[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 17 11:25:09 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0b4be371 by Moritz Muehlenhoff at 2026-06-17T12:24:52+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,14 +1,16 @@
+CVE-2026-46655
+	NOT-FOR-US: virtio drivers for Windows
 CVE-2026-0163
 	NOT-FOR-US: Intel vpu driver
 	NOTE: https://project-zero.issues.chromium.org/issues/493643407
 CVE-2026-8317
 	REJECTED
 CVE-2026-55706 (sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allo ...)
-	TODO: check
+	NOT-FOR-US: OpenBSD
 CVE-2026-54194 (Contributor PHP Object Injection in Fusion Builder <= 3.15.4 versions.)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-53876 (RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command inje ...)
-	TODO: check
+	NOT-FOR-US: RadiX
 CVE-2026-49113 (Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-49080 (Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.)
@@ -18,39 +20,39 @@ CVE-2026-49073 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2026-49057 (Unauthenticated Broken Access Control in JobSearch <= 3.2.7 versions.)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48929 (Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6, <8.1.6, <8.0.7 ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2026-48869 (Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48797 (Backpropagate is a Python library for fine-tuning large language model ...)
-	TODO: check
+	NOT-FOR-US: Backpropagate
 CVE-2026-48788 (Remark42 is a self-hosted comment engine for blogs, articles, or any o ...)
-	TODO: check
+	NOT-FOR-US: Remark42
 CVE-2026-48783 (Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 ...)
-	TODO: check
+	NOT-FOR-US: Postiz
 CVE-2026-48782 (Pydantic AI is a Python agent framework for building applications and  ...)
-	TODO: check
+	NOT-FOR-US: Pydantic AI
 CVE-2026-48781 (Postiz is an AI social media scheduling tool. In versions prior to 2.2 ...)
-	TODO: check
+	NOT-FOR-US: Postiz
 CVE-2026-48779 (ws is an open source WebSocket client and server for Node.js. All vers ...)
 	TODO: check
 CVE-2026-48777 (FileBrowser Quantum is a free, self-hosted, web-based file manager. Ve ...)
-	TODO: check
+	NOT-FOR-US: FileBrowser Quantum
 CVE-2026-48776 (LangGraph Python SDK is used to connect to running LangGraph API serve ...)
-	TODO: check
+	NOT-FOR-US: LangGraph Python SDK
 CVE-2026-48745 (Traccar Client is a GPS tracking mobile app for sending location updat ...)
-	TODO: check
+	NOT-FOR-US: Traccar
 CVE-2026-48616 (Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, 7.13.9 ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2026-48294 (Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are ...)
 	NOT-FOR-US: Adobe
 CVE-2026-48055 (Streambert is a cross-platform Electron Desktop App to stream and down ...)
-	TODO: check
+	NOT-FOR-US: Streambert
 CVE-2026-47750 (stable-diffusion.cpp is a pure C/C++ library for running diffusion mod ...)
-	TODO: check
+	NOT-FOR-US: stable-diffusion.cpp
 CVE-2026-47747 (stable-diffusion.cpp is a pure C/C++ library for running diffusion mod ...)
-	TODO: check
+	NOT-FOR-US: stable-diffusion.cpp
 CVE-2026-47277 (Runtipi is a personal homeserver orchestrator. In versions 4.9.1 throu ...)
-	TODO: check
+	NOT-FOR-US: Runtipi
 CVE-2026-46979 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...)
 	NOT-FOR-US: Oracle
 CVE-2026-46978 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
@@ -600,9 +602,9 @@ CVE-2026-27395 (Unauthenticated Privilege Escalation in Support Board < 3.8.9 ve
 CVE-2026-25470 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-22313 (The device has a webserver that exposes a REST API authenticated with  ...)
-	TODO: check
+	NOT-FOR-US: iSAP Smart Collector
 CVE-2026-22312 (The device has a webserver that exposes a REST API authenticated with  ...)
-	TODO: check
+	NOT-FOR-US: iSAP Smart Collector
 CVE-2026-12469 (Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.78 ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
@@ -707,7 +709,7 @@ CVE-2026-12425 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2026-12360 (The JetEngine plugin for WordPress is vulnerable to SQL injection in a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-12348 (Address bar spoofing in Arc Search for Android allows a remote attacke ...)
-	TODO: check
+	NOT-FOR-US: Arc Search for Android
 CVE-2026-12256 (Contributor PHP Object Injection in Avada <= 3.15.3 versions.)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-12117 (Improper access control in the social login connection endpoint in  De ...)
@@ -1065,7 +1067,7 @@ CVE-2026-24155 (NVIDIA NeMo Framework for all platforms contains a code injectio
 CVE-2026-12412
 	REJECTED
 CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The do_git_c ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Ansible Automation Platform
 CVE-2026-12330 (Incorrect boundary conditions in the Internationalization component. T ...)
 	- firefox-esr 140.12.0esr-1
 	- thunderbird <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b4be3711f0f61e65010191687532bd0b807ee6b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b4be3711f0f61e65010191687532bd0b807ee6b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260617/093c0961/attachment.htm>

More information about the debian-security-tracker-commits mailing list