[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 8 11:48:30 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
41e428e5 by Moritz Muehlenhoff at 2026-05-08T12:48:19+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -505,7 +505,7 @@ CVE-2025-68604 (Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL all
CVE-2025-68060 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-67202 (Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, ...)
- TODO: check
+ NOT-FOR-US: Sidekiq-cron
CVE-2025-66105 (Missing Authorization vulnerability in Magepeople inc. Bus Ticket Book ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-65122 (Regex Denial of Service in youtube-regex npm package through version 1 ...)
@@ -735,7 +735,7 @@ CVE-2026-41142 (OpenEXR provides the specification and reference implementation
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b8f127ca8e061d413f4066ebd123ca90466b06e8 (v3.4.11-rc)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/13e5099df7210927a36ee8ab5993ebca5ce82279 (v3.2.9-rc)
CVE-2026-41139 (Math.js is an extensive math library for JavaScript and Node.js. From ...)
- TODO: check
+ NOT-FOR-US: Math.js
CVE-2026-41004 (When enabling trace logging in Spring Cloud Config Server sensitive in ...)
TODO: check
CVE-2026-41002 (The base directory (`spring.cloud.config.server.git.basedir`) used by ...)
@@ -1381,7 +1381,7 @@ CVE-2026-23870 (A denial of service vulnerability could be triggered by sending
CVE-2026-21661 (Uncontrolled Search Path Element vulnerability in JohnsonControls AC20 ...)
NOT-FOR-US: Johnson Controls
CVE-2026-20219 (A vulnerability in the REST API of Cisco Slido could have allowed an a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20195 (A vulnerability in an identity management API endpoint of Cisco ISE co ...)
NOT-FOR-US: Cisco
CVE-2026-20193 (A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could ...)
@@ -2913,9 +2913,9 @@ CVE-2023-54346 (WordPress Plugin Backup Migration 1.2.8 contains an information
CVE-2023-54345 (Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerabilit ...)
NOT-FOR-US: Frappe Framework ERPNext
CVE-2023-54344 (Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code executio ...)
- TODO: check
+ NOT-FOR-US: Eclipse Equinox OSGi
CVE-2023-54342 (Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code e ...)
- TODO: check
+ NOT-FOR-US: Eclipse Equinox OSGi
CVE-2026-43073 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.19.14-1
[trixie] - linux 6.12.85-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41e428e58e084e3b642211e6766fe7170a0b295d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41e428e58e084e3b642211e6766fe7170a0b295d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/029b5bee/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list