Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d0f06141 by Salvatore Bonaccorso at 2026-07-14T07:13:21+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -423,51 +423,51 @@ CVE-2026-40467 (Use After Free vulnerability has been
found in "io.c" program fi
- gawk <unfixed>
NOTE: Fixed by:
https://cgit.git.savannah.gnu.org/cgit/gawk.git/commit/?id=a2d18c74109e41bec29a23098eba2e00057286d8
CVE-2026-26396 (OpenBMB XAgent v1.0.0 and before is vulnerable to path
traversal in th ...)
- TODO: check
+ NOT-FOR-US: OpenBMB XAgent
CVE-2026-22103 (The NPC start endpoint on the web server at port 8090 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: DC-80
CVE-2026-22102 (A POST request sent to a specific webserver endpoint can be
used to wr ...)
- TODO: check
+ NOT-FOR-US: DC-80
CVE-2026-22100 (The OCPP DataTransfer message `ReserveLogin` is vulnerable to
command ...)
- TODO: check
+ NOT-FOR-US: DC-80
CVE-2026-22099 (The charging station does not require authentication for
Bluetooth com ...)
- TODO: check
+ NOT-FOR-US: DC-80
CVE-2026-22098 (Various sensitive information such as passwords and charging
card UIDs ...)
- TODO: check
+ NOT-FOR-US: DC-80
CVE-2026-22097 (The firmware update mechanism does not include cryptographic
signature ...)
- TODO: check
+ NOT-FOR-US: DC-80
CVE-2026-22096 (The webserver running on port 8090 does not require
authentication. Th ...)
- TODO: check
+ NOT-FOR-US: DC-80
CVE-2026-22095 (The network diagnosis endpoint on the web server at port 8090
is vulne ...)
- TODO: check
+ NOT-FOR-US: DC-80
CVE-2026-22093 (The EVbee Service Android app uses TLS encrypted communication
(HTTPS) ...)
- TODO: check
+ NOT-FOR-US: DC-80
CVE-2026-15584 (A privilege escalation vulnerability was found in the
incluster-checks ...)
- TODO: check
+ NOT-FOR-US: Red Hat OpenShift
CVE-2026-15574 (A flaw was found in the vllm-orchestrator-gateway component.
The syste ...)
- TODO: check
+ NOT-FOR-US: Red Hat OpenShift
CVE-2026-15559 (A vulnerability was detected in CodeAstro Simple Online Leave
Manageme ...)
NOT-FOR-US: CodeAstro
CVE-2026-15558 (A security vulnerability has been detected in CodeAstro Simple
Online ...)
NOT-FOR-US: CodeAstro
CVE-2026-15557 (A weakness has been identified in waooAI waoowaoo up to 0.4.1.
Affecte ...)
- TODO: check
+ NOT-FOR-US: waooAI waoowaoo
CVE-2026-15548 (A security vulnerability has been detected in Shibby Tomato up
to 1.28 ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-15547 (A weakness has been identified in Shibby Tomato up to
1.28.0000. This ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-15546 (A security flaw has been discovered in Shibby Tomato up to
1.28.0000. ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-15545 (A vulnerability was identified in Shibby Tomato up to
1.28.0000. Affec ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-15544 (A vulnerability was determined in Shibby Tomato up to
1.28.0000. Affec ...)
- TODO: check
+ NOT-FOR-US: Shibby Tomato
CVE-2026-15543 (A vulnerability was found in Tenda CH22 1.0.0.1. This impacts
the func ...)
NOT-FOR-US: Tenda
CVE-2026-15542 (A vulnerability has been found in will-moss Isaiah up to
1.36.9. This ...)
- TODO: check
+ NOT-FOR-US: will-moss Isaiah
CVE-2026-15541 (A flaw has been found in will-moss Isaiah up to 1.36.9. The
impacted e ...)
- TODO: check
+ NOT-FOR-US: will-moss Isaiah
CVE-2026-15540 (A vulnerability was detected in SourceCodester Online Book
Store Syste ...)
NOT-FOR-US: SourceCodester
CVE-2026-14934 (A Missing Authorization vulnerability in the repository
creation funct ...)
@@ -475,7 +475,7 @@ CVE-2026-14934 (A Missing Authorization vulnerability in
the repository creation
CVE-2026-14906 (Pages with malicious titles could potentially allow saved PDF
content ...)
TODO: check
CVE-2026-14846 (In version 8.2.1 of PrestaShop, there is a vulnerability
relating to t ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2026-14453 (This vulnerability is a critical Server-Side Template
Injection (SSTI) ...)
NOT-FOR-US: Centreon
CVE-2026-14165 (An Authorization Bypass Through User-Controlled Key
vulnerability affe ...)
@@ -503,79 +503,79 @@ CVE-2026-9492 (The MBStorage DRAM lighting control module
within Gigabyte Contro
CVE-2026-7162 (Successful exploitation of the integer overflow vulnerability
could al ...)
NOT-FOR-US: WinFsp
CVE-2026-15553 (Enterprise Cloud Database developed by Ragic has a Arbitrary
File Uplo ...)
- TODO: check
+ NOT-FOR-US: Ragic
CVE-2026-15552 (Enterprise Cloud Database developed by Ragic has a Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: Ragic
CVE-2026-15551 (Integer overflow or wraparound vulnerability in Samsung Open
Source rl ...)
TODO: check
CVE-2026-15539 (A security vulnerability has been detected in SourceCodester
Online Bo ...)
NOT-FOR-US: SourceCodester
CVE-2026-15538 (A weakness has been identified in primefaces primereact up to
10.9.8. ...)
- TODO: check
+ NOT-FOR-US: primefaces primereact
CVE-2026-15537 (A security flaw has been discovered in SourceCodester Online
Book Stor ...)
NOT-FOR-US: SourceCodester
CVE-2026-15536 (A vulnerability was identified in itsourcecode Hospital
Management Sys ...)
NOT-FOR-US: itsourcecode System
CVE-2026-15535 (A vulnerability was determined in AkariAsai self-rag up to
1fcdc420e48 ...)
- TODO: check
+ NOT-FOR-US: AkariAsai self-rag
CVE-2026-15533 (A security flaw has been discovered in DedeCMS 5.7.118.
Impacted is an ...)
NOT-FOR-US: DedeCMS
CVE-2026-15532 (A vulnerability was identified in SourceCodester Online Book
Store Sys ...)
NOT-FOR-US: SourceCodester
CVE-2026-15531 (A vulnerability has been found in yashbhalgat HashNeRF-pytorch
up to 8 ...)
- TODO: check
+ NOT-FOR-US: yashbhalgat HashNeRF-pytorch
CVE-2026-15530 (A flaw has been found in WuzhiCMS up to 4.1.0. Affected by
this vulner ...)
- TODO: check
+ NOT-FOR-US: WuzhiCMS
CVE-2026-15529 (A vulnerability was detected in yzhao062 pyod
3.5.0/3.5.1/3.5.2. Affec ...)
- TODO: check
+ NOT-FOR-US: yzhao062 pyod
CVE-2026-15528 (A vulnerability was found in lamaalrajih kicad-mcp up to
3.3.1. This i ...)
- TODO: check
+ NOT-FOR-US: lamaalrajih kicad-mcp
CVE-2026-15527 (A vulnerability has been found in better-auth better-icons up
to 1.0.5 ...)
- TODO: check
+ NOT-FOR-US: better-auth better-icons
CVE-2026-15526 (A flaw has been found in augmnt augments-mcp-server 7.1.0.
This issue ...)
- TODO: check
+ NOT-FOR-US: augmnt augments-mcp-server
CVE-2026-15525 (A vulnerability was detected in kLOsk adloop up to 0.9.0. This
vulnera ...)
- TODO: check
+ NOT-FOR-US: kLOsk adloop
CVE-2026-15524 (A security vulnerability has been detected in alioshr
memory-bank-mcp ...)
- TODO: check
+ NOT-FOR-US: alioshr memory-bank-mcp
CVE-2026-15523 (A weakness has been identified in CodeAstro Simple Online
Leave Manage ...)
NOT-FOR-US: CodeAstro
CVE-2026-15522 (A security flaw has been discovered in tugcantopaloglu
godot-mcp 2.0.0 ...)
- TODO: check
+ NOT-FOR-US: tugcantopaloglu godot-mcp
CVE-2026-15521 (A vulnerability was identified in makafeli
n8n-workflow-builder up to ...)
NOT-FOR-US: n8n
CVE-2026-15520 (A vulnerability was determined in GNU LibreDWG
0.13.4-154-g0b573035. T ...)
TODO: check
CVE-2026-15519 (A vulnerability was found in usestrix strix up to 1.0.2. This
affects ...)
- TODO: check
+ NOT-FOR-US: usestrix strix
CVE-2026-15518 (A vulnerability has been found in AREA 17 Twill CMS up to
3.6.0. The i ...)
- TODO: check
+ NOT-FOR-US: AREA 17 Twill CMS
CVE-2026-15517 (A flaw has been found in Jinher OA 1.0. The affected element
is an unk ...)
