[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Jan 8 21:27:48 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0dd6454a by Salvatore Bonaccorso at 2026-01-08T22:27:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-22587 (Ideagen DevonWay contains a stored cross site scripting vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: Ideagen DevonWay
 CVE-2026-22522 (Missing Authorization vulnerability in Munir Kamal Block Slider allows ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-22521 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -23,39 +23,39 @@ CVE-2026-22487 (Missing Authorization vulnerability in baqend Speed Kit allows E
 CVE-2026-22486 (Missing Authorization vulnerability in Hakob Re Gallery & Responsive P ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-22257 (Salvo is a Rust web backend framework. Prior to version 0.88.1, the fu ...)
-	TODO: check
+	NOT-FOR-US: Salvo
 CVE-2026-22256 (Salvo is a Rust web backend framework. Prior to version 0.88.1, the fu ...)
-	TODO: check
+	NOT-FOR-US: Salvo
 CVE-2026-22255 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-22253 (Soft Serve is a self-hostable Git server for the command line. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Soft Serve
 CVE-2026-22246 (Mastodon is a free, open-source social network server based on Activit ...)
-	TODO: check
+	- mastodon <itp> (bug #859741)
 CVE-2026-22245 (Mastodon is a free, open-source social network server based on Activit ...)
-	TODO: check
+	- mastodon <itp> (bug #859741)
 CVE-2026-22244 (OpenMetadata is a unified metadata platform. Versions prior to 1.11.4  ...)
-	TODO: check
+	NOT-FOR-US: OpenMetadata
 CVE-2026-22242 (CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4. ...)
-	TODO: check
+	NOT-FOR-US: CoreShop
 CVE-2026-22241 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
-	TODO: check
+	NOT-FOR-US: Open eClass platform
 CVE-2026-22235 (OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit  ...)
-	TODO: check
+	NOT-FOR-US: OPEXUS eComplaint
 CVE-2026-22234 (OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated a ...)
-	TODO: check
+	NOT-FOR-US: OPEXUS eCasePortal
 CVE-2026-22233 (OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript ...)
-	TODO: check
+	NOT-FOR-US: OPEXUS eCASE Audit
 CVE-2026-22232 (OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript ...)
-	TODO: check
+	NOT-FOR-US: OPEXUS eCASE Audit
 CVE-2026-22231 (OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript ...)
-	TODO: check
+	NOT-FOR-US: OPEXUS eCASE Audit
 CVE-2026-22230 (OPEXUS eCASE Audit allows an authenticated attacker to modify client-s ...)
-	TODO: check
+	NOT-FOR-US: OPEXUS eCASE Audit
 CVE-2026-22043 (RustFS is a distributed object storage system built in Rust. In versio ...)
-	TODO: check
+	NOT-FOR-US: RustFS
 CVE-2026-22042 (RustFS is a distributed object storage system built in Rust. Prior to  ...)
-	TODO: check
+	NOT-FOR-US: RustFS
 CVE-2026-22041 (Logging Redactor is a Python library designed to redact sensitive data ...)
 	TODO: check
 CVE-2026-22034 (Snuffleupagus is a module that raises the cost of attacks against webs ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dd6454aada69eb079e37acb28fa4d2a4ac6e399

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0dd6454aada69eb079e37acb28fa4d2a4ac6e399
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260108/782f0c52/attachment.htm>
