[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 8 08:14:08 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fb5878c5 by security tracker role at 2026-05-08T07:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,29 +5,29 @@ CVE-2026-8148 (NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local
CVE-2026-8142 (VINCE versions 3.0.38 and earlier do not properly verify the From addr ...)
TODO: check
CVE-2026-8138 (A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affec ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-8137 (A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B2023011 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-8136 (A flaw has been found in SourceCodester Pharmacy Sales and Inventory S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8133 (A security vulnerability has been detected in zyx0814 FilePress up to ...)
TODO: check
CVE-2026-8132 (A weakness has been identified in CodeAstro Leave Management System 1. ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-8131 (A security flaw has been discovered in SourceCodester SUP Online Shopp ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8130 (A vulnerability was identified in SourceCodester SUP Online Shopping 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8129 (A vulnerability was determined in SourceCodester SUP Online Shopping 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8128 (A vulnerability was found in SourceCodester SUP Online Shopping 1.0. T ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8127 (A vulnerability has been found in eladmin up to 2.7. Impacted is the f ...)
TODO: check
CVE-2026-8126 (A flaw has been found in SourceCodester Comment System 1.0. This issue ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8125 (A vulnerability was detected in code-projects Simple Chat System 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-8124 (A security vulnerability has been detected in GPAC up to 26.02.0. This ...)
TODO: check
CVE-2026-8123 (A vulnerability was determined in Open5GS up to 2.7.7. This impacts th ...)
@@ -41,7 +41,7 @@ CVE-2026-8120 (A flaw has been found in Open5GS up to 2.7.7. The affected elemen
CVE-2026-8119 (A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the f ...)
TODO: check
CVE-2026-8117 (A security vulnerability has been detected in SourceCodester Pizzafy E ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8116 (A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to ...)
TODO: check
CVE-2026-8115 (A security flaw has been discovered in gyoridavid short-video-maker up ...)
@@ -53,9 +53,9 @@ CVE-2026-8113 (A vulnerability was determined in 8421bit MiniClaw up to 43905b93
CVE-2026-8112 (A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838 ...)
TODO: check
CVE-2026-8106 (A reflected HTML injection vulnerability was identified in the GitHub ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-8098 (A security vulnerability has been detected in code-projects Feedback S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-8097 (A security flaw has been discovered in CodeAstro Online Classroom 1.0. ...)
TODO: check
CVE-2026-8088 (A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The af ...)
@@ -65,19 +65,19 @@ CVE-2026-8087 (A security flaw has been discovered in OSGeo gdal up to 3.13.0dev
CVE-2026-8069 (PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege E ...)
TODO: check
CVE-2026-8034 (A server-side request forgery (SSRF) vulnerability was identified in t ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-7891 (The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta all ...)
TODO: check
CVE-2026-7541 (A denial of service vulnerability was identified in GitHub Enterprise ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-6737 (An Exposed IOCTL with Insufficient Access Control vulnerability in Asu ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-6736 (An authentication bypass vulnerability was identified in GitHub Enterp ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-6411 (This vulnerability, in the MAXHUB Pivot client application versions p ...)
TODO: check
CVE-2026-4935 (The OttoKit: All-in-One Automation Platform WordPress plugin before 1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-44916 (In OpenStack Ironic through 35.x, instance_info['ks_template'] is rend ...)
TODO: check
CVE-2026-44365
@@ -97,9 +97,9 @@ CVE-2026-43940 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/
CVE-2026-43510 (manage.get.gov is the .gov TLD registrar maintained by CISA. manage.ge ...)
TODO: check
CVE-2026-42880 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2026-42826 (Exposure of sensitive information to an unauthorized actor in Azure De ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42501 (A malicious module proxy can exploit a flaw in the go command's valida ...)
TODO: check
CVE-2026-42499 (Pathological inputs could cause DoS through consumePhrase when parsing ...)
@@ -143,7 +143,7 @@ CVE-2026-42203 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenA
CVE-2026-42150 (wlc is a Weblate command-line client using Weblate's REST API. Prior t ...)
TODO: check
CVE-2026-42047 (Inngest is a platform for running event-driven and scheduled backgroun ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-41929 (Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site ...)
TODO: check
CVE-2026-41928 (Vvveb before 1.0.8.2 contains an information disclosure vulnerability ...)
@@ -165,13 +165,13 @@ CVE-2026-41500 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/
CVE-2026-41498 (Kimai is an open-source time tracking application. Prior to version 2. ...)
TODO: check
CVE-2026-41105 (Server-side request forgery (ssrf) in Azure Notification Service allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40214 (In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API d ...)
TODO: check
CVE-2026-40213 (OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the ...)
TODO: check
CVE-2026-3508 (An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS Syste ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-39836 (The Dial and LookupPort functions panic on Windows when provided with ...)
TODO: check
CVE-2026-39826 (If a trusted template author were to write a <script> tag containing a ...)
@@ -187,31 +187,31 @@ CVE-2026-39819 (The "go bug" command writes to two files with predictable names
CVE-2026-39817 (The "go tool pack" subcommand (usually used only by the compiler as an ...)
TODO: check
CVE-2026-35435 (Improper access control in Azure AI Foundry M365 published agents allo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35428 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34327 (Externally controlled reference to a resource in another sphere in Mic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33844 (Improper input validation in Azure Managed Instance for Apache Cassand ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33823 (Improper authorization in Microsoft Teams allows an authorized attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33814 (When processing HTTP/2 SETTINGS frames, transport will enter an infini ...)
TODO: check
CVE-2026-33811 (When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...)
TODO: check
CVE-2026-33111 (Improper neutralization of special elements used in a command ('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33109 (Improper access control in Azure Managed Instance for Apache Cassandra ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32207 (Improper neutralization of input during web page generation ('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-2710
REJECTED
CVE-2026-26164 (Improper neutralization of special elements in output used by a downst ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-26129 (Improper neutralization of special elements in M365 Copilot allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-69691 (Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via p ...)
TODO: check
CVE-2025-69690 (Netgate pfSense CE 2.7.2 allows code execution by using the module ins ...)
@@ -245,7 +245,7 @@ CVE-2024-33288 (Prison Management System Using PHP v1.0 was discovered to contai
CVE-2024-30167 (/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow re ...)
TODO: check
CVE-2024-27686 (Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a r ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2023-47268 (In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6. ...)
TODO: check
CVE-2023-46453 (Certain GL.iNet devices with 4.x firmware allow authentication bypass ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb5878c5179c1bf52edf792e2fabeb31a4daaa1e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb5878c5179c1bf52edf792e2fabeb31a4daaa1e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/d6f32373/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list