[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 26 10:13:02 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
31bf5428 by Salvatore Bonaccorso at 2026-03-26T11:12:46+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,13 +5,13 @@ CVE-2026-4850 (A security flaw has been discovered in code-projects Simple Laund
CVE-2026-4849 (A vulnerability was identified in code-projects Simple Laundry System ...)
NOT-FOR-US: code-projects
CVE-2026-4848 (A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. Thi ...)
- TODO: check
+ NOT-FOR-US: dameng100 muucmf
CVE-2026-4847 (A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impa ...)
- TODO: check
+ NOT-FOR-US: dameng100 muucmf
CVE-2026-4846 (A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The ...)
- TODO: check
+ NOT-FOR-US: dameng100 muucmf
CVE-2026-4845 (A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is ...)
- TODO: check
+ NOT-FOR-US: dameng100 muucmf
CVE-2026-4844 (A vulnerability was detected in code-projects Online Food Ordering Sys ...)
NOT-FOR-US: code-projects
CVE-2026-4842 (A security vulnerability has been detected in itsourcecode Online Enro ...)
@@ -19,7 +19,7 @@ CVE-2026-4842 (A security vulnerability has been detected in itsourcecode Online
CVE-2026-4841 (A weakness has been identified in code-projects Online Food Ordering S ...)
NOT-FOR-US: code-projects
CVE-2026-4840 (A security flaw has been discovered in Netcore Power 15AX up to 3.0.0. ...)
- TODO: check
+ NOT-FOR-US: Netcore Power 15AX
CVE-2026-4839 (A vulnerability has been found in SourceCodester Food Ordering System ...)
NOT-FOR-US: SourceCodester
CVE-2026-4838 (A flaw has been found in SourceCodester Malawi Online Market 1.0. The ...)
@@ -31,19 +31,19 @@ CVE-2026-4835 (A security vulnerability has been detected in code-projects Accou
CVE-2026-4833 (A weakness has been identified in Orc discount up to 3.0.1.2. This iss ...)
TODO: check
CVE-2026-4831 (A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted ...)
- TODO: check
+ NOT-FOR-US: kalcaddle kodbox
CVE-2026-4830 (A vulnerability was identified in kalcaddle kodbox 1.64. This issue af ...)
- TODO: check
+ NOT-FOR-US: kalcaddle kodbox
CVE-2026-4826 (A vulnerability was determined in SourceCodester Sales and Inventory S ...)
NOT-FOR-US: SourceCodester
CVE-2026-4825 (A vulnerability was found in SourceCodester Sales and Inventory System ...)
NOT-FOR-US: SourceCodester
CVE-2026-4824 (A vulnerability has been found in Enter Software Iperius Backup up to ...)
- TODO: check
+ NOT-FOR-US: Enter Software Iperius Backup
CVE-2026-4823 (A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Af ...)
- TODO: check
+ NOT-FOR-US: Enter Software Iperius Backup
CVE-2026-4822 (A vulnerability was detected in Enter Software Iperius Backup bis 8.7. ...)
- TODO: check
+ NOT-FOR-US: Enter Software Iperius Backup
CVE-2026-4758 (The WP Job Portal plugin for WordPress is vulnerable to arbitrary file ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4747 (Each RPCSEC_GSS data packet is validated by a routine which checks a s ...)
@@ -79,7 +79,7 @@ CVE-2026-34053 (OpenEMR is a free and open source electronic health records and
CVE-2026-34051 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-33942 (Saloon is a PHP library that gives users tools to build API integratio ...)
- TODO: check
+ NOT-FOR-US: Saloon
CVE-2026-33934 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-33933 (OpenEMR is a free and open source electronic health records and medica ...)
@@ -109,9 +109,9 @@ CVE-2026-33909 (OpenEMR is a free and open source electronic health records and
CVE-2026-33348 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-33287 (LiquidJS is a Shopify / GitHub Pages compatible template engine in pur ...)
- TODO: check
+ NOT-FOR-US: LiquidJS
CVE-2026-33285 (LiquidJS is a Shopify / GitHub Pages compatible template engine in pur ...)
- TODO: check
+ NOT-FOR-US: LiquidJS
CVE-2026-33249 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
TODO: check
CVE-2026-33248 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
@@ -121,19 +121,19 @@ CVE-2026-33223 (NATS-Server is a High-Performance server for NATS.io, a cloud an
CVE-2026-33222 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
TODO: check
CVE-2026-33201 (Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contai ...)
- TODO: check
+ NOT-FOR-US: Digital Photo Frame GH-WDF10A
CVE-2026-33183 (Saloon is a PHP library that gives users tools to build API integratio ...)
- TODO: check
+ NOT-FOR-US: Saloon
CVE-2026-33182 (Saloon is a PHP library that gives users tools to build API integratio ...)
- TODO: check
+ NOT-FOR-US: Saloon
CVE-2026-32680 (The installer of RATOC RAID Monitoring Manager for Windows allows to c ...)
- TODO: check
+ NOT-FOR-US: RATOC RAID Monitoring Manager for Windows
CVE-2026-32120 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-30976 (Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4. ...)
- TODO: check
+ NOT-FOR-US: Sonarr
CVE-2026-30975 (Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0 ...)
- TODO: check
+ NOT-FOR-US: Sonarr
CVE-2026-30892 (crun is an open source OCI Container Runtime fully written in C. In ve ...)
TODO: check
CVE-2026-2931 (The Amelia Booking plugin for WordPress is vulnerable to Insecure Dire ...)
@@ -147,7 +147,7 @@ CVE-2026-2483 (IBM InfoSphere Information Server11.7.0.0 through11.7.1.6is vulne
CVE-2026-29187 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-28760 (The installer of RATOC RAID Monitoring Manager for Windows searches th ...)
- TODO: check
+ NOT-FOR-US: RATOC RAID Monitoring Manager for Windows
CVE-2026-1986 (The FloristPress for Woo \u2013 Customize your eCommerce store for you ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1890 (The LeadConnector WordPress plugin before 3.0.22 does not have authori ...)
@@ -476,7 +476,7 @@ CVE-2026-2348 (Improper Neutralization of Input During Web Page Generation ("Cro
CVE-2026-29785 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
TODO: check
CVE-2026-29092 (Kiteworks is a private data network (PDN). Prior to version 9.2.1, a v ...)
- TODO: check
+ NOT-FOR-US: Kiteworks
CVE-2026-28529 (cryptodev-linux version 1.14 and prior contain a page reference handli ...)
TODO: check
CVE-2026-27889 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
@@ -486,9 +486,9 @@ CVE-2026-27659 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.
CVE-2026-27656 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
TODO: check
CVE-2026-27602 (Modoboa is a mail hosting and management platform. Prior to version 2. ...)
- TODO: check
+ NOT-FOR-US: Modoboa
CVE-2026-27496 (n8n is an open source workflow automation platform. Prior to versions ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-27095 (Deserialization of Untrusted Data vulnerability in magepeopleteam Bus ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27088 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -540,7 +540,7 @@ CVE-2026-27040 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2026-27039 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-26833 (thumbler through 1.1.2 allows OS command injection via the input, outp ...)
- TODO: check
+ NOT-FOR-US: thumbler
CVE-2026-26832 (node-tesseract-ocr is an npm package that provides a Node.js wrapper f ...)
TODO: check
CVE-2026-26831 (textract through 2.5.0 is vulnerable to OS Command Injection via the f ...)
@@ -754,7 +754,7 @@ CVE-2026-24968 (Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio
CVE-2026-24964 (Server-Side Request Forgery (SSRF) vulnerability in Wasiliy Strecker / ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24750 (Kiteworks is a private data network (PDN). In Kiteworks Secure Data Fo ...)
- TODO: check
+ NOT-FOR-US: Kiteworks
CVE-2026-24391 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24382 (Missing Authorization vulnerability in wproyal News Magazine X news-ma ...)
@@ -794,11 +794,11 @@ CVE-2026-23807 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2026-23806 (Missing Authorization vulnerability in BlueGlass Interactive AG Jobs f ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-23636 (Kiteworks is a private data network (PDN). In Kiteworks Secure Data Fo ...)
- TODO: check
+ NOT-FOR-US: Kiteworks
CVE-2026-23635 (Kiteworks is a private data network (PDN). In Kiteworks Secure Data Fo ...)
- TODO: check
+ NOT-FOR-US: Kiteworks
CVE-2026-23514 (Kiteworks is a private data network (PDN). Versions 9.2.0 and 9.2.1 of ...)
- TODO: check
+ NOT-FOR-US: Kiteworks
CVE-2026-22524 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-22523 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -862,7 +862,7 @@ CVE-2026-22448 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2026-20719 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
TODO: check
CVE-2026-20125 (A vulnerability in the HTTP Server feature of Cisco IOS Software and C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20115 (A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow ...)
NOT-FOR-US: Cisco
CVE-2026-20114 (A vulnerability in the Lobby Ambassador web-based management API of Ci ...)
@@ -910,15 +910,15 @@ CVE-2025-69096 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-67030 (Directory Traversal vulnerability in the extractFile method of org.cod ...)
TODO: check
CVE-2025-59707 (In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote ...)
- TODO: check
+ NOT-FOR-US: N2W
CVE-2025-59706 (In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API ...)
- TODO: check
+ NOT-FOR-US: N2W
CVE-2025-40842 (Ericsson Indoor Connect 8855 versions prior to 2025.Q3contains a Cross ...)
NOT-FOR-US: Ericsson
CVE-2025-40841 (Ericsson Indoor Connect 8855 versions prior to 2025.Q3contains a Cross ...)
NOT-FOR-US: Ericsson
CVE-2025-32991 (In N2WS Backup & Recovery before 4.4.0, a two-step attack against the ...)
- TODO: check
+ NOT-FOR-US: N2WS Backup & Recovery
CVE-2025-27260 (Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Imp ...)
NOT-FOR-US: Ericsson
CVE-2025-14790 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allo ...)
@@ -932,13 +932,13 @@ CVE-2025-13078 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
CVE-2025-12708 (IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that c ...)
NOT-FOR-US: IBM
CVE-2024-58341 (OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: OpenCart Core
CVE-2024-51348 (A stack-based buffer overflow vulnerability in the P2P API service in ...)
- TODO: check
+ NOT-FOR-US: BS Producten Petcam with firmware
CVE-2024-51347 (A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoo ...)
- TODO: check
+ NOT-FOR-US: LSC Smart Indoor IP Camera
CVE-2024-51346 (An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker t ...)
- TODO: check
+ NOT-FOR-US: Eufy Homebase 2
CVE-2026-1519 (If a BIND resolver is performing DNSSEC validation and encounters a ma ...)
- bind9 1:9.20.21-1
NOTE: https://kb.isc.org/docs/cve-2026-1519
@@ -1940,7 +1940,7 @@ CVE-2026-23920 (Host and event action script input is validated with a regex (se
CVE-2026-23919 (For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape ...)
TODO: check
CVE-2026-22559 (An Improper Input Validation vulnerability in UniFi Network Server may ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-21783 (HCL Traveler is affected by sensitive information disclosure. The appl ...)
NOT-FOR-US: HCL
CVE-2026-1995 (IDrive\u2019s id_service.exe process runs with elevated privileges and ...)
@@ -1953,49 +1953,49 @@ CVE-2025-64998 (Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p
CVE-2025-11571 (Vulnerable endpoints accept user-controlled input through a URL in JSO ...)
NOT-FOR-US: Silicon Labs
CVE-2019-25647 (PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PhreeBooks ERP
CVE-2019-25646 (Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Tabs Mail Carrier
CVE-2019-25645 (WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service v ...)
- TODO: check
+ NOT-FOR-US: WinAVI iPod/3GP/MP4/PSP Converter
CVE-2019-25644 (WinMPG Video Convert 9.3.5 and older versions contain a buffer overflo ...)
- TODO: check
+ NOT-FOR-US: WinMPG Video Convert
CVE-2019-25643 (eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: eNdonesia Portal
CVE-2019-25642 (Bootstrapy CMS contains multiple SQL injection vulnerabilities that al ...)
- TODO: check
+ NOT-FOR-US: Bootstrapy CMS
CVE-2019-25641 (Netartmedia Vlog System contains an SQL injection vulnerability that a ...)
- TODO: check
+ NOT-FOR-US: Netartmedia Vlog System
CVE-2019-25640 (Inout Article Base CMS contains SQL injection vulnerabilities that all ...)
- TODO: check
+ NOT-FOR-US: Inout Article Base CMS
CVE-2019-25639 (Matrimony Website Script M-Plus contains multiple SQL injection vulner ...)
- TODO: check
+ NOT-FOR-US: Matrimony Website Script M-Plus
CVE-2019-25638 (Meeplace Business Review Script contains an SQL injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Meeplace Business Review Script
CVE-2019-25637 (X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that ...)
- TODO: check
+ NOT-FOR-US: X-NetStat Pro
CVE-2019-25636 (Zeeways Jobsite CMS contains an SQL injection vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: Zeeways Jobsite CMS
CVE-2019-25635 (Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: Zeeways Jobsite CMS
CVE-2019-25634 (Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Base64 Decoder
CVE-2019-25633 (AIDA64 Extreme 5.99.4900 contains a structured exception handling buff ...)
- TODO: check
+ NOT-FOR-US: AIDA64 Extreme
CVE-2019-25632 (phpFileManager 1.7.8 contains a local file inclusion vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: phpFileManager
CVE-2019-25631 (AIDA64 Business 5.99.4900 contains a structured exception handling buf ...)
- TODO: check
+ NOT-FOR-US: AIDA64 Business
CVE-2019-25630 (PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability i ...)
- TODO: check
+ NOT-FOR-US: PhreeBooks ERP
CVE-2019-25629 (AIDA64 Extreme 5.99.4900 contains a structured exception handler buffe ...)
- TODO: check
+ NOT-FOR-US: AIDA64 Extreme
CVE-2019-25628 (Download Accelerator Plus DAP 10.0.6.0 contains a structured exception ...)
- TODO: check
+ NOT-FOR-US: Download Accelerator Plus DAP
CVE-2019-25627 (FlexHEX 2.71 contains a local buffer overflow vulnerability in the Str ...)
- TODO: check
+ NOT-FOR-US: FlexHEX
CVE-2019-25626 (River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability ...)
- TODO: check
+ NOT-FOR-US: River Past Cam Do
CVE-2026-4721 (Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, T ...)
{DSA-6178-1}
- firefox 149.0-1
@@ -2873,17 +2873,17 @@ CVE-2024-46879 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in t
CVE-2024-46878 (A Cross-Site Scripting (XSS) vulnerability exists in the page paramete ...)
TODO: check
CVE-2019-25625 (Blob Studio 2.17 contains a denial of service vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: Blob Studio
CVE-2019-25624 (Liquid Studio 2.17 contains a denial of service vulnerability that all ...)
- TODO: check
+ NOT-FOR-US: Liquid Studio
CVE-2019-25623 (Luminance Studio 2.17 contains a denial of service vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Luminance Studio
CVE-2019-25622 (Paint Studio 2.17 contains a denial of service vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: Paint Studio
CVE-2019-25621 (Pixel Studio 2.17 contains a denial of service vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: Pixel Studio
CVE-2019-25620 (Tree Studio 2.17 contains a denial of service vulnerability that allow ...)
- TODO: check
+ NOT-FOR-US: Tree Studio
CVE-2026-33347 (league/commonmark is a PHP Markdown parser. From version 2.3.0 to befo ...)
- php-league-commonmark 2.8.2-1
NOTE: https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5
@@ -4634,7 +4634,7 @@ CVE-2026-25928 (OpenEMR is a free and open source electronic health records and
CVE-2026-25744 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-25667 (ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 ...)
- TODO: check
+ NOT-FOR-US: ASP.NET Core Kestrel in Microsoft .NET
CVE-2026-25445 (Deserialization of Untrusted Data vulnerability in Membership Software ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-25443 (Missing Authorization vulnerability in Dotstore Fraud Prevention For W ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31bf542896afe38a5a401b84199563c4b5dea9ee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31bf542896afe38a5a401b84199563c4b5dea9ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260326/439d1905/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list