[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jan 14 08:43:05 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44b65125 by Moritz Muehlenhoff at 2026-01-14T09:42:39+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2026-23478 (Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7 ...)
-	TODO: check
+	NOT-FOR-US: Cal.com
 CVE-2026-22871 (GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2 ...)
-	TODO: check
+	NOT-FOR-US: GuardDog (different from the src:guarddog once package)
 CVE-2026-22870 (GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2 ...)
-	TODO: check
+	NOT-FOR-US: GuardDog (different from the src:guarddog once package)
 CVE-2026-22869 (Eigent is a multi-agent Workforce. A critical security vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Eigent
 CVE-2026-22868 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
 	TODO: check
 CVE-2026-22862 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
 	TODO: check
 CVE-2026-22861 (iccDEV provides a set of libraries and tools that allow for the intera ...)
-	TODO: check
+	NOT-FOR-US: iccDEV
 CVE-2026-22718 (The VSCode extension for Spring CLI are vulnerable to command injectio ...)
-	TODO: check
+	NOT-FOR-US: VSCode extension
 CVE-2026-22686 (Enclave is a secure JavaScript sandbox designed for safe AI agent code ...)
 	TODO: check
 CVE-2026-21308 (Substance3D - Designer versions 15.0.3 and earlier are affected by an  ...)
@@ -55,13 +55,13 @@ CVE-2026-0635 (The Responsive Accordion Slider plugin for WordPress is vulnerabl
 CVE-2026-0594 (The List Site Contributors plugin for WordPress is vulnerable to Refle ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-0543 (Improper Input Validation (CWE-20) in Kibana's Email Connector can all ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2026-0531 (Allocation of Resources Without Limits or Throttling (CWE-770) in Kiba ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2026-0530 (Allocation of Resources Without Limits or Throttling (CWE-770) in Kiba ...)
-	TODO: check
+	- kibana <itp> (bug #700337)
 CVE-2026-0528 (Improper Validation of Array Index (CWE-129) exists in Metricbeat can  ...)
-	TODO: check
+	NOT-FOR-US: Elastic Metricbeat
 CVE-2025-68970 (Permission verification bypass vulnerability in the media library modu ...)
 	NOT-FOR-US: Huawei
 CVE-2025-68969 (Multi-thread race condition vulnerability in the thermal management mo ...)
@@ -95,11 +95,11 @@ CVE-2025-68956 (Multi-thread race condition vulnerability in the card framework
 CVE-2025-68955 (Multi-thread race condition vulnerability in the card framework module ...)
 	NOT-FOR-US: Huawei
 CVE-2025-68947 (NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authentic ...)
-	TODO: check
+	NOT-FOR-US: NSecsoft NSecKrnl
 CVE-2025-68658 (Open Source Point of Sale (opensourcepos) is a web based point of sale ...)
-	TODO: check
+	NOT-FOR-US: Open Source Point of Sale
 CVE-2025-68492 (Chainlit versions prior to 2.8.5 contain an authorization bypass throu ...)
-	TODO: check
+	NOT-FOR-US: Chainlit
 CVE-2025-37186 (A local privilege-escalation vulnerability has been discovered in the  ...)
 	NOT-FOR-US: HPE
 CVE-2025-37179 (Multiple out-of-bounds read vulnerabilities were identified in a syste ...)
@@ -141,7 +141,7 @@ CVE-2025-15283 (The Name Directory plugin for WordPress is vulnerable to Stored
 CVE-2025-15266 (The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot and Le ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-15056 (A lack of data validation vulnerability in the HTML export feature in  ...)
-	TODO: check
+	NOT-FOR-US: Quill
 CVE-2025-15021 (The Gotham Block Extra Light plugin for WordPress is vulnerable to Sto ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-15020 (The Gotham Block Extra Light plugin for WordPress is vulnerable to Arb ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44b651252e6e90990c515175d68b3e93e9d6dd93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44b651252e6e90990c515175d68b3e93e9d6dd93
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260114/bb1dde77/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list