[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 25 08:35:16 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b2bdb00 by Salvatore Bonaccorso at 2026-02-25T09:34:54+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2026-3166 (A vulnerability was identified in Tenda F453 1.0.0.3. The affecte
 CVE-2026-3165 (A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the  ...)
 	NOT-FOR-US: Tenda
 CVE-2026-3164 (A vulnerability was found in itsourcecode News Portal Project 1.0. Thi ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode News Portal Project
 CVE-2026-3163 (A vulnerability has been found in SourceCodester Website Link Extracto ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-3153 (A vulnerability has been found in itsourcecode Document Management Sys ...)
@@ -37,9 +37,9 @@ CVE-2026-3145 (A flaw has been found in libvips up to 8.18.0. The affected eleme
 CVE-2026-3137 (A security vulnerability has been detected in CodeAstro Food Ordering  ...)
 	NOT-FOR-US: CodeAstro
 CVE-2026-3135 (A weakness has been identified in itsourcecode News Portal Project 1.0 ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode News Portal Project
 CVE-2026-3134 (A security flaw has been discovered in itsourcecode News Portal Projec ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode News Portal Project
 CVE-2026-3133 (A vulnerability has been found in itsourcecode Document Management Sys ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-3100 (The FTP Backup on the ADM will not properly strictly enforce TLS certi ...)
@@ -47,7 +47,7 @@ CVE-2026-3100 (The FTP Backup on the ADM will not properly strictly enforce TLS
 CVE-2026-2914 (CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower a ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2026-27822 (RustFS is a distributed object storage system built in Rust. Prior to  ...)
-	TODO: check
+	NOT-FOR-US: RustFS
 CVE-2026-27747 (The SPIP interface_traduction_objets plugin versions prior to4.3.3 con ...)
 	TODO: check
 CVE-2026-27746 (The SPIP jeux plugin versions prior to4.1.1 contain a reflected cross- ...)
@@ -59,69 +59,69 @@ CVE-2026-27744 (The SPIP tickets plugin versions prior to4.3.3 contain an unauth
 CVE-2026-27743 (The SPIP referer_spam plugin versions prior to1.3.0 contain an unauthe ...)
 	TODO: check
 CVE-2026-27696 (changedetection.io is a free open source web page change detection too ...)
-	TODO: check
+	NOT-FOR-US: changedetection.io
 CVE-2026-27645 (changedetection.io is a free open source web page change detection too ...)
-	TODO: check
+	NOT-FOR-US: changedetection.io
 CVE-2026-27641 (Flask-Reuploaded provides file uploads for Flask. A critical path trav ...)
 	TODO: check
 CVE-2026-27640 (tfplan2md is software for converting Terraform plan JSON files into hu ...)
 	TODO: check
 CVE-2026-27639 (Mercator is an open source web application designed to enable mapping  ...)
-	TODO: check
+	NOT-FOR-US: Mercator
 CVE-2026-27637 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2026-27636 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2026-27632 (Talishar is a fan-made Flesh and Blood project. Prior to commit 6be387 ...)
-	TODO: check
+	NOT-FOR-US: Talishar
 CVE-2026-27629 (InvenTree is an Open Source Inventory Management System. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: InvenTree
 CVE-2026-27628 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
 	TODO: check
 CVE-2026-27627 (Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, ...)
-	TODO: check
+	NOT-FOR-US: Karakeep
 CVE-2026-27626 (OliveTin gives access to predefined shell commands from a web interfac ...)
-	TODO: check
+	NOT-FOR-US: OliveTin
 CVE-2026-27621 (TypiCMS is a multilingual content management system based on the Larav ...)
-	TODO: check
+	NOT-FOR-US: TypiCMS
 CVE-2026-27615 (ADB Explorer is a fluent UI for ADB on Windows. In versions prior to B ...)
-	TODO: check
+	NOT-FOR-US: ADB Explorer
 CVE-2026-27614 (Bugsink is a self-hosted error tracking tool. In versions prior to 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Bugsink
 CVE-2026-27612 (Repostat is a React component to fetch and display GitHub repository i ...)
-	TODO: check
+	NOT-FOR-US: Repostat
 CVE-2026-27611 (FileBrowser Quantum is a free, self-hosted, web-based file manager. Pr ...)
-	TODO: check
+	NOT-FOR-US: FileBrowser Quantum
 CVE-2026-27610 (Parse Dashboard is a standalone dashboard for managing Parse Server ap ...)
-	TODO: check
+	NOT-FOR-US: Parse Dashboard
 CVE-2026-27609 (Parse Dashboard is a standalone dashboard for managing Parse Server ap ...)
-	TODO: check
+	NOT-FOR-US: Parse Dashboard
 CVE-2026-27608 (Parse Dashboard is a standalone dashboard for managing Parse Server ap ...)
-	TODO: check
+	NOT-FOR-US: Parse Dashboard
 CVE-2026-27607 (RustFS is a distributed object storage system built in Rust. In versio ...)
-	TODO: check
+	NOT-FOR-US: RustFS
 CVE-2026-27606 (Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3 ...)
 	TODO: check
 CVE-2026-27598 (Dagu is a workflow engine with a built-in Web user interface. In versi ...)
-	TODO: check
+	NOT-FOR-US: Dagu
 CVE-2026-27597 (Enclave is a secure JavaScript sandbox designed for safe AI agent code ...)
 	TODO: check
 CVE-2026-27595 (Parse Dashboard is a standalone dashboard for managing Parse Server ap ...)
-	TODO: check
+	NOT-FOR-US: Parse Dashboard
 CVE-2026-27593 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
-	TODO: check
+	NOT-FOR-US: Statmatic CMS
 CVE-2026-27117 (bit7z is a cross-platform C++ static library that allows the compressi ...)
-	TODO: check
+	NOT-FOR-US: bit7z
 CVE-2026-26351 (GetSimpleCMS Community Edition (CE) version 3.3.16 contains a stored c ...)
-	TODO: check
+	NOT-FOR-US: GetSimpleCMS
 CVE-2026-25899 (Fiber is an Express inspired web framework written in Go. In versions  ...)
-	TODO: check
+	NOT-FOR-US: Fiber
 CVE-2026-25891 (Fiber is an Express inspired web framework written in Go. A Path Trave ...)
-	TODO: check
+	NOT-FOR-US: Fiber
 CVE-2026-25882 (Fiber is an Express inspired web framework written in Go. A denial of  ...)
-	TODO: check
+	NOT-FOR-US: Fiber
 CVE-2026-25785 (Path traversal vulnerability exists in Lanscope Endpoint Manager (On-P ...)
-	TODO: check
+	NOT-FOR-US: Lanscope Endpoint Manager Sub-Manager Server
 CVE-2026-25135 (OpenEMR is a free and open source electronic health records and medica ...)
 	NOT-FOR-US: OpenEMR
 CVE-2026-25131 (OpenEMR is a free and open source electronic health records and medica ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2bdb0026e040ee0dde639d9ea09b591a776533

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2bdb0026e040ee0dde639d9ea09b591a776533
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260225/cc49dae5/attachment.htm>

More information about the debian-security-tracker-commits mailing list