[Git][security-tracker-team/security-tracker][master] Process some new NFUs

Fri Jan 30 09:20:00 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
61f2ed24 by Salvatore Bonaccorso at 2026-01-30T10:19:50+01:00
Process some new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2026-25211 (Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgve ...)
-	TODO: check
+	NOT-FOR-US: Llama Stack (aka llama-stack)
 CVE-2026-25126 (PolarLearn is a free and open-source learning program. Prior to versio ...)
-	TODO: check
+	NOT-FOR-US: PolarLearn
 CVE-2026-25117 (pwn.college DOJO is an education platform for learning cybersecurity.  ...)
-	TODO: check
+	NOT-FOR-US: pwn.college DOJO
 CVE-2026-25116 (Runtipi is a personal homeserver orchestrator. Starting in version 4.5 ...)
-	TODO: check
+	NOT-FOR-US: Runtipi
 CVE-2026-25097
 	REJECTED
 CVE-2026-25096
@@ -27,25 +27,25 @@ CVE-2026-25063 (gradle-completion provides Bash and Zsh completion support for G
 CVE-2026-25061 (tcpflow is a TCP/IP packet demultiplexer. In versions up to and includ ...)
 	TODO: check
 CVE-2026-25047 (deepHas provides a test for the existence of a nested object key and o ...)
-	TODO: check
+	NOT-FOR-US: deepHas
 CVE-2026-25046 (Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi C ...)
-	TODO: check
+	NOT-FOR-US: Kimi Agent SDK
 CVE-2026-25040 (Budibase is a low code platform for creating internal tools, workflows ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-24905 (Inspektor Gadget is a set of tools and framework for data collection a ...)
 	TODO: check
 CVE-2026-24904 (TrustTunnel is an open-source VPN protocol with a rule bypass issue in ...)
-	TODO: check
+	NOT-FOR-US: TrustTunnel
 CVE-2026-24902 (TrustTunnel is an open-source VPN protocol with a server-side request  ...)
-	TODO: check
+	NOT-FOR-US: TrustTunnel
 CVE-2026-24846 (malcontent discovers supply-chain compromises through. context, differ ...)
 	TODO: check
 CVE-2026-24845 (malcontent discovers supply-chain compromises through. context, differ ...)
 	TODO: check
 CVE-2026-24729 (An unrestricted upload of file with dangerous type vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: Interinfo DreamMaker
 CVE-2026-24728 (A missing authentication for critical function vulnerability in the /s ...)
-	TODO: check
+	NOT-FOR-US: Interinfo DreamMaker
 CVE-2026-24714 (Some end of service NETGEAR products provide "TelnetEnable" functional ...)
 	NOT-FOR-US: Netgear
 CVE-2026-1680 (Improper access control in the WCF endpoint in Edgemo (now owned by Da ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f2ed2427b75466e0fcb51f4a35a935f67b2fd7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61f2ed2427b75466e0fcb51f4a35a935f67b2fd7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260130/5f161c3b/attachment.htm>
