[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Mar 12 21:38:36 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc15bcdd by Moritz Muehlenhoff at 2026-03-12T22:38:16+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,9 +29,9 @@ CVE-2026-3059 (SGLang's multimodal generation module is vulnerable to unauthenti
CVE-2026-32274 (Black is the uncompromising Python code formatter. Prior to 26.3.1, Bl ...)
TODO: check
CVE-2026-32269 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-32260 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-32259 (ImageMagick is free and open-source software used for editing and mani ...)
TODO: check
CVE-2026-32251 (Tolgee is an open-source localization platform. Prior to 3.166.3, the ...)
@@ -39,7 +39,7 @@ CVE-2026-32251 (Tolgee is an open-source localization platform. Prior to 3.166.3
CVE-2026-32249 (Vim is an open source, command line text editor. From 9.1.0011 to befo ...)
TODO: check
CVE-2026-32248 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-32247 (Graphiti is a framework for building and querying temporal context gra ...)
TODO: check
CVE-2026-32246 (Tinyauth is an authentication and authorization server. Prior to 5.0.3 ...)
@@ -47,35 +47,35 @@ CVE-2026-32246 (Tinyauth is an authentication and authorization server. Prior to
CVE-2026-32245 (Tinyauth is an authentication and authorization server. Prior to 5.0.3 ...)
TODO: check
CVE-2026-32242 (Parse Server is an open source backend that can be deployed to any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-32240 (Cap'n Proto is a data interchange format and capability-based RPC syst ...)
TODO: check
CVE-2026-32239 (Cap'n Proto is a data interchange format and capability-based RPC syst ...)
TODO: check
CVE-2026-32237 (Backstage is an open framework for building developer portals. Prior t ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2026-32236 (Backstage is an open framework for building developer portals. Prior t ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2026-32235 (Backstage is an open framework for building developer portals. Prior t ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2026-32232 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a Dangl ...)
- TODO: check
+ NOT-FOR-US: ZeptoClaw
CVE-2026-32231 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webh ...)
- TODO: check
+ NOT-FOR-US: ZeptoClaw
CVE-2026-32230 (Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 ...)
TODO: check
CVE-2026-32142 (Shopware is an open commerce platform. /api/_info/config route exposes ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2026-32141 (flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() f ...)
TODO: check
CVE-2026-32140 (Dataease is an open source data visualization analysis tool. Prior to ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-32139 (Dataease is an open source data visualization analysis tool. In DataEa ...)
NOT-FOR-US: DataEase
CVE-2026-32138 (NEXULEAN is a cybersecurity portfolio & service platform for an Ethica ...)
TODO: check
CVE-2026-32137 (Dataease is an open source data visualization analysis tool. Prior to ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-32129 (soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash fu ...)
TODO: check
CVE-2026-32116 (Magic Wormhole makes it possible to get arbitrary-sized files and dire ...)
@@ -97,63 +97,63 @@ CVE-2026-2514 (In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vu
CVE-2026-2513 (A vulnerability exists in Progress Flowmon ADS versions prior to 12.5. ...)
NOT-FOR-US: Progress Software
CVE-2026-29066 (Tina is a headless content management system. Prior to 2.1.8, the Tina ...)
- TODO: check
+ NOT-FOR-US: Tina CMS (different from src:tina)
CVE-2026-28793 (Tina is a headless content management system. Prior to 2.1.8, the Tina ...)
- TODO: check
+ NOT-FOR-US: Tina CMS (different from src:tina)
CVE-2026-28792 (Tina is a headless content management system. Prior to 2.1.8 , the Tin ...)
- TODO: check
+ NOT-FOR-US: Tina CMS (different from src:tina)
CVE-2026-28791 (Tina is a headless content management system. Prior to 2.1.7, a path t ...)
- TODO: check
+ NOT-FOR-US: Tina CMS (different from src:tina)
CVE-2026-28384 (An improper sanitization of the compression_algorithm parameter in Can ...)
TODO: check
CVE-2026-28256 (A Use of Hard-coded, Security-relevant Constants vulnerability in Tran ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2026-28255 (A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Trac ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2026-28254 (A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2026-28253 (A Memory Allocation with Excessive Size Value vulnerability in Trane T ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2026-28252 (A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Tr ...)
- TODO: check
+ NOT-FOR-US: Trane Tracer
CVE-2026-27940 (llama.cpp is an inference of several LLM models in C/C++. Prior to b81 ...)
TODO: check
CVE-2026-26795 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command inject ...)
- TODO: check
+ NOT-FOR-US: GL-iNet GL-AR300M16
CVE-2026-26794 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection ...)
- TODO: check
+ NOT-FOR-US: GL-iNet GL-AR300M16
CVE-2026-26793 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command inject ...)
- TODO: check
+ NOT-FOR-US: GL-iNet GL-AR300M16
CVE-2026-26792 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command ...)
- TODO: check
+ NOT-FOR-US: GL-iNet GL-AR300M16
CVE-2026-26791 (GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a command inject ...)
- TODO: check
+ NOT-FOR-US: GL-iNet GL-AR300M16
CVE-2026-25529 (Postal is an open source SMTP server. Postal versions less than 3.3.5 ...)
- TODO: check
+ NOT-FOR-US: Postal SMTP server (not the same as src:postal)
CVE-2026-24125 (Tina is a headless content management system. Prior to 2.1.2, TinaCMS ...)
- TODO: check
+ NOT-FOR-US: Tina
CVE-2026-21887 (OpenCTI is an open source platform for managing cyber threat intellige ...)
- TODO: check
+ NOT-FOR-US: OpenCTI
CVE-2026-21708 (A vulnerability allowing a Backup Viewer to perform remote code execut ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21672 (A vulnerability allowing local privilege escalation on Windows-based V ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21671 (A vulnerability allowing an authenticated user with the Backup Adminis ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21670 (A vulnerability allowing a low-privileged user to extract saved SSH cr ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21669 (A vulnerability allowing an authenticated domain user to perform remot ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21668 (A vulnerability allowing an authenticated domain user to bypass restri ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21667 (A vulnerability allowing an authenticated domain user to perform remot ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-21666 (A vulnerability allowing an authenticated domain user to perform remot ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-1525 (Undici allows duplicate HTTPContent-Lengthheaders when they are provid ...)
TODO: check
CVE-2026-0809 (Use of a custom token encoding algorithm in Streamsoft Presti\u017c so ...)
- TODO: check
+ NOT-FOR-US: Streamsoft Prestiz
CVE-2025-70873 (An information disclosure issue in the zipfileInflate function in the ...)
TODO: check
CVE-2025-70245 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
@@ -167,87 +167,87 @@ CVE-2025-13913 (Inductive Automation Ignition Softwareis vulnerable to an unauth
CVE-2025-13462 (The "tarfile" module would still apply normalization of AREGTYPE (\x00 ...)
TODO: check
CVE-2019-25543 (Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25542 (Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25541 (Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25540 (Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabiliti ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25539 (202CMS v10 beta contains a blind SQL injection vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: 202CMS
CVE-2019-25538 (202CMS v10 beta contains an SQL injection vulnerability that allows un ...)
- TODO: check
+ NOT-FOR-US: 202CMS
CVE-2019-25537 (Netartmedia Event Portal 2.0 contains a time-based blind SQL injection ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25536 (Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25535 (Netartmedia PHP Dating Site contains a SQL injection vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25534 (Netartmedia PHP Car Dealer contains an SQL injection vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25533 (Netartmedia PHP Business Directory 4.2 contains an SQL injection vulne ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25532 (Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25531 (Netartmedia Deals Portal contains an SQL injection vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Netartmedia
CVE-2019-25530 (uHotelBooking System contains an SQL injection vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: uHotelBooking System
CVE-2019-25529 (Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: Placeto CMS
CVE-2019-25528 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulner ...)
- TODO: check
+ NOT-FOR-US: Inout EasyRooms Ultimate Edition
CVE-2019-25527 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulner ...)
- TODO: check
+ NOT-FOR-US: Inout EasyRooms Ultimate Edition
CVE-2019-25526 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulner ...)
- TODO: check
+ NOT-FOR-US: Inout EasyRooms Ultimate Edition
CVE-2019-25525 (Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulner ...)
- TODO: check
+ NOT-FOR-US: Inout EasyRooms Ultimate Edition
CVE-2019-25524 (XooGallery Latest contains an SQL injection vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: XooDigital
CVE-2019-25523 (XooGallery Latest contains an SQL injection vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: XooDigital
CVE-2019-25522 (XooGallery Latest contains multiple SQL injection vulnerabilities that ...)
- TODO: check
+ NOT-FOR-US: XooDigital
CVE-2019-25521 (XooGallery Latest contains an SQL injection vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: XooDigital
CVE-2019-25520 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication b ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25519 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25518 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25517 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25516 (Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25515 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication b ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25514 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25513 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25512 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25511 (Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25510 (Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication b ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Haber Sitesi Scripti
CVE-2019-25509 (XooDigital Latest contains an SQL injection vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: XooDigital
CVE-2019-25508 (Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vul ...)
- TODO: check
+ NOT-FOR-US: Jettweb Php Hazir Ilan Sitesi Scripti
CVE-2019-25488 (Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vu ...)
- TODO: check
+ NOT-FOR-US: (Jettweb Hazir Rent A Car Scripti
CVE-2019-25482 (Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injecti ...)
- TODO: check
+ NOT-FOR-US: Jettweb PHP Hazir Rent A Car Sitesi Scripti
CVE-2019-25481 (iScripts ReserveLogic contains an SQL injection vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: iScripts ReserveLogic
CVE-2019-25479 (Inout RealEstate contains an SQL injection vulnerability that allows u ...)
- TODO: check
+ NOT-FOR-US: Inout RealEstate
CVE-2019-25473 (Clinic Pro contains a SQL injection vulnerability that allows authenti ...)
- TODO: check
+ NOT-FOR-US: Clinic Pro
CVE-2026-28356 (multipart is a fast multipart/form-data parser for python. Prior to 1. ...)
{DSA-6161-1}
- multipart 1.3.1-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc15bcdd26b68cd79855187764595adc833a08db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc15bcdd26b68cd79855187764595adc833a08db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260312/ce0552a5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list