[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 20 21:33:02 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1fe75b29 by Salvatore Bonaccorso at 2026-03-20T22:32:37+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,9 +71,9 @@ CVE-2026-33312 (Vikunja is an open-source self-hosted task management platform.
CVE-2026-33192 (Free5GC is an open-source Linux Foundation project for 5th generation ...)
NOT-FOR-US: Free5GC
CVE-2026-33140 (PySpector is a static analysis security testing (SAST) Framework engin ...)
- TODO: check
+ NOT-FOR-US: PySpector
CVE-2026-33139 (PySpector is a static analysis security testing (SAST) Framework engin ...)
- TODO: check
+ NOT-FOR-US: PySpector
CVE-2026-33136 (WeGIA is a web manager for charitable institutions. Versions 3.6.6 and ...)
NOT-FOR-US: WeGIA
CVE-2026-33135 (WeGIA is a web manager for charitable institutions. Versions 3.6.6 and ...)
@@ -85,33 +85,33 @@ CVE-2026-33133 (WeGIA is a web manager for charitable institutions. In versions
CVE-2026-33132 (ZITADEL is an open source identity management platform. Versions prior ...)
NOT-FOR-US: ZZitadel
CVE-2026-33131 (H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through 2.0.1-rc.14 ...)
- TODO: check
+ NOT-FOR-US: H3
CVE-2026-33130 (Uptime Kuma is an open source, self-hosted monitoring tool. In version ...)
- TODO: check
+ NOT-FOR-US: Uptime Kuma
CVE-2026-33129 (H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0 through 2.0.0- ...)
- TODO: check
+ NOT-FOR-US: H3
CVE-2026-33128 (H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and betw ...)
- TODO: check
+ NOT-FOR-US: H3
CVE-2026-33126 (Frigate is a network video recorder (NVR) with realtime local object d ...)
- TODO: check
+ NOT-FOR-US: Frigate
CVE-2026-33125 (Frigate is a network video recorder (NVR) with realtime local object d ...)
- TODO: check
+ NOT-FOR-US: Frigate
CVE-2026-33124 (Frigate is a network video recorder (NVR) with realtime local object d ...)
- TODO: check
+ NOT-FOR-US: Frigate
CVE-2026-33123 (pypdf is a free and open-source pure-python PDF library. Versions prio ...)
TODO: check
CVE-2026-33081 (PinchTab is a standalone HTTP server that gives AI agents direct contr ...)
- TODO: check
+ NOT-FOR-US: PinchTab
CVE-2026-33080 (Filament is a collection of full-stack components for accelerated Lara ...)
- TODO: check
+ NOT-FOR-US: Filament
CVE-2026-33075 (FastGPT is an AI Agent building platform. In versions 4.14.8.3 and bel ...)
NOT-FOR-US: FastGPT
CVE-2026-33072 (FileRise is a self-hosted web file manager / WebDAV server. In version ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2026-33071 (FileRise is a self-hosted web file manager / WebDAV server. In version ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2026-33070 (FileRise is a self-hosted web file manager / WebDAV server. In version ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2026-33069 (PJSIP is a free and open source multimedia communication library writt ...)
TODO: check
CVE-2026-33068 (Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolv ...)
@@ -121,13 +121,13 @@ CVE-2026-33067 (SiYuan is a personal knowledge management system. Versions 3.6.0
CVE-2026-33066 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
NOT-FOR-US: SiYuan
CVE-2026-33010 (mcp-memory-service is an open-source memory backend for multi-agent sy ...)
- TODO: check
+ NOT-FOR-US: mcp-memory-service
CVE-2026-32989 (Precurio Intranet Portal 4.4 contains a cross-site request forgery vul ...)
- TODO: check
+ NOT-FOR-US: Precurio Intranet Portal
CVE-2026-32986 (Textpattern CMS version 4.9.0 contains a second-order cross-site scrip ...)
TODO: check
CVE-2026-32844 (XinLiangCoder php_api_doc through commit 1ce5bbf contains a reflected ...)
- TODO: check
+ NOT-FOR-US: XinLiangCoder php_api_doc
CVE-2026-32710 (MariaDB server is a community developed fork of MySQL server. An authe ...)
TODO: check
CVE-2026-32701 (Qwik is a performance-focused JavaScript framework. Versions prior to ...)
@@ -345,19 +345,19 @@ CVE-2026-33063 (free5GC is an open source 5G core network. free5GC AUSF prior to
CVE-2026-33062 (free5GC is an open source 5G core network. free5GC NRF prior to versio ...)
NOT-FOR-US: Free5GC
CVE-2026-33061 (exactyl is a customisable game management panel and billing system. Co ...)
- TODO: check
+ NOT-FOR-US: exactyl
CVE-2026-33060 (CKAN MCP Server is a tool for querying CKAN open data portals. Version ...)
- TODO: check
+ NOT-FOR-US: CKAN MCP Server
CVE-2026-33057 (Mesop is a Python-based UI framework that allows users to build web ap ...)
- TODO: check
+ NOT-FOR-US: Mesop
CVE-2026-33056 (tar-rs is a tar archive reading/writing library for Rust. In versions ...)
TODO: check
CVE-2026-33055 (tar-rs is a tar archive reading/writing library for Rust. Versions 0.4 ...)
TODO: check
CVE-2026-33054 (Mesop is a Python-based UI framework that allows users to build web ap ...)
- TODO: check
+ NOT-FOR-US: Mesop
CVE-2026-33053 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33051 (Craft CMS is a content management system (CMS). In versions 5.9.0-beta ...)
NOT-FOR-US: Craft CMS
CVE-2026-33043 (WWBN AVideo is an open source video platform. In versions 25.0 and bel ...)
@@ -381,7 +381,7 @@ CVE-2026-33025 (AVideo is a video-sharing Platform. Versions prior to 8.0 contai
CVE-2026-33024 (AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Se ...)
NOT-FOR-US: WWBN AVideo
CVE-2026-33022 (Tekton Pipelines project provides k8s-style resources for declaring CI ...)
- TODO: check
+ NOT-FOR-US: Tekton Pipelines project
CVE-2026-33017 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
NOT-FOR-US: Langflow
CVE-2026-33013 (Micronaut Framework is a JVM-based full stack Java framework designed ...)
@@ -395,21 +395,21 @@ CVE-2026-32985 (Xerte Online Toolkits versions 3.14 and earlier contain an unaut
CVE-2026-32954 (ERP is a free and open source Enterprise Resource Planning tool. In ve ...)
NOT-FOR-US: ERP
CVE-2026-32950 (SQLBot is an intelligent data query system based on a large language m ...)
- TODO: check
+ NOT-FOR-US: SQLBot
CVE-2026-32949 (SQLBot is an intelligent data query system based on a large language m ...)
- TODO: check
+ NOT-FOR-US: SQLBot
CVE-2026-32947 (Harden-Runner is a CI/CD security agent that works like an EDR for Git ...)
- TODO: check
+ NOT-FOR-US: Harden-Runner
CVE-2026-32946 (Harden-Runner is a CI/CD security agent that works like an EDR for Git ...)
- TODO: check
+ NOT-FOR-US: Harden-Runner
CVE-2026-32945 (PJSIP is a free and open source multimedia communication library writt ...)
TODO: check
CVE-2026-32942 (PJSIP is a free and open source multimedia communication library writt ...)
TODO: check
CVE-2026-32941 (Sliver is a command and control framework that uses a custom Wireguard ...)
- TODO: check
+ NOT-FOR-US: Sliver
CVE-2026-32940 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-32939 (DataEase is an open source data visualization analysis tool. Versions ...)
NOT-FOR-US: DataEase
CVE-2026-32938 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
@@ -419,17 +419,17 @@ CVE-2026-32937 (free5GC is an open source 5G core network. free5GC CHF prior to
CVE-2026-32935 (phpseclib is a PHP secure communications library. Projects using versi ...)
TODO: check
CVE-2026-32933 (AutoMapper is a convention-based object-object mapper in .NET. Version ...)
- TODO: check
+ NOT-FOR-US: AutoMapper
CVE-2026-32891 (Anchorr is a Discord bot for requesting movies and TV shows and receiv ...)
