[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d1e663d by Moritz Muehlenhoff at 2026-03-12T11:18:56+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2026-4014 (A security flaw has been discovered in itsourcecode Cafe Reservat
 CVE-2026-4013 (A vulnerability was identified in SourceCodester Web-based Pharmacy Pr ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-4012 (A vulnerability was determined in rxi fe up to ed4cda96bd582cbb0852096 ...)
-	TODO: check
+	NOT-FOR-US: rxi fe
 CVE-2026-4010 (A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b1 ...)
 	NOT-FOR-US: ThakeeNathees pocketlang
 CVE-2026-4009 (A vulnerability has been found in jarikomppa soloud up to 20200207. Im ...)
@@ -19,7 +19,7 @@ CVE-2026-3993 (A security vulnerability has been detected in itsourcecode Payrol
 CVE-2026-3992 (A weakness has been identified in CodeGenieApp serverless-express up t ...)
 	NOT-FOR-US: CodeGenieApp serverless-express
 CVE-2026-3990 (A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0 ...)
-	TODO: check
+	NOT-FOR-US: CesiumJS
 CVE-2026-3984 (A weakness has been identified in Campcodes Division Regional Athletic ...)
 	NOT-FOR-US: Campcodes
 CVE-2026-3983 (A security flaw has been discovered in Campcodes Division Regional Ath ...)
@@ -170,17 +170,17 @@ CVE-2026-3657 (The My Sticky Bar plugin for WordPress is vulnerable to SQL injec
 CVE-2026-3226 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-32136 (AdGuard Home is a network-wide software for blocking ads and tracking. ...)
-	TODO: check
+	NOT-FOR-US: AdGuard Home
 CVE-2026-32133 (2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts ...)
-	TODO: check
+	NOT-FOR-US: 2FAuth
 CVE-2026-32132 (ZITADEL is an open source identity management platform. Prior to 3.4.8 ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2026-32131 (ZITADEL is an open source identity management platform. Prior to 3.4.8 ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2026-32130 (ZITADEL is an open source identity management platform. From 2.68.0 to ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2026-32128 (FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastG ...)
-	TODO: check
+	NOT-FOR-US: FastGPT
 CVE-2026-32127 (OpenEMR is a free and open source electronic health records and medica ...)
 	NOT-FOR-US: OpenEMR
 CVE-2026-32126 (OpenEMR is a free and open source electronic health records and medica ...)
@@ -200,25 +200,25 @@ CVE-2026-32118 (OpenEMR is a free and open source electronic health records and
 CVE-2026-32117 (The grafanacubism-panel plugin allows use of cubism.js in Grafana. In  ...)
 	TODO: check
 CVE-2026-32112 (ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAut ...)
-	TODO: check
+	NOT-FOR-US: ha-mcp
 CVE-2026-32111 (ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAut ...)
-	TODO: check
+	NOT-FOR-US: ha-mcp
 CVE-2026-32110 (SiYuan is a personal knowledge management system. Prior to 3.6.0, the  ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2026-32109 (Copyparty is a portable file server. Prior to 1.20.12, if an attacker  ...)
-	TODO: check
+	NOT-FOR-US: Copyparty
 CVE-2026-32108 (Copyparty is a portable file server. Prior to 1.20.12, there was a mis ...)
-	TODO: check
+	NOT-FOR-US: Copyparty
 CVE-2026-32106 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
-	TODO: check
+	NOT-FOR-US: StudioCMS
 CVE-2026-32104 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
-	TODO: check
+	NOT-FOR-US: StudioCMS
 CVE-2026-32103 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
-	TODO: check
+	NOT-FOR-US: StudioCMS
 CVE-2026-32102 (OliveTin gives access to predefined shell commands from a web interfac ...)
-	TODO: check
+	NOT-FOR-US: OliveTin
 CVE-2026-32101 (StudioCMS is a server-side-rendered, Astro native, headless content ma ...)
-	TODO: check
+	NOT-FOR-US: StudioCMS
 CVE-2026-31988 (yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contai ...)
 	TODO: check
 CVE-2026-2808 (HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22. ...)
@@ -666,7 +666,7 @@ CVE-2026-31812 (Quinn is a pure-Rust, async-compatible implementation of the IET
 CVE-2026-31809 (SiYuan is a personal knowledge management system. Prior to 3.5.10, SiY ...)
 	NOT-FOR-US: SiYuan
 CVE-2026-31808 (file-type detects the file type of a file, stream, or data. Prior to 2 ...)
-	TODO: check
+	NOT-FOR-US: Node file-type
 CVE-2026-31807 (SiYuan is a personal knowledge management system. Prior to 3.5.10, SiY ...)
 	NOT-FOR-US: SiYuan
 CVE-2026-31801 (zot is ancontainer image/artifact registry based on the Open Container ...)
@@ -690,7 +690,7 @@ CVE-2026-30953 (LinkAce is a self-hosted archive to collect website links. When
 CVE-2026-30952 (liquidjs is a Shopify / GitHub Pages compatible template engine in pur ...)
 	TODO: check
 CVE-2026-30951 (Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Sequelize
 CVE-2026-30949 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-30948 (Parse Server is an open source backend that can be deployed to any inf ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d1e663d917a355fcad5e700a1c350d460750ce3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d1e663d917a355fcad5e700a1c350d460750ce3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260312/d9a467d7/attachment.htm>