[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jun 2 17:00:07 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d5806a9e by Moritz Muehlenhoff at 2026-06-02T16:28:01+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,9 +7,9 @@ CVE-2026-8293 (The Really Simple Security WordPress plugin before 9.5.10.1 does
CVE-2026-8206 (The Kirki \u2013 Freeform Page Builder, Website Builder & Customizer p ...)
NOT-FOR-US: WordPress plugin
CVE-2026-49491 (Pixa Bank 2.0 contains an SQL injection vulnerability that allows unau ...)
- TODO: check
+ NOT-FOR-US: Pixa Bank
CVE-2026-49433 (The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts ...)
- TODO: check
+ NOT-FOR-US: DeepAI
CVE-2026-49140 (Nanobot prior to version 0.2.1 contains a denial of service vulnerabil ...)
NOT-FOR-US: Nanobot
CVE-2026-49139 (Nanobot prior to version 0.2.1 contains a server-side request forgery ...)
@@ -17,7 +17,7 @@ CVE-2026-49139 (Nanobot prior to version 0.2.1 contains a server-side request fo
CVE-2026-49138 (Nanobot prior to version 0.2.1 contains a server-side request forgery ...)
NOT-FOR-US: Nanobot
CVE-2026-49136 (Banana Slides through 0.4.0, patched in commit e8bc490, contains a pat ...)
- TODO: check
+ NOT-FOR-US: Banana Slides
CVE-2026-49135 (CodexBar prior to 0.32.0 contains an insecure temporary file handling ...)
NOT-FOR-US: CodexBar
CVE-2026-49134 (CodexBar prior to 0.32.0 contains a privilege escalation vulnerability ...)
@@ -91,31 +91,31 @@ CVE-2026-24087 (Memory corruption while processing fastboot OEM commands.)
CVE-2026-24085 (Memory Corruption when processing display command line information due ...)
NOT-FOR-US: Qualcomm
CVE-2026-10583 (A security vulnerability has been detected in nextlevelbuilder GoClaw ...)
- TODO: check
+ NOT-FOR-US: GoClaw
CVE-2026-10581 (A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerabilit ...)
NOT-FOR-US: DedeCMS
CVE-2026-10568 (A vulnerability was detected in itsourcecode Fees Management System 1. ...)
NOT-FOR-US: itsourcecode System
CVE-2026-10567 (A security vulnerability has been detected in 1Panel-dev CordysCRM up ...)
- TODO: check
+ NOT-FOR-US: CordysCRM
CVE-2026-10566 (A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2 ...)
- TODO: check
+ NOT-FOR-US: MetaGPT
CVE-2026-10565 (A security flaw has been discovered in Open5GS up to 2.7.6. The impact ...)
- TODO: check
+ - open5gs <itp> (bug #1094791)
CVE-2026-10559 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. ...)
NOT-FOR-US: SourceCodester
CVE-2026-10558 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...)
NOT-FOR-US: SourceCodester
CVE-2026-10550 (A weakness has been identified in elunez eladmin up to 2.7. This vulne ...)
- TODO: check
+ NOT-FOR-US: eladmin
CVE-2026-10548 (A security flaw has been discovered in NousResearch hermes-agent up to ...)
- TODO: check
+ NOT-FOR-US: NousResearch hermes-agent
CVE-2026-10529 (A weakness has been identified in westboy CicadasCMS up to 2431154dac8 ...)
- TODO: check
+ NOT-FOR-US: CicadasCMS
CVE-2026-10528 (A security flaw has been discovered in Orthanc DICOM Server up to 1.12 ...)
TODO: check
CVE-2026-10514 (A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. Th ...)
- TODO: check
+ NOT-FOR-US: CordysCRM
CVE-2026-10510 (Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI ...)
NOT-FOR-US: TECNO Mobile
CVE-2026-10302 (A flaw has been found in itsourcecode Fees Management System 1.0. The ...)
@@ -123,7 +123,7 @@ CVE-2026-10302 (A flaw has been found in itsourcecode Fees Management System 1.0
CVE-2026-10301 (A vulnerability was detected in itsourcecode Fees Management System 1. ...)
NOT-FOR-US: itsourcecode System
CVE-2026-10300 (A security vulnerability has been detected in SGLang 0.5.10.post1. Imp ...)
- TODO: check
+ NOT-FOR-US: SGLang
CVE-2026-10299 (A weakness has been identified in code-projects Online Hospital Manage ...)
NOT-FOR-US: code-projects
CVE-2026-10298 (A security flaw has been discovered in ggml-org whisper.cpp up to 1.8. ...)
@@ -137,11 +137,11 @@ CVE-2026-10295 (A vulnerability was found in SourceCodester Customer Review App
CVE-2026-10294 (A vulnerability has been found in PackageKit up to 1.3.5. Affected is ...)
TODO: check
CVE-2026-10293 (A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This imp ...)
- TODO: check
+ NOT-FOR-US: UTT
CVE-2026-10292 (A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. T ...)
- TODO: check
+ NOT-FOR-US: UTT
CVE-2026-10291 (A security vulnerability has been detected in Enderfga claw-orchestrat ...)
- TODO: check
+ NOT-FOR-US: Enderfga claw-orchestrator
CVE-2026-10290 (A weakness has been identified in code-projects Hotel and Tourism Rese ...)
NOT-FOR-US: code-projects
CVE-2026-10289 (A security flaw has been discovered in code-projects Hotel and Tourism ...)
@@ -153,9 +153,9 @@ CVE-2026-10287 (A vulnerability was determined in SourceCodester SEO Meta Tag Ex
CVE-2026-10286 (A vulnerability was found in CodeAstro Payroll System 1.0. This affect ...)
NOT-FOR-US: CodeAstro
CVE-2026-10285 (A vulnerability has been found in DevaslanPHP project-management up to ...)
- TODO: check
+ NOT-FOR-US: DevaslanPHP project-management
CVE-2026-10284 (A flaw has been found in DevaslanPHP project-management up to 2.0.0-be ...)
- TODO: check
+ NOT-FOR-US: DevaslanPHP project-management
CVE-2026-10100 (The Simple Custom Login Page plugin for WordPress is vulnerable to Sto ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0100 (In Load of LoadedArsc.cpp, there is a possible out of bounds write due ...)
@@ -249,7 +249,7 @@ CVE-2026-0016 (In updateProvidersWhenServiceRemoved of CredentialManagerService.
CVE-2026-0009 (In multiple locations, there is a possible tapjacking due to a logic e ...)
NOT-FOR-US: Android
CVE-2025-70099 (A NULL pointer dereference in the ext4_dir_en_get_name_len function in ...)
- TODO: check
+ NOT-FOR-US: lwext4
CVE-2025-59614 (Memory Corruption when sending random number generator command with in ...)
NOT-FOR-US: Qualcomm
CVE-2025-59613 (Memory Corruption when output buffer size is smaller than input buffer ...)
@@ -291,27 +291,27 @@ CVE-2025-22426 (In many functions of ComputerEngine.java, there is a possible wa
CVE-2025-22424 (In multiple locations, there is a possible way to reveal images across ...)
NOT-FOR-US: Android
CVE-2019-25718 (Dr\xe4ger Infinity Explorer C700 contains a privilege escalation vulne ...)
- TODO: check
+ NOT-FOR-US: Draeger Infinity
CVE-2019-25716 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors contain ...)
- TODO: check
+ NOT-FOR-US: Draeger Infinity
CVE-2018-25435 (ZeusCart 4.0 contains a cross-site request forgery vulnerability that ...)
- TODO: check
+ NOT-FOR-US: ZeusCart
CVE-2018-25434 (WP AutoSuggest 0.24 contains an SQL injection vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2018-25433 (Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulner ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2018-25432 (Arm Whois 3.11 contains a buffer overflow vulnerability that allows lo ...)
- TODO: check
+ NOT-FOR-US: Arm whois
CVE-2018-25431 (No-Cms 1.0 contains an SQL injection vulnerability in the order_by par ...)
- TODO: check
+ NOT-FOR-US: No-Cms
CVE-2018-25430 (Paroiciel 11.20 contains an SQL injection vulnerability that allows au ...)
- TODO: check
+ NOT-FOR-US: Paroiciel
CVE-2018-25429 (Paroiciel 11.20 contains an SQL injection vulnerability that allows au ...)
- TODO: check
+ NOT-FOR-US: Paroiciel
CVE-2018-25428 (Paroiciel 11.20 contains an SQL injection vulnerability that allows un ...)
- TODO: check
+ NOT-FOR-US: Paroiciel
CVE-2018-25427 (Arm Whois 3.11 contains a stack-based buffer overflow vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Arm whois
CVE-2026-XXXX [Font Alias Stack-based Buffer Overflow]
- xorg-server <unfixed> (bug #1138680)
- xwayland <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5806a9ecdbc579114bfb1a172a5a10ff51d7b97
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5806a9ecdbc579114bfb1a172a5a10ff51d7b97
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260602/2edca594/attachment.htm>
More information about the debian-security-tracker-commits
mailing list