Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c5e295dc by security tracker role at 2026-07-10T19:13:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,340 @@
-CVE-2026-53363 [xfrm: iptfs: preserve shared-frag marker in 
iptfs_consume_frags()]
+CVE-2026-9857 (The Invoice123 plugin for WordPress is vulnerable to 
authorization byp ...)
+       TODO: check
+CVE-2026-9838 (The ICS Calendar plugin for WordPress is vulnerable to 
Reflected Cross ...)
+       TODO: check
+CVE-2026-8609 (An unauthenticated attacker can repeatedly call Grafana's OAuth 
login  ...)
+       TODO: check
+CVE-2026-8595 (A user with Editor permissions can craft a dashboard whose 
table (Tabl ...)
+       TODO: check
+CVE-2026-6872
+       REJECTED
+CVE-2026-6802 (The Easy Upload Files During Checkout plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2026-6440 (The GoodMeet \u2013 Google Meet Integration for Webinar, 
Meeting & Vid ...)
+       TODO: check
+CVE-2026-6212 (Authorization bypass through User-Controlled key vulnerability 
in Tera ...)
+       TODO: check
+CVE-2026-61492 (In JetBrains YouTrack before 2026.2.17394 stored XSS via 
article title ...)
+       TODO: check
+CVE-2026-61461 (Dify before 1.16.0-rc1 contains a SQL injection vulnerability 
in the M ...)
+       TODO: check
+CVE-2026-61460 (Krayin CRM through 2.2.3 contains an insecure direct object 
reference  ...)
+       TODO: check
+CVE-2026-61459 (MCP Server Kubernetes before 3.9.0 contains an argument 
injection vuln ...)
+       TODO: check
+CVE-2026-61456 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 
fails to sa ...)
+       TODO: check
+CVE-2026-61455 (Grav before 2.0.1 contains a decompression bomb vulnerability 
in ZipAr ...)
+       TODO: check
+CVE-2026-61450 (Grav before 2.0.2 contains a Twig sandbox bypass that allows a 
page au ...)
+       TODO: check
+CVE-2026-61444 (PraisonAI versions before 4.6.78 contain a code injection 
vulnerabilit ...)
+       TODO: check
+CVE-2026-61441 (PraisonAI Platform (praisonai-platform) before 0.1.9 
improperly author ...)
+       TODO: check
+CVE-2026-61437 (PraisonAI (pip package praisonaiagents) before 1.6.78 contains 
an unsa ...)
+       TODO: check
+CVE-2026-61434 (PraisonAI versions before 4.6.78 contain an allowlist bypass 
vulnerabi ...)
+       TODO: check
+CVE-2026-61432 (PraisonAI (praisonaiagents) before 1.6.78 contains a path 
traversal vu ...)
+       TODO: check
+CVE-2026-61431 (PraisonAI before 4.6.78 contains a path traversal 
vulnerability in Con ...)
+       TODO: check
+CVE-2026-60091 (PraisonAI before 4.6.78 contains an unauthenticated 
server-side reques ...)
+       TODO: check
+CVE-2026-60089 (PraisonAI (pip package praisonaiagents) before 1.6.78 
automatically lo ...)
+       TODO: check
+CVE-2026-60086 (PraisonAI before 4.6.78 contains a prompt injection defense 
bypass vul ...)
+       TODO: check
+CVE-2026-5801 (Improper neutralization of special elements used in an SQL 
command ('S ...)
+       TODO: check
+CVE-2026-59796 (In JetBrains TeamCity before 2026.1.2 pipeline modification 
was possib ...)
+       TODO: check
+CVE-2026-59795 (In JetBrains TeamCity before 2026.1.2 stored XSS via 
unauthenticated a ...)
+       TODO: check
+CVE-2026-59794 (In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud 
profile  ...)
+       TODO: check
+CVE-2026-59793 (In JetBrains TeamCity before 2026.1.2 arbitrary file access 
was possib ...)
+       TODO: check
+CVE-2026-59792 (In JetBrains IntelliJ IDEA before 2026.1.4,  2026.2 code 
execution via ...)
+       TODO: check
+CVE-2026-59791 (In JetBrains YouTrack before 2026.2.17012 cSS injection via 
Mermaid di ...)
+       TODO: check
+CVE-2026-59193 (Grav is a file-based Web platform. Prior to 2.0.0, an 
authenticated ad ...)
+       TODO: check
+CVE-2026-59190 (grav-plugin-admin is an HTML user interface that provides a 
way to con ...)
+       TODO: check
+CVE-2026-59180 (Apprise is an open source library which allows you to send a 
notificat ...)
+       TODO: check
+CVE-2026-59162 (Excelize is a Go language library for reading and writing 
Microsoft Ex ...)
+       TODO: check
+CVE-2026-59161 (Excelize is a Go language library for reading and writing 
Microsoft Ex ...)
+       TODO: check
+CVE-2026-59154 (Wekan is open source kanban built with Meteor. Prior to 9.64, 
Wekan ha ...)
+       TODO: check
+CVE-2026-59151 (Prowler is a cloud security platform. Prior to 5.30.3, 
Prowler's SAML  ...)
+       TODO: check
+CVE-2026-58661 (n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) 
contains a d ...)
+       TODO: check
+CVE-2026-58493 (grav-plugin-database is the database plugin for Grav CMS. 
Prior to 1.2 ...)
+       TODO: check
+CVE-2026-58492 (grav-plugin-database is the database plugin for Grav CMS. 
Prior to 1.2 ...)
+       TODO: check
+CVE-2026-58225 (SQL Injection vulnerability in elixir-ecto postgrex allows an 
attacker ...)
+       TODO: check
+CVE-2026-57994 (phpMyFAQ before 4.1.5 applies inconsistent active=yes and 
publication- ...)
+       TODO: check
+CVE-2026-57961 (phpMyFAQ before 4.1.5 contains a potential authenticated path 
traversa ...)
+       TODO: check
+CVE-2026-57476 (Deloitte AI Assist for Customer exposed unauthenticated API 
endpoints  ...)
+       TODO: check
+CVE-2026-57475 (Deloitte AI Assist for Customer accepted unauthenticated POST 
requests ...)
+       TODO: check
+CVE-2026-57474 (Deloitte AI Assist for Customer disclosed some configuration 
informati ...)
+       TODO: check
+CVE-2026-57167 (PeerTube is an ActivityPub-federated video streaming platform. 
Prior t ...)
+       TODO: check
+CVE-2026-56814 (Plug.Parsers.MULTIPART, the multipart request-body parser used 
to hand ...)
+       TODO: check
+CVE-2026-56813 (Improper Neutralization of Parameter/Argument Delimiters 
vulnerability ...)
+       TODO: check
+CVE-2026-56765 (Vikunja before 2.2.1 contains an authorization flaw where the 
LinkShar ...)
+       TODO: check
+CVE-2026-56690 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) 
an Improp ...)
+       TODO: check
+CVE-2026-56689 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) 
an Improp ...)
+       TODO: check
+CVE-2026-56688 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) 
an Improp ...)
+       TODO: check
+CVE-2026-56676 (9Router is an AI router & token saver. Prior to 0.5.2, 9router 
validat ...)
+       TODO: check
+CVE-2026-56675 (9Router is an AI router & token saver. Prior to 0.5.2, 9router 
treats  ...)
+       TODO: check
+CVE-2026-56668 (ZITADEL is an open source identity management platform. Prior 
to 4.15. ...)
+       TODO: check
+CVE-2026-56667 (ZITADEL is an open source identity management platform. Prior 
to 4.15. ...)
+       TODO: check
+CVE-2026-56666 (ZITADEL is an open source identity management platform. Prior 
to 4.15. ...)
+       TODO: check
+CVE-2026-56665 (ZITADEL is an open source identity management platform. Prior 
to 3.4.1 ...)
+       TODO: check
+CVE-2026-56664 (ZITADEL is an open source identity management platform. Prior 
to 3.4.1 ...)
+       TODO: check
+CVE-2026-56373 (ImageMagick before 7.1.2-15 contains a use-after-free 
vulnerability in ...)
+       TODO: check
+CVE-2026-56366 (ImageMagick before 7.1.2-18 contains a memory leak 
vulnerability in th ...)
+       TODO: check
+CVE-2026-56354 (n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 
2.x branch ...)
+       TODO: check
+CVE-2026-56335 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability w ...)
+       TODO: check
+CVE-2026-56329 (Capgo before 12.128.2 contains a cross-tenant preview 
namespace collis ...)
+       TODO: check
+CVE-2026-56312 (Capgo before 12.128.2 contains an improper validation 
vulnerability in ...)
+       TODO: check
+CVE-2026-56309 (Capgo before 12.128.2 fails to enforce plan/quota restrictions 
on the  ...)
+       TODO: check
+CVE-2026-56305 (Capgo before 12.128.2 contains an authentication bypass 
vulnerability  ...)
+       TODO: check
+CVE-2026-56279 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
+       TODO: check
+CVE-2026-56261 (Crawl4AI before 0.8.7 contains a server-side request forgery 
(SSRF) vu ...)
+       TODO: check
+CVE-2026-56254 (In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, 
the end-to ...)
+       TODO: check
+CVE-2026-55890 (Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's 
incompl ...)
+       TODO: check
+CVE-2026-55885 (Grav is a file-based Web platform. Prior to 1.7.53, an 
authenticated a ...)
+       TODO: check
+CVE-2026-55843 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.0, Use ...)
+       TODO: check
+CVE-2026-55783 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
+       TODO: check
+CVE-2026-55782 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
+       TODO: check
+CVE-2026-55781 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
+       TODO: check
+CVE-2026-55780 (NanaZip is the 7-Zip derivative intended for the modern 
Windows experi ...)
+       TODO: check
+CVE-2026-55687 (ESF-IDF is the Espressif Internet of Things (IOT) Development 
Framewor ...)
+       TODO: check
+CVE-2026-55672 (ZITADEL is an open source identity management platform. Prior 
to 3.4.1 ...)
+       TODO: check
+CVE-2026-55671 (ZITADEL is an open source identity management platform. From 
4.0.0-rc. ...)
+       TODO: check
+CVE-2026-55670 (ZITADEL is an open source identity management platform. Prior 
to 4.15. ...)
+       TODO: check
+CVE-2026-55669 (ZITADEL is an open source identity management platform. Prior 
to 3.4.1 ...)
+       TODO: check
+CVE-2026-55641 (9Router is an AI router & token saver. Prior to 0.5.2, 9router 
determi ...)
+       TODO: check
+CVE-2026-55638 (9Router is an AI router & token saver. Prior to 0.5.2, 9router 
protect ...)
+       TODO: check
+CVE-2026-55516 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.2, PAT ...)
+       TODO: check
+CVE-2026-55501 (9Router is an AI router & token saver. Prior to 0.4.80, the 
dashboard  ...)
+       TODO: check
+CVE-2026-55500 (9Router is an AI router & token saver. Prior to 0.4.80, the 
/api/setti ...)
+       TODO: check
+CVE-2026-55478 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.2, POS ...)
+       TODO: check
+CVE-2026-55476 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.0, POS ...)
+       TODO: check
+CVE-2026-55474 (Snipe-IT is an IT asset/license management system. Prior to 
8.5.0, Act ...)
+       TODO: check
+CVE-2026-55472 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.2, whe ...)
+       TODO: check
+CVE-2026-55464 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.2, Com ...)
+       TODO: check
+CVE-2026-55460 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.2, an  ...)
+       TODO: check
+CVE-2026-54919 (cpp-httplib is a C++11 single-file header-only cross platform 
HTTP/HTT ...)
+       TODO: check
+CVE-2026-54470 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior 
contain(s)  ...)
+       TODO: check
+CVE-2026-54469 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, 
contain(s) ...)
+       TODO: check
+CVE-2026-54468 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, 
contain(s) ...)
+       TODO: check
+CVE-2026-54329 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.2, the ...)
+       TODO: check
+CVE-2026-54149 (MaxKB is an open-source AI assistant for enterprise. Prior to 
2.10.0-l ...)
+       TODO: check
+CVE-2026-54063 (Excelize is a Go language library for reading and writing 
Microsoft Ex ...)
+       TODO: check
+CVE-2026-54001 (osquery is a SQL powered operating system instrumentation, 
monitoring, ...)
+       TODO: check
+CVE-2026-54000 (osquery is a SQL powered operating system instrumentation, 
monitoring, ...)
+       TODO: check
+CVE-2026-53780
+       REJECTED
+CVE-2026-53657 (Lima launches Linux virtual machines, typically on macOS, for 
running  ...)
+       TODO: check
+CVE-2026-53653 (Grav is a file-based Web platform. Prior to 1.7.53 and 
2.0.0-rc.8, Gra ...)
+       TODO: check
+CVE-2026-53450 (Coturn is a free open source implementation of TURN and STUN 
Server. P ...)
+       TODO: check
+CVE-2026-53449 (Coturn is a free open source implementation of TURN and STUN 
Server. P ...)
+       TODO: check
+CVE-2026-53448 (Coturn is a free open source implementation of TURN and STUN 
Server. P ...)
+       TODO: check
+CVE-2026-51119 (An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to 
escalat ...)
+       TODO: check
+CVE-2026-46388 (osquery is a SQL powered operating system instrumentation, 
monitoring, ...)
+       TODO: check
+CVE-2026-41880 (R-SOFT DMS is vulnerable toOS Command Injection in the Optical 
Charact ...)
+       TODO: check
+CVE-2026-41879 (R-SOFT DMSstores superadmin credentials using a non-salted 
nested MD5  ...)
+       TODO: check
+CVE-2026-41878 (R-SOFT DMS is vulnerable toInsecure Direct Object Reference 
(IDOR) att ...)
+       TODO: check
+CVE-2026-41877 (R-SOFT DMS is vulnerable to Stored XSS in file upload 
functionality. A ...)
+       TODO: check
+CVE-2026-41876 (R-SOFT DMS is vulnerable toOS Command Injection in 
konwertujAction() f ...)
+       TODO: check
+CVE-2026-40454 (Out-of-bounds Read, Improper Input Validation vulnerability in 
Apache  ...)
+       TODO: check
+CVE-2026-40452 (Incorrect Authorization, Improper Access Control vulnerability 
in Apac ...)
+       TODO: check
+CVE-2026-40009 (Improper Privilege Management, Improper Access Control 
vulnerability i ...)
+       TODO: check
+CVE-2026-40008 (Use of Externally-Controlled Input to Select Classes or Code 
('Unsafe  ...)
+       TODO: check
+CVE-2026-40007 (Uncontrolled Recursion, Uncontrolled Resource Consumption 
vulnerabilit ...)
+       TODO: check
+CVE-2026-40006 (Memory Allocation with Excessive Size Value, Allocation of 
Resources W ...)
+       TODO: check
+CVE-2026-40005 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
+       TODO: check
+CVE-2026-3907 (The Hostel plugin for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
+       TODO: check
+CVE-2026-3251 (Improper neutralization of input during web page generation 
('cross-si ...)
+       TODO: check
+CVE-2026-39903 (Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 
Alpha 5  ...)
+       TODO: check
+CVE-2026-39244 (adm-zip before 0.5.18 is vulnerable to denial of service via a 
crafted ...)
+       TODO: check
+CVE-2026-38059 (The iDirect iQ200 exposes the /api/identity and /api/ REST API 
endpoin ...)
+       TODO: check
+CVE-2026-38057 (The iDirect iQ200 does not validate CSRF tokens on 
state-changing API  ...)
+       TODO: check
+CVE-2026-33382 (Several Grafana API endpoints, some of them unauthenticated, 
do not li ...)
+       TODO: check
+CVE-2026-2398 (Authorization bypass through User-Controlled key vulnerability 
in Adam ...)
+       TODO: check
+CVE-2026-2397 (Improper neutralization of special elements used in an SQL 
command ('S ...)
+       TODO: check
+CVE-2026-29519 (Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 
7.0.x r ...)
+       TODO: check
+CVE-2026-28564 (Insufficient Session Expiration, Authentication Bypass by 
Capture-repl ...)
+       TODO: check
+CVE-2026-22660 (FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a 
logic flaw  ...)
+       TODO: check
+CVE-2026-22659 (FlaskBB through 2.2.0, fixed in commit acc88cf, contains an 
authorizat ...)
+       TODO: check
+CVE-2026-1946 (The GW AI Website Builder plugin for WordPress is vulnerable to 
unauth ...)
+       TODO: check
+CVE-2026-1667 (The SEO Plugin by Squirrly SEO plugin for WordPress is 
vulnerable to A ...)
+       TODO: check
+CVE-2026-15378 (A flaw was found in the `guardrails-detectors` component. This 
vulnera ...)
+       TODO: check
+CVE-2026-15377 (A vulnerability was determined in Eleveo Call Recording 
Software 9.7.0 ...)
+       TODO: check
+CVE-2026-15376 (A vulnerability was found in Eleveo Call Recording Software 
9.7.0. Aff ...)
+       TODO: check
+CVE-2026-15375 (A vulnerability has been found in Eleveo Call Recording 
Software 9.7.0 ...)
+       TODO: check
+CVE-2026-15374 (A flaw has been found in Eleveo Call Recording Software 9.7.0. 
This af ...)
+       TODO: check
+CVE-2026-15373 (A vulnerability was detected in Eleveo Call Recording Software 
9.7.0.  ...)
+       TODO: check
+CVE-2026-15146 (GNU Wget does not validate the IP address provided by an FTP 
PASV resp ...)
+       TODO: check
+CVE-2026-15143 (A flaw was found in the file_type content detector of 
guardrails-detec ...)
+       TODO: check
+CVE-2026-15104 (The BetterDocs \u2013 AI Documentation, Knowledge Base, Docs, 
Wikis, F ...)
+       TODO: check
+CVE-2026-15028 (A flaw was found in libarchive. This vulnerability allows a 
remote att ...)
+       TODO: check
+CVE-2026-15026 (The Import and export users and customers plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2026-14475 (The Cookie Banner for GDPR / CCPA \u2013 WPLP Cookie Consent 
plugin fo ...)
+       TODO: check
+CVE-2026-14461 (mtr is vulnerable to Out-of-bound read vulnerability in 
ipinfo_lookup( ...)
+       TODO: check
+CVE-2026-13710 (The Jeg Kit for Elementor \u2013 Powerful Addons for 
Elementor, Widget ...)
+       TODO: check
+CVE-2026-13347 (The Hide My WP Lite plugin for WordPress is vulnerable to 
Arbitrary Fi ...)
+       TODO: check
+CVE-2026-13247 (The Logo Slider \u2013 Logo Carousel, Client Logo Slider & 
Brand Showc ...)
+       TODO: check
+CVE-2026-13010 (The JoomSport \u2013 for Sports: Team & League, Football, 
Hockey & mor ...)
+       TODO: check
+CVE-2026-12955 (The GDPR Cookie Consent plugin for WordPress is vulnerable to 
unauthor ...)
+       TODO: check
+CVE-2026-12924 (The Eventin \u2013 Event Calendar, Event Registration, Tickets 
& Booki ...)
+       TODO: check
+CVE-2026-12918 (The Mail Mint \u2013 Email Marketing, Newsletter, Email 
Automation & W ...)
+       TODO: check
+CVE-2026-12400 (The FlowForms \u2013 Conversational Form Builder plugin for 
WordPress  ...)
+       TODO: check
+CVE-2026-12108 (The Highlighting Code Block plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2026-11992 (The Easy Appointments plugin for WordPress is vulnerable to 
authorizat ...)
+       TODO: check
+CVE-2026-11990 (The KiviCare \u2013 Clinic & Patient Management System (EHR) 
plugin fo ...)
+       TODO: check
+CVE-2025-70796 (An unauthenticated path traversal vulnerability exists in the 
web mana ...)
+       TODO: check
+CVE-2025-30008 (HestiaCP before 1.9.5 contains a stored cross-site scripting 
vulnerabi ...)
+       TODO: check
+CVE-2025-30007 (HestiaCP before 1.9.5 contains an authenticated OS command 
injection v ...)
+       TODO: check
+CVE-2025-12127
+       REJECTED
+CVE-2025-11977 (The Happyforms \u2013 Form Builder for WordPress: Drag & Drop 
Contact  ...)
+       TODO: check
+CVE-2026-53363 (In the Linux kernel, the following vulnerability has been 
resolved:  x ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -655,6 +991,7 @@ CVE-2026-0279 (Multiple cross site scripting 
vulnerabilities in the User-ID\u212
 CVE-2025-63579 (Unauthorized use of Kyocera printers, allows all information 
stored in ...)
        NOT-FOR-US: Kyocera
 CVE-2026-57825
+       {DSA-6386-1}
        - opam 2.5.2-1
        NOTE: 
https://github.com/ocaml/security-advisories/blob/main/advisories/2026/OSEC-2026-10.md
        NOTE: https://github.com/ocaml/opam/pull/7005
@@ -13858,7 +14195,7 @@ CVE-2026-9072 (IBM WebSphere Application Server and IBM 
WebSphere Application Se
        NOT-FOR-US: IBM
 CVE-2026-9071 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere 
Applic ...)
        NOT-FOR-US: IBM
-CVE-2026-9029 (The geomap panel's XYZ tile layer has a 
sanitize-then-interpolate orde ...)
+CVE-2026-9029 (A user with Editor permissions can place a malicious script in 
the att ...)
        - grafana <removed>
 CVE-2026-9006 (IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to 
server- ...)
        NOT-FOR-US: IBM
@@ -14145,7 +14482,7 @@ CVE-2026-44913 (Improper escaping of database table 
names in the CaptureChangeMy
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44911 (Authorization handling for component configuration 
verification reques ...)
        NOT-FOR-US: Apache software not packaged in Debian
-CVE-2026-42129 (The Loki datasource plugin's callResource handler contains a 
path trav ...)
+CVE-2026-42129 (A user with Viewer permissions can use a path traversal in the 
Loki da ...)
        NOT-FOR-US: Grafana Labs
 CVE-2026-42127 (The public dashboard query endpoint does not limit request 
body size b ...)
        NOT-FOR-US: Grafana Labs
@@ -14210,7 +14547,7 @@ CVE-2026-10845 (IBM WebSphere Application Server 8.5 
and 9.0could allow a remote
        NOT-FOR-US: IBM
 CVE-2026-10789 (A maliciously crafted webpage, when visited by a user with 
Autodesk Fu ...)
        NOT-FOR-US: Autodesk
-CVE-2026-10601 (The Tempo and Loki datasource plugins construct backend HTTP 
requests  ...)
+CVE-2026-10601 (A user with Viewer permissions can use specially crafted 
requests to t ...)
        NOT-FOR-US: Grafana Labs
 CVE-2026-10561 (IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due 
to an im ...)
        NOT-FOR-US: IBM
@@ -93404,7 +93741,7 @@ CVE-2020-37097 (Edimax EW-7438RPn 1.13 contains an 
information disclosure vulner
        NOT-FOR-US: Edimax
 CVE-2020-37096 (Edimax EW-7438RPn 1.13 contains a cross-site request forgery 
vulnerabi ...)
        NOT-FOR-US: Edimax
-CVE-2020-37094 (EspoCRM 5.8.5 contains an authentication vulnerability that 
allows att ...)
+CVE-2020-37094 (EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token 
reuse vu ...)
        NOT-FOR-US: EspoCRM
 CVE-2020-37093 (Netis E1+ 1.2.32533 contains an information disclosure 
vulnerability t ...)
        NOT-FOR-US: Netis E1+



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5e295dc3f535f13b751c4911ff47a9ab9308dc4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5e295dc3f535f13b751c4911ff47a9ab9308dc4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to