[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Jun 13 22:22:35 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3172dedc by Moritz Muehlenhoff at 2026-06-13T23:22:15+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10,7 +10,7 @@ CVE-2026-XXXX [RUSTSEC-2026-0174]
CVE-2026-9629 (The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6428 (SQL Injection in reports/catalogue_out.pl in Koha Community Koha throu ...)
- TODO: check
+ - koha <itp> (bug #702134)
CVE-2026-5513 (The Online Scheduling and Appointment Booking System \u2013 Bookly plu ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3297 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
@@ -20,9 +20,9 @@ CVE-2026-2470 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder
CVE-2026-1291 (The Meow Gallery plugin for WordPress is vulnerable to unauthorized mo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12183 (Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 thro ...)
- TODO: check
+ NOT-FOR-US: Gas Station Automation System
CVE-2026-11624 (The Model Context Protocol has a security warning advising servers to ...)
- TODO: check
+ NOT-FOR-US: MCP Toolbox for Databases
CVE-2026-9848 (The WP Ticket plugin for WordPress is vulnerable to SQL Injection via ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9134 (The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site ...)
@@ -231,7 +231,7 @@ CVE-2026-12089 (The LWS Optimize \u2013 All-in-One Speed Booster & Cache Tools p
CVE-2026-12068 (Information disclosure vulnerability in Avira Password Manager when us ...)
NOT-FOR-US: Avira
CVE-2026-11769 (We have released version 5.24.0 of the Grafana Operator. This patch in ...)
- TODO: check
+ NOT-FOR-US: Grafana Operator
CVE-2026-11443 (Allegra downloadAttachment Cross-Site Scripting Authentication Bypass ...)
NOT-FOR-US: Allegra
CVE-2026-11442 (Allegra exportReport Directory Traversal Information Disclosure Vulner ...)
@@ -579,7 +579,7 @@ CVE-2026-12143 (form-data is a library for creating readable multipart/form-data
CVE-2026-12066 (A security flaw has been discovered in PbootCMS up to 3.2.12. This vul ...)
NOT-FOR-US: PbootCMS
CVE-2026-12065 (A vulnerability was identified in Groww Stock, Mutual Fund, Gold App u ...)
- TODO: check
+ NOT-FOR-US: Groww
CVE-2026-12058 (The connection confirmation pop-up of a specific feature in the PcSuit ...)
NOT-FOR-US: Vivo
CVE-2026-12043 (Improper handling of HPACK dynamic table size updates in the AWS Commo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3172dedc2424b77d987780c200f7208b443ce018
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3172dedc2424b77d987780c200f7208b443ce018
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260613/58260ef6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list