[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 6 21:32:39 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5fe989bf by Salvatore Bonaccorso at 2026-03-06T22:32:15+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,11 +19,11 @@ CVE-2026-30833 (Rocket.Chat is an open-source, secure, fully customizable commun
CVE-2026-30831 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
NOT-FOR-US: Rocket.Chat
CVE-2026-2754 (Navtor NavBox exposes sensitive configuration and operational data due ...)
- TODO: check
+ NOT-FOR-US: Navtor NavBox
CVE-2026-2753 (An Absolute Path Traversal vulnerability exists in Navtor NavBox. The ...)
- TODO: check
+ NOT-FOR-US: Navtor NavBox
CVE-2026-2752 (Navtor NavBox allows information disclosure via the /api/ais-data endp ...)
- TODO: check
+ NOT-FOR-US: Navtor NavBox
CVE-2026-29783 (The shell tool within GitHub Copilot CLI versions prior to and includi ...)
NOT-FOR-US: GitHub Copilot CLI
CVE-2026-29178 (Lemmy, a link aggregator and forum for the fediverse, is vulnerable to ...)
@@ -47,41 +47,41 @@ CVE-2026-29063 (Immutable.js provides many Persistent Immutable data structures.
NOTE: Fixed by: https://github.com/immutable-js/immutable-js/commit/faeb58b0cc71ed351dc51f672a95ae21bc859ef5 (v4.3.8)
NOTE: Fixed by: https://github.com/immutable-js/immutable-js/commit/94bcd3c79972db4afffd8d1e5aab415880098b05 (v4.3.8)
CVE-2026-28514 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2026-28106 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in K ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-28080 (Missing Authorization vulnerability in Rank Math Rank Math SEO PRO all ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27777 (Charging station authentication identifiers are publicly accessible vi ...)
- TODO: check
+ NOT-FOR-US: Mobiliti e-mobi.hu
CVE-2026-27764 (The WebSocket backend uses charging station identifiers to uniquely as ...)
- TODO: check
+ NOT-FOR-US: Mobiliti e-mobi.hu
CVE-2026-27123
REJECTED
CVE-2026-27027 (Charging station authentication identifiers are publicly accessible vi ...)
- TODO: check
+ NOT-FOR-US: Everon OCPP Backends
CVE-2026-26288 (WebSocket endpoints lack proper authentication mechanisms, enabling at ...)
- TODO: check
+ NOT-FOR-US: Everon OCPP Backends
CVE-2026-26051 (WebSocket endpoints lack proper authentication mechanisms, enabling at ...)
- TODO: check
+ NOT-FOR-US: Mobiliti e-mobi.hu
CVE-2026-26018 (CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, ...)
TODO: check
CVE-2026-26017 (CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, ...)
TODO: check
CVE-2026-24696 (The WebSocket Application Programming Interface lacks restrictions on ...)
- TODO: check
+ NOT-FOR-US: Everon OCPP Backends
CVE-2026-23925 (An authenticated Zabbix user (User role) with template/host write perm ...)
TODO: check
CVE-2026-20882 (The WebSocket Application Programming Interface lacks restrictions on ...)
- TODO: check
+ NOT-FOR-US: Mobiliti e-mobi.hu
CVE-2026-20748 (The WebSocket backend uses charging station identifiers to uniquely as ...)
- TODO: check
+ NOT-FOR-US: Everon OCPP Backends
CVE-2026-1799
REJECTED
CVE-2026-1468 (QuickCMS is vulnerable to Cross-Site Request Forgery across multiple e ...)
- TODO: check
+ NOT-FOR-US: QuickCMS
CVE-2025-70363 (Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Pla ...)
- TODO: check
+ NOT-FOR-US: Ibexa & Ciril GROUP eZ Platform / Ciril Platform
CVE-2025-69654 (A crafted JavaScript input executed with the QuickJS release 2025-09-1 ...)
TODO: check
CVE-2025-69653 (A crafted JavaScript input can trigger an internal assertion failure i ...)
@@ -107,79 +107,79 @@ CVE-2024-35644 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2022-4947
REJECTED
CVE-2018-25200 (OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability t ...)
