (eBay API MCP Server is an open source local MCP server providing AI as ...)
- TODO: check
+ NOT-FOR-US: eBay API MCP Server
CVE-2026-27202 (GetSimple CMS is a content management system. All versions of GetSimpl ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2026-27199 (Werkzeug is a comprehensive WSGI web application library. Versions 3.1 ...)
TODO: check
CVE-2026-27198 (Formwork is a flat file-based Content Management System (CMS). In vers ...)
- TODO: check
+ NOT-FOR-US: Formwork CMS
CVE-2026-27197 (Sentry is a developer-first error tracking and performance monitoring ...)
- TODO: check
+ NOT-FOR-US: Sentry
CVE-2026-27196 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
- TODO: check
+ NOT-FOR-US: Statmatic CMS
CVE-2026-27194 (D-Tale is a visualizer for pandas data structures. Versions prior to 3 ...)
- TODO: check
+ NOT-FOR-US: D-Tale
CVE-2026-27193 (Feathersjs is a framework for creating web APIs and real-time applicat ...)
- TODO: check
+ NOT-FOR-US: Feathersjs
CVE-2026-27192 (Feathersjs is a framework for creating web APIs and real-time applicat ...)
- TODO: check
+ NOT-FOR-US: Feathersjs
CVE-2026-27191 (Feathersjs is a framework for creating web APIs and real-time applicat ...)
- TODO: check
+ NOT-FOR-US: Feathersjs
CVE-2026-27190 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-27189 (OpenSift is an AI study tool that sifts through large datasets using s ...)
- TODO: check
+ NOT-FOR-US: OpenSift
CVE-2026-27170 (OpenSift is an AI study tool that sifts through large datasets using s ...)
- TODO: check
+ NOT-FOR-US: OpenSift
CVE-2026-27169 (OpenSift is an AI study tool that sifts through large datasets using s ...)
- TODO: check
+ NOT-FOR-US: OpenSift
CVE-2026-27168 (SAIL is a cross-platform library for loading and saving images with su ...)
TODO: check
CVE-2026-27161 (GetSimple CMS is a content management system. All versions of GetSimpl ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2026-27147 (GetSimple CMS is a content management system. All versions of GetSimpl ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2026-27146 (GetSimple CMS is a content management system. All versions of GetSimpl ...)
- TODO: check
+ NOT-FOR-US: GetSimple CMS
CVE-2026-27134 (Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or ...)
- TODO: check
+ NOT-FOR-US: Strimzi
CVE-2026-27133 (Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or ...)
- TODO: check
+ NOT-FOR-US: Strimzi
CVE-2026-27125 (svelte performance oriented web framework. Prior to 5.51.5, in server- ...)
- TODO: check
+ NOT-FOR-US: svelte
CVE-2026-27122 (svelte performance oriented web framework. Prior to 5.51.5, when using ...)
- TODO: check
+ NOT-FOR-US: svelte
CVE-2026-27121 (svelte performance oriented web framework. Versions of svelte prior to ...)
- TODO: check
+ NOT-FOR-US: svelte
CVE-2026-27120 (Leafkit is a templating language with Swift-inspired syntax. Prior to ...)
- TODO: check
+ NOT-FOR-US: Leafkit
CVE-2026-27119 (svelte performance oriented web framework. From 5.39.3, <=5.51.4, in c ...)
- TODO: check
+ NOT-FOR-US: svelte
CVE-2026-27118 (SvelteKit is a framework for rapidly developing robust, performant web ...)
- TODO: check
+ NOT-FOR-US: SvelteKit
CVE-2026-27113 (Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in comm ...)
TODO: check
CVE-2026-27112 (Kargo manages and automates the promotion of software artifacts. From ...)
- TODO: check
+ NOT-FOR-US: Kargo
CVE-2026-27111 (Kargo manages and automates the promotion of software artifacts. From ...)
- TODO: check
+ NOT-FOR-US: Kargo
CVE-2026-27026 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
TODO: check
CVE-2026-27025 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
@@ -161,9 +161,9 @@ CVE-2026-27025 (pypdf is a free and open-source pure-python PDF library. Prior t
CVE-2026-27024 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
TODO: check
CVE-2026-27022 (@langchain/langgraph-checkpoint-redis is the Redis checkpoint and stor ...)
- TODO: check
+ NOT-FOR-US: langchain/langgraph-checkpoint-redis
CVE-2026-27020 (Photobooth prior to 1.0.1 has a cross-site scripting (XSS) vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Photobooth
CVE-2026-26047 (A denial-of-service vulnerability was identified in Moodle\u2019s TeX ...)
TODO: check
CVE-2026-26046 (A vulnerability was found in a Moodle TeX filter administrative settin ...)
@@ -173,7 +173,7 @@ CVE-2026-26045 (A flaw was identified in Moodle\u2019s backup restore functional
CVE-2026-25896 (fast-xml-parser allows users to validate XML, parse XML to JS object, ...)