- TODO: check
+ NOT-FOR-US: Jinher OA
CVE-2026-15516 (A vulnerability was detected in MacCMS Pro up to
2022.1000.3005. Impac ...)
- TODO: check
+ NOT-FOR-US: MacCMS Pro
CVE-2026-15515 (A security vulnerability has been detected in Tencent PC
Manager 18.1. ...)
- TODO: check
+ NOT-FOR-US: Tencent PC Manager
CVE-2026-15514 (A weakness has been identified in Metasoft
\u7f8e\u7279\u8f6f\u4ef6 Me ...)
- TODO: check
+ NOT-FOR-US: Metasoft
CVE-2026-15513 (A security flaw has been discovered in Wavlink WL-NU516U1
260515. This ...)
NOT-FOR-US: Wavlink
CVE-2026-15512 (A vulnerability was identified in pig-mesh Pig up to 3.9.2.
Affected b ...)
- TODO: check
+ NOT-FOR-US: pig-mesh Pig
CVE-2026-15511 (A vulnerability was determined in Comfast CF-WR631AX V3 up to
2.7.0.8. ...)
- TODO: check
+ NOT-FOR-US: Comfast
CVE-2026-15510 (A vulnerability was found in Leantime up to 3.8.0. Affected is
the fun ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2026-15509 (A vulnerability has been found in Leantime up to 3.8.0. This
impacts t ...)
- TODO: check
+ NOT-FOR-US: Leantime
CVE-2026-15508 (A flaw has been found in Helicone ai-gateway up to
0.2.0-beta.30. This ...)
- TODO: check
+ NOT-FOR-US: Helicone ai-gateway
CVE-2026-15507 (A vulnerability was detected in coollabsio Coolify up to
4.1.1. The im ...)
- TODO: check
+ NOT-FOR-US: coollabsio Coolify
CVE-2026-15506 (A security vulnerability has been detected in SecureAge
CatchPulse up ...)
- TODO: check
+ NOT-FOR-US: SecureAge CatchPulse
CVE-2026-15505 (A weakness has been identified in vnotex vnote up to 3.20.1.
Impacted ...)
- TODO: check
+ NOT-FOR-US: vnotex vnote
CVE-2026-12582 (The Library Management System WordPress plugin before 3.5.8
does not s ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12397 (The WP Job Portal WordPress plugin before 2.5.5 does not
verify owner ...)
@@ -985,7 +985,7 @@ CVE-2026-34196 (Software installed and run as a
non-privileged user may conduct
CVE-2026-2354 (The Swiss Toolkit For WP plugin for WordPress is vulnerable to
arbitra ...)
NOT-FOR-US: WordPress plugin
CVE-2026-20744 (The charging station websocket endpoint accepts connections
without p ...)
- TODO: check
+ NOT-FOR-US: Hydro-Quebec
CVE-2026-1832 (The ThriveDesk \u2013 Live Chat, AI Chatbot, Helpdesk &
Knowledge Base ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1382 (The fresh Podcaster plugin for WordPress is vulnerable to
Stored Cross ...)
@@ -1029,7 +1029,7 @@ CVE-2026-15072 (The KiviCare \u2013 Clinic & Patient
Management System (EHR) plu
CVE-2026-15010 (The bbp Style Pack plugin for WordPress is vulnerable to
Stored Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2026-14480 (OpenPLC Runtime v3 contains an authenticated arbitrary file
write vul ...)
- TODO: check
+ NOT-FOR-US: OpenPLC
CVE-2026-14286
REJECTED
CVE-2026-14262 (The Simple JWT Login \u2013 Allows you to use JWT on REST
endpoints. p ...)
@@ -1432,7 +1432,7 @@ CVE-2026-1946 (The GW AI Website Builder plugin for
WordPress is vulnerable to u
CVE-2026-1667 (The SEO Plugin by Squirrly SEO plugin for WordPress is
vulnerable to A ...)
NOT-FOR-US: WordPress plugin
CVE-2026-15378 (A flaw was found in the `guardrails-detectors` component. This
vulnera ...)
- TODO: check
+ NOT-FOR-US: guardrails-detectors
CVE-2026-15377 (A vulnerability was determined in Eleveo Call Recording
Software 9.7.0 ...)
