[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 6 09:03:23 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c8f0368 by Moritz Muehlenhoff at 2026-03-06T10:02:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,13 @@
+CVE-2026-2092
+	- keycloak <itp> (bug #1088287)
 CVE-2026-3616 (A vulnerability was detected in DefaultFuction Jeson Customer Relation ...)
-	TODO: check
+	NOT-FOR-US: Jeson Customer Relationship Management System
 CVE-2026-3613 (A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vul ...)
 	NOT-FOR-US: Wavlink
 CVE-2026-3612 (A vulnerability was determined in Wavlink WL-NU516U1 V240425. This aff ...)
 	NOT-FOR-US: Wavlink
 CVE-2026-3610 (A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3 ...)
-	TODO: check
+	NOT-FOR-US: HSC Cybersecurity Mailinspector
 CVE-2026-3606 (A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by ...)
 	TODO: check
 CVE-2026-2830 (The WP All Import \u2013 Drag & Drop Import for CSV, XML, Excel & Goog ...)
@@ -35,19 +37,19 @@ CVE-2026-29606 (OpenClaw versions prior to 2026.2.14 contain a webhook signature
 CVE-2026-29188 (File Browser provides a file managing interface within a specified dir ...)
 	TODO: check
 CVE-2026-29183 (SiYuan is a personal knowledge management system. Prior to version 3.5 ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2026-29093 (WWBN AVideo is an open source video platform. Prior to version 24.0, t ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-29084 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
-	TODO: check
+	NOT-FOR-US: Gokapi
 CVE-2026-29081 (Frappe is a full-stack web application framework. Prior to versions 14 ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-29077 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-29074 (SVGO, short for SVG Optimizer, is a Node.js library and command-line a ...)
 	TODO: check
 CVE-2026-29073 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2026-29068 (PJSIP is a free and open source multimedia communication library writt ...)
 	TODO: check
 CVE-2026-29065 (changedetection.io is a free open source web page change detection too ...)
@@ -55,13 +57,13 @@ CVE-2026-29065 (changedetection.io is a free open source web page change detecti
 CVE-2026-29062 (jackson-core contains core low-level incremental ("streaming") parser  ...)
 	TODO: check
 CVE-2026-29061 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
-	TODO: check
+	NOT-FOR-US: Gokapi
 CVE-2026-29060 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
-	TODO: check
+	NOT-FOR-US: Gokapi
 CVE-2026-29059 (Windmill is an open-source developer platform for internal code: APIs, ...)
-	TODO: check
+	NOT-FOR-US: Windmill
 CVE-2026-29058 (AVideo is a video-sharing Platform software. Prior to version 7.0, an  ...)
-	TODO: check
+	NOT-FOR-US: AVideo
 CVE-2026-29049 (melange allows users to build apk packages using declarative pipelines ...)
 	TODO: check
 CVE-2026-29048 (HumHub is an Open Source Enterprise Social Network. In version 1.18.0, ...)
@@ -243,7 +245,7 @@ CVE-2026-28442 (ZimaOS is a fork of CasaOS, an operating system for Zima devices
 CVE-2026-28438 (CocoIndex is a data transformation framework for AI. Prior to version  ...)
 	TODO: check
 CVE-2026-28436 (Frappe is a full-stack web application framework. Prior to versions 16 ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-28429 (Talishar is a fan-made Flesh and Blood project. Prior to commit 6be387 ...)
 	TODO: check
 CVE-2026-28428 (Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8f03682459aab695eeae5949f73e16919f8877

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c8f03682459aab695eeae5949f73e16919f8877
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260306/552bb22d/attachment.htm>

More information about the debian-security-tracker-commits mailing list