[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun May 31 08:10:38 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f565feb8 by Salvatore Bonaccorso at 2026-05-31T09:08:16+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2026-10126 (A security flaw has been discovered in Edimax BR-6478AC 1.23. Af
CVE-2026-10125 (A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by t ...)
NOT-FOR-US: Edimax
CVE-2026-10124 (A vulnerability was determined in Shibby Tomato up to 1.28. Affected i ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-10123 (A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts ...)
NOT-FOR-US: TRENDnet
CVE-2026-10122 (A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This af ...)
@@ -35,9 +35,9 @@ CVE-2026-10114 (A vulnerability was determined in Open5GS up to 2.7.7. Affected
CVE-2026-10113 (A vulnerability was found in Open5GS up to 2.7.7. Affected by this vul ...)
- open5gs <itp> (bug #1094791)
CVE-2026-10112 (A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM ...)
- TODO: check
+ NOT-FOR-US: sambitraj STUDENT-MANAGEMENT-SYSTEM
CVE-2026-10111 (A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This ...)
- TODO: check
+ NOT-FOR-US: sambitraj STUDENT-MANAGEMENT-SYSTEM
CVE-2018-25426 (WinMTR 0.91 contains a denial of service vulnerability that allows att ...)
TODO: check
CVE-2018-25425 (Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unau ...)
@@ -478,31 +478,31 @@ CVE-2026-10105 (agno 2.6.5 contains a SQL injection vulnerability in the ClickHo
CVE-2026-10101 (ACM/MCE assisted-service writes raw referenced pull-secret contents in ...)
TODO: check
CVE-2026-10099 (XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: XX-Net
CVE-2026-10078 (A flaw was found in the Quay config-tool's GitLab OAuth validator. Thi ...)
TODO: check
CVE-2026-10075 (DreamMaker developed by Interinfo has a Path Traversal vulnerability, ...)
- TODO: check
+ NOT-FOR-US: Interinfo
CVE-2026-10074 (DreamMaker developed by Interinfo has an Arbitrary File Read vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Interinfo
CVE-2026-10073 (DreamMaker developed by Interinfo has an Arbitrary File Read vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Interinfo
CVE-2026-10072 (DreamMaker developed by Interinfo has an Arbitrary File Upload vulnera ...)
- TODO: check
+ NOT-FOR-US: Interinfo
CVE-2026-10071 (DreamMaker developed by Interinfo has an Arbitrary File Upload vulnera ...)
- TODO: check
+ NOT-FOR-US: Interinfo
CVE-2026-10070 (A vulnerability was found in macrozheng mall up to 1.0.3. This affects ...)
- TODO: check
+ NOT-FOR-US: macrozheng mall
CVE-2026-10069 (A vulnerability has been found in Shibby Tomato 1.28. The impacted ele ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-10068 (A flaw has been found in Shibby Tomato 1.28. The affected element is t ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-10067 (A vulnerability was detected in Shibby Tomato 1.28. Impacted is the fu ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-10066 (A security vulnerability has been detected in Shibby Tomato up to 1.28 ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-10065 (A weakness has been identified in Shibby Tomato 1.28. This vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-10064 (A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Th ...)
NOT-FOR-US: TRENDnet
CVE-2026-10063 (A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affecte ...)
@@ -514,9 +514,9 @@ CVE-2026-10061 (A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affect
CVE-2026-10060 (A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This im ...)
NOT-FOR-US: TRENDnet
CVE-2026-10058 (ITS Intelligent SCADA System developed by ITP Technology has a Stored ...)
- TODO: check
+ NOT-FOR-US: ITS Intelligent SCADA System
CVE-2026-10057 (ITS Intelligent SCADA System developed by ITP Technology has a Stored ...)
- TODO: check
+ NOT-FOR-US: ITS Intelligent SCADA System
CVE-2026-10056 (CORS misconfiguration in the REST API of Network Optix Nx Witness VMS ...)
TODO: check
CVE-2026-10052 (A flaw was found in the Quay config-tool's LDAP and SMTP validation fu ...)
@@ -1216,7 +1216,7 @@ CVE-2026-35266 (Vulnerability in Oracle REST Data Services (component: Core). S
CVE-2026-34311 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
NOT-FOR-US: Oracle
CVE-2026-33590 (Insecure default settings of Portainer CE grant regular (non-admin) us ...)
- TODO: check
+ NOT-FOR-US: Portainer
CVE-2026-33464 (Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a de ...)
TODO: check
CVE-2026-33463 (Operation on a Resource after Expiration or Termination (CWE-672) in K ...)
@@ -1224,7 +1224,7 @@ CVE-2026-33463 (Operation on a Resource after Expiration or Termination (CWE-672
CVE-2026-33462 (A path traversal vulnerability was identified in Kibana's dashboard ma ...)
TODO: check
CVE-2026-32847 (DeepCode through commit c991dc2 contains a path traversal vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: DeepCode
CVE-2026-2128 (The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive ...)
NOT-FOR-US: WordPress plugin
CVE-2026-10044 (Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary fil ...)
@@ -1605,7 +1605,7 @@ CVE-2026-44594 (esm.sh is a no-build content delivery network (CDN) for web deve
CVE-2026-44593 (esm.sh is a no-build content delivery network (CDN) for web developmen ...)
NOT-FOR-US: esm.sh
CVE-2026-44543 (Local Path Provisioner provides a way for the Kubernetes users to util ...)
- TODO: check
+ NOT-FOR-US: Local Path Provisioner
CVE-2026-44477 (CloudNativePG is a platform designed to manage PostgreSQL databases wi ...)
