[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 29 07:02:53 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d18e217b by Salvatore Bonaccorso at 2026-05-29T08:02:27+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,7 +43,7 @@ CVE-2026-9813 (FlowIntel up to version 3.3.0contains a server-side request forge
CVE-2026-9807 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-9806 (A stored cross-site scripting (XSS) vulnerability exists in the notifi ...)
- TODO: check
+ NOT-FOR-US: CTI Transmute
CVE-2026-9804 (A flaw was found in KubeVirt's virt-exportserver component. An attacke ...)
NOT-FOR-US: KubeVirt
CVE-2026-9658 (Plack::Middleware::Security::Common versions before 0.13.1 for Perl di ...)
@@ -73,7 +73,7 @@ CVE-2026-9090 (Casdoor versions 2.362.0 and earlier contain a vulnerability that
CVE-2026-9015 (The Equalize Digital Accessibility Checker \u2013 WCAG, ADA, EAA and S ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8990 (A user with physical access to a smartphone can bypassauthentication m ...)
- TODO: check
+ NOT-FOR-US: View Concept Kidsview
CVE-2026-8980 (The Mennekes Amtron series (firmware versions \u2264 5.22.3) is vulner ...)
NOT-FOR-US: Mennekes Amtron series
CVE-2026-8979 (The Mennekes Amtron series (firmware versions \u2264 5.22.3) is vulner ...)
@@ -107,7 +107,7 @@ CVE-2026-7048 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery p
CVE-2026-6937 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6720 (When calicoctl is invoked with --log-level=info or --log-level=debug, ...)
- TODO: check
+ NOT-FOR-US: Calico
CVE-2026-6455 (The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6427 (The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Si ...)
@@ -121,9 +121,9 @@ CVE-2026-4377 (DlinkDWR-X1820 router uses weak default password generated from i
CVE-2026-4334 (The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2026-49238 (An issue was discovered in Canonical Multipass before version 1.16.3. ...)
- TODO: check
+ NOT-FOR-US: Multipass
CVE-2026-49237 (An issue was discovered in Canonical Multipass for macOS before versio ...)
- TODO: check
+ NOT-FOR-US: Multipass
CVE-2026-48735 (pypdf is a free and open-source pure-python PDF library. Prior to 6.12 ...)
TODO: check
CVE-2026-48526 (PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, w ...)
@@ -154,13 +154,13 @@ CVE-2026-47760 (TinyMCE is an open source rich text editor. From 6.8.0 to before
CVE-2026-47759 (TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, an ...)
TODO: check
CVE-2026-47676 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-47675 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-47674 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-47673 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-47337 (Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible N ...)
TODO: check
CVE-2026-47336 (Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an unin ...)
@@ -186,65 +186,65 @@ CVE-2026-47327 (Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a poss
CVE-2026-47326 (Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory lea ...)
TODO: check
CVE-2026-47136 (RustFS is a distributed object storage system built in Rust. Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-47074 (Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (Ex ...)
TODO: check
CVE-2026-46685 (RustFS is a distributed object storage system built in Rust. Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-46561 (pyLoad is a free and open-source download manager written in Python. P ...)
TODO: check
CVE-2026-46526 (Local Deep Research is an AI-powered research assistant for deep, iter ...)
- TODO: check
+ NOT-FOR-US: Local Deep Research
CVE-2026-46509 (deepobj provides get, set, delete deep objects in javascript. Prior to ...)
- TODO: check
+ NOT-FOR-US: deepobj
CVE-2026-45787 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
- TODO: check
+ NOT-FOR-US: electerm
CVE-2026-45374 (CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8. ...)
- TODO: check
+ NOT-FOR-US: CodeWhale
CVE-2026-45373 (CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8. ...)
- TODO: check
+ NOT-FOR-US: CodeWhale
CVE-2026-45353 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
- TODO: check
+ NOT-FOR-US: electerm
CVE-2026-45348 (pyLoad is a free and open-source download manager written in Python. P ...)
TODO: check
CVE-2026-45332 (Automad is a flat-file content management system and template engine. ...)
- TODO: check
+ NOT-FOR-US: Automad
CVE-2026-45323 (MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prio ...)
- TODO: check
+ NOT-FOR-US: MeshCore Card
CVE-2026-45311 (CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to ...)
- TODO: check
+ NOT-FOR-US: CodeWhale
CVE-2026-45310 (CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8. ...)
