[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 7 12:18:01 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c426ccef by Moritz Muehlenhoff at 2026-04-07T13:17:43+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -303,9 +303,9 @@ CVE-2026-35044 (BentoML is a Python library for building online serving systems
 CVE-2026-35043 (BentoML is a Python library for building online serving systems optimi ...)
 	NOT-FOR-US: BentoML
 CVE-2026-35042 (fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 a ...)
-	TODO: check
+	NOT-FOR-US: Node fast-jwt
 CVE-2026-35039 (fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 ...)
-	TODO: check
+	NOT-FOR-US: Node fast-jwt
 CVE-2026-35037 (Ech0 is an open-source, self-hosted publishing platform for personal i ...)
 	NOT-FOR-US: Ech0
 CVE-2026-35036 (Ech0 is an open-source, self-hosted publishing platform for personal i ...)
@@ -329,25 +329,25 @@ CVE-2026-34977 (Aperi'Solve is an open-source steganalysis web platform. Prior t
 CVE-2026-34976 (Dgraph is an open source distributed GraphQL database. Prior to 25.3.1 ...)
 	NOT-FOR-US: Dgraph
 CVE-2026-34975 (Plunk is an open-source email platform built on top of AWS SES. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Plunk
 CVE-2026-34969 (Nhost is an open source Firebase alternative with GraphQL. Prior to 0. ...)
 	TODO: check
 CVE-2026-34951 (Workbench is a suite of tools for administrators and developers to int ...)
 	TODO: check
 CVE-2026-34950 (fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 a ...)
-	TODO: check
+	NOT-FOR-US: Node fast-jwt
 CVE-2026-34940 (KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, th ...)
-	TODO: check
+	NOT-FOR-US: KubeAI
 CVE-2026-34897 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-34885 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-34841 (Bruno is an open source IDE for exploring and testing APIs. Prior to 3 ...)
-	TODO: check
+	NOT-FOR-US: Bruno
 CVE-2026-34783 (Ferret is a declarative system for working with web data. Prior to 2.0 ...)
 	TODO: check
 CVE-2026-34764 (Electron is a framework for writing cross-platform desktop application ...)
-	TODO: check
+	- electron <itp> (bug #842420)
 CVE-2026-34756 (vLLM is an inference and serving engine for large language models (LLM ...)
 	- vllm <itp> (bug #1095237)
 CVE-2026-34755 (vLLM is an inference and serving engine for large language models (LLM ...)
@@ -426,55 +426,55 @@ CVE-2026-32602 (Homarr is an open-source dashboard. Prior to 1.57.0, the user re
 CVE-2026-31354 (Multiple authenticated stored cross-site scripting (XSS) vulnerabiliti ...)
 	TODO: check
 CVE-2026-31353 (An authenticated stored cross-site scripting (XSS) vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: Feehi CMS
 CVE-2026-31352 (An authenticated stored cross-site scripting (XSS) vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: Feehi CMS
 CVE-2026-31351 (An authenticated stored cross-site scripting (XSS) vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: Feehi CMS
 CVE-2026-31350 (An authenticated stored cross-site scripting (XSS) vulnerability in Fe ...)
-	TODO: check
+	NOT-FOR-US: Feehi CMS
 CVE-2026-31313 (An authenticated stored cross-site scripting (XSS) vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: Feehi CMS
 CVE-2026-31153 (A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 a ...)
 	TODO: check
 CVE-2026-31151 (An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attacke ...)
-	TODO: check
+	NOT-FOR-US: Kaleris YMS
 CVE-2026-31150 (Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated  ...)
-	TODO: check
+	NOT-FOR-US: Kaleris YMS
 CVE-2026-31067 (A remote command execution (RCE) vulnerability in the /goform/formRele ...)
 	TODO: check
 CVE-2026-31066 (UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2026-31065 (UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2026-31063 (UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2026-31062 (UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2026-31061 (UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2026-31060 (UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2026-31059 (A remote command execution (RCE) vulnerability in the /goform/formDia  ...)
 	TODO: check
 CVE-2026-31058 (UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: UTT
 CVE-2026-31053 (A double free vulnerability exists in librz/bin/format/le/le.c in the  ...)
 	TODO: check
 CVE-2026-30613 (An information disclosure vulnerability exists in AZIOT 1 Node Smart S ...)
 	TODO: check
 CVE-2026-30078 (OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message w ...)
-	TODO: check
+	NOT-FOR-US: OpenAirInterface
 CVE-2026-29047 (GLPI is a free asset and IT management software package. From 10.0.0 t ...)
-	TODO: check
+	- glpi <removed>
 CVE-2026-26263 (GLPI is a free asset and IT management software package. From 11.0.0 t ...)
-	TODO: check
+	- glpi <removed>
 CVE-2026-26027 (GLPI is a free asset and IT management software package. From 11.0.0 t ...)
-	TODO: check
+	- glpi <removed>
 CVE-2026-26026 (GLPI is a free asset and IT management software package. From 11.0.0 t ...)
-	TODO: check
+	- glpi <removed>
 CVE-2026-25932 (GLPI is a Free Asset and IT Management Software package. From 0.60 to  ...)
-	TODO: check
+	- glpi <removed>
 CVE-2026-21382 (Memory Corruption when handling power management requests with imprope ...)
 	NOT-FOR-US: Qualcomm
 CVE-2026-21381 (Transient DOS when receiving a service data frame with excessive lengt ...)
@@ -502,13 +502,13 @@ CVE-2026-0049 (In onHeaderDecoded of LocalImageResolver.java, there is a possibl
 CVE-2025-61166 (An open redirect in Ascertia SigningHub User v10.0 allows attackers to ...)
 	TODO: check
 CVE-2025-59440 (An issue was discovered in USIM in Samsung Mobile Processor, Wearable  ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-58349 (An issue was discovered in L2 in Samsung Mobile Processor, Wearable Pr ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-57835 (An issue was discovered in RRC in Samsung Mobile Processor, Wearable P ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54324 (An issue was discovered in NAS in Samsung Mobile Processor, Wearable P ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-48651 (StrongBox in Android before security patch level 2026-04-05 has a vuln ...)
 	NOT-FOR-US: Android
 CVE-2025-47400 (Cryptographic issue while copying data to a destination buffer without ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c426cceff19298e8511379a9d7749581e18487c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c426cceff19298e8511379a9d7749581e18487c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/a4d4aec2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list