[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 14 10:34:58 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f5ddcff7 by Salvatore Bonaccorso at 2026-05-14T11:34:33+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -105,7 +105,7 @@ CVE-2026-45229 (Quark Drive before 0.8.5 contains a mass assignment vulnerabilit
CVE-2026-45228 (Quark Drive before 0.8.5 contains a stored cross-site scripting vulner ...)
NOT-FOR-US: Quark Drive
CVE-2026-45158 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
- TODO: check
+ NOT-FOR-US: OPNsense
CVE-2026-45109 (Next.js is a React framework for building full-stack web applications. ...)
NOT-FOR-US: Next.js
CVE-2026-45055 (CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6 ...)
@@ -115,15 +115,15 @@ CVE-2026-45054 (CubeCart is an ecommerce software solution. Prior to 6.7.0, the
CVE-2026-45053 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authent ...)
NOT-FOR-US: CubeCart
CVE-2026-45033 (GitHub Copilot CLI brings AI-powered coding assistance directly to you ...)
- TODO: check
+ NOT-FOR-US: GitHub Copilot CLI
CVE-2026-45028 (Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM ...)
NOT-FOR-US: Astro
CVE-2026-44919 (In OpenStack Ironic through 35.x before a3f6d73, during image handling ...)
TODO: check
CVE-2026-44665 (fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input d ...)
- TODO: check
+ NOT-FOR-US: fast-xml-builder
CVE-2026-44664 (fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026- ...)
- TODO: check
+ NOT-FOR-US: fast-xml-builder
CVE-2026-44582 (Next.js is a React framework for building full-stack web applications. ...)
NOT-FOR-US: Next.js
CVE-2026-44581 (Next.js is a React framework for building full-stack web applications. ...)
@@ -147,15 +147,15 @@ CVE-2026-44573 (Next.js is a React framework for building full-stack web applica
CVE-2026-44572 (Next.js is a React framework for building full-stack web applications. ...)
NOT-FOR-US: Next.js
CVE-2026-44479 (Vercel\u2019s AI Cloud is a unified platform for building modern appli ...)
- TODO: check
+ NOT-FOR-US: Vercel
CVE-2026-44478 (hoppscotch is an open source API development ecosystem. The fix for CV ...)
- TODO: check
+ NOT-FOR-US: hoppscotch
CVE-2026-44471 (gitoxide is an implementation of git written in Rust. Prior to 0.21.1, ...)
TODO: check
CVE-2026-44470 (The Claude Desktop app gives you Claude Code with a graphical interfac ...)
- TODO: check
+ NOT-FOR-US: Claude Desktop app
CVE-2026-44467 (The Claude Desktop app gives you Claude Code with a graphical interfac ...)
- TODO: check
+ NOT-FOR-US: Claude Desktop app
CVE-2026-44459 (Hono is a Web application framework that provides support for any Java ...)
NOT-FOR-US: Hono
CVE-2026-44458 (Hono is a Web application framework that provides support for any Java ...)
@@ -189,13 +189,13 @@ CVE-2026-44432 (urllib3 is an HTTP client library for Python. From 2.6.0 to befo
CVE-2026-44431 (urllib3 is an HTTP client library for Python. From 1.23 to before 2.7. ...)
TODO: check
CVE-2026-44426 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/names ...)
- TODO: check
+ NOT-FOR-US: ShellHub
CVE-2026-44425 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device lis ...)
- TODO: check
+ NOT-FOR-US: ShellHub
CVE-2026-44424 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devic ...)
- TODO: check
+ NOT-FOR-US: ShellHub
CVE-2026-44423 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessi ...)
- TODO: check
+ NOT-FOR-US: ShellHub
CVE-2026-44418 (EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlie ...)
NOT-FOR-US: EcclesiaCRM
CVE-2026-44381 (MISP is an open source threat intelligence and sharing platform. Prior ...)
@@ -209,19 +209,19 @@ CVE-2026-44377 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an A
CVE-2026-44376 (CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthe ...)
NOT-FOR-US: CubeCart
CVE-2026-44373 (Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, a ...)
- TODO: check
+ NOT-FOR-US: Nitro
CVE-2026-44372 (Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, a ...)
- TODO: check
+ NOT-FOR-US: Nitro
CVE-2026-44369 (CVAT is an open source interactive video and image annotation tool for ...)
- TODO: check
+ NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
CVE-2026-44368 (PyQuorum is a cryptographic library for secret sharing and key managem ...)
- TODO: check
+ NOT-FOR-US: PyQuorum
CVE-2026-44364 (MISP modules are autonomous modules that can be used to extend MISP fo ...)
NOT-FOR-US: MISP
CVE-2026-44363 (MISP modules are autonomous modules that can be used to extend MISP fo ...)
NOT-FOR-US: MISP
CVE-2026-44351 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6 ...)
- TODO: check
+ NOT-FOR-US: fast-jwt
CVE-2026-44295 (protobufjs-cli is the command line add-on for protobuf.js. Prior to 1. ...)
- node-protobufjs <itp> (bug #977564)
CVE-2026-44294 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
@@ -241,47 +241,47 @@ CVE-2026-44288 (protobufjs compiles protobuf definitions into JavaScript (JS) fu
CVE-2026-44248 (Netty is an asynchronous, event-driven network application framework. ...)
TODO: check
CVE-2026-44195 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
- TODO: check
+ NOT-FOR-US: OPNsense
CVE-2026-44194 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
- TODO: check
+ NOT-FOR-US: OPNsense
CVE-2026-44193 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
- TODO: check
+ NOT-FOR-US: OPNsense
CVE-2026-44009 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This v ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-44008 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-44007 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-44006 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is p ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-44005 (vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-44004 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandbox ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-44003 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's c ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-44002 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's C ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-44001 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandb ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-44000 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandb ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-43999 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM' ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-43998 (vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's requ ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-43997 (vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is p ...)
- TODO: check
+ NOT-FOR-US: Node.js vm2
CVE-2026-43970 (Improper Handling of Highly Compressed Data (Data Amplification) vulne ...)
TODO: check
CVE-2026-42961 (ELECOM wireless LAN access point devices implement CSRF protection mec ...)
- TODO: check
+ NOT-FOR-US: ELECOM wireless LAN access point devices
CVE-2026-42950 (ELECOM wireless LAN access point devices do not check if language para ...)
- TODO: check
+ NOT-FOR-US: ELECOM wireless LAN access point devices
CVE-2026-42948 (Stored cross-site scripting vulnerability exists in ELECOM wireless LA ...)
- TODO: check
+ NOT-FOR-US: ELECOM
CVE-2026-42937 (Incorrect permission assignment vulnerabilities exist in BIG-IP and BI ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42930 (When running in Appliance mode, an authenticated attacker assigned the ...)
NOT-FOR-US: F5
CVE-2026-42924 (An authenticated attacker with the Resource Administrator or Administr ...)
@@ -293,7 +293,7 @@ CVE-2026-42919 (A vulnerability exists in BIG-IP systems that may allow an authe
CVE-2026-42781 (When embedded Packet Velocity Acceleration (ePVA) acceleration is conf ...)
NOT-FOR-US: F5
CVE-2026-42780 (A directory traversal vulnerability exists in BIG-IP SSL Orchestrator ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42602 (azureauthextension is the Azure Authenticator Extension. From 0.124.0 ...)
TODO: check
CVE-2026-42587 (Netty is an asynchronous, event-driven network application framework. ...)
@@ -931,7 +931,7 @@ CVE-2026-44305 (Lemur manages TLS certificate creation. Prior to 1.9.0, when LDA
CVE-2026-44304 (Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP a ...)
- lemur <itp> (bug #809533)
CVE-2026-44302 (Snappier is a high performance C# implementation of the Snappy compres ...)
- TODO: check
+ NOT-FOR-US: Snappier
CVE-2026-44301 (Hugo is a static site generator. From 0.43 to before 0.161.0, when bui ...)
- hugo 0.161.0-1
NOTE: https://github.com/gohugoio/hugo/security/advisories/GHSA-x597-9fr4-5857
@@ -940,7 +940,7 @@ CVE-2026-44296 (Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.16
NOTE: https://github.com/deskflow/deskflow/security/advisories/GHSA-3mxm-cgh2-6448
NOTE: https://github.com/deskflow/deskflow/commit/329783490bd16774ba903b84212467d20d76bfba
CVE-2026-44262 (Scramble generates API documentation for Laravel project. From 0.13.2 ...)
- TODO: check
+ NOT-FOR-US: Scramble
CVE-2026-44260 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the read ...)
NOT-FOR-US: efw4.X
CVE-2026-44259 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the prev ...)
@@ -950,7 +950,7 @@ CVE-2026-44258 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, th
CVE-2026-44257 (efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file ...)
NOT-FOR-US: efw4.X
CVE-2026-44246 (nnU-Net is a semantic segmentation framework that automatically adapts ...)
- TODO: check
+ NOT-FOR-US: nnU-Net
CVE-2026-44245 (Kyverno is a policy engine designed for cloud native platform engineer ...)
NOT-FOR-US: Kyverno
CVE-2026-44242 (Micronaut Framework is a JVM-based full stack Java framework designed ...)
@@ -960,11 +960,11 @@ CVE-2026-44241 (Micronaut Framework is a JVM-based full stack Java framework des
CVE-2026-44240 (basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is v ...)
TODO: check
CVE-2026-44232 (DSSRF is a Node.js library that provides a wide range of utilities and ...)
- TODO: check
+ NOT-FOR-US: DSSRF
CVE-2026-44225 (Pulpy is a lightweight, cross-platform desktop application packager fo ...)
- TODO: check
+ NOT-FOR-US: Pulpy
CVE-2026-44224 (Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, ...)
- TODO: check
+ NOT-FOR-US: Wiki.js
CVE-2026-44223 (vLLM is an inference and serving engine for large language models (LLM ...)
- vllm <itp> (bug #1095237)
CVE-2026-44222 (vLLM is an inference and serving engine for large language models (LLM ...)
@@ -972,17 +972,17 @@ CVE-2026-44222 (vLLM is an inference and serving engine for large language model
CVE-2026-44221 (ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users an ...)
NOT-FOR-US: ArcadeDB
CVE-2026-44220 (ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 t ...)
- TODO: check
+ NOT-FOR-US: ciguard
CVE-2026-44219 (ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 t ...)
- TODO: check
+ NOT-FOR-US: ciguard
CVE-2026-44218 (ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 t ...)
- TODO: check
+ NOT-FOR-US: ciguard
CVE-2026-44217 (sse-channel is an SSE-implementation which can be used to any node.js ...)
- TODO: check
+ NOT-FOR-US: sse-channel
CVE-2026-44215 (NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...)
NOT-FOR-US: NanaZip
CVE-2026-44015 (Nginx UI is a web user interface for the Nginx web server. In 2.3.4 an ...)
- TODO: check
+ NOT-FOR-US: Nginx UI
CVE-2026-44012 (Craft CMS is a content management system (CMS). From 5.0.0-RC1 to befo ...)
NOT-FOR-US: Craft CMS
CVE-2026-44011 (Craft CMS is a content management system (CMS). From 4.0.0 to before 4 ...)
@@ -990,19 +990,19 @@ CVE-2026-44011 (Craft CMS is a content management system (CMS). From 4.0.0 to be
CVE-2026-44010 (Craft CMS is a content management system (CMS). From 4.0.0 to before 4 ...)
NOT-FOR-US: Craft CMS
CVE-2026-43948 (wger is a free, open-source workout and fitness manager. Prior to 2.6, ...)
- TODO: check
+ NOT-FOR-US: wger
CVE-2026-43685 (A Remote Code Execution vulnerability in Claris FileMaker Cloud allowe ...)
NOT-FOR-US: Apple
CVE-2026-43680 (A Remote Code Execution vulnerability in Claris FileMaker Cloud allowe ...)
NOT-FOR-US: Apple
CVE-2026-42889 (Relay adds real-time collaboration to Obsidian. Relay Server versions ...)
- TODO: check
+ NOT-FOR-US: Relay for Obsidian
CVE-2026-42855 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...)
- TODO: check
+ NOT-FOR-US: arduino-esp32
CVE-2026-42854 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...)
- TODO: check
+ NOT-FOR-US: arduino-esp32
CVE-2026-42844 (Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privile ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-42545 (Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2 ...)
TODO: check
CVE-2026-42544 (Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2 ...)
@@ -1340,7 +1340,7 @@ CVE-2026-44278 (A use of hard-coded cryptographic key vulnerability in Fortinet
CVE-2026-44277 (A improper access control vulnerability in Fortinet FortiAuthenticator ...)
NOT-FOR-US: Fortinet
CVE-2026-44204 (Shelf is a platform for tracking physical assets. From 1.12 to before ...)
- TODO: check
+ NOT-FOR-US: Shelf
CVE-2026-44196 (Pingvin Share X is a secure and easy self-hosted file sharing platform ...)
NOT-FOR-US: Pingvin Share X
CVE-2026-44184 (Cleanuparr is a tool for automating the cleanup of unwanted or blocked ...)
@@ -1348,35 +1348,35 @@ CVE-2026-44184 (Cleanuparr is a tool for automating the cleanup of unwanted or b
CVE-2026-44183 (Cleanuparr is a tool for automating the cleanup of unwanted or blocked ...)
NOT-FOR-US: Cleanuparr
CVE-2026-44166 (Pocketbase is an open source web backend written in go. Prior to 0.22. ...)
- TODO: check
+ NOT-FOR-US: Pocketbase
CVE-2026-43993 (JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...)
- TODO: check
+ NOT-FOR-US: JunoClaw
CVE-2026-43992 (JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...)
- TODO: check
+ NOT-FOR-US: JunoClaw
CVE-2026-43991 (JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...)
- TODO: check
+ NOT-FOR-US: JunoClaw
CVE-2026-43990 (JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...)
- TODO: check
+ NOT-FOR-US: JunoClaw
CVE-2026-43989 (JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...)
- TODO: check
+ NOT-FOR-US: JunoClaw
CVE-2026-43983 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
- TODO: check
+ NOT-FOR-US: Pocket ID OIDC provider
CVE-2026-43939 (YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 an ...)
- TODO: check
+ NOT-FOR-US: YetAnotherForum.NET (YAF.NET)
CVE-2026-43938 (YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 an ...)
- TODO: check
+ NOT-FOR-US: YetAnotherForum.NET (YAF.NET)
CVE-2026-43937 (YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, A ...)
- TODO: check
+ NOT-FOR-US: YetAnotherForum.NET (YAF.NET)
CVE-2026-43930 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-43929 (ssrfcheck is a library that checks if a string contains a potential SS ...)
- TODO: check
+ NOT-FOR-US: ssrfcheck
CVE-2026-43916 (pam_authnft is a PAM session module binding nftables firewall rules to ...)
- TODO: check
+ NOT-FOR-US: pam_authnft
CVE-2026-43892 (AntSword is a cross-platform website management toolkit. Prior to 2.1. ...)
- TODO: check
+ NOT-FOR-US: AntSword
CVE-2026-43891 (changedetection.io is a free open source web page change detection too ...)
- TODO: check
+ NOT-FOR-US: changedetection.io
CVE-2026-43515 (Improper Authorization vulnerability when multiple method constraints ...)
- tomcat11 11.0.22-1
- tomcat10 <unfixed>
@@ -2078,51 +2078,51 @@ CVE-2026-43912 (Vaultwarden is a Bitwarden-compatible server written in Rust. Pr
CVE-2026-43911 (Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to ...)
- vaultwarden <itp> (bug #1067023)
CVE-2026-43901 (Wireshark MCP is an MCP Server that turns tshark into a structured ana ...)
- TODO: check
+ NOT-FOR-US: Wireshark MCP is an MCP Server
CVE-2026-43900 (DeepChat is an open-source artificial intelligence agent platform that ...)
NOT-FOR-US: DeepChat
CVE-2026-43899 (DeepChat is an open-source artificial intelligence agent platform that ...)
NOT-FOR-US: DeepChat
CVE-2026-43897 (Link Preview JS extracts web links information. Prior to 4.0.1, the li ...)
- TODO: check
+ NOT-FOR-US: Node link-preview-js
CVE-2026-43893 (exiftool-vendored provides cross-platform Node.js access to ExifTool. ...)
- TODO: check
+ NOT-FOR-US: exiftool-vendored
CVE-2026-43890 (Outline is a service that allows for collaborative documentation. From ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2026-43889 (Outline is a service that allows for collaborative documentation. Prio ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2026-43888 (Outline is a service that allows for collaborative documentation. Prio ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2026-43887 (Outline is a service that allows for collaborative documentation. From ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2026-43886 (Outline is a service that allows for collaborative documentation. From ...)
- TODO: check
+ NOT-FOR-US: Outline
CVE-2026-43885 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43884 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43883 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43882 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43881 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43880 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43879 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43878 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43877 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43876 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43875 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43874 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43873 (WWBN AVideo is an open source video platform. In versions up to and in ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-43668 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2026-43666 (An out-of-bounds write issue was addressed with improved bounds checki ...)
@@ -2146,25 +2146,25 @@ CVE-2026-43653 (The issue was addressed with improved memory handling. This issu
CVE-2026-43652 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2026-42888 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
- TODO: check
+ NOT-FOR-US: Audiobookshelf
CVE-2026-42887 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
- TODO: check
+ NOT-FOR-US: Audiobookshelf
CVE-2026-42886 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
- TODO: check
+ NOT-FOR-US: Audiobookshelf
CVE-2026-42885 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
- TODO: check
+ NOT-FOR-US: Audiobookshelf
CVE-2026-42884 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
- TODO: check
+ NOT-FOR-US: Audiobookshelf
CVE-2026-42883 (Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...)
- TODO: check
+ NOT-FOR-US: Audiobookshelf
CVE-2026-42882 (oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, ...)
- TODO: check
+ NOT-FOR-US: oxyno-zeta/s3-proxy
CVE-2026-42876 (External Secrets Operator reads information from a third-party service ...)
- TODO: check
+ NOT-FOR-US: External Secrets Operator
CVE-2026-42875 (External Secrets Operator reads information from a third-party service ...)
- TODO: check
+ NOT-FOR-US: External Secrets Operator
CVE-2026-42874 (Microdot is a minimalistic Python web framework. Prior to 2.6.1, the R ...)
- TODO: check
+ NOT-FOR-US: Microdot
CVE-2026-42873 (WeGIA is a web manager for charitable institutions. In versions prior ...)
NOT-FOR-US: WeGIA
CVE-2026-42872 (WeGIA is a web manager for charitable institutions. In versions prior ...)
@@ -2172,7 +2172,7 @@ CVE-2026-42872 (WeGIA is a web manager for charitable institutions. In versions
CVE-2026-42870 (WeGIA is a web manager for charitable institutions. In versions prior ...)
NOT-FOR-US: WeGIA
CVE-2026-42869 (SOCFortress CoPilot focuses on providing a single pane of glass for al ...)
- TODO: check
+ NOT-FOR-US: SOCFortress CoPilot
CVE-2026-42600 (MinIO is a high-performance object storage system. From RELEASE.2022-0 ...)
TODO: check
CVE-2026-42565 (@workos/authkit-session is a toolkit for building WorkOS AuthKit frame ...)
@@ -2559,7 +2559,7 @@ CVE-2026-43894 (jq is a command-line JSON processor. In 1.8.1 and earlier, when
- jq <unfixed> (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-5v7p-2r57-2g4g
CVE-2026-43826 (The OpenSearch logging provider, when configured with a `host` URL tha ...)
- TODO: check
+ NOT-FOR-US: OpenSearch logging provider for Airflow
CVE-2026-43640 (Bitwarden Server prior to v2026.4.1 does not require master-password r ...)
NOT-FOR-US: Bitwarden
CVE-2026-43639 (Bitwarden Server prior to v2026.4.0 contains a missing authorization v ...)
@@ -2569,13 +2569,13 @@ CVE-2026-43638 (Bitwarden Server prior to v2026.4.1 contains a missing authoriza
CVE-2026-42871 (WeGIA is a web manager for charitable institutions. In versions prior ...)
NOT-FOR-US: WeGIA
CVE-2026-42866 (Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix ...)
- TODO: check
+ NOT-FOR-US: Tookie
CVE-2026-42865 (Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the ...)
NOT-FOR-US: Inbox Zero
CVE-2026-42864 (FireFighter is an incident management application. Prior to 0.0.54, th ...)
NOT-FOR-US: FireFighter
CVE-2026-42860 (The Open edx Enterprise Service app provides enterprise features to th ...)
- TODO: check
+ NOT-FOR-US: Open edx Enterprise Service app
CVE-2026-42859 (Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication ...)
TODO: check
CVE-2026-42858 (Open edX Platform enables the authoring and delivery of online learnin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5ddcff78f1ccc9be79c696b1a3138306885d658
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5ddcff78f1ccc9be79c696b1a3138306885d658
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/d6850885/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list