Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3efbc4f by Salvatore Bonaccorso at 2026-07-10T21:29:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,41 +13,41 @@ CVE-2026-6802 (The Easy Upload Files During Checkout plugin
for WordPress is vul
CVE-2026-6440 (The GoodMeet \u2013 Google Meet Integration for Webinar,
Meeting & Vid ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6212 (Authorization bypass through User-Controlled key vulnerability
in Tera ...)
- TODO: check
+ NOT-FOR-US: TeraMIS
CVE-2026-61492 (In JetBrains YouTrack before 2026.2.17394 stored XSS via
article title ...)
NOT-FOR-US: JetBrains
CVE-2026-61461 (Dify before 1.16.0-rc1 contains a SQL injection vulnerability
in the M ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2026-61460 (Krayin CRM through 2.2.3 contains an insecure direct object
reference ...)
- TODO: check
+ NOT-FOR-US: Krayin CRM
CVE-2026-61459 (MCP Server Kubernetes before 3.9.0 contains an argument
injection vuln ...)
- TODO: check
+ NOT-FOR-US: MCP Server Kubernetes
CVE-2026-61456 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3
fails to sa ...)
- TODO: check
+ NOT-FOR-US: Grav API plugin for Grav CMS
CVE-2026-61455 (Grav before 2.0.1 contains a decompression bomb vulnerability
in ZipAr ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-61450 (Grav before 2.0.2 contains a Twig sandbox bypass that allows a
page au ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-61444 (PraisonAI versions before 4.6.78 contain a code injection
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61441 (PraisonAI Platform (praisonai-platform) before 0.1.9
improperly author ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61437 (PraisonAI (pip package praisonaiagents) before 1.6.78 contains
an unsa ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61434 (PraisonAI versions before 4.6.78 contain an allowlist bypass
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61432 (PraisonAI (praisonaiagents) before 1.6.78 contains a path
traversal vu ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61431 (PraisonAI before 4.6.78 contains a path traversal
vulnerability in Con ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-60091 (PraisonAI before 4.6.78 contains an unauthenticated
server-side reques ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-60089 (PraisonAI (pip package praisonaiagents) before 1.6.78
automatically lo ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-60086 (PraisonAI before 4.6.78 contains a prompt injection defense
bypass vul ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-5801 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: SEM-PMP
CVE-2026-59796 (In JetBrains TeamCity before 2026.1.2 pipeline modification
was possib ...)
NOT-FOR-US: JetBrains
CVE-2026-59795 (In JetBrains TeamCity before 2026.1.2 stored XSS via
unauthenticated a ...)
@@ -61,9 +61,9 @@ CVE-2026-59792 (In JetBrains IntelliJ IDEA before 2026.1.4,
2026.2 code executi
CVE-2026-59791 (In JetBrains YouTrack before 2026.2.17012 cSS injection via
Mermaid di ...)
NOT-FOR-US: JetBrains
CVE-2026-59193 (Grav is a file-based Web platform. Prior to 2.0.0, an
authenticated ad ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-59190 (grav-plugin-admin is an HTML user interface that provides a
way to con ...)
- TODO: check
+ NOT-FOR-US: grav-plugin-admin
CVE-2026-59180 (Apprise is an open source library which allows you to send a
notificat ...)
TODO: check
CVE-2026-59162 (Excelize is a Go language library for reading and writing
Microsoft Ex ...)
@@ -73,25 +73,25 @@ CVE-2026-59161 (Excelize is a Go language library for
reading and writing Micros
CVE-2026-59154 (Wekan is open source kanban built with Meteor. Prior to 9.64,
Wekan ha ...)
TODO: check
CVE-2026-59151 (Prowler is a cloud security platform. Prior to 5.30.3,
Prowler's SAML ...)
- TODO: check
+ NOT-FOR-US: Prowler
CVE-2026-58661 (n8n before 2.28.0 (and before 1.123.58 on the 1.x branch)
contains a d ...)
NOT-FOR-US: n8n
CVE-2026-58493 (grav-plugin-database is the database plugin for Grav CMS.
Prior to 1.2 ...)
- TODO: check
+ NOT-FOR-US: grav-plugin-database
CVE-2026-58492 (grav-plugin-database is the database plugin for Grav CMS.
Prior to 1.2 ...)
- TODO: check
+ NOT-FOR-US: grav-plugin-database
CVE-2026-58225 (SQL Injection vulnerability in elixir-ecto postgrex allows an
attacker ...)
TODO: check
CVE-2026-57994 (phpMyFAQ before 4.1.5 applies inconsistent active=yes and
publication- ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-57961 (phpMyFAQ before 4.1.5 contains a potential authenticated path
traversa ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-57476 (Deloitte AI Assist for Customer exposed unauthenticated API
endpoints ...)
- TODO: check
+ NOT-FOR-US: Deloitte AI Assist for Customer
CVE-2026-57475 (Deloitte AI Assist for Customer accepted unauthenticated POST
requests ...)
- TODO: check
+ NOT-FOR-US: Deloitte AI Assist for Customer
CVE-2026-57474 (Deloitte AI Assist for Customer disclosed some configuration
informati ...)