- TODO: check
+ NOT-FOR-US: CodeWhale
CVE-2026-45307 (Speakr is a personal, self-hosted web application designed for transcr ...)
- TODO: check
+ NOT-FOR-US: Speakr
CVE-2026-45306 (pyLoad is a free and open-source download manager written in Python. P ...)
TODO: check
CVE-2026-45297 (OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, the ...)
- TODO: check
+ NOT-FOR-US: OpenReplay
CVE-2026-45296 (OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, Ope ...)
- TODO: check
+ NOT-FOR-US: OpenReplay
CVE-2026-45292 (opentelemetry-java is the Java implementation of the OpenTelemetry API ...)
TODO: check
CVE-2026-45261 (GitButler is a modern Git-based version control interface for AI-power ...)
- TODO: check
+ NOT-FOR-US: GitButler
CVE-2026-45078 (Synapse is an open source Matrix homeserver implementation. Prior to 1 ...)
TODO: check
CVE-2026-45076 (Synapse is an open source Matrix homeserver implementation. Prior to 1 ...)
TODO: check
CVE-2026-45058 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
- TODO: check
+ NOT-FOR-US: electerm
CVE-2026-45044 (RustFS is a distributed object storage system built in Rust. Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-45042 (RustFS is a distributed object storage system built in Rust. Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-45041 (RustFS is a distributed object storage system built in Rust. Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-45040 (RustFS is a distributed object storage system built in Rust. Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-45039 (RustFS is a distributed object storage system built in Rust. Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-45021 (Kuma is a modern Envoy-based service mesh that can run on every cloud ...)
- TODO: check
+ NOT-FOR-US: Kuma
CVE-2026-45017 (Python Liquid is a Python engine for the Liquid template language. Pri ...)
TODO: check
CVE-2026-44798 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
@@ -1027,9 +1027,9 @@ CVE-2026-9791 (A flaw was found in Keycloak. An authenticated user with existing
CVE-2026-9789 (A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSen ...)
NOT-FOR-US: Acer
CVE-2026-9739 (Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790 ...)
- TODO: check
+ NOT-FOR-US: googleapis mcp-toolbox
CVE-2026-9673 (Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are v ...)
- TODO: check
+ NOT-FOR-US: json-2-csv
CVE-2026-9644 (The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9241 (The FOX \u2013 Currency Switcher Professional for WooCommerce plugin f ...)
@@ -1063,7 +1063,7 @@ CVE-2026-5737 (The Independent Analytics plugin for WordPress is vulnerable to S
CVE-2026-4888 (The Everest Forms \u2013 Contact Form, Payment Form, Quiz, Survey & Cu ...)
NOT-FOR-US: WordPress plugin
CVE-2026-49009 (Northern.tech Mender Server v4.1.0, v4.0.1 and below, and fixed in v4. ...)
- TODO: check
+ NOT-FOR-US: Northern.tech Mender Server
CVE-2026-48792 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
NOT-FOR-US: pam_usb
CVE-2026-48066 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
@@ -1105,7 +1105,7 @@ CVE-2026-45136 (claude-code-cache-fix is a cache optimization proxy for Claude C
CVE-2026-45134 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...)
NOT-FOR-US: LangSmith Client
CVE-2026-45108 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
- TODO: check
+ NOT-FOR-US: Himmelblau
CVE-2026-45104 (MapServer is a system for developing web-based GIS applications. From ...)
TODO: check
CVE-2026-45102 (OneUptime is an open-source monitoring and observability platform. Pri ...)
@@ -1339,7 +1339,7 @@ CVE-2026-48146 (Budibase is an open-source low-code platform. Prior to 3.39.0, t
CVE-2026-48128 (Budibase is an open-source low-code platform. Prior to 3.39.0, the exe ...)
NOT-FOR-US: Budibase
CVE-2026-48027 (Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a mal ...)
- TODO: check
+ NOT-FOR-US: Nx Console
CVE-2026-47119 (Agent Zero before version 1.15 contains a stored cross-site scripting ...)
NOT-FOR-US: Agent Zero
CVE-2026-47118 (Agent Zero before version 1.15 contains a path traversal vulnerability ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d18e217b7b0000272f2229db93e6aec60380a0f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d18e217b7b0000272f2229db93e6aec60380a0f7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/59453324/attachment.htm>
More information about the debian-security-tracker-commits
mailing list