- TODO: check
+ NOT-FOR-US: OOP CMS BLOG
CVE-2018-25199 (OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow una ...)
- TODO: check
+ NOT-FOR-US: OOP CMS BLOG
CVE-2018-25198 (eToolz 3.4.8.0 contains a denial of service vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: eToolz
CVE-2018-25197 (PlayJoom 0.10.1 contains an SQL injection vulnerability that allows un ...)
- TODO: check
+ NOT-FOR-US: PlayJoom
CVE-2018-25196 (ServerZilla 1.0 contains an SQL injection vulnerability that allows un ...)
- TODO: check
+ NOT-FOR-US: ServerZilla
CVE-2018-25194 (Nominas 0.27 contains an SQL injection vulnerability that allows unaut ...)
- TODO: check
+ NOT-FOR-US: Nominas
CVE-2018-25193 (Mongoose Web Server 6.9 contains a denial of service vulnerability tha ...)
TODO: check
CVE-2018-25192 (GPS Tracking System 2.12 contains an SQL injection vulnerability that ...)
- TODO: check
+ NOT-FOR-US: GPS Tracking System
CVE-2018-25191 (Facturation System 1.0 contains an SQL injection vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: Facturation System
CVE-2018-25190 (Easyndexer 1.0 contains a cross-site request forgery vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Easyndexer
CVE-2018-25189 (Data Center Audit 2.6.2 contains an SQL injection vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Data Center Audit
CVE-2018-25188 (Webiness Inventory 2.3 contains an SQL injection vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: Webiness Inventory
CVE-2018-25187 (Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthent ...)
- TODO: check
+ NOT-FOR-US: Tina4 Stack
CVE-2018-25186 (Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability ...)
- TODO: check
+ NOT-FOR-US: Tina4 Stack
CVE-2018-25184 (Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Surreal ToDo
CVE-2018-25182 (Silurus Classifieds Script 2.0 contains an SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Silurus Classifieds Script
CVE-2018-25181 (Musicco 2.0.0 contains a path traversal vulnerability that allows unau ...)
- TODO: check
+ NOT-FOR-US: Musicco
CVE-2018-25180 (Maitra 1.7.2 contains an sql injection vulnerability that allows authe ...)
- TODO: check
+ NOT-FOR-US: Maitra
CVE-2018-25179 (Gumbo CMS 0.99 contains an SQL injection vulnerability that allows una ...)
- TODO: check
+ NOT-FOR-US: Gumbo CMS
CVE-2018-25178 (Easyndexer 1.0 contains an arbitrary file download vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Easyndexer
CVE-2018-25177 (Data Center Audit 2.6.2 contains a cross-site request forgery vulnerab ...)
- TODO: check
+ NOT-FOR-US: Data Center Audit
CVE-2018-25176 (Alive Parish 2.0.4 contains an SQL injection vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: Alive Parish
CVE-2018-25175 (Alienor Web Libre 2.0 contains an SQL injection vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: Alienor Web Libre
CVE-2018-25174 (ABC ERP 0.6.4 contains a cross-site request forgery vulnerability that ...)
- TODO: check
+ NOT-FOR-US: ABC ERP
CVE-2018-25173 (Rmedia SMS 1.0 contains an SQL injection vulnerability that allows una ...)
- TODO: check
+ NOT-FOR-US: Rmedia SMS
CVE-2018-25172 (Pedidos 1.0 contains an SQL injection vulnerability that allows unauth ...)
- TODO: check
+ NOT-FOR-US: Pedidos
CVE-2018-25171 (EdTv 2 contains an SQL injection vulnerability that allows unauthentic ...)
- TODO: check
+ NOT-FOR-US: EdTv
CVE-2018-25170 (DoceboLMS 1.2 contains an SQL injection vulnerability that allows unau ...)
- TODO: check
+ NOT-FOR-US: DoceboLMS
CVE-2018-25169 (AMPPS 2.7 contains a denial of service vulnerability that allows remot ...)
- TODO: check
+ NOT-FOR-US: AMPPS
CVE-2018-25168 (Precurio Intranet Portal 2.0 contains a cross-site request forgery vul ...)
- TODO: check
+ NOT-FOR-US: Precurio Intranet Portal
CVE-2018-25167 (Net-Billetterie 2.9 contains an SQL injection vulnerability in the log ...)
