[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 1 22:29:01 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7b465e0a by Moritz Muehlenhoff at 2026-06-01T23:26:49+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45,21 +45,25 @@ CVE-2026-48839 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2026-48559 (Lightweight Music Server (LMS) though 3.76.0 contains a stored cross-s ...)
NOT-FOR-US: Lightweight Music Server (LMS)
CVE-2026-48210 (An improper default configuration in OTRS 2026.3.1 causes ticket artic ...)
- TODO: check
+ NOT-FOR-US: OTRS
CVE-2026-48209 (An improper neutralization of user-controllable input in OTRS or ((OTR ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure it out
CVE-2026-48208 (An improper neutralization of active SVG content in OTRS or ((OTRS)) C ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure it out
CVE-2026-48191 (An incorrect handling of permissions in STORM powered by OTRS and in O ...)
- TODO: check
+ NOT-FOR-US: OTRS
CVE-2026-48190 (An incorrect handling of permissions in OTRS External Interface and th ...)
- TODO: check
+ NOT-FOR-US: OTRS
CVE-2026-48189 (An improper Input Validation vulnerability in OTRS Customer Backend mo ...)
- TODO: check
+ NOT-FOR-US: OTRS
CVE-2026-48188 (An improper Input Validation vulnerability in OTRS or ((OTRS)) Communi ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure it out
CVE-2026-48187 (An uncontrolled allocation of resources without limits or throttling i ...)
- TODO: check
+ NOT-FOR-US: OTRS
+ NOTE: Could possibly affect Znuny, we'll let their security team figure it out
CVE-2026-47294 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
NOT-FOR-US: Microsoft
CVE-2026-46605 (Incomplete authorization by Apache ActiveMQ server before versions v6. ...)
@@ -247,7 +251,7 @@ CVE-2026-30963 (Capsule is a multi-tenancy and policy-based framework for Kubern
CVE-2026-27788 (Incorrect permission assignment for critical resource issue exists in ...)
NOT-FOR-US: ServerView Agents for Windows
CVE-2026-25600 (The PDBM application relies on a static, hard\u2011coded secret embedd ...)
- TODO: check
+ NOT-FOR-US: Trac PDBM
CVE-2026-25599 (Missing authentication and clear\u2011text transmission of data from t ...)
TODO: check
CVE-2026-23638 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an ...)
@@ -265,7 +269,7 @@ CVE-2026-20453 (In geniezone, there is a possible out of bounds write due to a m
CVE-2026-20452 (In wlan AP driver, there is a possible memory corruption due to a heap ...)
NOT-FOR-US: MediaTek
CVE-2026-10533 (A flaw was found in OpenShift Container Platform. Completed pods with ...)
- TODO: check
+ NOT-FOR-US: OpenShift
CVE-2026-10532 (Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...)
TODO: check
CVE-2026-10517 (A flaw was found in Clair. The fetcher component makes outbound HTTP r ...)
@@ -279,27 +283,27 @@ CVE-2026-10281 (A weakness has been identified in Enderfga claw-orchestrator up
CVE-2026-10280 (A security flaw has been discovered in horizon921 mcpilot 0.1.0. The i ...)
TODO: check
CVE-2026-10279 (A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. T ...)
- TODO: check
+ NOT-FOR-US: wezterm-mcp
CVE-2026-10278 (A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impa ...)
- TODO: check
+ NOT-FOR-US: excel-mcp
CVE-2026-10277 (A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d ...)
- TODO: check
+ NOT-FOR-US: mcp-google-workspace
CVE-2026-10276 (A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. Th ...)
- TODO: check
+ NOT-FOR-US: Jenkins-server-mcp
CVE-2026-10275 (A flaw has been found in OpenSC up to 0.26.1. This affects the functio ...)
TODO: check
CVE-2026-10274 (A vulnerability was determined in indrasishbanerjee aem-mcp-server up ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10273 (A vulnerability was found in php-censor up to 2.1.6. This affects an u ...)
TODO: check
CVE-2026-10272 (A vulnerability has been found in a4m4 Student-Management-System up to ...)
- TODO: check
+ NOT-FOR-US: a4m4 Student-Management-System
CVE-2026-10271 (A flaw has been found in a4m4 Student-Management-System up to f0c5f684 ...)
- TODO: check
+ NOT-FOR-US: a4m4 Student-Management-System
CVE-2026-10270 (A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. ...)
NOT-FOR-US: D-Link
CVE-2026-10269 (A security vulnerability has been detected in decolua 9router up to 0. ...)
- TODO: check
+ NOT-FOR-US: 9router
CVE-2026-10268 (A weakness has been identified in janet-lang janet up to 1.41.0. This ...)
TODO: check
CVE-2026-10267 (A security flaw has been discovered in janet-lang janet up to 1.41.0. ...)
@@ -385,15 +389,15 @@ CVE-2026-10226 (A flaw has been found in raisulislamg4 student_management_system
CVE-2026-10225 (A vulnerability was detected in raisulislamg4 student_management_syste ...)
TODO: check
CVE-2026-10224 (A security vulnerability has been detected in NousResearch hermes-agen ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10223 (A weakness has been identified in NousResearch hermes-agent up to 2026 ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10222 (A security flaw has been discovered in NousResearch hermes-agent up to ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10221 (A vulnerability was identified in NousResearch hermes-agent up to 0.12 ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10220 (A vulnerability was determined in NousResearch hermes-agent up to 2026 ...)
- TODO: check
+ NOT-FOR-US: aem-mcp-server
CVE-2026-10219 (A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. Thi ...)
TODO: check
CVE-2026-10218 (A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3 ...)
@@ -401,19 +405,19 @@ CVE-2026-10218 (A vulnerability has been found in nextlevelbuilder GoClaw up to
CVE-2026-10217 (A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The imp ...)
TODO: check
CVE-2026-10216 (A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The ...)
- TODO: check
+ NOT-FOR-US: droidclaw
CVE-2026-10215 (A security vulnerability has been detected in Dolibarr ERP CRM up to 2 ...)
NOT-FOR-US: Dolibarr
CVE-2026-10214 (A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0 ...)
- TODO: check
+ NOT-FOR-US: chatgpt-on-wechat
CVE-2026-10213 (A security flaw has been discovered in AstrBotDevs AstrBot 4.23.6. Thi ...)
- TODO: check
+ NOT-FOR-US: AstrBotDevs AstrBot
CVE-2026-10212 (A vulnerability was identified in AstrBotDevs AstrBot 4.24.2. This aff ...)
- TODO: check
+ NOT-FOR-US: AstrBotDevs AstrBot
CVE-2026-10211 (A vulnerability was determined in AstrBotDevs AstrBot 4.23.6. Affected ...)
- TODO: check
+ NOT-FOR-US: AstrBotDevs AstrBot
CVE-2026-10210 (A vulnerability was found in AstrBotDevs AstrBot 4.23.6. Affected by t ...)
- TODO: check
+ NOT-FOR-US: AstrBotDevs AstrBot
CVE-2026-10209 (A vulnerability has been found in code-projects Online Hospital Manage ...)
NOT-FOR-US: code-projects
CVE-2026-10208 (A flaw has been found in code-projects Online Hospital Management Syst ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b465e0aa638e6a8bd2d9be6067cd094419edfde
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b465e0aa638e6a8bd2d9be6067cd094419edfde
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/805fa28b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list