[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 24 08:29:35 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
253ae51a by Salvatore Bonaccorso at 2026-06-24T09:29:15+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2026-9175 (The Devs Accounting \u2013 Simple Accounting and Invoicing Soluti
 CVE-2026-9172 (The Devs Accounting \u2013 Simple Accounting and Invoicing Solution pl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-9073 (A flaw was found in foreman-mcp-server. This component utilizes two di ...)
-	TODO: check
+	NOT-FOR-US: foreman-mcp-server
 CVE-2026-8905 (The Osiris Signature Banner plugin for WordPress is vulnerable to Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-8896 (The MIR blocks and shortcodes plugin for WordPress is vulnerable to St ...)
@@ -55,13 +55,13 @@ CVE-2026-8614 (The Assistio plugin for WordPress is vulnerable to unauthorized m
 CVE-2026-7617 (The Secufor_OAuth plugin for WordPress is vulnerable to unauthorized a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-7574 (Anthropic Claude Desktop Cowork VM image handling (confirmed across v1 ...)
-	TODO: check
+	NOT-FOR-US: Anthropic Claude Desktop
 CVE-2026-6458 (Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_upda ...)
-	TODO: check
+	NOT-FOR-US: Caliptra Core Firmware
 CVE-2026-6292 (The MP Customize Login Page plugin for WordPress is vulnerable to Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5818 (Incorrect check of function return value in Caliptra Core Runtime Firm ...)
-	TODO: check
+	NOT-FOR-US: Caliptra Core Firmware
 CVE-2026-56785 (FlatPress versions prior to commit 10be83c, contains a stored cross-si ...)
 	TODO: check
 CVE-2026-56120
@@ -71,9 +71,9 @@ CVE-2026-54762 (Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-e
 CVE-2026-54761 (Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 an ...)
 	- traefik <itp> (bug #983289)
 CVE-2026-54639 (Style Dictionary, a build system for creating cross-platform styles, h ...)
-	TODO: check
+	NOT-FOR-US: Style Dictionary
 CVE-2026-54588 (Poweradmin is a web-based DNS administration tool for PowerDNS server. ...)
-	TODO: check
+	NOT-FOR-US: Poweradmin
 CVE-2026-54555 (rtk filters and compresses command outputs before they reach your LLM  ...)
 	TODO: check
 CVE-2026-54518 (jackson-databind contains the general-purpose data-binding functionali ...)
@@ -99,17 +99,17 @@ CVE-2026-54326 (Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.
 CVE-2026-54325 (Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded proje ...)
 	TODO: check
 CVE-2026-53931 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-53930 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-53929 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-53928 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-53927 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-53926 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-53622 (Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, th ...)
 	- traefik <itp> (bug #983289)
 CVE-2026-50193 (jackson-databind contains the general-purpose data-binding functionali ...)
@@ -123,53 +123,53 @@ CVE-2026-48491 (Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 u
 CVE-2026-48020 (Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48,  ...)
 	- traefik <itp> (bug #983289)
 CVE-2026-47693 (Poweradmin is a web-based DNS administration tool for PowerDNS server. ...)
-	TODO: check
+	NOT-FOR-US: Poweradmin
 CVE-2026-47388 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47387 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47386 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47385 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47384 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47383 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47382 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47381 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47380 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47379 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47378 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47377 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47376 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47375 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-47279 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-46554 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-46553 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-46552 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-46551 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-46550 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-46549 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-46548 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-46547 (NocoDB is software for building databases as spreadsheets. Prior to 20 ...)
-	TODO: check
+	NOT-FOR-US: NocoDB
 CVE-2026-45792 (rtk filters and compresses command outputs before they reach your LLM  ...)
 	TODO: check
 CVE-2026-41862 (Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, R ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/253ae51a4414842af39b04f6ff10d9df874fa996

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/253ae51a4414842af39b04f6ff10d9df874fa996
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/424dfed4/attachment.htm>


More information about the debian-security-tracker-commits mailing list