- TODO: check
+ NOT-FOR-US: Deloitte AI Assist for Customer
CVE-2026-57167 (PeerTube is an ActivityPub-federated video streaming platform.
Prior t ...)
TODO: check
CVE-2026-56814 (Plug.Parsers.MULTIPART, the multipart request-body parser used
to hand ...)
@@ -99,7 +99,7 @@ CVE-2026-56814 (Plug.Parsers.MULTIPART, the multipart
request-body parser used t
CVE-2026-56813 (Improper Neutralization of Parameter/Argument Delimiters
vulnerability ...)
TODO: check
CVE-2026-56765 (Vikunja before 2.2.1 contains an authorization flaw where the
LinkShar ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-56690 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s)
an Improp ...)
NOT-FOR-US: Dell / EMC
CVE-2026-56689 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s)
an Improp ...)
@@ -107,19 +107,19 @@ CVE-2026-56689 (Dell PowerFlex Manager, Version prior to
5.1.0.1, contain(s) an
CVE-2026-56688 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s)
an Improp ...)
NOT-FOR-US: Dell / EMC
CVE-2026-56676 (9Router is an AI router & token saver. Prior to 0.5.2, 9router
validat ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-56675 (9Router is an AI router & token saver. Prior to 0.5.2, 9router
treats ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-56668 (ZITADEL is an open source identity management platform. Prior
to 4.15. ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-56667 (ZITADEL is an open source identity management platform. Prior
to 4.15. ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-56666 (ZITADEL is an open source identity management platform. Prior
to 4.15. ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-56665 (ZITADEL is an open source identity management platform. Prior
to 3.4.1 ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-56664 (ZITADEL is an open source identity management platform. Prior
to 3.4.1 ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-56373 (ImageMagick before 7.1.2-15 contains a use-after-free
vulnerability in ...)
TODO: check
CVE-2026-56366 (ImageMagick before 7.1.2-18 contains a memory leak
vulnerability in th ...)
@@ -127,55 +127,55 @@ CVE-2026-56366 (ImageMagick before 7.1.2-18 contains a
memory leak vulnerability
CVE-2026-56354 (n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and
2.x branch ...)
NOT-FOR-US: n8n
CVE-2026-56335 (Capgo before 12.128.2 contains an authorization bypass
vulnerability w ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56329 (Capgo before 12.128.2 contains a cross-tenant preview
namespace collis ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56312 (Capgo before 12.128.2 contains an improper validation
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56309 (Capgo before 12.128.2 fails to enforce plan/quota restrictions
on the ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56305 (Capgo before 12.128.2 contains an authentication bypass
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56279 (Capgo before 12.128.2 contains an information disclosure
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56261 (Crawl4AI before 0.8.7 contains a server-side request forgery
(SSRF) vu ...)
- TODO: check
+ NOT-FOR-US: Crawl4AI
CVE-2026-56254 (In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2,
the end-to ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-55890 (Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's
incompl ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-55885 (Grav is a file-based Web platform. Prior to 1.7.53, an
authenticated a ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-55843 (Snipe-IT is an IT asset/license management system. Prior to
8.6.0, Use ...)
TODO: check
CVE-2026-55783 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
- TODO: check
+ NOT-FOR-US: NanaZip
CVE-2026-55782 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
- TODO: check
+ NOT-FOR-US: NanaZip
CVE-2026-55781 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
- TODO: check
+ NOT-FOR-US: NanaZip
CVE-2026-55780 (NanaZip is the 7-Zip derivative intended for the modern
Windows experi ...)
- TODO: check
+ NOT-FOR-US: NanaZip
CVE-2026-55687 (ESF-IDF is the Espressif Internet of Things (IOT) Development
Framewor ...)
TODO: check
CVE-2026-55672 (ZITADEL is an open source identity management platform. Prior
to 3.4.1 ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-55671 (ZITADEL is an open source identity management platform. From
4.0.0-rc. ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-55670 (ZITADEL is an open source identity management platform. Prior
to 4.15. ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-55669 (ZITADEL is an open source identity management platform. Prior
to 3.4.1 ...)
- TODO: check
+ NOT-FOR-US: Zitadel
CVE-2026-55641 (9Router is an AI router & token saver. Prior to 0.5.2, 9router
determi ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-55638 (9Router is an AI router & token saver. Prior to 0.5.2, 9router
protect ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-55516 (Snipe-IT is an IT asset/license management system. Prior to
8.6.2, PAT ...)
TODO: check
CVE-2026-55501 (9Router is an AI router & token saver. Prior to 0.4.80, the
dashboard ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-55500 (9Router is an AI router & token saver. Prior to 0.4.80, the
/api/setti ...)
- TODO: check
+ NOT-FOR-US: 9Router
CVE-2026-55478 (Snipe-IT is an IT asset/license management system. Prior to
8.6.2, POS ...)
TODO: check
CVE-2026-55476 (Snipe-IT is an IT asset/license management system. Prior to
8.6.0, POS ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3efbc4f882e069503bab208009e8398688799f4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3efbc4f882e069503bab208009e8398688799f4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits