[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun May 17 12:19:34 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
40897bc8 by Moritz Muehlenhoff at 2026-05-17T13:18:15+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2021-47980 (Fuel CMS 1.4.13 contains a blind SQL injection vulnerability tha
CVE-2021-47979 (WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file d ...)
NOT-FOR-US: WordPress plugin
CVE-2021-47978 (ProcessMaker 3.5.4 contains a local file inclusion vulnerability that ...)
- TODO: check
+ NOT-FOR-US: ProcessMaker
CVE-2021-47977 (WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-47976 (TextPattern CMS 4.9.0-dev contains a remote code execution vulnerabili ...)
@@ -15,73 +15,73 @@ CVE-2021-47976 (TextPattern CMS 4.9.0-dev contains a remote code execution vulne
CVE-2021-47975 (WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerab ...)
NOT-FOR-US: WordPress plugin
CVE-2021-47974 (VX Search 13.5.28 contains an unquoted service path vulnerability in b ...)
- TODO: check
+ NOT-FOR-US: VX Search
CVE-2021-47973 (Sticky Notes Widget 3.0.6 contains a denial of service vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Sticky Notes
CVE-2021-47972 (Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulner ...)
- TODO: check
+ NOT-FOR-US: Sticky Notes
CVE-2021-47971 (My Notes Safe 5.3 contains a denial of service vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: My Notes
CVE-2021-47970 (Macaron Notes 5.5 contains a denial of service vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: Macaron Notes
CVE-2021-47969 (Color Notes 1.4 contains a denial of service vulnerability that allows ...)
- TODO: check
+ NOT-FOR-US: Color Notes
CVE-2021-47957 (Cookie Law Bar 1.2.1 contains a stored cross-site scripting vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Cookie Law Bar
CVE-2021-47956 (EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that ...)
- TODO: check
+ NOT-FOR-US: EgavilanMedia PHPCRUD
CVE-2021-47955 (CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allo ...)
- TODO: check
+ NOT-FOR-US: CouchCMS
CVE-2021-47954 (LayerBB 1.1.4 contains an SQL injection vulnerability that allows unau ...)
- TODO: check
+ NOT-FOR-US: LayerBB
CVE-2021-47952 (python jsonpickle 2.0.0 contains a remote code execution vulnerability ...)
TODO: check
CVE-2021-47942 (Home Assistant Community Store (HACS) 1.10.0 contains a path traversal ...)
- TODO: check
+ NOT-FOR-US: Home Assistant Community Store (HACS)
CVE-2021-47934 (MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities ...)
NOT-FOR-US: MyBB
CVE-2020-37247 (Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Kite
CVE-2020-37246 (Supsystic Backup 2.3.9 contains a local file inclusion vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Supsystic
CVE-2020-37245 (Supsystic Digital Publications 1.6.9 contains a path traversal vulnera ...)
- TODO: check
+ NOT-FOR-US: Supsystic
CVE-2020-37244 (Supsystic Membership 1.4.7 contains an SQL injection vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Supsystic
CVE-2020-37243 (Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Supsystic
CVE-2020-37242 (Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Supsystic
CVE-2020-37241 (bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability ...)
- TODO: check
+ NOT-FOR-US: bloofoxCMS
CVE-2020-37240 (Queue Management System 4.0.0 contains a stored cross-site scripting v ...)
- TODO: check
+ NOT-FOR-US: Queue Management System
CVE-2020-37239 (libbabl 0.1.62 contains a broken double free detection vulnerability t ...)
TODO: check
CVE-2020-37238 (CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerab ...)
- TODO: check
+ NOT-FOR-US: CMS Made Simple
CVE-2020-37237 (Composr CMS 10.0.34 contains a persistent cross-site scripting vulnera ...)
- TODO: check
+ NOT-FOR-US: Composr CMS
CVE-2020-37236 (NewsLister contains an authenticated persistent cross-site scripting v ...)
