[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Mar 11 08:35:48 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a046b75 by Moritz Muehlenhoff at 2026-03-11T09:35:28+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2026-3911 (A flaw was found in Keycloak. An authenticated user with the view-user ...)
-	TODO: check
+	- keycloak <itp> (bug #1088287)
 CVE-2026-3903 (The Modular DS: Monitor, update, and backup multiple websites plugin f ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3884 (Versions of the package spin.js before 3.0.0 are vulnerable to Cross-s ...)
 	TODO: check
 CVE-2026-3826 (IFTOP developed by WellChoose has a Local File Inclusion vulnerability ...)
-	TODO: check
+	NOT-FOR-US: WellChoose
 CVE-2026-3825 (IFTOP developed by WellChoose has a Reflected Cross-site Scripting vul ...)
-	TODO: check
+	NOT-FOR-US: WellChoose
 CVE-2026-3824 (IFTOP developed by WellChoose has an Open redirect vulnerability, allo ...)
-	TODO: check
+	NOT-FOR-US: WellChoose
 CVE-2026-3534 (The Astra theme for WordPress is vulnerable to Stored Cross-Site Scrip ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3453 (The ProfilePress plugin for WordPress is vulnerable to Insecure Direct ...)
@@ -17,7 +17,7 @@ CVE-2026-3453 (The ProfilePress plugin for WordPress is vulnerable to Insecure D
 CVE-2026-3222 (The WP Maps plugin for WordPress is vulnerable to time-based blind SQL ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-31844 (An authenticated SQL Injection vulnerability (CWE-89) exists in the Ko ...)
-	TODO: check
+	- koha <itp> (bug #702134)
 CVE-2026-31838 (Istio is an open platform to connect, manage, and secure microservices ...)
 	TODO: check
 CVE-2026-31837 (Istio is an open platform to connect, manage, and secure microservices ...)
@@ -31,7 +31,7 @@ CVE-2026-31832 (Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2
 CVE-2026-31830 (sigstore-ruby is a pure Ruby implementation of the sigstore verify com ...)
 	TODO: check
 CVE-2026-31829 (Flowise is a drag & drop user interface to build a customized large la ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2026-31828 (Parse Server is an open source backend that can be deployed to any inf ...)
 	TODO: check
 CVE-2026-31827 (Alienbin is an anonymous code and text sharing web service. In 1.0.0 a ...)
@@ -39,19 +39,19 @@ CVE-2026-31827 (Alienbin is an anonymous code and text sharing web service. In 1
 CVE-2026-31826 (pypdf is a free and open-source pure-python PDF library. Prior to 6.8. ...)
 	TODO: check
 CVE-2026-31825 (Sylius is an Open Source eCommerce Framework on Symfony. Sylius API fi ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2026-31824 (Sylius is an Open Source eCommerce Framework on Symfony. A Time-of-Che ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2026-31823 (Sylius is an Open Source eCommerce Framework on Symfony. An authentica ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2026-31822 (Sylius is an Open Source eCommerce Framework on Symfony. A cross-site  ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2026-31821 (Sylius is an Open Source eCommerce Framework on Symfony. The POST /api ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2026-31820 (Sylius is an Open Source eCommerce Framework on Symfony. An authentica ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2026-31819 (Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitc ...)
-	TODO: check
+	NOT-FOR-US: Sylius
 CVE-2026-31817 (OliveTin gives access to predefined shell commands from a web interfac ...)
 	TODO: check
 CVE-2026-31815 (Unicorn adds modern reactive component functionality to your Django te ...)
@@ -59,41 +59,41 @@ CVE-2026-31815 (Unicorn adds modern reactive component functionality to your Dja
 CVE-2026-31812 (Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC ...)
 	TODO: check
 CVE-2026-31809 (SiYuan is a personal knowledge management system. Prior to 3.5.10, SiY ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2026-31808 (file-type detects the file type of a file, stream, or data. Prior to 2 ...)
 	TODO: check
 CVE-2026-31807 (SiYuan is a personal knowledge management system. Prior to 3.5.10, SiY ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2026-31801 (zot is ancontainer image/artifact registry based on the Open Container ...)
 	TODO: check
 CVE-2026-31800 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-30972 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-30967 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-30966 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-30965 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-30962 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-30954 (LinkAce is a self-hosted archive to collect website links. In 2.1.0 an ...)
-	TODO: check
+	NOT-FOR-US: LinkAce
 CVE-2026-30953 (LinkAce is a self-hosted archive to collect website links. When a user ...)
-	TODO: check
+	NOT-FOR-US: LinkAce
 CVE-2026-30952 (liquidjs is a Shopify / GitHub Pages compatible template engine in pur ...)
 	TODO: check
 CVE-2026-30951 (Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injecti ...)
 	TODO: check
 CVE-2026-30949 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-30948 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-30947 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-30946 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-30837 (Elysia is a Typescript framework for request validation, type inferenc ...)
 	TODO: check
 CVE-2026-2918 (The Happy Addons for Elementor plugin for WordPress is vulnerable to I ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a046b75986a47314c7eb67d0549c650007bd13e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a046b75986a47314c7eb67d0549c650007bd13e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260311/2a633338/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list