[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 2 20:21:49 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
505227ca by Salvatore Bonaccorso at 2026-01-02T21:20:50+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2026-21446 (Bagisto is an open source laravel eCommerce platform. In versions on t ...)
-	TODO: check
+	NOT-FOR-US: Bagisto
 CVE-2026-21445 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
-	TODO: check
+	NOT-FOR-US: Langflow
 CVE-2026-21440 (AdonisJS is a TypeScript-first web framework. A Path Traversal vulnera ...)
-	TODO: check
+	NOT-FOR-US: AdonisJS
 CVE-2026-21433 (Emlog is an open source website building system. Versions up to and in ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2026-21432 (Emlog is an open source website building system. Version 2.5.23 has a  ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2026-21431 (Emlog is an open source website building system. Version 2.5.23 has a  ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2026-21430 (Emlog is an open source website building system. In version 2.5.23, ar ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2026-21429 (Emlog is an open source website building system. In version 2.5.23, th ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2026-0571 (A security flaw has been discovered in yeqifu warehouse up to aaf29962 ...)
-	TODO: check
+	NOT-FOR-US: yeqifu warehouse
 CVE-2026-0570 (A vulnerability was found in code-projects Online Music Site 1.0. This ...)
 	NOT-FOR-US: code-projects
 CVE-2026-0569 (A vulnerability has been found in code-projects Online Music Site 1.0. ...)
@@ -35,27 +35,27 @@ CVE-2026-0546 (A vulnerability was determined in code-projects Content Managemen
 CVE-2025-9110 (An exposure of sensitive system information to an unauthorized control ...)
 	NOT-FOR-US: QNAP
 CVE-2025-69417 (In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server (PMS)
 CVE-2025-69416 (In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server (PMS)
 CVE-2025-69415 (In Plex Media Server (PMS) through 1.42.2.10156, ability to access /my ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server (PMS)
 CVE-2025-69414 (Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a per ...)
-	TODO: check
+	NOT-FOR-US: Plex Media Server (PMS)
 CVE-2025-69284 (Plane is an an open-source project management tool. In plane.io, a gue ...)
-	TODO: check
+	NOT-FOR-US: Plane
 CVE-2025-67269 (An integer underflow vulnerability exists in the `nextstate()` functio ...)
 	TODO: check
 CVE-2025-67268 (gpsd before commit dc966aa contains a heap-based out-of-bounds write v ...)
 	TODO: check
 CVE-2025-67160 (An issue in Vatilon v1.12.37-20240124 allows attackers to access sensi ...)
-	TODO: check
+	NOT-FOR-US: Vatilon
 CVE-2025-67159 (Vatilon v1.12.37-20240124 was discovered to transmit user credentials  ...)
-	TODO: check
+	NOT-FOR-US: Vatilon
 CVE-2025-67158 (An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revote ...)
-	TODO: check
+	NOT-FOR-US: Revotech
 CVE-2025-65125 (SQL injection in gosaliajainam/online-movie-booking 5.5 in movie_detai ...)
-	TODO: check
+	NOT-FOR-US: gosaliajainam/online-movie-booking
 CVE-2025-62857 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
 	NOT-FOR-US: QNAP
 CVE-2025-62852 (A buffer overflow vulnerability has been reported to affect several QN ...)
@@ -121,7 +121,7 @@ CVE-2025-48721 (A buffer overflow vulnerability has been reported to affect seve
 CVE-2025-47208 (An allocation of resources without limits or throttling vulnerability  ...)
 	NOT-FOR-US: QNAP
 CVE-2025-45286 (A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17. ...)
-	TODO: check
+	NOT-FOR-US: mccutchen httpbin
 CVE-2025-44013 (A NULL pointer dereference vulnerability has been reported to affect s ...)
 	NOT-FOR-US: QNAP
 CVE-2025-35002
@@ -1343,7 +1343,7 @@ CVE-2025-34122
 CVE-2025-34094
 	REJECTED
 CVE-2025-15439 (A vulnerability was identified in Daptin 0.10.3. Affected by this vuln ...)
-	TODO: check
+	NOT-FOR-US: Daptin
 CVE-2025-15438 (A vulnerability was determined in PluXml up to 5.8.22. Affected is the ...)
 	TODO: check
 CVE-2025-15437 (A vulnerability was found in LigeroSmart up to 6.1.24. This affects an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/505227cab2d3a1fece0b4b58f04f8e2141caf760

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/505227cab2d3a1fece0b4b58f04f8e2141caf760
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260102/e6eaf1a5/attachment.htm>

More information about the debian-security-tracker-commits mailing list