[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Apr 24 08:39:14 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8a1da24c by Moritz Muehlenhoff at 2026-04-24T09:19:37+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -89,7 +89,7 @@ CVE-2026-41333 (OpenClaw before 2026.3.31 contains an authentication rate limiti
CVE-2026-41332 (OpenClaw before 2026.3.28 contains an environment variable sanitizatio ...)
NOT-FOR-US: OpenClaw
CVE-2026-41325 (Kirby is an open-source content management system. Kirby's user permis ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-41324 (basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vu ...)
TODO: check
CVE-2026-41323 (Kyverno is a policy engine designed for cloud native platform engineer ...)
@@ -97,9 +97,9 @@ CVE-2026-41323 (Kyverno is a policy engine designed for cloud native platform en
CVE-2026-41319 (MailKit is a cross-platform mail client library built on top of MimeKi ...)
TODO: check
CVE-2026-41318 (AnythingLLM is an application that turns pieces of content into contex ...)
- TODO: check
+ NOT-FOR-US: AnythingLLM
CVE-2026-41317 (Press, a Frappe custom app that runs Frappe Cloud, manages infrastruct ...)
- TODO: check
+ NOT-FOR-US: Press (Frapp app)
CVE-2026-41316 (ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was ...)
TODO: check
CVE-2026-41309 (Open Source Social Network (OSSN) is open-source social networking sof ...)
@@ -107,55 +107,55 @@ CVE-2026-41309 (Open Source Social Network (OSSN) is open-source social networki
CVE-2026-41305 (PostCSS takes a CSS file and provides an API to analyze and modify its ...)
TODO: check
CVE-2026-41279 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41278 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41277 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41276 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41275 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41274 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41273 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41272 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41271 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41270 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41269 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41268 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41267 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41266 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41265 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41264 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41138 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41137 (Flowise is a drag & drop user interface to build a customized large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-41068 (Kyverno is a policy engine designed for cloud native platform engineer ...)
- TODO: check
+ NOT-FOR-US: Kyverno
CVE-2026-40630 (A vulnerability in SenseLive X3050\u2019s web management interface a ...)
- TODO: check
+ NOT-FOR-US: SenseLive
CVE-2026-40623 (A vulnerability inSenseLiveX3050's web management interface allows cri ...)
- TODO: check
+ NOT-FOR-US: SenseLive
CVE-2026-40620 (A vulnerability inSenseLiveX3050\u2019s embedded management service al ...)
- TODO: check
+ NOT-FOR-US: SenseLive
CVE-2026-40431 (A vulnerability exists inSenseLiveX3050\u2019s web management interfac ...)
TODO: check
CVE-2026-40254 (FreeRDP is a free implementation of the Remote Desktop Protocol. Versi ...)
TODO: check
CVE-2026-40099 (Kirby is an open-source content management system. Kirby's user permis ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-39462 (A vulnerability exists inSenseLive X3050\u2019s web management interfa ...)
TODO: check
CVE-2026-35503 (A vulnerability inSenseLive X3050\u2019s web management interface allo ...)
@@ -165,7 +165,7 @@ CVE-2026-35431 (Server-side request forgery (ssrf) in Microsoft Entra ID Entitle
CVE-2026-35064 (A vulnerability inSenseLiveX3050\u2019s management ecosystem allows un ...)
TODO: check
CVE-2026-34587 (Kirby is an open-source content management system. Prior to versions 4 ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-33819 (Deserialization of untrusted data in Microsoft Bing allows an unauthor ...)
NOT-FOR-US: Microsoft
CVE-2026-33318 (Actual is a local-first personal finance tool. Prior to version 26.4.0 ...)
@@ -185,19 +185,19 @@ CVE-2026-33076 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache a
CVE-2026-32952 (go-ntlmssp is a Go package that provides NTLM/Negotiate authentication ...)
TODO: check
CVE-2026-32870 (Kirby is an open-source content management system. Kirby's `Xml::value ...)
- TODO: check
+ NOT-FOR-US: Kirby CMS
CVE-2026-32210 (Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) ...)
NOT-FOR-US: Microsoft
CVE-2026-32172 (Uncontrolled search path element in Microsoft Power Apps allows an una ...)
NOT-FOR-US: Microsoft
CVE-2026-31956 (Xibo is an open source digital signage platform with a web content man ...)
- TODO: check
+ NOT-FOR-US: Xibo
CVE-2026-31955 (Xibo is an open source digital signage platform with a web content man ...)
- TODO: check
+ NOT-FOR-US: Xibo
CVE-2026-31953 (Xibo is an open source digital signage platform with a web content man ...)
- TODO: check
+ NOT-FOR-US: Xibo
CVE-2026-31952 (Xibo is an open source digital signage platform with a web content man ...)
- TODO: check
+ NOT-FOR-US: Xibo
CVE-2026-2028 (The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary ...)
NOT-FOR-US: WordPress plugin
CVE-2026-29197 (In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, ...)
@@ -219,9 +219,9 @@ CVE-2026-26150 (Server-side request forgery (ssrf) in Microsoft Purview allows a
CVE-2026-25874 (LeRobot through 0.5.1 contains an unsafe deserialization vulnerability ...)
TODO: check
CVE-2026-25775 (A vulnerability inSenseLiveX3050\u2019s remote management service allo ...)
- TODO: check
+ NOT-FOR-US: SenseLive
CVE-2026-25720 (A vulnerability exists inSenseLive X3050\u2019s web management interf ...)
- TODO: check
+ NOT-FOR-US: SenseLive
CVE-2026-24303 (Improper access control in Microsoft Partner Center allows an authoriz ...)
NOT-FOR-US: Microsoft
CVE-2026-1952 (Delta Electronics AS320T has denial of service via the undocumented su ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a1da24c42153c76b7784f2576bb5f781bdc45df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a1da24c42153c76b7784f2576bb5f781bdc45df
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260424/0e16411c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list