[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 23 08:37:34 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2ef2269a by Salvatore Bonaccorso at 2026-04-23T09:36:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2026-6878 (A vulnerability was identified in ByteDance verl up to 0.7.0. Affected ...)
- TODO: check
+ NOT-FOR-US: ByteDance verl
CVE-2026-6874 (A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. Th ...)
- TODO: check
+ NOT-FOR-US: ericc-ch copilot-api
CVE-2026-6019 (http.cookies.Morsel.js_output() returns an inline <script> snippet and ...)
TODO: check
CVE-2026-5935 (IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9 ...)
@@ -23,7 +23,7 @@ CVE-2026-4049
CVE-2026-41988 (uuid before 14.0.0 can make unexpected writes when external output buf ...)
TODO: check
CVE-2026-41679 (Paperclip is a Node.js server and React UI that orchestrates a team of ...)
- TODO: check
+ NOT-FOR-US: Paperclip Node.js module
CVE-2026-41455 (WeKan before8.35 contains a server-side request forgery vulnerability ...)
TODO: check
CVE-2026-41454 (WeKan before8.35 contains a missing authorization vulnerability in the ...)
@@ -35,7 +35,7 @@ CVE-2026-41313 (pypdf is a free and open-source pure-python PDF library. An atta
CVE-2026-41312 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
TODO: check
CVE-2026-41243 (OpenLearn is open-source educational forum software. Prior to commit 8 ...)
- TODO: check
+ NOT-FOR-US: OpenLearn
CVE-2026-41233 (Froxlor is open source server administration software. Prior to versio ...)
TODO: check
CVE-2026-41232 (Froxlor is open source server administration software. Prior to versio ...)
@@ -51,19 +51,19 @@ CVE-2026-41228 (Froxlor is open source server administration software. Prior to
CVE-2026-41211 (Vite+ is a unified toolchain and entry point for web development. Prio ...)
TODO: check
CVE-2026-41208 (Paperclip is a Node.js server and React UI that orchestrates a team of ...)
- TODO: check
+ NOT-FOR-US: Paperclip Node.js module
CVE-2026-41206 (PySpector is a static analysis security testing (SAST) Framework engin ...)
- TODO: check
+ NOT-FOR-US: PySpector
CVE-2026-41200 (STIG Manager is an API and web client for managing Security Technical ...)
- TODO: check
+ NOT-FOR-US: STIG Manager
CVE-2026-41197 (Noir is a Domain Specific Language for SNARK proving systems that is d ...)
TODO: check
CVE-2026-41196 (Luanti (formerly Minetest) is an open source voxel game-creation platf ...)
TODO: check
CVE-2026-41182 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...)
- TODO: check
+ NOT-FOR-US: LangSmith
CVE-2026-41180 (PsiTransfer is an open source, self-hosted file sharing solution. Prio ...)
- TODO: check
+ NOT-FOR-US: PsiTransfer
CVE-2026-41179 (Rclone is a command-line program to sync files and directories to and ...)
TODO: check
CVE-2026-41177 (Squidex is an open source headless content management system and conte ...)
@@ -71,7 +71,7 @@ CVE-2026-41177 (Squidex is an open source headless content management system and
CVE-2026-41176 (Rclone is a command-line program to sync files and directories to and ...)
TODO: check
CVE-2026-41175 (Statamic is a Laravel and Git powered content management system (CMS). ...)
- TODO: check
+ NOT-FOR-US: Statamic CMS
CVE-2026-41172 (Squidex is an open source headless content management system and conte ...)
TODO: check
CVE-2026-41171 (Squidex is an open source headless content management system and conte ...)
@@ -83,21 +83,21 @@ CVE-2026-41168 (pypdf is a free and open-source pure-python PDF library. An atta
CVE-2026-41167 (Jellystat is a free and open source Statistics App for Jellyfin. Prior ...)
TODO: check
CVE-2026-41166 (OpenRemote is an open-source internet-of-things platform. Prior to ver ...)
- TODO: check
+ NOT-FOR-US: OpenRemote
CVE-2026-41134 (Kiota is an OpenAPI based HTTP Client code generator. Versions prior t ...)
TODO: check
CVE-2026-41040 (GROWI provided by GROWI, Inc. is vulnerable to a regular expression de ...)
- TODO: check
+ NOT-FOR-US: GROWI
CVE-2026-40937 (RustFS is a distributed object storage system built in Rust. Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-40882 (OpenRemote is an open-source internet-of-things platform. Prior to ver ...)
- TODO: check
+ NOT-FOR-US: OpenRemote
CVE-2026-40529 (CMS ALAYA provided by KANATA Limited contains an SQL injection vulnera ...)
- TODO: check
+ NOT-FOR-US: CMS ALAYA
CVE-2026-40517 (radare2 prior to 6.1.4 contains a command injection vulnerability in t ...)
TODO: check
CVE-2026-40062 (A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earl ...)
- TODO: check
+ NOT-FOR-US: Ziostation2
CVE-2026-3844 (The Breeze Cache plugin for WordPress is vulnerable to arbitrary file ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3837 (An authenticated attacker can persist crafted values in multiple field ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef2269a845992326e23f60f5cee86d088e96920
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ef2269a845992326e23f60f5cee86d088e96920
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260423/fc4d2401/attachment.htm>
More information about the debian-security-tracker-commits
mailing list