[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Feb 12 10:26:11 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea7b815e by Moritz Muehlenhoff at 2026-02-12T11:25:47+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-26235 (JUNG Smart Visu Server 1.1.1050 contains a denial of service vul
 CVE-2026-26234 (JUNG Smart Visu Server 1.1.1050 contains a request header manipulation ...)
 	NOT-FOR-US: JUNG Smart Visu Server
 CVE-2026-26215 (manga-image-translator versionbeta-0.3 and prior in shared API mode co ...)
-	TODO: check
+	NOT-FOR-US: manga-image-translator
 CVE-2026-26158 (A flaw was found in BusyBox. This vulnerability allows an attacker to  ...)
 	- busybox <unfixed>
 	NOTE: https://git.busybox.net/busybox/commit/?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb
@@ -31,37 +31,37 @@ CVE-2026-26086
 CVE-2026-26085
 	REJECTED
 CVE-2026-26031 (Frappe Learning Management System (LMS) is a learning system that help ...)
-	TODO: check
+	NOT-FOR-US: Frappe Learning Management System (LMS)
 CVE-2026-26029 (sf-mcp-server is an implementation of Salesforce MCP server for Claude ...)
-	TODO: check
+	NOT-FOR-US: sf-mcp-serverFrappe Learning Management System (LMS)
 CVE-2026-26023 (Dify is an open-source LLM app development platform. Prior to 1.13.0,  ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2026-26021 (set-in provides the set value of nested associative structure given ar ...)
 	TODO: check
 CVE-2026-26019 (LangChain is a framework for building LLM-powered applications. Prior  ...)
-	TODO: check
+	NOT-FOR-US: LangChain
 CVE-2026-26014 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...)
 	TODO: check
 CVE-2026-26012 (vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
-	TODO: check
+	- vaultwarden <itp> (bug #1067023)
 CVE-2026-26010 (OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls is ...)
-	TODO: check
+	NOT-FOR-US: OpenMetadata
 CVE-2026-25999 (Klaw is a self-service Apache Kafka Topic Management/Governance tool/p ...)
-	TODO: check
+	NOT-FOR-US: Klaw
 CVE-2026-25994 (PJSIP is a free and open source multimedia communication library writt ...)
 	TODO: check
 CVE-2026-25935 (Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanc ...)
-	TODO: check
+	NOT-FOR-US: Vikunja
 CVE-2026-25924 (Kanboard is project management software focused on Kanban methodology. ...)
 	TODO: check
 CVE-2026-25759 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
-	TODO: check
+	NOT-FOR-US: Statmatic
 CVE-2026-25676 (The installer of M-Track Duo HD version 1.0.0 contains an issue with t ...)
-	TODO: check
+	NOT-FOR-US: M-Track Duo HD
 CVE-2026-25633 (Statamic is a, Laravel + Git powered CMS designed for building website ...)
-	TODO: check
+	NOT-FOR-US: Statmatic
 CVE-2026-25062 (Outline is a service that allows for collaborative documentation. Prio ...)
-	TODO: check
+	NOT-FOR-US: Outline
 CVE-2026-23857 (Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.0 ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-23856 (Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1 ...)
@@ -197,19 +197,19 @@ CVE-2026-20601 (A permissions issue was addressed with additional restrictions.
 CVE-2026-1729 (The AdForest theme for WordPress is vulnerable to authentication bypas ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1669 (Arbitrary file read in the model loading mechanism (HDF5 integration)  ...)
-	TODO: check
+	- keras <removed>
 CVE-2026-1537 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-0969 (The serialize function used to compile MDX in next-mdx-remote is vulne ...)
-	TODO: check
+	NOT-FOR-US: next-mdx-remote
 CVE-2025-68663 (Outline is a service that allows for collaborative documentation. Prio ...)
-	TODO: check
+	NOT-FOR-US: Outline
 CVE-2025-67135 (Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25. ...)
-	TODO: check
+	NOT-FOR-US: PGST PG107 Alarm System
 CVE-2025-64487 (Outline is a service that allows for collaborative documentation. Prio ...)
-	TODO: check
+	NOT-FOR-US: Outline
 CVE-2025-64074 (A path-traversal vulnerability in the logout functionality of Shenzhen ...)
-	TODO: check
+	NOT-FOR-US: Shenzhen Zhibotong Electronics ZBT WE2001
 CVE-2025-46310 (This issue was addressed through improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2025-46305 (The issue was addressed with improved bounds checks. This issue is fix ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea7b815e25f7feaa51c53c043901d5db5fb8652d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea7b815e25f7feaa51c53c043901d5db5fb8652d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260212/eed498f7/attachment.htm>

More information about the debian-security-tracker-commits mailing list