[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 11 08:26:32 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
badc88aa by Salvatore Bonaccorso at 2026-02-11T09:25:22+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,17 +17,17 @@ CVE-2026-26037
 CVE-2026-26036
 	REJECTED
 CVE-2026-26013 (LangChain is a framework for building agents and LLM-powered applicati ...)
-	TODO: check
+	NOT-FOR-US: LangChain
 CVE-2026-26007 (cryptography is a package designed to expose cryptographic primitives  ...)
 	- python-cryptography <unfixed>
 	NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
 	NOTE: Fixed by: https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c (46.0.5)
 CVE-2026-26006 (AutoGPT is a platform that allows users to create, deploy, and manage  ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2026-25872 (JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an un ...)
-	TODO: check
+	NOT-FOR-US: JUNG Smart Panel KNX firmware
 CVE-2026-25870 (DoraCMS version 3.1 and prior contains a server-side request forgery ( ...)
-	TODO: check
+	NOT-FOR-US: DoraCMS
 CVE-2026-25251
 	REJECTED
 CVE-2026-1893 (The Orbisius Random Name Generator plugin for WordPress is vulnerable  ...)
@@ -39,9 +39,9 @@ CVE-2026-1762 (A vulnerability in GE Vernova Enervista UR Setup on Windows allow
 CVE-2026-1571 (User-controlled input is reflected into the HTML output without proper ...)
 	NOT-FOR-US: TP-Link
 CVE-2026-1507 (The affected products are vulnerable to an uncaught exception that cou ...)
-	TODO: check
+	NOT-FOR-US: PI Data Archive PI Server
 CVE-2026-1495 (The vulnerability, if exploited, could allow an attacker with Event Lo ...)
-	TODO: check
+	NOT-FOR-US: AVEVA
 CVE-2026-1357 (The Migration, Backup, Staging \u2013 WPvivid Backup & Migration plugi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1235 (The WP eCommerce WordPress plugin through 3.15.1 unserializes user inp ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/badc88aa925c4690bc8c856a38e7edddc95c910d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/badc88aa925c4690bc8c856a38e7edddc95c910d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260211/518049fe/attachment.htm>

More information about the debian-security-tracker-commits mailing list