TODO: check
CVE-2026-24892 (openITCOCKPIT is an open source monitoring tool built for different mo ...)
- TODO: check
+ NOT-FOR-US: openITCOCKPIT
CVE-2026-0797 (GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution ...)
TODO: check
CVE-2026-0777 (Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnera ...)
@@ -235,11 +235,11 @@ CVE-2026-2818 (A zip-slip path traversal vulnerability in Spring Data Geode's im
CVE-2026-2486 (The Master Addons For Elementor plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2473 (Predictable bucket naming in Vertex AI Experiments in Google Cloud Ver ...)
- TODO: check
+ NOT-FOR-US: Google Cloud Vertex AI
CVE-2026-2472 (Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization c ...)
- TODO: check
+ NOT-FOR-US: Google Cloud Vertex AI
CVE-2026-2333 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-27506 (SVXportal version 2.5 and prior contain a stored cross-site scripting ...)
NOT-FOR-US: SVXportal
CVE-2026-27505 (SVXportal version 2.5 and prior contain a stored cross-site scripting ...)
@@ -271,31 +271,31 @@ CVE-2026-26722 (An issue in Key Systems Inc Global Facilities Management Softwar
CVE-2026-26721 (An issue in Key Systems Inc Global Facilities Management Software v.20 ...)
NOT-FOR-US: Key Systems Inc Global Facilities Management Software
CVE-2026-26102 (Incorrect Permission Assignment for Critical Resource in Owl opds 2.2. ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26101 (Incorrect Permission Assignment for Critical Resource in Owl opds 2.2. ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26100 (Incorrect Permission Assignment for Critical Resource in Owl opds 2.2. ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26099 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26098 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26097 (Uncontrolled Search Path Element in Owl opds 2.2.0.4 allows Leveraging ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26096 (Incorrect Permission Assignment for Critical Resource in Owl opds 2.2. ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26095 (Incorrect Permission Assignment for Critical Resource in Owl opds 2.2. ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26093 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
- TODO: check
+ NOT-FOR-US: Owl opds
CVE-2026-26050 (The installer for \u30b8\u30e7\u30d6\u30ed\u30b0\u96c6\u8a08/\u5206\u6 ...)
NOT-FOR-US: Ricoh
CVE-2026-26049 (The web management interface of the device renders the passwords in a ...)
- TODO: check
+ NOT-FOR-US: Jinan USR IOT Technology Limited (PUSR)
CVE-2026-26048 (The Wi-Fi router is vulnerable to de-authentication attacks due to the ...)
- TODO: check
+ NOT-FOR-US: Jinan USR IOT Technology Limited (PUSR)
CVE-2026-25715 (The web management interface of the device allows the administrator u ...)
- TODO: check
+ NOT-FOR-US: Jinan USR IOT Technology Limited (PUSR)
CVE-2026-24959 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24956 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -321,11 +321,11 @@ CVE-2026-24941 (Missing Authorization vulnerability in wpjobportal WP Job Portal
CVE-2026-24891 (openITCOCKPIT is an open source monitoring tool built for different mo ...)
NOT-FOR-US: openITCOCKPIT
CVE-2026-24790 (The underlying PLC of the device can be remotely influenced, without p ...)
- TODO: check
+ NOT-FOR-US: Welker
CVE-2026-24455 (The embedded web interface of the device does not support HTTPS/TLS fo ...)
- TODO: check
+ NOT-FOR-US: Jinan USR IOT Technology Limited (PUSR)
CVE-2026-22885 (A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and ...)
- TODO: check
+ NOT-FOR-US: EnOcean SmartServer IoT
CVE-2026-22384 (Deserialization of Untrusted Data vulnerability in leafcolor Applay - ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-22383 (Authorization Bypass Through User-Controlled Key vulnerability in Mika ...)
@@ -397,7 +397,7 @@ CVE-2026-21627 (The vulnerability was rooted in how the Tassos Framework plugin
CVE-2026-21620 (Relative Path Traversal, Improper Isolation or Compartmentalization vu ...)
TODO: check
CVE-2026-20761 (A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and ...)
- TODO: check
+ NOT-FOR-US: EnOcean SmartServer IoT
CVE-2026-1842 (HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tok ...)
TODO: check
CVE-2025-70833 (An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unaut ...)
@@ -950,7 +950,7 @@ CVE-2026-26286 (SillyTavern is a locally installed user interface that allows us
CVE-2026-26282 (NanaZip is an open source file archive Starting in version 5.0.1252.0 ...)
NOT-FOR-US: NanaZip
CVE-2026-26275 (httpsig-hyper is a hyper extension for http message signatures. An iss ...)
- TODO: check
+ NOT-FOR-US: httpsig-hyper
CVE-2026-26065 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
- calibre 9.3.0+ds+~0.10.5-1
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d46512448e69becf6e8b39df270ffc2cfb6318b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d46512448e69becf6e8b39df270ffc2cfb6318b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260221/0d95c4d4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list