[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 18 09:51:02 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d2478659 by Salvatore Bonaccorso at 2026-06-18T10:50:46+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2026-9860 (The Offload, AI & Optimize with Cloudflare Images plugin for Word
CVE-2026-9199 (The Equalize Digital Accessibility Checker \u2013 WCAG, ADA, EAA and S ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8050 (In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL ha ...)
- TODO: check
+ NOT-FOR-US: SignalRGB
CVE-2026-8049 (In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object ...)
- TODO: check
+ NOT-FOR-US: SignalRGB
CVE-2026-55740 (Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb9 ...)
NOT-FOR-US: Nur-Alam39 bus-ticket
CVE-2026-55202 (Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly v ...)
@@ -37,9 +37,9 @@ CVE-2026-54387 (Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reco
NOTE: https://github.com/tinyproxy/tinyproxy/pull/610
NOTE: Fixed by: https://github.com/tinyproxy/tinyproxy/commit/623bfc093df009296f0b85d40bc677ef9d5c09bb
CVE-2026-54386 (marimo before 0.23.9 contains a reflected cross-site scripting vulnera ...)
- TODO: check
+ NOT-FOR-US: marimo
CVE-2026-53676 (ThingsBoard contains a prototype pollution vulnerability which may lea ...)
- TODO: check
+ NOT-FOR-US: ThingsBoard
CVE-2026-50268 (Steeltoe is an open source project that provides a collection of libra ...)
NOT-FOR-US: Steeltoe
CVE-2026-50267 (Steeltoe is an open source project that provides a collection of libra ...)
@@ -57,15 +57,15 @@ CVE-2026-50194 (Steeltoe is an open source project that provides a collection of
CVE-2026-50107 (When NGINX Plus or NGINX Open Source is configured as the data plane f ...)
TODO: check
CVE-2026-49133 (Typemill before 2.24.0 contains a path traversal vulnerability that al ...)
- TODO: check
+ NOT-FOR-US: Typemill
CVE-2026-48997 (e107 is a content management system (CMS). Versions 2.3.5 and earlier ...)
- TODO: check
+ NOT-FOR-US: e107 CMS
CVE-2026-48991 (XianYuLauncher is a Minecraft Java Edition launcher. In versions prior ...)
NOT-FOR-US: XianYuLauncher
CVE-2026-48990 (joserfc is a Python library that provides an implementation of several ...)
TODO: check
CVE-2026-48989 (Windows-MCP is an open-source project that integrates AI agents with W ...)
- TODO: check
+ NOT-FOR-US: Windows-MCP
CVE-2026-48988 (markdown-it is a Markdown parser. Versions 14.1.1 and below contain a ...)
TODO: check
CVE-2026-48979 (PHP Standard Library (PSL) is set of APIs covering async, collections, ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2478659fc30da1c75536e480a32094555779d34
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2478659fc30da1c75536e480a32094555779d34
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260618/926c47d2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list