[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 26 20:13:37 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a1c51d46 by security tracker role at 2026-05-26T19:13:31+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2026-9566 (A vulnerability was identified in teableio teable up to 1.9.x. Th
CVE-2026-9565 (A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. Th ...)
TODO: check
CVE-2026-9564 (A vulnerability was found in SourceCodester/oretnom23 Hospitals Patien ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-9562 (A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM ...)
TODO: check
CVE-2026-9560 (Privilege escalation via background service of OpenVPN Connect 3.5.1 t ...)
@@ -23,81 +23,81 @@ CVE-2026-9550 (A vulnerability was determined in Acrel Electrical EEMS Enterpris
CVE-2026-9544 (A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Gr ...)
TODO: check
CVE-2026-9543 (A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-9542 (A weakness has been identified in CodeAstro Leave Management System 1. ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-9541 (A security flaw has been discovered in Squirrel up to 3.2. Impacted is ...)
TODO: check
CVE-2026-9540 (A vulnerability was identified in vllm-project vllm 0.19.0. This issue ...)
TODO: check
CVE-2026-9170 (IBM Web Server Plug-ins for WebSphere Application Server and WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8890 (code100x contains an authentication bypass vulnerability in the Mobile ...)
TODO: check
CVE-2026-8856 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in con ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8855 (IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8854 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8852 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8850 (IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8835 (IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer derefere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8834 (IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8633 (IBM Web Server Plug-ins for WebSphere Application Server and WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8620 (IBM Web Server Plug-ins for WebSphere Application Server and WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8479 (IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2026-8174 (Zohocorp Zoho Mail wordpress plugin is vulnerable toCross-Site request ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2026-8047 (The affected products perform improper length checking when parsing in ...)
TODO: check
CVE-2026-8046 (The affected products insufficiently verify authorization when deletin ...)
TODO: check
CVE-2026-7454 (A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-7453 (A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-7452 (A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-7451 (A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-7450 (A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-7374 (A flaw was found in KubeVirt's virt-handler component. This vulnerabil ...)
TODO: check
CVE-2026-7310 (A heap-based buffer overflow vulnerability exists in XML parser functi ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2026-7251 (Eppendorf BioFlo 320is vulnerable to due to VNC server using a hard-co ...)
TODO: check
CVE-2026-4051 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-48905 (Lack of input filtering leads to an XSS vector in the HTML filter code ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48904 (An improper access check allows privelege escalation through the com_u ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48903 (Inadequate content filtering within the checkAttribute methods leads t ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48902 (The password and username reset features created plain http links for ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48901 (The InputFilter::getInstance() method omitted a security sensitive par ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48900 (An improper access check allowed low privileged users to edit the task ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48899 (An improper access check allows privilege escalation through the com_u ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48898 (An improper access check allows privilege escalation through the com_u ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48897 (Insufficient state checks lead to a vector that allows to bypass 2FA c ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48896 (Insufficient state checks lead to a vector that allows to bypass 2FA c ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48864 (A flaw was found in libsolv. This heap buffer overflow occurs during t ...)
TODO: check
CVE-2026-48697 (FastNetMon Community Edition through 1.2.9 does not verify TLS certifi ...)
@@ -105,7 +105,7 @@ CVE-2026-48697 (FastNetMon Community Edition through 1.2.9 does not verify TLS c
CVE-2026-48696 (FastNetMon Community Edition through 1.2.9 has a buffer overflow, a di ...)
TODO: check
CVE-2026-48695 (FastNetMon Community Edition through 1.2.9 contains an OS command inje ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2026-48694 (FastNetMon Community Edition through 1.2.9 contains a configuration in ...)
TODO: check
CVE-2026-48693 (FastNetMon Community Edition through 1.2.9 is vulnerable to a local sy ...)
@@ -177,7 +177,7 @@ CVE-2026-44776 (Kavita is a cross platform reading server. Prior to 0.9.0, the d
CVE-2026-44775 (Kavita is a cross platform reading server. Prior to 0.9.0, the ReaderC ...)
TODO: check
CVE-2026-44749 (The SAP Gateway allows attackers to inject content into error messages ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44730 (OpenCTI is an open source platform for managing cyber threat intellige ...)