- TODO: check
+ NOT-FOR-US: NewsLister
CVE-2020-37235 (WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vul ...)
- TODO: check
+ NOT-FOR-US: WordPress theme or plugin
CVE-2020-37234 (Internet Download Manager 6.38.12 contains a buffer overflow vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Internet Download Manager
CVE-2020-37233 (WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scr ...)
- TODO: check
+ NOT-FOR-US: WordPress theme or plugin
CVE-2020-37232 (Advanced System Care Service 13.0.0.157 contains an unquoted service p ...)
- TODO: check
+ NOT-FOR-US: Advanced System Care Service
CVE-2020-37231 (Privacy Drive 3.17.0 contains an unquoted service path vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Privacy Drive
CVE-2020-37230 (Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerab ...)
- TODO: check
+ NOT-FOR-US: Syncplify.me
CVE-2020-37229 (OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnera ...)
- TODO: check
+ NOT-FOR-US: OKI sPSV Port Manager
CVE-2020-37228 (iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security byp ...)
- TODO: check
+ NOT-FOR-US: DS6 DSSPro Digital Signage System
CVE-2020-37227 (HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerab ...)
- TODO: check
+ NOT-FOR-US: HS Brand Logo Slider
CVE-2026-46719 (Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric inject ...)
NOT-FOR-US: Net::Statsd::Lite Perl module
CVE-2026-8696 (radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids ...)
@@ -419,29 +419,29 @@ CVE-2026-34253 (A buffer underflow vulnerability has been identified in the ogg1
CVE-2026-2031 (An Improper Access Controlvulnerability inseveral internal API endpoin ...)
TODO: check
CVE-2026-23695 (Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contain ...)
- TODO: check
+ NOT-FOR-US: Cockpit CMS
CVE-2025-67437 (Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is ...)
- TODO: check
+ NOT-FOR-US: Medical Management System
CVE-2025-14972 (* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devic ...)
NOT-FOR-US: Silicon Labs
CVE-2021-47968 (Podcast Generator 3.1 contains a persistent cross-site scripting vulne ...)
- TODO: check
+ NOT-FOR-US: Podcast Generator
CVE-2021-47967 (PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: PHP Timeclock
CVE-2021-47966 (PHP Timeclock 1.04 contains time-based and boolean-based blind SQL inj ...)
- TODO: check
+ NOT-FOR-US: PHP Timeclock
CVE-2021-47965 (WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestric ...)
- TODO: check
+ NOT-FOR-US: WordPress theme or plugin
CVE-2021-47964 (Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Schlix CMS
CVE-2021-47963 (Anote 1.0 contains a persistent cross-site scripting vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: Anote
CVE-2021-47962 (Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Savsoft Quiz
CVE-2021-47959 (WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress theme or plugin
CVE-2021-47958 (CouchCMS 2.2.1 contains a server-side request forgery vulnerability th ...)
- TODO: check
+ NOT-FOR-US: Couch CMS
CVE-2026-8454 (Imager::File::GIF versions through 1.002 for Perl allow a heap out of ...)
NOT-FOR-US: Imager::File::GIF Perl module
NOTE: Imager::File::GIF used in libimager-perl and has separate CVE-2026-8669
@@ -577,17 +577,17 @@ CVE-2026-3290 (Timing limitations of the HRNG in RS9116 when power save mode is
CVE-2026-2652 (A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows una ...)
NOT-FOR-US: mlflow
CVE-2026-28761 (Cross-site request forgery vulnerability exists in Musetheque V4 Infor ...)
- TODO: check
+ NOT-FOR-US: Musetheque
CVE-2026-26191 (Fleet is open source device management software. Prior to version 4.81 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-26062 (Fleet is open source device management software. Prior to version 4.81 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-24899 (Fleet is open source device management software. Prior to version 4.82 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-24662 (Cross-site scripting vulnerability exists in Musetheque V4 Information ...)
- TODO: check
+ NOT-FOR-US: Musetheque
CVE-2026-24000 (Fleet is open source device management software. Prior to version 4.80 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-0481 (Unrestricted IP address binding in the AMD Device Metrics Exporter (RO ...)
TODO: check
CVE-2026-0438 (A System Management Mode (SMM) handler could perform a callout to code ...)
@@ -1289,7 +1289,7 @@ CVE-2026-42555 (Valtimo is an open-source business process automation platform.
CVE-2026-42457 (vCluster Platform provides a Kubernetes platform for managing virtual ...)
NOT-FOR-US: vCluster Platform
CVE-2026-42334 (Mongoose is a MongoDB object modeling tool designed to work in an asyn ...)
- TODO: check
+ NOT-FOR-US: Automattic Mongoose (different from src:mongoose)
CVE-2026-42283 (DevSpace is a client-only developer tool for cloud-native development ...)
NOT-FOR-US: DevSpace
CVE-2026-42281 (MagicMirror\xb2 is an open source modular smart mirror platform. Prior ...)
@@ -1319,7 +1319,7 @@ CVE-2026-38740 (Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to C
CVE-2026-2347 (Authorization bypass through User-Controlled key vulnerability in Akil ...)
TODO: check
CVE-2026-27886 (Strapi is an open source headless content management system. Strapi ve ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2026-27680 (Due to improper input handling under certain conditions, SAP NetWeaver ...)
NOT-FOR-US: SAP
CVE-2026-24712 (Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, ...)
@@ -1329,13 +1329,13 @@ CVE-2026-24711 (Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.2
CVE-2026-24710 (Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 al ...)
TODO: check
CVE-2026-23998 (Fleet is open source device management software. Prior to version 4.81 ...)
- TODO: check
+ NOT-FOR-US: Fleet
CVE-2026-22707 (Strapi is an open source headless content management system. In Strapi ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2026-22706 (Strapi is an open source headless content management system. In Strapi ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2026-22599 (Strapi is an open source headless content management system. In versio ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2026-21730 (Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability ...)
TODO: check
CVE-2026-20224 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, former ...)
@@ -1355,7 +1355,7 @@ CVE-2025-68421 (Comarch ERP Optima client makes use of a hard-coded password for
CVE-2025-68420 (ComarchERP Optima client connects to a database using a high privilege ...)
TODO: check
CVE-2025-64526 (Strapi is an open source headless content management system. In Strapi ...)
- TODO: check
+ NOT-FOR-US: Strapi
CVE-2025-62628 (Unsafe OpenSSL initialization within some AMD optional tools may allow ...)
TODO: check
CVE-2025-62625 (Improper privilege management in the KVM key download component could ...)
@@ -1381,13 +1381,13 @@ CVE-2025-62308 (HCL AION is affected by a vulnerability where sensitive backend
CVE-2025-62305 (HCL AION is affected by a vulnerability where certain operations may t ...)
NOT-FOR-US: HCL
CVE-2025-15025 (Authorization bypass through User-Controlled key vulnerability in Yord ...)
- TODO: check
+ NOT-FOR-US: Yordam
CVE-2025-15024 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Yordam
CVE-2025-15023 (Incorrect Authorization vulnerability in Yordam Information Technology ...)
- TODO: check
+ NOT-FOR-US: Yordam
CVE-2025-12008 (Authorization bypass through User-Controlled key vulnerability in APPY ...)
- TODO: check
+ NOT-FOR-US: Yaay Social Media App
CVE-2025-11024 (Improper neutralization of special elements used in an SQL command ('S ...)
TODO: check
CVE-2026-6479 (Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40897bc864840e057ffffa8718f1da6a4373a690
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40897bc864840e057ffffa8718f1da6a4373a690
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260517/fab2fd75/attachment.htm>
More information about the debian-security-tracker-commits
mailing list