NOT-FOR-US: Eleveo Call Recording Software
CVE-2026-15376 (A vulnerability was found in Eleveo Call Recording Software
9.7.0. Aff ...)
@@ -1446,7 +1446,7 @@ CVE-2026-15373 (A vulnerability was detected in Eleveo
Call Recording Software 9
CVE-2026-15146 (GNU Wget does not validate the IP address provided by an FTP
PASV resp ...)
TODO: check
CVE-2026-15143 (A flaw was found in the file_type content detector of
guardrails-detec ...)
- TODO: check
+ NOT-FOR-US: guardrails-detectors
CVE-2026-15104 (The BetterDocs \u2013 AI Documentation, Knowledge Base, Docs,
Wikis, F ...)
NOT-FOR-US: WordPress plugin
CVE-2026-15028 (A flaw was found in libarchive. This vulnerability allows a
remote att ...)
@@ -1698,19 +1698,19 @@ CVE-2026-15330 (A vulnerability was determined in
zhayujie CowAgent up to 2.1.1.
CVE-2026-15329 (A vulnerability was found in zhayujie CowAgent up to 2.1.0.
This issue ...)
NOT-FOR-US: zhayujie CowAgent
CVE-2026-15326 (A vulnerability was identified in halo-dev halo up to 2.24.2.
This aff ...)
- TODO: check
+ NOT-FOR-US: Halo
CVE-2026-15321 (A vulnerability was found in MyEMS up to 6.4.0. The affected
element i ...)
NOT-FOR-US: MyEMS
CVE-2026-15320 (A vulnerability was detected in Sipeed PicoClaw up to 0.2.9.
This vuln ...)
- TODO: check
+ NOT-FOR-US: Sipeed PicoClaw
CVE-2026-15319 (A security vulnerability has been detected in Sipeed PicoClaw
up to 0. ...)
- TODO: check
+ NOT-FOR-US: Sipeed PicoClaw
CVE-2026-15318 (A weakness has been identified in Sipeed PicoClaw up to 0.2.9.
Affecte ...)
- TODO: check
+ NOT-FOR-US: Sipeed PicoClaw
CVE-2026-15317 (A security flaw has been discovered in Sipeed PicoClaw up to
0.2.9. Af ...)
- TODO: check
+ NOT-FOR-US: Sipeed PicoClaw
CVE-2026-15311 (A vulnerability was identified in NousResearch hermes-agent up
to 2026 ...)
- TODO: check
+ NOT-FOR-US: NousResearch hermes-agent
CVE-2026-15302 (The ARMember plugin for WordPress is vulnerable to Directory
Traversal ...)
NOT-FOR-US: WordPress plugin
CVE-2026-15301 (The BuddyHolis TableSearch plugin for WordPress is vulnerable
to Store ...)
@@ -1750,9 +1750,9 @@ CVE-2026-15283 (The WPvivid Backup for MainWP plugin for
WordPress is vulnerable
CVE-2026-15282 (The Instant Appointment plugin for WordPress is vulnerable to
arbitrar ...)
NOT-FOR-US: WordPress plugin
CVE-2026-15276 (A flaw has been found in pdeljanov Symphonia up to 0.6.0. This
vulnera ...)
- TODO: check
+ NOT-FOR-US: pdeljanov Symphonia
CVE-2026-15274 (A vulnerability was detected in lo48576 fbxcel up to 0.9.0.
This affec ...)
- TODO: check
+ NOT-FOR-US: lo48576 fbxcel
CVE-2026-15271 (A security vulnerability has been detected in TOTOLINK
A3000RU, A3100R ...)
NOT-FOR-US: TOTOLINK
CVE-2026-15270 (A weakness has been identified in D-link DIR-823G
1.0.2B05_20181207. A ...)
@@ -2984,35 +2984,35 @@ CVE-2026-29008 (U-Boot through 2026.04-rc3 contains an
integer underflow vulnera
CVE-2026-29007 (U-Boot through 2026.04-rc3 contains an out-of-bounds read
vulnerabilit ...)
TODO: check
CVE-2026-24700 (An OS command injection vulnerability exists in the
start_lltd() funct ...)
- TODO: check
+ NOT-FOR-US: Cisco RV130/RV130W
CVE-2026-24699 (An OS command injection vulnerability exists in the
sub_34984() functi ...)
- TODO: check
+ NOT-FOR-US: Cisco RV130/RV130W
CVE-2026-24698 (An OS command injection vulnerability exists in the
save_syslog_to_fil ...)
- TODO: check
+ NOT-FOR-US: Cisco RV130/RV130W
CVE-2026-24697 (An OS command injection vulnerability exists in the
start_bonjour() fu ...)
- TODO: check
+ NOT-FOR-US: Cisco RV130/RV130W
CVE-2026-22927 (Omnissa Workspace ONE\xae Tunnel for Windows addresses a
Local Privi ...)
NOT-FOR-US: Omnissa
CVE-2026-15067 (Snowflake Terraform Provider versions prior to 2.18.0 contain
several ...)
- TODO: check
+ NOT-FOR-US: Snowflake Terraform Provider
CVE-2026-15063 (A flaw was found in the gorch service template, which is part
of the t ...)
TODO: check
CVE-2026-15062 (SQL injection vulnerabilities in the Snowflake Snowpark Python
SDK (sn ...)
- TODO: check
+ NOT-FOR-US: Snowflake Snowpark Python SDK
CVE-2026-15053 (Tanium addressed a denial of service vulnerability in Tanium
Server.)
NOT-FOR-US: Tanium
CVE-2026-15044 (A flaw was found in the TrustyAI Service Operator. When
deploying serv ...)
- TODO: check
+ NOT-FOR-US: TrustyAI Service Operator
CVE-2026-15041 (A flaw was found in 389 Directory Server. The PBKDF2-SHA256
password v ...)
TODO: check
CVE-2026-15036 (A vulnerability was determined in Harness up to 2.28.2. This
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Harness
CVE-2026-15035 (A vulnerability was found in bentoml OpenLLM 0.6.30. This
affects the ...)
- TODO: check
+ NOT-FOR-US: bentoml OpenLLM
CVE-2026-15034 (A vulnerability has been found in flask-dashboard
Flask-MonitoringDash ...)
TODO: check
CVE-2026-15033 (A flaw has been found in christopherthielen
check-peer-dependencies up ...)
- TODO: check
+ NOT-FOR-US: christopherthielen check-peer-dependencies
CVE-2026-14967 (BBOT's `github_workflows` module could be induced to write a
downloade ...)
TODO: check
CVE-2026-14966 (BBOT's unarchive module rejects archives containing symlink
entries be ...)
@@ -3377,7 +3377,7 @@ CVE-2026-36163 (An HTML injection vulnerability in the
file view endpoint of Liq
CVE-2026-36162 (An authenticated stored cross-site scripting (XSS)
vulnerability in th ...)
NOT-FOR-US: LiquidFiles
CVE-2026-28378 (The public dashboard deletion endpoint does not enforce
organization i ...)
- TODO: check
+ NOT-FOR-US: Grafana Labs
CVE-2026-23698 (Vtiger CRM through 8.4.0 contains an authenticated remote code
executi ...)
NOT-FOR-US: Vtiger CRM
CVE-2026-23697 (Vtiger CRM before 8.4.0 contains an authenticated file upload
vulnerab ...)
@@ -3398,9 +3398,9 @@ CVE-2026-14935 (A logic vulnerability was found in
GStreamer's webrtcbin compone
CVE-2026-14904 (AWS Research and Engineering Studio (RES) is an open-source
solution t ...)
NOT-FOR-US: Amazon
CVE-2026-14868 (The encryption algorithm used to protect the configuration of
user acc ...)
- TODO: check
+ NOT-FOR-US: PcVue
CVE-2026-14867 (Credentials of built-in users are insecurely stored in the
User direct ...)
- TODO: check
+ NOT-FOR-US: PcVue
CVE-2026-14500 (The Bulk Order Update for WooCommerce plugin for WordPress is
vulnerab ...)
NOT-FOR-US: WordPress plugin
CVE-2026-14495 (The DoLogin Security plugin for WordPress is vulnerable to
Authenticat ...)
@@ -3935,7 +3935,7 @@ CVE-2026-14536 (Improper enforcement of a mandatory
multi-factor authentication
CVE-2026-14471 (Improper Neutralization of Special Elements in the
metrics-service ret ...)
NOT-FOR-US: Amazon
CVE-2026-14468 (HashiCorp Terraform Enterprise contained an issue in its
version contr ...)
- TODO: check
+ NOT-FOR-US: HashiCorp Terraform Enterprise
CVE-2026-14345 (The WPFunnels \u2013 Funnel Builder for WooCommerce with
Checkout & On ...)
NOT-FOR-US: WordPress plugin
CVE-2026-13356 (A malicious webpage could interrupt a pending navigation by
enqueuing ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0f06141a98557d9a6008a7f010dc5ac0683eb90
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0f06141a98557d9a6008a7f010dc5ac0683eb90
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits