[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 28 20:52:36 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c55efbf by Salvatore Bonaccorso at 2026-04-28T21:51:48+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20,11 +20,11 @@ CVE-2026-7320 (Information disclosure due to incorrect boundary conditions in th
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/#CVE-2026-7320
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/#CVE-2026-7320
 CVE-2026-7309 (A flaw was found in the OpenShift Container Platform build system. A u ...)
-	TODO: check
+	NOT-FOR-US: OpenShift Container Platform build system
 CVE-2026-7291 (A weakness has been identified in o2oa up to 10.0. This affects the fu ...)
-	TODO: check
+	NOT-FOR-US: O2OA
 CVE-2026-7290 (A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is t ...)
-	TODO: check
+	NOT-FOR-US: JeecgBoot
 CVE-2026-7289 (A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affect ...)
 	NOT-FOR-US: D-Link
 CVE-2026-7288 (A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnera ...)
@@ -36,13 +36,13 @@ CVE-2026-7282 (A vulnerability was identified in SourceCodester Pharmacy Sales a
 CVE-2026-7281 (A vulnerability was determined in SourceCodester Pharmacy Sales and In ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-7280 (AVACAST developed by eMPIA Technology has a Unquoted Service Path vuln ...)
-	TODO: check
+	NOT-FOR-US: AVACAST
 CVE-2026-7279 (AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: AVACAST
 CVE-2026-7272 (A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6 ...)
-	TODO: check
+	NOT-FOR-US: WilliamCloudQi matlab-mcp-server
 CVE-2026-7271 (A vulnerability was detected in DV0x creative-ad-agent up to 751b9e514 ...)
-	TODO: check
+	NOT-FOR-US: DV0x creative-ad-agent
 CVE-2026-7269 (A vulnerability was found in SourceCodester Pharmacy Sales and Invento ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-7268 (A vulnerability has been found in SourceCodester Pizzafy Ecommerce Sys ...)
@@ -72,9 +72,9 @@ CVE-2026-7240 (A vulnerability has been found in Totolink A8000RU 7.1cu.643_b202
 CVE-2026-7238 (A flaw has been found in code-projects Online Music Site 1.0. This aff ...)
 	NOT-FOR-US: code-projects
 CVE-2026-7237 (A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Aff ...)
-	TODO: check
+	NOT-FOR-US: AgiFlow scaffold-mcp
 CVE-2026-7235 (A security vulnerability has been detected in ErlichLiu claude-agent-s ...)
-	TODO: check
+	NOT-FOR-US: ErlichLiu claude-agent-sdk-master
 CVE-2026-6706 (Improper  access control in the vault documentation feature in Devolut ...)
 	NOT-FOR-US: Devolutions
 CVE-2026-6238 (The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the  ...)
@@ -82,13 +82,13 @@ CVE-2026-6238 (The deprecated functions ns_printrrf, ns_printrr and fp_nquery in
 CVE-2026-5944 (An improper access control vulnerability exists in the Cisco Intersigh ...)
 	TODO: check
 CVE-2026-5794 (A vulnerability affecting the detailed versions ofCryptobox allows a l ...)
-	TODO: check
+	NOT-FOR-US: Cryptobox
 CVE-2026-5781 (An authorization vulnerability in MphRx's Minerva V3.6.0, specifically ...)
-	TODO: check
+	NOT-FOR-US: MphRx Minerva
 CVE-2026-5780 (An insecure direct object reference (IDOR) vulnerability in MphRx's Mi ...)
-	TODO: check
+	NOT-FOR-US: MphRx Minerva
 CVE-2026-5779 (An insecure direct object reference (IDOR) vulnerability in MphRx's Mi ...)
-	TODO: check
+	NOT-FOR-US: MphRx Minerva
 CVE-2026-5435 (The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the  ...)
 	TODO: check
 CVE-2026-4911 (The Booking Package plugin for WordPress is vulnerable to Price Manipu ...)
@@ -302,9 +302,9 @@ CVE-2026-6725 (The WPC Smart Messages for WooCommerce plugin for WordPress is vu
 CVE-2026-6551 (The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5394 (An authenticated administrative user who can import or save DataObject ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2026-5362 (An authenticated attacker with permission to edit document content can ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2026-5306 (The Check & Log Email  WordPress plugin before 2.0.13 does not properl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-42510 (OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-defa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c55efbf1b3033cb8e4dbf901268be2cce76192b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c55efbf1b3033cb8e4dbf901268be2cce76192b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/2974fce6/attachment.htm>

More information about the debian-security-tracker-commits mailing list