[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 14 20:01:10 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95b79e0a by Salvatore Bonaccorso at 2026-03-14T21:00:45+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -91,9 +91,9 @@ CVE-2026-1948 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin f
CVE-2026-0977 (IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could all ...)
NOT-FOR-US: IBM
CVE-2026-0385 (Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-15060 (claude-hovercraft executeClaudeCode Command Injection Remote Code Exec ...)
- TODO: check
+ NOT-FOR-US: claude-hovercraft executeClaudeCode
CVE-2026-4111 (A flaw was identified in the RAR5 archive decompression logic of the l ...)
- libarchive <unfixed>
NOTE: https://github.com/libarchive/libarchive/pull/2877
@@ -633,33 +633,33 @@ CVE-2026-25817 (HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with
CVE-2026-25076 (Anchore Enterprise versions before 5.25.1 contain an SQL injection vul ...)
NOT-FOR-US: Anchore Enterprise
CVE-2026-22216 (wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22215 (wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerabi ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22210 (wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability t ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22209 (wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability i ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22204 (wpDiscuz before 7.6.47 contains an email header injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22203 (wpDiscuz before 7.6.47 contains an information disclosure vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22202 (wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerabi ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22201 (wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the ge ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22199 (wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22193 (wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22192 (wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerab ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22191 (wpDiscuz before 7.6.47 contains a shortcode injection vulnerability th ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22183 (wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerab ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-22182 (wpDiscuz before 7.6.47 contains an unauthenticated denial of service v ...)
- TODO: check
+ NOT-FOR-US: wpDiscuz
CVE-2026-1704 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1528 (ImpactA server can reply with a WebSocket frame using the 64-bit lengt ...)
@@ -682,7 +682,7 @@ CVE-2025-8766 (A container privilege escalation flaw was found in certain Multi-
CVE-2025-57849 (A container privilege escalation flaw was found in certain Fuse images ...)
TODO: check
CVE-2025-15515 (The authentication mechanism for a specific feature in the EasyShare m ...)
- TODO: check
+ NOT-FOR-US: vivo Easyshare
CVE-2025-13337
REJECTED
CVE-2026-4045 (A flaw has been found in projectsend up to r1945. This impacts an unkn ...)
@@ -708,16 +708,16 @@ CVE-2026-4015 (A weakness has been identified in GPAC 26.03-DEV. Affected is the
NOTE: https://github.com/gpac/gpac/issues/3467
NOTE: https://github.com/gpac/gpac/commit/d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5
CVE-2026-3989 (SGLangs `replay_request_dump.py` contains an insecure pickle.load() wi ...)
- TODO: check
+ NOT-FOR-US: sgl-project sglang
CVE-2026-3841 (A command injection vulnerability has been identified in the Telnet co ...)
NOT-FOR-US: TPLink
CVE-2026-3497 (Vulnerability in the OpenSSH GSSAPI delta included in various Linux di ...)
- openssh <unfixed> (bug #1130595)
NOTE: https://www.openwall.com/lists/oss-security/2026/03/12/3
CVE-2026-3060 (SGLang' encoder parallel disaggregation system is vulnerable to unauth ...)
- TODO: check
+ NOT-FOR-US: sgl-project sglang
CVE-2026-3059 (SGLang's multimodal generation module is vulnerable to unauthenticated ...)
- TODO: check
+ NOT-FOR-US: sgl-project sglang
CVE-2026-32274 (Black is the uncompromising Python code formatter. Prior to 26.3.1, Bl ...)
- black <unfixed> (bug #1130657)
NOTE: https://github.com/psf/black/security/advisories/GHSA-3936-cmfr-pm3m
@@ -787,7 +787,7 @@ CVE-2026-32138 (NEXULEAN is a cybersecurity portfolio & service platform for an
CVE-2026-32137 (Dataease is an open source data visualization analysis tool. Prior to ...)
NOT-FOR-US: DataEase
CVE-2026-32129 (soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash fu ...)
- TODO: check
+ NOT-FOR-US: soroban-poseidon
CVE-2026-32116 (Magic Wormhole makes it possible to get arbitrary-sized files and dire ...)
NOT-FOR-US: Magic Wormhole
CVE-2026-32100 (Shopware is an open commerce platform. /api/_info/config route exposes ...)
@@ -874,11 +874,11 @@ CVE-2025-70873 (An information disclosure issue in the zipfileInflate function i
CVE-2025-70245 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
NOT-FOR-US: D-Link
CVE-2025-66955 (Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components i ...)
- TODO: check
+ NOT-FOR-US: Asseco SEE Live
CVE-2025-61154 (Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 u ...)
TODO: check
CVE-2025-13913 (Inductive Automation Ignition Softwareis vulnerable to an unauthentica ...)
- TODO: check
+ NOT-FOR-US: Inductive Automation Ignition Software
CVE-2025-13462 (The "tarfile" module would still apply normalization of AREGTYPE (\x00 ...)
TODO: check
CVE-2019-25543 (Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerabi ...)
@@ -1485,7 +1485,7 @@ CVE-2026-24508 (Dell Alienware Command Center (AWCC), versions prior to 6.12.24.
CVE-2026-22248 (GLPI is an open-source asset and IT management software package that p ...)
TODO: check
CVE-2026-21888 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. ...)
- TODO: check
+ NOT-FOR-US: NanoMQ
CVE-2026-20166 (In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Clou ...)
NOT-FOR-US: Cisco
CVE-2026-20165 (In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, ...)
@@ -1537,29 +1537,29 @@ CVE-2026-0231 (An information disclosure vulnerability inPalo Alto Networks Cort
CVE-2026-0230 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
NOT-FOR-US: Palo Alto Networks
CVE-2025-70330 (Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handl ...)
- TODO: check
+ NOT-FOR-US: Easy Grade Pro
CVE-2025-70082 (An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to exec ...)
- TODO: check
+ NOT-FOR-US: Lantronix EDS3000PS
CVE-2025-70027 (An issue pertaining to CWE-918: Server-Side Request Forgery was discov ...)
- TODO: check
+ NOT-FOR-US: Sunbird-Ed SunbirdEd-portal
CVE-2025-68623 (In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-67298 (An issue in ClasroomIO before v.0.2.6 allows a remote attacker to esca ...)
- TODO: check
+ NOT-FOR-US: ClasroomIO LMS
CVE-2025-67041 (An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host par ...)
- TODO: check
+ NOT-FOR-US: Lantronix EDS3000PS
CVE-2025-67039 (An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authenti ...)
- TODO: check
+ NOT-FOR-US: Lantronix EDS3000PS
CVE-2025-67038 (An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC m ...)
- TODO: check
+ NOT-FOR-US: Lantronix
CVE-2025-67037 (An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticat ...)
- TODO: check
+ NOT-FOR-US: Lantronix
CVE-2025-67036 (An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info p ...)
- TODO: check
+ NOT-FOR-US: Lantronix
CVE-2025-67035 (An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client ...)
- TODO: check
+ NOT-FOR-US: Lantronix
CVE-2025-67034 (An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticat ...)
- TODO: check
+ NOT-FOR-US: Lantronix
CVE-2025-14513 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2025-13929 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -1577,49 +1577,49 @@ CVE-2025-12576 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
CVE-2025-12555 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <unfixed>
CVE-2019-25487 (SAPIDO RB-1732 V2.0.43 contains a remote command execution vulnerabili ...)
- TODO: check
+ NOT-FOR-US: SAPIDO RB-1732
CVE-2019-25486 (Varient 1.6.1 contains an SQL injection vulnerability that allows unau ...)
- TODO: check
+ NOT-FOR-US: Varient
CVE-2019-25485 (R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the ...)
TODO: check
CVE-2019-25484 (WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: WinMPG iPod Convert
CVE-2019-25483 (Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k contains a restrict ...)
- TODO: check
+ NOT-FOR-US: Comtrend
CVE-2019-25480 (ARMBot contains an unrestricted file upload vulnerability in upload.ph ...)
- TODO: check
+ NOT-FOR-US: ARMBot
CVE-2019-25478 (GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerabi ...)
- TODO: check
+ NOT-FOR-US: GetGo Download Manager
CVE-2019-25477 (RAR Password Recovery 1.80 contains a buffer overflow vulnerability th ...)
- TODO: check
+ NOT-FOR-US: RAR Password Recovery
CVE-2019-25476 (Outlook Password Recovery 2.10 contains a buffer overflow vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Outlook Password Recovery
CVE-2019-25475 (SQL Server Password Changer 1.90 contains a buffer overflow vulnerabil ...)
- TODO: check
+ NOT-FOR-US: SQL Server Password Changer
CVE-2019-25474 (Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Easy MP3 Downloader
CVE-2019-25472 (IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated a ...)
NOT-FOR-US: Intelbras
CVE-2019-25471 (FileThingie 2.5.7 contains an arbitrary file upload vulnerability that ...)
- TODO: check
+ NOT-FOR-US: FileThingie
CVE-2019-25470 (eWON Firmware versions 12.2 to 13.0 contain an authentication bypass v ...)
- TODO: check
+ NOT-FOR-US: eWON Firmware
CVE-2019-25469 (Folder Lock 7.7.9 contains a buffer overflow vulnerability in the seri ...)
- TODO: check
+ NOT-FOR-US: Folder Lock
CVE-2019-25468 (NetGain EM Plus 10.1.68 contains a remote code execution vulnerability ...)
- TODO: check
+ NOT-FOR-US: NetGain EM Plus
CVE-2019-25467 (Verypdf docPrint Pro 8.0 contains a structured exception handling buff ...)
- TODO: check
+ NOT-FOR-US: Verypdf docPrint Pro
CVE-2019-25466 (Easy File Sharing Web Server 7.2 contains a local structured exception ...)
- TODO: check
+ NOT-FOR-US: Easy File Sharing Web Server
CVE-2019-25465 (Hisilicon HiIpcam V100R003 contains a directory traversal vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Hisilicon HiIpcam V100R003
CVE-2019-25464 (InputMapper 1.6.10 contains a buffer overflow vulnerability in the use ...)
- TODO: check
+ NOT-FOR-US: InputMapper
CVE-2019-25463 (SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of ...)
- TODO: check
+ NOT-FOR-US: SpotIE Internet Explorer Password Recovery
CVE-2018-25159 (Epross AVCON6 systems management platform contains an object-graph nav ...)
- TODO: check
+ NOT-FOR-US: Epross AVCON6 systems management platform
CVE-2026-3904 (Calling NSS-backed functions that support caching via nscd may call th ...)
- glibc 2.36-9 (bug #1033931)
[bullseye] - glibc <not-affected> (Vulnerable code introduced later)
@@ -1687,7 +1687,7 @@ CVE-2026-31819 (Sylius is an Open Source eCommerce Framework on Symfony. Currenc
CVE-2026-31817 (OliveTin gives access to predefined shell commands from a web interfac ...)
NOT-FOR-US: OliveTin
CVE-2026-31815 (Unicorn adds modern reactive component functionality to your Django te ...)
- TODO: check
+ NOT-FOR-US: Django Unicorn
CVE-2026-31812 (Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC ...)
- rust-quinn-proto 0.11.14-1
NOTE: https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98
@@ -1758,9 +1758,9 @@ CVE-2026-29792 (Feathersjs is a framework for creating web APIs and real-time ap
CVE-2026-29515 (MiCode FileExplorer contains an authentication bypass vulnerability in ...)
NOT-FOR-US: MiCode FileExplorer
CVE-2026-28807 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: gleam-wisp wisp
CVE-2026-28806 (Improper Authorization vulnerability in nerves-hub nerves_hub_web allo ...)
- TODO: check
+ NOT-FOR-US: nerves-hub nerves_hub_web
CVE-2026-27842 (Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which ...)
NOT-FOR-US: MR-GM5L-S1 and MR-GM5A-L1
CVE-2026-27278 (Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and e ...)
@@ -1856,7 +1856,7 @@ CVE-2026-27221 (Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265
CVE-2026-27220 (Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and e ...)
NOT-FOR-US: Adobe
CVE-2026-24448 (Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L ...)
- TODO: check
+ NOT-FOR-US: MR-GM5L-S1 and MR-GM5A-L1
CVE-2026-23817 (A vulnerability in the web-based management interface of AOS-CX Switch ...)
NOT-FOR-US: HPE
CVE-2026-23816 (A vulnerability in the command line interface of AOS-CX Switches could ...)
@@ -1910,7 +1910,7 @@ CVE-2026-21284 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-
CVE-2026-21282 (Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2 ...)
NOT-FOR-US: Adobe
CVE-2026-20892 (Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, whic ...)
- TODO: check
+ NOT-FOR-US: MR-GM5L-S1 and MR-GM5A-L1
CVE-2026-1867 (The Guest posting / Frontend Posting / Front Editor WordPress plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1781 (The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable ...)
@@ -2156,7 +2156,7 @@ CVE-2026-2724 (The Unlimited Elements for Elementor plugin for WordPress is vuln
CVE-2026-2713 (IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could ...)
NOT-FOR-US: IBM
CVE-2026-2339 (Missing Authentication for Critical Function vulnerability in TUBITAK ...)
- TODO: check
+ NOT-FOR-US: TUBITAK BILGEM Software Technologies Research Institute Liderahenk
CVE-2026-2273 (CWE-94: Improper Control of Generation of Code ('Code Injection') vuln ...)
NOT-FOR-US: Schneider Electric
CVE-2026-2266 (An improper neutralization of input vulnerability was identified in Gi ...)
@@ -2352,33 +2352,33 @@ CVE-2026-24641 (A NULL Pointer Dereference vulnerability [CWE-476] vulnerability
CVE-2026-24640 (A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in ...)
NOT-FOR-US: Fortinet
CVE-2026-24297 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24296 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24295 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24294 (Improper authentication in Windows SMB Server allows an authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24293 (Null pointer dereference in Windows Ancillary Function Driver for WinS ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24292 (Use after free in Connected Devices Platform Service (Cdpsvc) allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24291 (Incorrect permission assignment for critical resource in Windows Acces ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24290 (Improper access control in Windows Projected File System allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24289 (Use after free in Windows Kernel allows an authorized attacker to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24288 (Heap-based buffer overflow in Windows Mobile Broadband allows an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24287 (External control of file name or path in Windows Kernel allows an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24285 (Use after free in Windows Win32K allows an authorized attacker to elev ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24283 (Heap-based buffer overflow in Windows File Server allows an authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24282 (Out-of-bounds read in Push Message Routing Service allows an authorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-24018 (A UNIX symbolic link (Symlink) following vulnerability in Fortinet For ...)
NOT-FOR-US: Fortinet
CVE-2026-24017 (An Improper Control of Interaction Frequency vulnerability [CWE-799] v ...)
@@ -2393,33 +2393,33 @@ CVE-2026-23868 (Giflib contains a double-free vulnerability that is the result o
NOTE: https://www.facebook.com/security/advisories/cve-2026-23868
NOTE: https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
CVE-2026-23674 (Improper resolution of path equivalence in Windows MapUrlToZone allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23673 (Out-of-bounds read in Windows Resilient File System (ReFS) allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23672 (Windows Universal Disk Format File System Driver (UDFS) Elevation of P ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23671 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23669 (Use after free in Windows Print Spooler Components allows an authorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23668 (Concurrent execution using shared resource with improper synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23667 (Use after free in Broadcast DVR allows an authorized attacker to eleva ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23665 (Heap-based buffer overflow in Azure Linux Virtual Machines allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23664 (Improper restriction of communication channel to intended endpoints in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23662 (Missing authentication for critical function in Azure IoT Explorer all ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23661 (Cleartext transmission of sensitive information in Azure IoT Explorer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23660 (Improper access control in Azure Portal Windows Admin Center allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23656 (Insufficient verification of data authenticity in Windows App Installe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-23654 (Dependency on vulnerable third-party component in GitHub Repo: zero-sh ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-22629 (An improper restriction of excessive authentication attempts vulnerabi ...)
NOT-FOR-US: Fortinet
CVE-2026-22628 (An improper access control vulnerability in Fortinet FortiSwitchAXFixe ...)
@@ -2439,9 +2439,9 @@ CVE-2026-21364 (Substance3D - Painter versions 11.1.2 and earlier are affected b
CVE-2026-21363 (Substance3D - Painter versions 11.1.2 and earlier are affected by a NU ...)
NOT-FOR-US: Adobe
CVE-2026-21262 (Improper access control in SQL Server allows an authorized attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20967 (Improper input validation in System Center Operations Manager allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-1286 (CWE-502: Deserialization of untrusted data vulnerability exists that c ...)
NOT-FOR-US: Schneider Electric
CVE-2026-1261 (The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...)
@@ -2461,11 +2461,11 @@ CVE-2025-70129 (If the anti spam-captcha functionality in PluXml versions 5.8.22
CVE-2025-70128 (A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml ...)
TODO: check
CVE-2025-70025 (An issue pertaining to CWE-79: Improper Neutralization of Input During ...)
- TODO: check
+ NOT-FOR-US: benkeen generatedata
CVE-2025-69615 (Incorrect Access Control via missing 2FA rate-limiting allowing unlimi ...)
- TODO: check
+ NOT-FOR-US: Deutsche Telekom AG Telekom Account Management Portal
CVE-2025-69614 (Incorrect Access Control via activation token reuse on the password-re ...)
- TODO: check
+ NOT-FOR-US: Deutsche Telekom AG Telekom Account Management Portal
CVE-2025-68648 (A use of externally-controlled format string vulnerability in Fortinet ...)
NOT-FOR-US: Fortinet
CVE-2025-68482 (A improper certificate validation vulnerability in Fortinet FortiAnaly ...)
@@ -2495,13 +2495,13 @@ CVE-2025-48611 (In DeviceId of DeviceId.java, there is a possible desync in pers
CVE-2025-48418 (A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 t ...)
NOT-FOR-US: Fortinet
CVE-2025-41712 (An unauthenticated remote attacker who tricks a user to upload a manip ...)
- TODO: check
+ NOT-FOR-US: Janitza
CVE-2025-41711 (An unauthenticated remote attacker can use firmware images to extract ...)
- TODO: check
+ NOT-FOR-US: Janitza
CVE-2025-41710 (An unauthenticated remote attacker may use hardcodes credentials to ge ...)
- TODO: check
+ NOT-FOR-US: Janitza
CVE-2025-41709 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
- TODO: check
+ NOT-FOR-US: Janitza
CVE-2025-40943 (Affected devices do not properly sanitize contents of trace files. Thi ...)
NOT-FOR-US: Siemens
CVE-2025-36227 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP heade ...)
@@ -303777,7 +303777,7 @@ CVE-2023-27575
CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow en ...)
NOT-FOR-US: ShadowsocksX-NG
CVE-2023-27573 (netbox-docker before 2.5.0 has a superuser account with default creden ...)
- TODO: check
+ NOT-FOR-US: netbox-docker
CVE-2023-27572 (An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.0 ...)
NOT-FOR-US: CommScope Arris DG3450
CVE-2023-27571 (An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b79e0a868ca1a282c378d77856f67c5af2c087
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95b79e0a868ca1a282c378d77856f67c5af2c087
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260314/f0511f5d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list