[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 9 08:42:28 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73c5f93b by Salvatore Bonaccorso at 2026-06-09T09:42:08+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -49,7 +49,7 @@ CVE-2026-47345 (Namespace attributes are not encoded correctly during HTML seria
 CVE-2026-47344 (When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing ta ...)
 	NOT-FOR-US: TYPO3 (core or extensions)
 CVE-2026-46484 (Headplane is a feature-complete Web UI for Headscale. Prior to version ...)
-	TODO: check
+	NOT-FOR-US: Headplane Web UI for Headscale
 CVE-2026-44757 (SAP Wily Introscope Enterprise Manager allows an unauthenticated attac ...)
 	NOT-FOR-US: SAP
 CVE-2026-44755 (SAP Business Objects Business Intelligence Platform does not sufficien ...)
@@ -69,7 +69,7 @@ CVE-2026-44744 (SAP S/4HANA(On-Premise) contains SQL injection vulnerability in
 CVE-2026-44743 (Under certain conditions, when an unauthorized attacker accesses a spe ...)
 	NOT-FOR-US: SAP
 CVE-2026-44541 (Fides is an open-source privacy engineering platform. From version 2.3 ...)
-	TODO: check
+	NOT-FOR-US: Fides
 CVE-2026-41980 (Permission control vulnerability in the file preview module.Impact: Su ...)
 	NOT-FOR-US: Huawei
 CVE-2026-41979 (Permission control vulnerability in the print module.Impact: Successfu ...)
@@ -131,7 +131,7 @@ CVE-2026-40984 (In Micrometer, it is possible for a user to provide specially cr
 CVE-2026-40983 (In Micrometer, it is possible for a user to provide specially crafted  ...)
 	TODO: check
 CVE-2026-40519 (Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5 ...)
-	TODO: check
+	NOT-FOR-US: Nginx Proxy Manager
 CVE-2026-40128 (SAP NetWeaver Application Server Java (Web Container) allows an unauth ...)
 	NOT-FOR-US: SAP
 CVE-2026-27671 (Due to improper RFC protocol validation in the SAP Kernel used by the  ...)
@@ -144,7 +144,7 @@ CVE-2026-11623 (A security vulnerability has been detected in tmux up to 3.6a. A
 	- tmux <unfixed>
 	NOTE: https://github.com/tmux/tmux/commit/fc6d94a9f8a593bd8b7031650802084385d4ee03 (3.7-rc)
 CVE-2026-11621 (A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This im ...)
-	TODO: check
+	NOT-FOR-US: Dcat-Admin
 CVE-2026-11620 (A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. Thi ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2026-11619 (A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The i ...)
@@ -522,9 +522,9 @@ CVE-2026-41448 (AdGuard Home, when started with the --glinet flag, contains an a
 CVE-2026-3011 (The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-39910 (STACKIT IaaS API contains a missing authorization check vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: STACKIT
 CVE-2026-39908 (OpenBullet2 through version 0.3.2 on Windows contains a credential dis ...)
-	TODO: check
+	NOT-FOR-US: OpenBullet2
 CVE-2026-36789 (Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was disco ...)
 	NOT-FOR-US: Tenda
 CVE-2026-36786 (Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered ...)
@@ -550,7 +550,7 @@ CVE-2026-25855 (OpenBullet2 through version 0.3.2 contains a remote code executi
 CVE-2026-25559 (OpenBullet2 through version 0.3.2 contains a path traversal vulnerabil ...)
 	NOT-FOR-US: OpenBullet2
 CVE-2026-25558 (QloApps through 1.7.0 contains a stored cross-site scripting vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: QloApps
 CVE-2026-25555 (OpenBullet2 through version 0.3.2 contains an authentication bypass vu ...)
 	NOT-FOR-US: OpenBullet2
 CVE-2026-22164 (Software installed and run as a non-privileged user may conduct improp ...)
@@ -641,7 +641,7 @@ CVE-2026-11502 (A weakness has been identified in JeecgBoot up to 3.9.2. Impacte
 CVE-2026-11501 (A security flaw has been discovered in SourceCodester Hospitals Patien ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-11500 (A vulnerability was identified in Weaviate up to 1.37.7. This vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Weaviate
 CVE-2026-11499 (A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_x ...)
 	NOT-FOR-US: Tenda
 CVE-2026-11498 (A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon.  ...)
@@ -950,23 +950,23 @@ CVE-2026-11461 (A vulnerability has been found in NousResearch hermes-agent up t
 CVE-2026-11460 (A flaw has been found in Boost Serialization up to 1.91. The impacted  ...)
 	TODO: check
 CVE-2024-58349 (WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress Theme
 CVE-2024-58348 (WordPress Background Image Cropper version 1.2 contains a remote code  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-54352 (WordPress Seotheme contains a remote code execution vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-54351 (WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-54350 (WordPress Augmented-Reality plugin contains a remote code execution vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-50953 (WordPress Plugin admin-word-count-column 2.2 contains a local file rea ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-47984 (WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-47983 (WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-47982 (WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site script ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-49494 (Comodo Internet Security's firewall driver Inspect.sys contains an int ...)
 	NOT-FOR-US: Comodo Internet Security
 CVE-2026-36229



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73c5f93be86d1a584d62840378c33d59a67e0fac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73c5f93be86d1a584d62840378c33d59a67e0fac
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260609/21a098e2/attachment.htm>

More information about the debian-security-tracker-commits mailing list