TODO: check
CVE-2026-44729 (Twenty is an open source CRM. In 1.18.0 and earlier, the file serving ...)
@@ -205,7 +205,7 @@ CVE-2026-44469 (The affected product extracts installation files to a temporary
CVE-2026-44468 (The affected product creates a directory with insecure default permiss ...)
TODO: check
CVE-2026-44410 (This vulnerability stems from a business logic flaw.Attackers can expl ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-44314 (Traccar is an open source GPS tracking system. Prior to 6.13.0, Device ...)
TODO: check
CVE-2026-43982 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.6 ...)
@@ -237,45 +237,45 @@ CVE-2026-41164 (nuts-node is the reference implementation of the Nuts specificat
CVE-2026-40564 (Files or Directories Accessible to External Parties, Server-Side Reque ...)
TODO: check
CVE-2026-40384 (An improper validation of the search parameter of the com_media files ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-40383 (An improper validation of user-supplied input leads to a local file in ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-40034 (gix-submodule before 0.82.0 incorrectly validates the update field in ...)
TODO: check
CVE-2026-40033 (FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in ...)
TODO: check
CVE-2026-3660 (IBM Engineering Lifecycle Management 7.0.3 ( through ) Interim Fix 021 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3603 (IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Int ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-39661 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39655 (Missing Authorization vulnerability in TeconceTheme Mayosis Core allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39642 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-38587 (An Insecure Direct Object Reference (IDOR) vulnerability was discovere ...)
TODO: check
CVE-2026-35223 (An improper access check allows unauthorized access to com_config webs ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-35222 (Improperly validated order clauses lead to a SQL injection vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-35221 (Improperly built filter clauses lead to a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-35220 (Lack of CSRF token validation lead to a CSRF attack vector in the admi ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-30895 (Lack of output escaping leads to a XSS vector in the readmore links fo ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-30894 (Lack of output escaping leads to a XSS vector in the content history c ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-2264 (A vulnerability in the Google Cloud ApigeeSetIntegrationRequestpolicy ...)
TODO: check
CVE-2026-27427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25901 (Lack of output escaping leads to a XSS vector in the multilingual asso ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-25900 (Lack of output escaping leads to a XSS vector in the feed modules.)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-25713 (MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerabilit ...)
TODO: check
CVE-2026-25112 (A high-severity vulnerability in the deployment of Genetec RabbitMQ th ...)
@@ -283,11 +283,11 @@ CVE-2026-25112 (A high-severity vulnerability in the deployment of Genetec Rabbi
CVE-2026-25104 (MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerab ...)
TODO: check
CVE-2026-24638 (Missing Authorization vulnerability in Webful Creations RepairBuddy al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24590 (Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24212 (NVIDIA Isaac Launchable for Linux contains a vulnerability where sensi ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24201 (NVIDIA vGPU software contains a vulnerability in the virtual GPU manag ...)
TODO: check
CVE-2026-24200 (NVIDIA vGPU software contains a vulnerability in the virtual GPU manag ...)
@@ -317,25 +317,25 @@ CVE-2026-24187 (NVIDIA Display Driver for Linux contains a vulnerability where a
CVE-2026-24182 (NVIDIA Display Driver for Windows and Linux contains a vulnerability w ...)
TODO: check
CVE-2026-24162 (NVIDIA Transformers4Rec for Linux contains a vulnerability where an at ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-36221 (IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36220 (IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36148 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36145 (IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly res ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36126 (IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transform ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33221 (NVIDIA Display Driver for Windows and Linux contains a vulnerability i ...)
TODO: check
CVE-2025-14290 (IBM webMethods Integration (on prem) -Integration Server 10.15 through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13755 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UN ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-11482 (An Allocation of Resources Without Limits or Throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2026-45836 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 7.0.7-1
[trixie] - linux 6.12.90-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1c51d46934ba0c31a9041fe403285d4b36d0cf6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1c51d46934ba0c31a9041fe403285d4b36d0cf6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260526/baf77c95/attachment.htm>
More information about the debian-security-tracker-commits
mailing list