NOT-FOR-US: CloudNativePG
CVE-2026-44466 (Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission ...)
@@ -1672,21 +1672,21 @@ CVE-2026-37579 (An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker
CVE-2026-37266 (An issue in Responsive File Manager Responsive FileManager Version 9.1 ...)
NOT-FOR-US: Responsive File Manager
CVE-2026-35676 (phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulne ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-35675 (phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-35672 (phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-35671 (phpMyFAQ before 4.1.3 contains an insecure direct object reference vul ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-34126 (TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Ta ...)
NOT-FOR-US: TPLink
CVE-2026-30761 (An arbitrary file upload vulnerability in the pages/admin.uploadmapimg ...)
- TODO: check
+ NOT-FOR-US: SourceBans Material Admin
CVE-2026-30760 (An issue in SourceBans Material Admin before v.1.1.6 (3ecd95e) allows ...)
- TODO: check
+ NOT-FOR-US: SourceBans Material Admin
CVE-2026-24444 (SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6. ...)
- TODO: check
+ NOT-FOR-US: SDMC NE6037 cable modem routers
CVE-2025-48977 (Relative Path Traversal vulnerability in Apache Ignite REST API. Auth ...)
TODO: check
CVE-2024-47097 (Cross Site Scripting vulnerability in Follet School Solutions Destiny ...)
@@ -2500,15 +2500,15 @@ CVE-2026-3173 (The Meta Field Block plugin for WordPress is vulnerable to Insecu
CVE-2026-33552 (Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Acce ...)
TODO: check
CVE-2026-32999 (Insufficient character filtering in backup agent signing module on Com ...)
- TODO: check
+ NOT-FOR-US: Comet Backup
CVE-2026-32998 (This vulnerability in Veeam Service Provider Console allows for remote ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-32997 (A vulnerability allowing an authenticated user with the Backup Adminis ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-32996 (This vulnerability in Veeam Agent for Microsoft Windows allows for Loc ...)
- TODO: check
+ NOT-FOR-US: Veeam
CVE-2026-32995 (The Rocket.Chat DDP method autoTranslate.translateMessage in versions ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2026-2374 (The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to S ...)
NOT-FOR-US: WordPress plugin
CVE-2026-21785 (A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Con ...)
@@ -3089,11 +3089,11 @@ CVE-2026-38808 (SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remo
CVE-2026-38807 (Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote ...)
NOT-FOR-US: kvf-admin
CVE-2026-38427 (An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15. ...)
- TODO: check
+ NOT-FOR-US: Tasmota
CVE-2026-38426 (Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before ...)
- TODO: check
+ NOT-FOR-US: Tasmota
CVE-2026-38422 (Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before ...)
- TODO: check
+ NOT-FOR-US: Tasmota
CVE-2026-37713 (An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-al ...)
- dolibarr <removed>
CVE-2026-37712 (An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-al ...)
@@ -3107,19 +3107,19 @@ CVE-2026-36539 (Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi
CVE-2026-36538 (Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root creden ...)
NOT-FOR-US: Netis
CVE-2026-36045 (picoclaw <=v0.1.2 and earlier is vulnerable to OS command injection vi ...)
- TODO: check
+ NOT-FOR-US: PicoClaw
CVE-2026-36044 (@pensar/apex <= 0.0.58 is vulnerable to OS command injection via the s ...)
TODO: check
CVE-2026-35090 (In Slican telephone exchanges it is possible to manage the control pan ...)
- TODO: check
+ NOT-FOR-US: Slican telephone exchanges
CVE-2026-35089 (In Slican telephone exchanges secure key is generated in a predictable ...)
- TODO: check
+ NOT-FOR-US: Slican telephone exchanges
CVE-2026-35087 (Slican telephone exchanges allow administrative protocol authenticatio ...)
- TODO: check
+ NOT-FOR-US: Slican telephone exchanges
CVE-2026-31266 (Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-30498 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in th ...)
- TODO: check
+ NOT-FOR-US: Jason2605 AdminPanel
CVE-2026-2607 (IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, ...)
NOT-FOR-US: IBM
CVE-2026-2601 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
@@ -5375,11 +5375,11 @@ CVE-2026-25901 (Lack of output escaping leads to a XSS vector in the multilingua
CVE-2026-25900 (Lack of output escaping leads to a XSS vector in the feed modules.)
NOT-FOR-US: Joomla
CVE-2026-25713 (MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: MediaArea MediaInfoLib
CVE-2026-25112 (A high-severity vulnerability in the deployment of Genetec RabbitMQ th ...)
TODO: check
CVE-2026-25104 (MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerab ...)
- TODO: check
+ NOT-FOR-US: MediaArea MediaInfoLib
CVE-2026-24638 (Missing Authorization vulnerability in Webful Creations RepairBuddy al ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24590 (Missing Authorization vulnerability in VideoWhisper.Com Paid Videochat ...)
@@ -7862,7 +7862,7 @@ CVE-2026-44408 (There is an unauthorized access vulnerability in ZTE MU5250. Due
CVE-2026-44392 (Missing authorization vulnerability exists in Movable Type. Under cert ...)
- movabletype-opensource <removed>
CVE-2026-44159 (Tyler Identity Local (TID-L) uses documented, default administrative c ...)
- TODO: check
+ NOT-FOR-US: Tyler Identity Local (TID-L)
CVE-2026-43634 (HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerabi ...)
NOT-FOR-US: Hestia Control Panel
CVE-2026-43633 (HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulner ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f565feb8898c3946c601ce7f4621f43899f4c3af
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f565feb8898c3946c601ce7f4621f43899f4c3af
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260531/f21fd3c8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list