Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
00c0e483 by Moritz Muehlenhoff at 2026-06-29T22:27:28+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,41 +23,41 @@ CVE-2026-57965 (A flaw was found in spice-vdagent. A
malicious or compromised SP
- spice-vdagent <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2493581
CVE-2026-57960 (Hi.Events through 1.9.0 public check-in list endpoints use
short_id as ...)
- TODO: check
+ NOT-FOR-US: Hi.Events
CVE-2026-57959 (Hi.Events through 1.9.0 contains a promo code validation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Hi.Events
CVE-2026-57958 (Mixpost through 2.6.0 contains a reflected cross-site
scripting vulner ...)
- TODO: check
+ NOT-FOR-US: Mixpost
CVE-2026-57957 (Papermark through 0.22.0 contains a cross-origin resource
sharing (COR ...)
- TODO: check
+ NOT-FOR-US: Papermark
CVE-2026-57956 (SigNoz through 0.130.1 contains a broken access control
vulnerability ...)
- TODO: check
+ NOT-FOR-US: SigNoz
CVE-2026-57955 (SigNoz through 0.130.1 contains a SQL injection vulnerability
that all ...)
- TODO: check
+ NOT-FOR-US: SigNoz
CVE-2026-57954 (Elide through 7.1.17 fails to enforce @ReadPermission on
client-suppli ...)
- TODO: check
+ NOT-FOR-US: Elide
CVE-2026-57953 (Mythic before 3.4.0.60 contains an authorization bypass
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Mythic
CVE-2026-57952 (Mythic before 3.4.0.60 contains an authorization bypass
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Mythic
CVE-2026-57951 (Mythic before 3.4.0.60 contains a broken hasura permission
filter on t ...)
- TODO: check
+ NOT-FOR-US: Mythic
CVE-2026-57950 (ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70
contains a brok ...)
- TODO: check
+ NOT-FOR-US: ruoyi-vue-pro
CVE-2026-57949 (ruoyi-vue-pro through 2026.05, fixed in commit c779a47,
contains a mis ...)
- TODO: check
+ NOT-FOR-US: ruoyi-vue-pro
CVE-2026-57948 (Pinpoint through version 3.1.0 contains an insecure session
management ...)
- TODO: check
+ NOT-FOR-US: Pinpoint
CVE-2026-57947 (Pinpoint through 3.1.0 contains a server-side request forgery
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Pinpoint
CVE-2026-57946 (Invidious before version 2.20260626.0 contains a broken access
control ...)
- TODO: check
+ NOT-FOR-US: Invidious
CVE-2026-57945 (PhotoPrism before 260601-a7d098548 contains a broken access
control vu ...)
- TODO: check
+ NOT-FOR-US: PhotoPrism
CVE-2026-57943 (LibrePhotos before 1.0.0 contains a broken object level
authorization ...)
- TODO: check
+ NOT-FOR-US: LibrePhotos
CVE-2026-57942 (LibreTranslate through 1.9.7, fixed in commit 397fd22,
contains an IP ...)
- TODO: check
+ NOT-FOR-US: LibreTranslate
CVE-2026-57676 (Authorization Bypass Through User-Controlled Key vulnerability
in Matt ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-57525
@@ -105,7 +105,7 @@ CVE-2026-56783 (Parseable before 2.9.2 contains an
information disclosure vulner
CVE-2026-56782 (Gorse before 0.5.10 contains an authentication bypass
vulnerability in ...)
TODO: check
CVE-2026-56781 (Teable before 2026-06-15T04-43-24Z.1912 contains an improper
access co ...)
- TODO: check
+ NOT-FOR-US: Modoboa
CVE-2026-56780 (Modoboa before 2.9.0 contains an insecure direct object
reference vuln ...)
TODO: check
CVE-2026-56457 (HCL DevOps Deploy / HCL Launch is susceptible to an exposure
of sensit ...)
@@ -135,15 +135,15 @@ CVE-2026-41991 (GNU gzip contains a vulnerability in the
gzexe utility related t
CVE-2026-41052 (Improper privilege handling could be used by users withProject
Owner r ...)
TODO: check
CVE-2026-40524 (FrontAccounting before 2.4.20 contains a SQL injection
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: FrontAccounting
CVE-2026-40523 (FrontAccounting before 2.4.20 contains a SQL injection
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: FrontAccounting
CVE-2026-40522 (FrontAccounting before 2.4.20 contains a SQL injection
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: FrontAccounting
CVE-2026-40521 (FrontAccounting before 2.4.20 contains a path traversal
vulnerability ...)
- TODO: check
+ NOT-FOR-US: FrontAccounting
CVE-2026-36848 (Gigamon GVOS v5.16.1 and below is vulnerable to Directory
Traversal in ...)
- TODO: check
+ NOT-FOR-US: Gigamon GVOS
CVE-2026-25707 (A relative path traversal bug problem when processing
repository metad ...)
TODO: check
CVE-2026-22078 (Because O+ Connect's IPC service does not authenticate
clients, extern ...)
@@ -251,19 +251,19 @@ CVE-2026-13549 (A security flaw has been discovered in
CodeAstro Complaint Manag
CVE-2026-13548 (A vulnerability was identified in itsourcecode Hospital
Management Sys ...)
NOT-FOR-US: itsourcecode System
CVE-2026-13547 (A vulnerability was determined in Hanwang e-Face General
Management Pl ...)
- TODO: check
+ NOT-FOR-US: Hanwang e-Face
CVE-2026-13546 (A vulnerability was found in Feehi CMS up to 2.1.1. This
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Feehi CMS
CVE-2026-13545 (A vulnerability has been found in D-Link DCS-935L 1.10.01.
This affect ...)
NOT-FOR-US: D-Link
CVE-2026-13437 (Insertion of sensitive information into sent data in the AI
Agent job ...)
NOT-FOR-US: Devolutions
CVE-2026-13165 (SzafirHost verifies the downloaded native library archive with
one Jar ...)
- TODO: check
+ NOT-FOR-US: SzafirHost
CVE-2026-12912 (A flaw was found in libtiff. A remote attacker could exploit
this vuln ...)
TODO: check
CVE-2026-12856 (A flaw was found in the vscode-java extension, which provides
Java lan ...)
- TODO: check
+ NOT-FOR-US: vscode-java
CVE-2026-12672
REJECTED
CVE-2026-12616 (The /v1/upload/sbom endpoint extracts the iss claim from the
attacker- ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00c0e48306baf262bde8bc8a57892b5960245ce7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00c0e48306baf262bde8bc8a57892b5960245ce7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits