[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 7 12:44:57 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98282997 by Moritz Muehlenhoff at 2026-04-07T13:44:36+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,7 +51,7 @@ CVE-2026-35471 (goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3
 CVE-2026-35459 (pyLoad is a free and open-source download manager written in Python. I ...)
 	- pyload <itp> (bug #1001980)
 CVE-2026-35454 (The Code Extension Marketplace is an open-source alternative to the VS ...)
-	TODO: check
+	NOT-FOR-US: Code Extension Marketplace
 CVE-2026-35452 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
 	NOT-FOR-US: WWBN AVideo
 CVE-2026-35450 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
@@ -101,9 +101,9 @@ CVE-2026-35390 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mai
 CVE-2026-35389 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...)
 	NOT-FOR-US: Bulwark Webmail
 CVE-2026-35213 (@hapi/content provided HTTP Content-* headers parsing. All versions of ...)
-	TODO: check
+	NOT-FOR-US: hapi/content
 CVE-2026-35208 (lichess.org is the forever free, adless and open source chess server.  ...)
-	TODO: check
+	NOT-FOR-US: lichess.org
 CVE-2026-35203 (ZLMediaKit is a streaming media service framework. the VP9 RTP payload ...)
 	NOT-FOR-US: ZLMediaKit
 CVE-2026-35201 (Discount is an implementation of John Gruber's Markdown markup languag ...)
@@ -111,9 +111,9 @@ CVE-2026-35201 (Discount is an implementation of John Gruber's Markdown markup l
 CVE-2026-35200 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-35199 (SymCrypt is the core cryptographic function library currently used by  ...)
-	NOT-FOR-US: SymCrypt
+	NOT-FOR-US: Microsoft
 CVE-2026-35197 (dye is a portable and respectful color library for shell scripts. Prio ...)
-	TODO: check
+	NOT-FOR-US: dye
 CVE-2026-35187 (pyLoad is a free and open-source download manager written in Python. I ...)
 	- pyload <itp> (bug #1001980)
 CVE-2026-35185 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. P ...)
@@ -161,7 +161,7 @@ CVE-2026-1900 (The Link Whisper Free WordPress plugin before 0.9.1 has a publicl
 CVE-2026-1839 (A vulnerability in the HuggingFace Transformers library, specifically  ...)
 	TODO: check
 CVE-2026-1114 (In parisneo/lollms version 2.1.0, the application's session management ...)
-	TODO: check
+	NOT-FOR-US: lollms
 CVE-2026-0740 (The Ninja Forms - File Uploads plugin for WordPress is vulnerable to a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-65116 (Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager ...)
@@ -169,13 +169,13 @@ CVE-2025-65116 (Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - M
 CVE-2025-65115 (Remote Code Execution Vulnerabilityin JP1/IT Desktop Management 2 - Ma ...)
 	NOT-FOR-US: Hitachi
 CVE-2025-57834 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54602 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54601 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-54328 (An issue was discovered in SMS in Samsung Mobile Processor, Wearable P ...)
-	TODO: check
+	NOT-FOR-US: Samsung
 CVE-2025-15611 (The Popup Box  WordPress plugin before 5.5.0 does not properly validat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13044 (IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98282997a2163d32a674a79a765cc2d511499552

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98282997a2163d32a674a79a765cc2d511499552
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/eb320c8c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list