Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e9b6fdd by Salvatore Bonaccorso at 2026-06-18T21:36:06+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,13 +3,13 @@ CVE-2026-9815 (The MagicForm WordPress plugin through 0.1.3
does not properly va
CVE-2026-9158 (In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially
crafted DE ...)
TODO: check
CVE-2026-8811 (SEPPmail versions before 15.0.5 allow improper handling of
attachment ...)
- TODO: check
+ NOT-FOR-US: SEPPmail
CVE-2026-8461 (An out-of-bounds write vulnerability in FFmpeg's libavcodec
library, s ...)
TODO: check
CVE-2026-8039 (The Fancy Testimonials plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8024 (A remote, unauthenticated attacker may exploit a
deserialization of un ...)
- TODO: check
+ NOT-FOR-US: iba AG
CVE-2026-56024 (Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal
WP EasyP ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-56022 (Webmin accepts basic authentication without session cookies
when an at ...)
@@ -25,41 +25,41 @@ CVE-2026-56009 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2026-56007 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-55746 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable
to stored ...)
- TODO: check
+ NOT-FOR-US: Cotonti
CVE-2026-55745 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable
to Cross- ...)
- TODO: check
+ NOT-FOR-US: Cotonti
CVE-2026-55744 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable
to Cross- ...)
- TODO: check
+ NOT-FOR-US: Cotonti
CVE-2026-55742 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable
to Cross- ...)
- TODO: check
+ NOT-FOR-US: Cotonti
CVE-2026-55741 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable
to Cross- ...)
- TODO: check
+ NOT-FOR-US: Cotonti
CVE-2026-55392 (NILFS utilities through 2.3.0, fixed in commit 26efb5d,
nilfs_sb_is_va ...)
TODO: check
CVE-2026-55237 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
- TODO: check
+ NOT-FOR-US: AutoGPT
CVE-2026-55205 (Hermes WebUI before 0.51.468 contains a resource exhaustion
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Hermes WebUI
CVE-2026-55204 (HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a
null point ...)
TODO: check
CVE-2026-55203 (HAProxy through 3.4.0, fixed in commit 5985276, contains an
integer ov ...)
TODO: check
CVE-2026-54419 (claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management
System; no r ...)
- TODO: check
+ NOT-FOR-US: PBX-In-A-Flash Hotel Management System
CVE-2026-54390 (JTL Shop versions 5.2.0 through 5.7.1 contains a server-side
template ...)
- TODO: check
+ NOT-FOR-US: JTL Shop
CVE-2026-54224 (UBB.threads is vulnerable to Denial of Service (DoS). By
sending multi ...)
- TODO: check
+ NOT-FOR-US: UBB.threads
CVE-2026-54223 (UBB.threads is vulnerable to Path traversal, allowing
attackers with p ...)
- TODO: check
+ NOT-FOR-US: UBB.threads
CVE-2026-54222 (UBB.threads is vulnerable to Blind SQL Injection,allowing
attackers wi ...)
- TODO: check
+ NOT-FOR-US: UBB.threads
CVE-2026-54221 (UBB.threads is vulnerable toReflected XSS. The application
improperly ...)
- TODO: check
+ NOT-FOR-US: UBB.threads
CVE-2026-54220 (uBB.threads is vulnerable to aCross-Site Request Forgery
(CSRF) due to ...)
- TODO: check
+ NOT-FOR-US: UBB.threads
CVE-2026-54219 (UBB.threads is vulnerable to Stored XSS via user posts and
user profil ...)
- TODO: check
+ NOT-FOR-US: UBB.threads
CVE-2026-54106 (The U.S. Government Accountability Office (GAO) Electronic
Protest Doc ...)
TODO: check
CVE-2026-54105 (The U.S. Government Accountability Office (GAO) Electronic
Protest Doc ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e9b6fddaed089bb3e84b3adc7d3f4007118845e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e9b6fddaed089bb3e84b3adc7d3f4007118845e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits