[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Feb 10 16:54:39 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b412efa7 by Moritz Muehlenhoff at 2026-02-10T17:54:20+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60,7 +60,7 @@ CVE-2026-25923 (my little forum is a PHP and MySQL based internet forum that dis
 CVE-2026-25920 (SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, ...)
 	NOT-FOR-US: SumatraPDF
 CVE-2026-25918 (unity-cli is a command line utility for the Unity Game Engine. Prior t ...)
-	TODO: check
+	NOT-FOR-US: unity-cli
 CVE-2026-25895 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
 	NOT-FOR-US: FUXA
 CVE-2026-25894 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...)
@@ -108,9 +108,9 @@ CVE-2026-25791 (Sliver is a command and control framework that uses a custom Wir
 CVE-2026-25765 (Faraday is an HTTP client library abstraction layer that provides a co ...)
 	TODO: check
 CVE-2026-25761 (Super-linter is a combination of multiple linters to run as a GitHub A ...)
-	TODO: check
+	NOT-FOR-US: super-linter
 CVE-2026-25740 (captive browser, a dedicated Chrome instance to log into captive porta ...)
-	TODO: check
+	NOT-FOR-US: captive browser
 CVE-2026-25639 (Axios is a promise based HTTP client for the browser and Node.js. Prio ...)
 	TODO: check
 CVE-2026-25528 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...)
@@ -239,7 +239,7 @@ CVE-2026-2224 (A vulnerability was detected in code-projects Online Reviewer Sys
 CVE-2026-2223 (A security vulnerability has been detected in code-projects Online Rev ...)
 	NOT-FOR-US: code-projects
 CVE-2026-25905 (The Python code being run by 'runPython' or 'runPythonAsync' is not is ...)
-	TODO: check
+	NOT-FOR-US: mcp-run-python
 CVE-2026-25904 (The Pydantic-AI MCP Run Python tool configures the Deno sandbox with a ...)
 	NOT-FOR-US: Pydantic-AI MCP Run Python tool
 CVE-2026-25848 (In JetBrains Hub before 2025.3.119807 authentication bypass allowing a ...)
@@ -310,7 +310,7 @@ CVE-2025-7432 (DPA countermeasures in Silicon Labs' Series 2 devices are not res
 CVE-2025-6830 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Xpoda Studio
 CVE-2025-66630 (Fiber is an Express inspired web framework written in Go. Before 2.52. ...)
-	TODO: check
+	NOT-FOR-US: gofiber
 CVE-2025-63354 (Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control  ...)
 	NOT-FOR-US: Hitron HI3120
 CVE-2026-1584



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b412efa74ac06cc0f79786192cb37ed94452a8a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b412efa74ac06cc0f79786192cb37ed94452a8a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260210/98cdec07/attachment.htm>

More information about the debian-security-tracker-commits mailing list