[Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 22 20:52:56 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b6cdce59 by Salvatore Bonaccorso at 2026-05-22T21:52:34+02:00
Process some new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,23 +41,23 @@ CVE-2026-8684 (The MotoPress Hotel Booking plugin for WordPress is vulnerable to
CVE-2026-8679 (The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8673 (Unprotected transport of credentials vulnerability in syslink software ...)
- TODO: check
+ NOT-FOR-US: Avantra
CVE-2026-8672 (Use of default password vulnerability in syslink software AG Avantra o ...)
- TODO: check
+ NOT-FOR-US: Avantra
CVE-2026-8671 (Insertion of sensitive information into log file vulnerability in sysl ...)
- TODO: check
+ NOT-FOR-US: Avantra
CVE-2026-8670 (Insufficient session expiration vulnerability in syslink software AG A ...)
- TODO: check
+ NOT-FOR-US: Avantra
CVE-2026-8477 (Improper enforcement of the sealed-entry workflow in the entry sensiti ...)
NOT-FOR-US: Devolutions
CVE-2026-8381 (A broken access control vulnerability exists in the TeamViewer DEX Pla ...)
NOT-FOR-US: TeamViewer
CVE-2026-8353 (Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8347 (Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorizati ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8340 (Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::a ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7798 (The FluentCRM \u2013 Email Newsletter, Automation, Email Marketing, Em ...)
NOT-FOR-US: WordPress plugin
CVE-2026-7636 (The Slider by Soliloquy \u2013 Responsive Image Slider for WordPress p ...)
@@ -95,55 +95,55 @@ CVE-2026-44417 (The fix forCVE-2025-48913: Apache CXF: Untrusted JMS configurati
CVE-2026-42627 (In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::G ...)
TODO: check
CVE-2026-42626 (HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly ma ...)
- TODO: check
+ NOT-FOR-US: HP ENVY 5000 series printers
CVE-2026-42506 (Parsing arbitrary HTML which is then rendered using Render can result ...)
TODO: check
CVE-2026-42502 (Parsing arbitrary HTML which is then rendered using Render can result ...)
TODO: check
CVE-2026-40172 (authentik is an open-source identity provider. In versions prior to 20 ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-40166 (authentik is an open-source identity provider. In versions prior to 20 ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-3636 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-3473 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-39970 (TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39969 (TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the W ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39968 (TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the f ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39967 (TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the b ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39966 (TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTy ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39965 (TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39964 (TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Ty ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-39821 (The ToASCII and ToUnicode functions incorrectly accept Punycode-encode ...)
TODO: check
CVE-2026-37470 (An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2026-36228 (Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote ...)
- TODO: check
+ NOT-FOR-US: Easy Chat Server
CVE-2026-36227 (Directory Traversal vulnerability in Easy Chat Server 3.1 allows a rem ...)
- TODO: check
+ NOT-FOR-US: Easy Chat Server
CVE-2026-36226 (Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-20 ...)
NOT-FOR-US: Advantech
CVE-2026-34207 (TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF p ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-33712 (Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the p ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-32253 (Sunshine is a self-hosted game stream host for Moonlight. In versions ...)
- TODO: check
+ NOT-FOR-US: Sunshine
CVE-2026-28735 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
- mattermost-server <itp> (bug #823556)
CVE-2026-28445 (Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the R ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-28444 (Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the g ...)
- TODO: check
+ NOT-FOR-US: TypeBot
CVE-2026-27136 (Parsing arbitrary HTML which is then rendered using Render can result ...)
TODO: check
CVE-2026-25681 (Parsing arbitrary HTML which is then rendered using Render can result ...)
@@ -355,15 +355,15 @@ CVE-2026-39827 (An authenticated SSH client that repeatedly opened channels whic
NOTE: https://www.openwall.com/lists/oss-security/2026/05/22/6
NOTE: https://github.com/golang/go/issues/35127
CVE-2026-34911 (A malicious actor with access to the network and low privileges could ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-34910 (A malicious actor with access to the network could exploit an Improper ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-34909 (A malicious actor with access to the network could exploit a Path Trav ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-34908 (A malicious actor with access to the network could exploit an Improper ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-33000 (A malicious actor with access to the network and high privileges could ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-2518 (The FastX theme for WordPress is vulnerable to unauthorized limited pl ...)
NOT-FOR-US: WordPress plugin
CVE-2026-22678 (Webmin before 2.641 contains a stored cross-site scripting vulnerabili ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6cdce596b5537d8c520c6b513eacc5a58cb02b7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6cdce596b5537d8c520c6b513eacc5a58cb02b7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/9ddbd316/attachment.htm>
More information about the debian-security-tracker-commits
mailing list