[Git][security-tracker-team/security-tracker][master] Process more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 10 08:39:14 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
824f860d by Salvatore Bonaccorso at 2026-02-10T09:38:54+01:00
Process more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2026-2260 (A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affect ...)
 	NOT-FOR-US: D-Link
 CVE-2026-2259 (A vulnerability has been found in aardappel lobster up to 2025.4. Affe ...)
-	TODO: check
+	NOT-FOR-US: aardappel lobster
 CVE-2026-2258 (A flaw has been found in aardappel lobster up to 2025.4. Affected by t ...)
-	TODO: check
+	NOT-FOR-US: aardappel lobster
 CVE-2026-2099 (AgentFlow developed by Flowring has a Stored Cross-Site Scripting vuln ...)
-	TODO: check
+	NOT-FOR-US: AgentFlow
 CVE-2026-2098 (AgentFlow developed by Flowring has a Reflected Cross-site Scripting v ...)
-	TODO: check
+	NOT-FOR-US: AgentFlow
 CVE-2026-2097 (Agentflow developed by Flowring has an Arbitrary File Upload vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: AgentFlow
 CVE-2026-2096 (Agentflow developed by Flowring has a Missing Authentication vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: AgentFlow
 CVE-2026-2095 (Agentflow developed by Flowring has an Authentication Bypass vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: AgentFlow
 CVE-2026-2094 (Docpedia developed by Flowring has a SQL Injection vulnerability, allo ...)
-	TODO: check
+	NOT-FOR-US: Docpedia
 CVE-2026-2093 (Docpedia developed by Flowring has a SQL Injection vulnerability, allo ...)
-	TODO: check
+	NOT-FOR-US: Docpedia
 CVE-2026-25981
 	REJECTED
 CVE-2026-25980
@@ -39,9 +39,9 @@ CVE-2026-25973
 CVE-2026-25961 (SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5. ...)
 	NOT-FOR-US: SumatraPDF
 CVE-2026-25958 (Cube is a semantic layer for building data applications. From 0.27.19  ...)
-	TODO: check
+	NOT-FOR-US: Cube
 CVE-2026-25957 (Cube is a semantic layer for building data applications. From 1.1.17 t ...)
-	TODO: check
+	NOT-FOR-US: Cube
 CVE-2026-25951 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
 	NOT-FOR-US: FUXA
 CVE-2026-25939 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
@@ -61,49 +61,49 @@ CVE-2026-25920 (SumatraPDF is a multi-format reader for Windows. In 3.5.2 and ea
 CVE-2026-25918 (unity-cli is a command line utility for the Unity Game Engine. Prior t ...)
 	TODO: check
 CVE-2026-25895 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
-	TODO: check
+	NOT-FOR-US: FUXA
 CVE-2026-25894 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
-	TODO: check
+	NOT-FOR-US: FUXA
 CVE-2026-25893 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
-	TODO: check
+	NOT-FOR-US: FUXA
 CVE-2026-25892 (Adminer is open-source database management software. Adminer v5.4.1 an ...)
 	TODO: check
 CVE-2026-25890 (File Browser provides a file managing interface within a specified dir ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-25889 (File Browser provides a file managing interface within a specified dir ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-25885 (PolarLearn is a free and open-source learning program. In 0-PRERELEASE ...)
-	TODO: check
+	NOT-FOR-US: PolarLearn
 CVE-2026-25881 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandb ...)
-	TODO: check
+	NOT-FOR-US: SandboxJS Node module
 CVE-2026-25880 (SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, ...)
-	TODO: check
+	NOT-FOR-US: SumatraPDF
 CVE-2026-25878 (FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2 ...)
-	TODO: check
+	NOT-FOR-US: FroshAdminer
 CVE-2026-25876 (PlaciPy is a placement management system designed for educational inst ...)
-	TODO: check
+	NOT-FOR-US: PlaciPy
 CVE-2026-25875 (PlaciPy is a placement management system designed for educational inst ...)
-	TODO: check
+	NOT-FOR-US: PlaciPy
 CVE-2026-25814 (PlaciPy is a placement management system designed for educational inst ...)
-	TODO: check
+	NOT-FOR-US: PlaciPy
 CVE-2026-25813 (PlaciPy is a placement management system designed for educational inst ...)
-	TODO: check
+	NOT-FOR-US: PlaciPy
 CVE-2026-25812 (PlaciPy is a placement management system designed for educational inst ...)
-	TODO: check
+	NOT-FOR-US: PlaciPy
 CVE-2026-25811 (PlaciPy is a placement management system designed for educational inst ...)
-	TODO: check
+	NOT-FOR-US: PlaciPy
 CVE-2026-25810 (PlaciPy is a placement management system designed for educational inst ...)
-	TODO: check
+	NOT-FOR-US: PlaciPy
 CVE-2026-25809 (PlaciPy is a placement management system designed for educational inst ...)
-	TODO: check
+	NOT-FOR-US: PlaciPy
 CVE-2026-25808 (Hollo is a federated single-user microblogging software designed to be ...)
-	TODO: check
+	NOT-FOR-US: Hollo
 CVE-2026-25807 (ZAI Shell is an autonomous SysOps agent designed to navigate, repair,  ...)
-	TODO: check
+	NOT-FOR-US: ZAI Shell
 CVE-2026-25806 (PlaciPy is a placement management system designed for educational inst ...)
-	TODO: check
+	NOT-FOR-US: PlaciPy
 CVE-2026-25791 (Sliver is a command and control framework that uses a custom Wireguard ...)
-	TODO: check
+	NOT-FOR-US: Sliver
 CVE-2026-25765 (Faraday is an HTTP client library abstraction layer that provides a co ...)
 	TODO: check
 CVE-2026-25761 (Super-linter is a combination of multiple linters to run as a GitHub A ...)
@@ -113,7 +113,7 @@ CVE-2026-25740 (captive browser, a dedicated Chrome instance to log into captive
 CVE-2026-25639 (Axios is a promise based HTTP client for the browser and Node.js. Prio ...)
 	TODO: check
 CVE-2026-25528 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...)
-	TODO: check
+	NOT-FOR-US: LangSmith Client SDK
 CVE-2026-24328 (SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticate ...)
 	NOT-FOR-US: SAP
 CVE-2026-24327 (Due to missing authorization check in SAP Strategic Enterprise Managem ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/824f860d04e09e942da4468ed1dcd9a8d49006cd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/824f860d04e09e942da4468ed1dcd9a8d49006cd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260210/fde497d8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list