- TODO: check
+ NOT-FOR-US: Net-Billetterie
CVE-2018-25166 (Meneame English Pligg 5.8 contains an SQL injection vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Meneame English Pligg
CVE-2018-25165 (Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Galaxy Forces MMORPG
CVE-2018-25164 (EverSync 0.5 contains an arbitrary file download vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: EverSync
CVE-2018-25163 (BitZoom 1.0 contains an SQL injection vulnerability that allows unauth ...)
- TODO: check
+ NOT-FOR-US: BitZoom
CVE-2018-25162 (2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that ...)
- TODO: check
+ NOT-FOR-US: 2-Plan Team
CVE-2018-25161 (Warranty Tracking System 11.06.3 contains an SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Warranty Tracking System
CVE-2026-27139
- golang-1.26 <unfixed>
- golang-1.25 <unfixed>
@@ -327,17 +327,17 @@ CVE-2026-28802 (Authlib is a Python library which builds OAuth and OpenID Connec
NOTE: Introduced with: https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75 (v1.6.0)
NOTE: Fixed by: https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7 (v1.6.7)
CVE-2026-28801 (Natro Macro is an open-source Bee Swarm Simulator macro written in Aut ...)
- TODO: check
+ NOT-FOR-US: Natro Macro
CVE-2026-28800 (Natro Macro is an open-source Bee Swarm Simulator macro written in Aut ...)
- TODO: check
+ NOT-FOR-US: Natro Macro
CVE-2026-28799 (PJSIP is a free and open source multimedia communication library writt ...)
TODO: check
CVE-2026-28795 (OpenChatBI is an intelligent chat-based BI tool powered by large langu ...)
NOT-FOR-US: OpenChatBI
CVE-2026-28794 (oRPC is an tool that helps build APIs that are end-to-end type-safe an ...)
- TODO: check
+ NOT-FOR-US: oRPC
CVE-2026-28787 (OneUptime is a solution for monitoring and managing online services. I ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-28785 (Ghostfolio is an open source wealth management software. Prior to vers ...)
NOT-FOR-US: Ghostfolio
CVE-2026-28727 (Local privilege escalation due to insecure Unix socket permissions. Th ...)
@@ -379,13 +379,13 @@ CVE-2026-28710 (Sensitive information disclosure and manipulation due to imprope
CVE-2026-28709 (Unauthorized resource manipulation due to improper authorization check ...)
NOT-FOR-US: Acronis
CVE-2026-28685 (Kimai is a web-based multi-user time-tracking application. Prior to ve ...)
- TODO: check
+ NOT-FOR-US: Kimai
CVE-2026-28683 (Gokapi is a self-hosted file sharing server with automatic expiration ...)
NOT-FOR-US: Gokapi
CVE-2026-28682 (Gokapi is a self-hosted file sharing server with automatic expiration ...)
NOT-FOR-US: Gokapi
CVE-2026-28681 (Internet Routing Registry daemon version 4 is an IRR database server, ...)
- TODO: check
+ NOT-FOR-US: Internet Routing Registry daemon (iird)
CVE-2026-28680 (Ghostfolio is an open source wealth management software. Prior to vers ...)
NOT-FOR-US: Ghostfolio
CVE-2026-28679 (Home-Gallery.org is a self-hosted open-source web gallery to browse pe ...)
@@ -409,7 +409,7 @@ CVE-2026-28501 (WWBN AVideo is an open source video platform. Prior to version 2
CVE-2026-28497 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Pri ...)
NOT-FOR-US: TinyWeb
CVE-2026-28492 (File Browser provides a file managing interface within a specified dir ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-28486 (OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traver ...)
NOT-FOR-US: OpenClaw
CVE-2026-28485 (OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandator ...)
@@ -483,23 +483,23 @@ CVE-2026-28447 (OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a p
CVE-2026-28446 (OpenClaw versions prior to 2026.2.1 with the voice-call extension inst ...)
NOT-FOR-US: OpenClaw
CVE-2026-28443 (OpenReplay is a self-hosted session replay suite. Prior to version 1.2 ...)
- TODO: check
+ NOT-FOR-US: OpenReplay
CVE-2026-28442 (ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...)
- TODO: check
+ NOT-FOR-US: ZimaOS
CVE-2026-28438 (CocoIndex is a data transformation framework for AI. Prior to version ...)
- TODO: check
+ NOT-FOR-US: CocoIndex
CVE-2026-28436 (Frappe is a full-stack web application framework. Prior to versions 16 ...)
NOT-FOR-US: Frappe
CVE-2026-28429 (Talishar is a fan-made Flesh and Blood project. Prior to commit 6be387 ...)
- TODO: check
+ NOT-FOR-US: Talishar
CVE-2026-28428 (Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218 ...)
- TODO: check
+ NOT-FOR-US: Talishar
CVE-2026-28413 (Products.isurlinportal is a replacement for isURLInPortal method in Pl ...)
- TODO: check
+ NOT-FOR-US: Products.isurlinportal for Plone
CVE-2026-28410 (The Graph is an indexing protocol for querying networks like Ethereum, ...)
TODO: check
CVE-2026-28405 (MarkUs is a web application for the submission and grading of student ...)
- TODO: check
+ NOT-FOR-US: MarkUs
CVE-2026-28395 (OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper ne ...)
NOT-FOR-US: OpenClaw
CVE-2026-28394 (OpenClaw versions prior to 2026.2.15 contain a denial of service vulne ...)
@@ -511,55 +511,55 @@ CVE-2026-28392 (OpenClaw versions prior to 2026.2.14 contain a privilege escalat
CVE-2026-28391 (OpenClaw versions prior to 2026.2.2 fail to properly validate Windows ...)
NOT-FOR-US: OpenClaw
CVE-2026-27807 (MarkUs is a web application for the submission and grading of student ...)
- TODO: check
+ NOT-FOR-US: MarkUs
CVE-2026-27778 (The WebSocket Application Programming Interface lacks restrictions on ...)
- TODO: check
+ NOT-FOR-US: ePower epower.ie
CVE-2026-27770 (Charging station authentication identifiers are publicly accessible vi ...)
- TODO: check
+ NOT-FOR-US: ePower epower.ie
CVE-2026-27605 (Chartbrew is an open-source web application that can connect directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-27603 (Chartbrew is an open-source web application that can connect directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-27005 (Chartbrew is an open-source web application that can connect directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-26125 (Payment Orchestrator Service Elevation of Privilege Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26124 ('.../...//' in Azure Compute Gallery allows an authorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26122 (Initialization of a resource with an insecure default in Azure Compute ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-25962 (MarkUs is a web application for the submission and grading of student ...)
- TODO: check
+ NOT-FOR-US: MarkUs
CVE-2026-25888 (Chartbrew is an open-source web application that can connect directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-25887 (Chartbrew is an open-source web application that can connect directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-25877 (Chartbrew is an open-source web application that can connect directly ...)
- TODO: check
+ NOT-FOR-US: Chartbrew
CVE-2026-24912 (The WebSocket backend uses charging station identifiers to uniquely as ...)
- TODO: check
+ NOT-FOR-US: ePower epower.ie
CVE-2026-23651 (Permissive regular expression in Azure Compute Gallery allows an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-22723 (Inappropriate user token revocation due to a logic error in the token ...)
- TODO: check
+ NOT-FOR-US: Cloudfoundry
CVE-2026-22552 (WebSocket endpoints lack proper authentication mechanisms, enabling at ...)
- TODO: check
+ NOT-FOR-US: ePower epower.ie
CVE-2026-21622 (Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm ('E ...)
- TODO: check
+ NOT-FOR-US: hexpm
CVE-2026-21536 (Microsoft Devices Pricing Program Remote Code Execution Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-1128 (The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF ch ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0848 (NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due t ...)
TODO: check
CVE-2025-70995 (An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows auth ...)
- TODO: check
+ NOT-FOR-US: Aranda Service Desk Web Edition
CVE-2025-70949 (An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows ...)
- TODO: check
+ NOT-FOR-US: perfood/couch-auth
CVE-2025-70948 (A host header injection vulnerability in the mailer component of @perf ...)
