[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Mar 16 21:56:20 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3064d51f by Salvatore Bonaccorso at 2026-03-16T22:55:44+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -77,19 +77,19 @@ CVE-2026-3644 (The fix for CVE-2026-0672, which rejected control characters in h
CVE-2026-3476 (A Code Injection vulnerability affecting SOLIDWORKS Desktop from Relea ...)
NOT-FOR-US: Dassault Systemes
CVE-2026-3111 (Insecure Direct Object Reference (IDOR) vulnerability in Campus Educat ...)
- TODO: check
+ NOT-FOR-US: Campus Educativa
CVE-2026-3110 (Insecure Direct Object Reference (IDOR) vulnerability in Campus Educat ...)
- TODO: check
+ NOT-FOR-US: Campus Educativa
CVE-2026-3024 (Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web appl ...)
- TODO: check
+ NOT-FOR-US: Wakyma web application
CVE-2026-3023 (Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web ...)
- TODO: check
+ NOT-FOR-US: Wakyma web application
CVE-2026-3022 (Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web ...)
- TODO: check
+ NOT-FOR-US: Wakyma web application
CVE-2026-3021 (Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web ...)
- TODO: check
+ NOT-FOR-US: Wakyma web application
CVE-2026-3020 (Identity based authorization bypass vulnerability (IDOR) that allows a ...)
- TODO: check
+ NOT-FOR-US: Wakyma web application
CVE-2026-32587 (Missing Authorization vulnerability in Saad Iqbal WP EasyPay allows Ex ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-32583 (Missing Authorization vulnerability in Webnus Inc. Modern Events Calen ...)
@@ -135,15 +135,15 @@ CVE-2026-2455 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <
CVE-2026-2326
REJECTED
CVE-2026-29521 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-s ...)
- TODO: check
+ NOT-FOR-US: Hereta
CVE-2026-29520 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflect ...)
- TODO: check
+ NOT-FOR-US: Hereta
CVE-2026-29516 (Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior c ...)
- TODO: check
+ NOT-FOR-US: Buffalo TeraStation NAS TS5400R firmware
CVE-2026-29513 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored ...)
- TODO: check
+ NOT-FOR-US: Hereta
CVE-2026-29510 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored ...)
- TODO: check
+ NOT-FOR-US: Hereta
CVE-2026-28498 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
TODO: check
CVE-2026-28490 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
@@ -189,31 +189,31 @@ CVE-2025-69727 (An Incorrect Access Control vulnerability exists in INDEX-EDUCAT
CVE-2025-69693 (Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder (libavco ...)
TODO: check
CVE-2025-69246 (Raytha CMS does not have any brute force protection mechanism implemen ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69245 (Raytha CMS is vulnerable to Reflected XSS via returnUrlparameter in lo ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69243 (Raytha CMS is vulnerable to User Enumeration in password reset functio ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69242 (Raytha CMS is vulnerable to reflected XSS via the backToListUrlparamet ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69241 (Raytha CMS is vulnerable to Stored XSS viaFirstName and LastNameparame ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69240 (Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` he ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69239 (Raytha CMS is vulnerable to Server-Side Request Forgery in the\u201cTh ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69238 (Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69237 (Raytha CMS is vulnerable to Stored XSS viaFieldValues[0].Value paramet ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69236 (Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parame ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-69196 (FastMCP is the standard framework for building MCP applications. Prior ...)
- TODO: check
+ NOT-FOR-US: FastMCP
CVE-2025-68971 (In Forgejo through 13.0.3, the attachment component allows a denial of ...)
TODO: check
CVE-2025-66687 (Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to miss ...)
- TODO: check
+ NOT-FOR-US: Doom Launcher
CVE-2025-65734 (An authenticated arbitrary file upload vulnerability in the Courses/Wo ...)
TODO: check
CVE-2025-62319 (Boolean-Based SQL Injection is a type of blind SQL injection where an ...)
@@ -257,7 +257,7 @@ CVE-2025-15553 (Non-working logout functionality in Truesec\u2019s LAPSWebUI bef
CVE-2025-15552 (Insufficient Session Expiration in Truesec\u2019s LAPSWebUI before ver ...)
TODO: check
CVE-2025-15540 ("Functions" module in Raytha CMS allows privileged users towrite custo ...)
- TODO: check
+ NOT-FOR-US: Raytha CMS
CVE-2025-11500 (Tinycontrol devices such as tcPDU andLAN Controllers LK3.5, LK3.9 and ...)
TODO: check
CVE-2025-10685 (Heap-based buffer overflow vulnerability in Softing Industrial Automat ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3064d51fcabe21a38bcc38eedff89f2f50976a9a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3064d51fcabe21a38bcc38eedff89f2f50976a9a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260316/803efd69/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list