[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 18 20:36:29 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e9b6fdd by Salvatore Bonaccorso at 2026-06-18T21:36:06+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,13 +3,13 @@ CVE-2026-9815 (The MagicForm WordPress plugin through 0.1.3 does not properly va
 CVE-2026-9158 (In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DE ...)
 	TODO: check
 CVE-2026-8811 (SEPPmail versions before 15.0.5 allow improper handling of attachment  ...)
-	TODO: check
+	NOT-FOR-US: SEPPmail
 CVE-2026-8461 (An out-of-bounds write vulnerability in FFmpeg's libavcodec library, s ...)
 	TODO: check
 CVE-2026-8039 (The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-8024 (A remote, unauthenticated attacker may exploit a deserialization of un ...)
-	TODO: check
+	NOT-FOR-US: iba AG
 CVE-2026-56024 (Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyP ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56022 (Webmin accepts basic authentication without session cookies when an at ...)
@@ -25,41 +25,41 @@ CVE-2026-56009 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2026-56007 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-55746 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored ...)
-	TODO: check
+	NOT-FOR-US: Cotonti
 CVE-2026-55745 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross- ...)
-	TODO: check
+	NOT-FOR-US: Cotonti
 CVE-2026-55744 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross- ...)
-	TODO: check
+	NOT-FOR-US: Cotonti
 CVE-2026-55742 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross- ...)
-	TODO: check
+	NOT-FOR-US: Cotonti
 CVE-2026-55741 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross- ...)
-	TODO: check
+	NOT-FOR-US: Cotonti
 CVE-2026-55392 (NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_va ...)
 	TODO: check
 CVE-2026-55237 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2026-55205 (Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Hermes WebUI
 CVE-2026-55204 (HAProxy through  3.4.0, fixed in commit 9a6d1fe, contains a null point ...)
 	TODO: check
 CVE-2026-55203 (HAProxy through 3.4.0, fixed in commit 5985276, contains an integer ov ...)
 	TODO: check
 CVE-2026-54419 (claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no r ...)
-	TODO: check
+	NOT-FOR-US: PBX-In-A-Flash Hotel Management System
 CVE-2026-54390 (JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template  ...)
-	TODO: check
+	NOT-FOR-US: JTL Shop
 CVE-2026-54224 (UBB.threads is vulnerable to Denial of Service (DoS). By sending multi ...)
-	TODO: check
+	NOT-FOR-US: UBB.threads
 CVE-2026-54223 (UBB.threads is vulnerable to Path traversal, allowing attackers with p ...)
-	TODO: check
+	NOT-FOR-US: UBB.threads
 CVE-2026-54222 (UBB.threads is vulnerable to Blind SQL Injection,allowing attackers wi ...)
-	TODO: check
+	NOT-FOR-US: UBB.threads
 CVE-2026-54221 (UBB.threads is vulnerable toReflected XSS. The application improperly  ...)
-	TODO: check
+	NOT-FOR-US: UBB.threads
 CVE-2026-54220 (uBB.threads is vulnerable to aCross-Site Request Forgery (CSRF) due to ...)
-	TODO: check
+	NOT-FOR-US: UBB.threads
 CVE-2026-54219 (UBB.threads is vulnerable to Stored XSS via user posts and user profil ...)
-	TODO: check
+	NOT-FOR-US: UBB.threads
 CVE-2026-54106 (The U.S. Government Accountability Office (GAO) Electronic Protest Doc ...)
 	TODO: check
 CVE-2026-54105 (The U.S. Government Accountability Office (GAO) Electronic Protest Doc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e9b6fddaed089bb3e84b3adc7d3f4007118845e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e9b6fddaed089bb3e84b3adc7d3f4007118845e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260618/3e1bd69a/attachment.htm>

More information about the debian-security-tracker-commits mailing list