[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu May 7 22:08:13 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5ced5bc1 by Moritz Muehlenhoff at 2026-05-07T23:06:29+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29,19 +29,19 @@ CVE-2026-8080 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2026-7821 (Improper certificate validation in Ivanti EPMM beforeversions 12.6.1.1 ...)
NOT-FOR-US: Ivanti
CVE-2026-7415 (The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to all ...)
- TODO: check
+ NOT-FOR-US: Yarbo
CVE-2026-7414 (Yarbo firmware v2.3.9 contains hardcoded administrative credentials em ...)
- TODO: check
+ NOT-FOR-US: Yarbo
CVE-2026-7413 (A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that ...)
- TODO: check
+ NOT-FOR-US: Yarbo
CVE-2026-6973 (An Improper Input Validation in Ivanti EPMMbeforeversions 12.6.1.1, 12 ...)
NOT-FOR-US: Ivanti
CVE-2026-6805 (Vulnerability on the external sharing feature in Cryptobox allows an a ...)
TODO: check
CVE-2026-6795 (URL redirection to untrusted site ('open redirect') vulnerability in D ...)
- TODO: check
+ NOT-FOR-US: DivvyDrive
CVE-2026-6508 (Origin Validation Error vulnerability in TUBITAK BILGEM Software Techn ...)
- TODO: check
+ NOT-FOR-US: TUBITAK
CVE-2026-6002 (Improper neutralization of Script-Related HTML tags in a web page (bas ...)
TODO: check
CVE-2026-5791 (Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Informat ...)
@@ -63,9 +63,9 @@ CVE-2026-44406 (ZTE Cloud PC clientuSmartView contains a DLL hijacking vulnerabi
CVE-2026-44349 (Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, pr ...)
TODO: check
CVE-2026-44264 (Weblate is a web based localization tool. Prior to version 5.17.1, the ...)
- TODO: check
+ - weblate <itp> (bug #745661)
CVE-2026-44263 (Weblate is a web based localization tool. Prior to version 5.17.1, the ...)
- TODO: check
+ - weblate <itp> (bug #745661)
CVE-2026-44244 (GitPython is a python library used to interact with Git repositories. ...)
TODO: check
CVE-2026-44243 (GitPython is a python library used to interact with Git repositories. ...)
@@ -73,23 +73,23 @@ CVE-2026-44243 (GitPython is a python library used to interact with Git reposito
CVE-2026-42285 (GoBGP is an open source Border Gateway Protocol (BGP) implementation i ...)
TODO: check
CVE-2026-42214 (Notepad Next is a cross-platform, reimplementation of Notepad++. Prior ...)
- TODO: check
+ NOT-FOR-US: Notepad Next
CVE-2026-41906 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-41905 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-41904 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-41903 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-41902 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-41689 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-41688 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-41687 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-41654 (Weblate is a web based localization tool. Prior to version 5.17.1, an ...)
TODO: check
CVE-2026-41653 (BentoPDF is a client-side PDF toolkit that is self hostable. Prior to ...)
@@ -107,39 +107,39 @@ CVE-2026-41589 (Wish is an SSH server with defaults and a collection of middlewa
CVE-2026-41554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-41519 (Weblate is a web based localization tool. Prior to version 5.17.1, whe ...)
- TODO: check
+ - weblate <itp> (bug #745661)
CVE-2026-41505 (RELATE is a web-based courseware package. Prior to commit 2f68e16, REL ...)
- TODO: check
+ NOT-FOR-US: RELATE
CVE-2026-41490 (Dagster is an orchestration platform for the development, production, ...)
- TODO: check
+ NOT-FOR-US: Dagster
CVE-2026-41422 (Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, th ...)
TODO: check
CVE-2026-3953 (Improper neutralization of input during web page generation ('cross-si ...)
TODO: check
CVE-2026-37709 (Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and ...)
- TODO: check
+ - snipe-it <itp> (bug #1005172)
CVE-2026-36458 (ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content par ...)
- TODO: check
+ NOT-FOR-US: ChestnutCMS
CVE-2026-36388 (A Cross-Site Scripting (XSS) vulnerability was found in PHPGurukal Hos ...)
- TODO: check
+ NOT-FOR-US: PHPGurukal
CVE-2026-36387 (A Remote Code Execution vulnerability was found in CODEASTRO Membershi ...)
NOT-FOR-US: CodeAstro
CVE-2026-36341 (Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v ...)
- TODO: check
+ NOT-FOR-US: Webkul Krayin CRM
CVE-2026-33589 (Lack of user input validation in the file upload functionality of Open ...)
- TODO: check
+ NOT-FOR-US: Open Notebook
CVE-2026-33588 (Lack of user input validation in the file upload functionality of Open ...)
- TODO: check
+ NOT-FOR-US: Open Notebook
CVE-2026-33587 (Lack of user input sanitisation in Open Notebook v1.8.3 allows the app ...)
- TODO: check
+ NOT-FOR-US: Open Notebook
CVE-2026-32686 (Uncontrolled Resource Consumption vulnerability in ericmj decimal allo ...)
- TODO: check
+ NOT-FOR-US: decimal Elixir library
CVE-2026-30496 (The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Androi ...)
- TODO: check
+ NOT-FOR-US: Optoma CinemaX P2 projector
CVE-2026-30495 (The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Androi ...)
- TODO: check
+ NOT-FOR-US: Optoma CinemaX P2 projector
CVE-2026-28201 (An improper input validation, together with an overly permissive defau ...)
- TODO: check
+ NOT-FOR-US: Open Notebook
CVE-2026-27421 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27416 (Missing Authorization vulnerability in bPlugins PDF Poster allows Expl ...)
@@ -175,9 +175,9 @@ CVE-2025-63703 (npm package parse-ini v1.0.6 is vulnerable to Prototype Pollutio
CVE-2025-62127 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-4397 (Medtronic MyCareLink Patient Monitor uses per-product credentials that ...)
- TODO: check
+ NOT-FOR-US: Medtronic MyCareLink Patient Monitor
CVE-2025-4386 (Medtronic MyCareLink Patient Monitor has an internal serial interface, ...)
- TODO: check
+ NOT-FOR-US: Medtronic MyCareLink Patient Monitor
CVE-2025-2514 (Improper restriction of excessive authentication attempts vulnerabilit ...)
NOT-FOR-US: Hitachi
CVE-2025-1978 (Remote Code Execution Vulnerability in Hitachi Storage Navigator and t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ced5bc1118f3af929282f83aa87bc5e08ab6349
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ced5bc1118f3af929282f83aa87bc5e08ab6349
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260507/ffcc8572/attachment.htm>
More information about the debian-security-tracker-commits
mailing list