[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 20 20:48:34 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ac0fa982 by Salvatore Bonaccorso at 2026-03-20T21:48:14+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -67,9 +67,9 @@ CVE-2026-33369 (Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP inject
CVE-2026-33368 (Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cr ...)
NOT-FOR-US: Zimbra
CVE-2026-33312 (Vikunja is an open-source self-hosted task management platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33192 (Free5GC is an open-source Linux Foundation project for 5th generation ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33140 (PySpector is a static analysis security testing (SAST) Framework engin ...)
TODO: check
CVE-2026-33139 (PySpector is a static analysis security testing (SAST) Framework engin ...)
@@ -83,7 +83,7 @@ CVE-2026-33134 (WeGIA is a web manager for charitable institutions. Versions 3.6
CVE-2026-33133 (WeGIA is a web manager for charitable institutions. In versions 3.6.5 ...)
NOT-FOR-US: WeGIA
CVE-2026-33132 (ZITADEL is an open source identity management platform. Versions prior ...)
- TODO: check
+ NOT-FOR-US: ZZitadel
CVE-2026-33131 (H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through 2.0.1-rc.14 ...)
TODO: check
CVE-2026-33130 (Uptime Kuma is an open source, self-hosted monitoring tool. In version ...)
@@ -105,7 +105,7 @@ CVE-2026-33081 (PinchTab is a standalone HTTP server that gives AI agents direct
CVE-2026-33080 (Filament is a collection of full-stack components for accelerated Lara ...)
TODO: check
CVE-2026-33075 (FastGPT is an AI Agent building platform. In versions 4.14.8.3 and bel ...)
- TODO: check
+ NOT-FOR-US: FastGPT
CVE-2026-33072 (FileRise is a self-hosted web file manager / WebDAV server. In version ...)
TODO: check
CVE-2026-33071 (FileRise is a self-hosted web file manager / WebDAV server. In version ...)
@@ -115,11 +115,11 @@ CVE-2026-33070 (FileRise is a self-hosted web file manager / WebDAV server. In v
CVE-2026-33069 (PJSIP is a free and open source multimedia communication library writt ...)
TODO: check
CVE-2026-33068 (Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolv ...)
- TODO: check
+ NOT-FOR-US: Claude Code
CVE-2026-33067 (SiYuan is a personal knowledge management system. Versions 3.6.0 and b ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-33066 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-33010 (mcp-memory-service is an open-source memory backend for multi-agent sy ...)
TODO: check
CVE-2026-32989 (Precurio Intranet Portal 4.4 contains a cross-site request forgery vul ...)
@@ -331,19 +331,19 @@ CVE-2026-33301 (OpenEMR is a free and open source electronic health records and
CVE-2026-33299 (OpenEMR is a free and open source electronic health records and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-33289 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-33288 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-33191 (Free5GC is an open-source Linux Foundation project for 5th generation ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33065 (Free5GC is an open-source Linux Foundation project for 5th generation ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33064 (Free5GC is an open-source Linux Foundation project for 5th generation ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33063 (free5GC is an open source 5G core network. free5GC AUSF prior to versi ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33062 (free5GC is an open source 5G core network. free5GC NRF prior to versio ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33061 (exactyl is a customisable game management panel and billing system. Co ...)
TODO: check
CVE-2026-33060 (CKAN MCP Server is a tool for querying CKAN open data portals. Version ...)
@@ -359,41 +359,41 @@ CVE-2026-33054 (Mesop is a Python-based UI framework that allows users to build
CVE-2026-33053 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
TODO: check
CVE-2026-33051 (Craft CMS is a content management system (CMS). In versions 5.9.0-beta ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33043 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33041 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33040 (libp2p-rust is the official rust language Implementation of the libp2p ...)
TODO: check
CVE-2026-33039 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33038 (WWBN AVideo is an open source video platform. Versions 25.0 and below ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33037 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33036 (fast-xml-parser allows users to process XML from JS object without C/C ...)
TODO: check
CVE-2026-33035 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33025 (AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQ ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33024 (AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Se ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33022 (Tekton Pipelines project provides k8s-style resources for declaring CI ...)
TODO: check
CVE-2026-33017 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33013 (Micronaut Framework is a JVM-based full stack Java framework designed ...)
- TODO: check
+ NOT-FOR-US: Micronaut Framework
CVE-2026-33012 (Micronaut Framework is a JVM-based full stack Java framework designed ...)
- TODO: check
+ NOT-FOR-US: Micronaut Framework
CVE-2026-33011 (Nest is a framework for building scalable Node.js server-side applicat ...)
TODO: check
CVE-2026-32985 (Xerte Online Toolkits versions 3.14 and earlier contain an unauthentic ...)
- TODO: check
+ NOT-FOR-US: Xerte Online Toolkits
CVE-2026-32954 (ERP is a free and open source Enterprise Resource Planning tool. In ve ...)
- TODO: check
+ NOT-FOR-US: ERP
CVE-2026-32950 (SQLBot is an intelligent data query system based on a large language m ...)
TODO: check
CVE-2026-32949 (SQLBot is an intelligent data query system based on a large language m ...)
@@ -413,9 +413,9 @@ CVE-2026-32940 (SiYuan is a personal knowledge management system. In versions 3.
CVE-2026-32939 (DataEase is an open source data visualization analysis tool. Versions ...)
NOT-FOR-US: DataEase
CVE-2026-32938 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-32937 (free5GC is an open source 5G core network. free5GC CHF prior to versio ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-32935 (phpseclib is a PHP secure communications library. Projects using versi ...)
TODO: check
CVE-2026-32933 (AutoMapper is a convention-based object-object mapper in .NET. Version ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac0fa982a5c9ebe33972c8f8ebca042ba728eb86
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac0fa982a5c9ebe33972c8f8ebca042ba728eb86
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260320/a90173cc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list