- TODO: check
+ NOT-FOR-US: perfood/couch-auth
CVE-2025-70614 (OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contain ...)
- TODO: check
+ NOT-FOR-US: OpenCode Systems OC Messaging / USSD Gateway OC
CVE-2025-59544 (Chamilo is a learning management system. Prior to version 1.11.34, the ...)
NOT-FOR-US: Chamilo LMS
CVE-2025-59543 (Chamilo is a learning management system. Prior to version 1.11.34, the ...)
@@ -701,11 +701,11 @@ CVE-2026-25921 (Gogs is an open source self-hosted Git service. Prior to version
CVE-2026-25048 (xgrammar is an open-source library for efficient, flexible, and portab ...)
TODO: check
CVE-2026-24457 (An unsafe parsing of OpenMQ's configuration, allows a remote attacker ...)
- TODO: check
+ NOT-FOR-US: OpenMQ
CVE-2026-21628 (A improperly secured file management feature allows uploads of dangero ...)
NOT-FOR-US: Joomla
CVE-2026-21621 (Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.He ...)
- TODO: check
+ NOT-FOR-US: hexpm
CVE-2026-1720 (The WowOptin: Next-Gen Popup Maker \u2013 Create Stunning Popups and O ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1605 (In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class Gzi ...)
@@ -714,7 +714,7 @@ CVE-2026-1605 (In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, clas
CVE-2025-7375 (A denial-of-service (DoS) vulnerability was identified in Omada EAP610 ...)
NOT-FOR-US: TPLink
CVE-2025-70616 (A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnB ...)
- TODO: check
+ NOT-FOR-US: Wincor Nixdorf
CVE-2025-70233 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
NOT-FOR-US: D-Link
CVE-2025-70232 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
@@ -740,13 +740,13 @@ CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malfor
NOTE: https://github.com/python/cpython/commit/381159b2beabbd6b3c0babe4d7ba7fbdeb23ce06 (v3.14.0b2)
NOTE: https://github.com/python/cpython/commit/aa0c3d1098e7fdcc74b753aadf18dd07ddbc76b0 (v3.13.4)
CVE-2025-64166 (Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a ...)
- TODO: check
+ NOT-FOR-US: Mercurius
CVE-2025-45691 (An Arbitrary File Read vulnerability exists in the ImageTextPromptValu ...)
TODO: check
CVE-2025-29165 (An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escal ...)
NOT-FOR-US: D-Link
CVE-2025-13476 (Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0\u ...)
- TODO: check
+ NOT-FOR-US: Viber
CVE-2025-13350 (Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but b ...)
- linux <not-affected> (Ubuntu-specific backport issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/03/05/7
@@ -756,7 +756,7 @@ CVE-2025-11143 (The Jetty URI parser has some key differences to other common pa
- jetty <removed>
NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh
CVE-2024-43035 (Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arb ...)
- TODO: check
+ NOT-FOR-US: Fonoster
CVE-2026-3523 (The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injectio ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3072 (The Media Library Assistant plugin for WordPress is vulnerable to unau ...)
@@ -1749,11 +1749,11 @@ CVE-2025-59784 (2N Access Commander version 3.4.1 and prior is vulnerable to log
CVE-2025-59783 (API endpoint for user synchronization in 2N Access Commander version 3 ...)
NOT-FOR-US: 2N Access Commander
CVE-2025-40896 (The server certificate was not verified when an Arc agent connected to ...)
- TODO: check
+ NOT-FOR-US: Arc
CVE-2025-40895 (A Stored HTML Injection vulnerability was discovered in the CMC's Sens ...)
- TODO: check
+ NOT-FOR-US: CMC
CVE-2025-40894 (A Stored HTML Injection vulnerability was discovered in the Alerted No ...)
- TODO: check
+ NOT-FOR-US: Guardian, CMC
CVE-2025-15558 (Docker CLI for Windows searches for plugin binaries in C:\ProgramData\ ...)
NOT-FOR-US: Docker CLI for Windows
CVE-2025-12801 (A vulnerability was recently discovered in the rpc.mountd daemon in th ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fe989bf767969592dbcf046cf1f0bbd0eb8fff5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fe989bf767969592dbcf046cf1f0bbd0eb8fff5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260306/6c36df1d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list