Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad9a01c6 by Salvatore Bonaccorso at 2026-02-19T22:16:54+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-2817 (Use of insecure directory in Spring Data Geode snapshot import
extract ...)
- TODO: check
+ NOT-FOR-US: Spring Data Geode
CVE-2026-2744
REJECTED
CVE-2026-2736 (Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms
v18.0, which ...)
@@ -11,9 +11,9 @@ CVE-2026-2718 (The Dealia \u2013 Request a Quote plugin for
WordPress is vulnera
CVE-2026-2716 (The Client Testimonial Slider plugin for WordPress is
vulnerable to St ...)
NOT-FOR-US: WordPress plugin
CVE-2026-2409 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Delinea
CVE-2026-2274 (A SSRF and Arbitrary File Read vulnerability in AppSheet Core
in Googl ...)
- TODO: check
+ NOT-FOR-US: Google AppSheet
CVE-2026-2243 (A flaw was found in QEMU. A specially crafted VMDK image could
trigger ...)
- qemu <unfixed>
NOTE:
https://lore.kernel.org/qemu-devel/caj9qjssswxkmevethg57-ph6maefbutsav-r07ma9_x1sp6...@mail.gmail.com/
@@ -60,7 +60,7 @@ CVE-2026-27050 (Cross-Site Request Forgery (CSRF)
vulnerability in ThimPress Rea
CVE-2026-27042 (Missing Authorization vulnerability in WPDeveloper
NotificationX notif ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-27013 (Fabric.js is a Javascript HTML5 canvas library. Prior to
version 7.2.0 ...)
- TODO: check
+ NOT-FOR-US: Fabric.js
CVE-2026-26362 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a
Relative Pa ...)
NOT-FOR-US: Dell / EMC
CVE-2026-26361 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an
External C ...)
@@ -83,24 +83,24 @@ CVE-2026-26337 (Hyland Alfresco Transformation Service
allows unauthenticated at
CVE-2026-26336 (Hyland Alfresco allows unauthenticated attackers to read
arbitrary fil ...)
NOT-FOR-US: Hyland
CVE-2026-26318 (systeminformation is a System and OS information library for
node.js. ...)
- TODO: check
+ NOT-FOR-US: systeminformation Node.js module
CVE-2026-26280 (systeminformation is a System and OS information library for
node.js. ...)
- TODO: check
+ NOT-FOR-US: systeminformation Node.js module
CVE-2026-26278 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
TODO: check
CVE-2026-26267 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to
versions 22. ...)
- TODO: check
+ NOT-FOR-US: soroban-sdk
CVE-2026-26223 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the
private are ...)
- spip 4.4.9+dfsg-1
NOTE:
https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-8.html
CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce OPA policies with
Envoy. Versi ...)
- TODO: check
+ NOT-FOR-US: opa-envoy-plugun
CVE-2026-26203 (PJSIP is a free and open source multimedia communication
library. Vers ...)
TODO: check
CVE-2026-26202 (Penpot is an open-source design tool for design and code
collaboration ...)
- TODO: check
+ NOT-FOR-US: Penpot
CVE-2026-26201 (emp3r0r is a C2 designed by Linux users for Linux
environments. Prior ...)
- TODO: check
+ NOT-FOR-US: emp3r0r
CVE-2026-26200 (HDF5 is software for managing data. Prior to version 1.14.4-2,
an atta ...)
TODO: check
CVE-2026-26193 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
@@ -114,13 +114,13 @@ CVE-2026-26063 (CediPay is a crypto-to-fiat app for the
Ghanaian market. A vulne
CVE-2026-26059 (ChurchCRM is an open-source church management system. In
versions prio ...)
NOT-FOR-US: ChurchCRM
CVE-2026-26057 (Skill Scanner is a security scanner for AI Agent Skills that
detects p ...)
- TODO: check
+ NOT-FOR-US: Skill Scanner
CVE-2026-26030 (Semantic Kernel, Microsoft's semantic kernel Python SDK, has a
remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Semantic Kernel
CVE-2026-26016 (Wings is the server control plane for Pterodactyl, a free,
open-source ...)
- TODO: check
+ NOT-FOR-US: Wings
CVE-2026-25998 (strongMan is a management interface for strongSwan, an
OpenSource IPse ...)
- TODO: check
+ NOT-FOR-US: strongMan
CVE-2026-25940 (jsPDF is a library to generate PDFs in JavaScript. Prior to
4.2.0, use ...)
TODO: check
CVE-2026-25766 (Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on
Windows ...)
@@ -134,7 +134,7 @@ CVE-2026-25738 (Indico is an event management system that
uses Flask-Multipass,
CVE-2026-25535 (jsPDF is a library to generate PDFs in JavaScript. Prior to
4.2.0, use ...)
TODO: check
CVE-2026-25527 (changedetection.io is a free open source web page change
detection too ...)
- TODO: check
+ NOT-FOR-US: changedetection.io
CVE-2026-25473 (Missing Authorization vulnerability in AA-Team WZone woozone
allows Ex ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-25472 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -300,7 +300,7 @@ CVE-2026-25000 (Missing Authorization vulnerability in
Kraft Plugins Wheel of Li
CVE-2026-24999 (Missing Authorization vulnerability in Alma Alma
alma-gateway-for-wooc ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24834 (Kata Containers is an open source project focusing on a
standard imple ...)
- TODO: check
+ NOT-FOR-US: Kata Containers
CVE-2026-24392 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-24375 (Missing Authorization vulnerability in WP Swings Ultimate Gift
Cards F ...)
@@ -382,11 +382,11 @@ CVE-2026-1461 (The Simple Membership plugin for WordPress
is vulnerable to Impro
CVE-2026-1219 (The MP3 Audio Player \u2013 Music Player, Podcast Player &
Radio by So ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9953 (Authorization Bypass Through User-Controlled SQL Primary Key
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: DATABASE Software Training Consulting Ltd.
CVE-2025-9062 (Authorization Bypass Through User-Controlled Key vulnerability
in MeCO ...)
- TODO: check
+ NOT-FOR-US: MeCODE Informatics and Engineering Services Ltd. Envanty
CVE-2025-8350 (Execution After Redirect (EAR), Missing Authentication for
Critical Fu ...)
- TODO: check
+ NOT-FOR-US: Inrove Software and Internet Services BiEticaret CMS
CVE-2025-71250
REJECTED
CVE-2025-71249
@@ -402,7 +402,7 @@ CVE-2025-71245
CVE-2025-71244 (SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the
login form ...)
TODO: check
CVE-2025-71243 (The 'Saisies pour formulaire' (Saisies) plugin for SPIP
versions 5.4.0 ...)
- TODO: check
+ NOT-FOR-US: SPIP plugin
CVE-2025-71242 (SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized
content disc ...)
TODO: check
CVE-2025-71241 (SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site
Scripting (XSS ...)
@@ -412,9 +412,9 @@ CVE-2025-71240 (SPIP before 4.2.15 allows Cross-Site
Scripting (XSS) via crafted
CVE-2025-69725 (An Open Redirect vulnerability in the go-chi/chi >=5.2.2
RedirectSlash ...)
TODO: check
CVE-2025-69674 (Buffer Overflow vulnerability in CDATA FD614GS3-R850
V3.2.7_P161006 (B ...)
- TODO: check
+ NOT-FOR-US: CDATA
CVE-2025-67304 (In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance
contain ...)
- TODO: check
+ NOT-FOR-US: Ruckus
CVE-2025-55853 (SoftVision webPDF before 10.0.2 is vulnerable to Server-Side
Request F ...)
TODO: check
CVE-2025-41023 (An authentication bypass vulnerability has been found in
Thesamur's Au ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad9a01c67c26e97ffc85d19e4f91faa1d727fc7a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad9a01c67c26e97ffc85d19e4f91faa1d727fc7a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