- TODO: check
+ NOT-FOR-US: Anchorr
CVE-2026-32890 (Anchorr is a Discord bot for requesting movies and TV shows and receiv ...)
- TODO: check
+ NOT-FOR-US: Anchorr
CVE-2026-32889 (tinytag is a Python library for reading audio file metadata. Version 2 ...)
TODO: check
CVE-2026-32888 (Open Source Point of Sale is a web based point-of-sale application wri ...)
- TODO: check
+ NOT-FOR-US: Open Source Point of Sale
CVE-2026-32881 (ewe is a Gleam web server. ewe is a Gleam web server. Versions 0.6.0 t ...)
- TODO: check
+ NOT-FOR-US: ewe
CVE-2026-32880 (ChurchCRM is an open-source church management system. Versions prior t ...)
NOT-FOR-US: ChurchCRM
CVE-2026-32875 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
@@ -437,33 +437,33 @@ CVE-2026-32875 (UltraJSON is a fast JSON encoder and decoder written in pure C w
CVE-2026-32874 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
TODO: check
CVE-2026-32873 (ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug ...)
- TODO: check
+ NOT-FOR-US: ewe
CVE-2026-32828 (Kargo manages and automates the promotion of software artifacts. In ve ...)
- TODO: check
+ NOT-FOR-US: Kargo
CVE-2026-32818 (Admidio is an open-source user management solution. In versions 5.0.0 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-32817 (Admidio is an open-source user management solution. In versions 5.0.0 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-32816 (Admidio is an open-source user management solution. In versions 5.0.0 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-32815 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-32813 (Admidio is an open-source user management solution. Versions 5.0.6 and ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-32812 (Admidio is an open-source user management solution. In versions 5.0.0 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-32811 (Heimdall is a cloud native Identity Aware Proxy and Access Control Dec ...)
- TODO: check
+ NOT-FOR-US: Heimdall
CVE-2026-32808 (pyLoad is a free and open-source download manager written in Python. V ...)
TODO: check
CVE-2026-32771 (The CTFer.io Monitoring component is in charge of the collection, proc ...)
- TODO: check
+ NOT-FOR-US: CTFer.io
CVE-2026-32769 (Fullchain is an umbrella project for deploying a ready-to-use CTF plat ...)
- TODO: check
+ NOT-FOR-US: Fullchain
CVE-2026-32768 (Chall-Manager is a platform-agnostic system able to start Challenges o ...)
- TODO: check
+ NOT-FOR-US: Chall-Manager
CVE-2026-32767 (SiYuan is a personal knowledge management system. Versions 3.6.0 and b ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-32766 (astral-tokio-tar is a tar archive reading/writing library for async Ru ...)
TODO: check
CVE-2026-32765
@@ -473,39 +473,39 @@ CVE-2026-32764
CVE-2026-32763 (Kysely is a type-safe TypeScript SQL query builder. Versions up to and ...)
TODO: check
CVE-2026-32761 (File Browser is a file managing interface for uploading, deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-32760 (File Browser is a file managing interface for uploading, deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-32759 (File Browser is a file managing interface for uploading, deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-32758 (File Browser is a file managing interface for uploading, deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-32757 (Admidio is an open-source user management solution. In versions 5.0.6 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-32756 (Admidio is an open-source user management solution. Versions 5.0.6 and ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-32755 (Admidio is an open-source user management solution. In versions 5.0.6 ...)
- TODO: check
+ NOT-FOR-US: Admidio
CVE-2026-32754 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-32753 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-32752 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
- TODO: check
+ NOT-FOR-US: FreeScout
CVE-2026-32751 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-32750 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-32749 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-32747 (SiYuan is a personal knowledge management system. In versions 3.6.0 an ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-32711 (pydicom is a pure Python package for working with DICOM files. Version ...)
TODO: check
CVE-2026-32697 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-32622 (SQLBot is an intelligent data query system based on a large language m ...)
- TODO: check
+ NOT-FOR-US: SQLBot
CVE-2026-32194 (Improper neutralization of special elements used in a command ('comman ...)
TODO: check
CVE-2026-32191 (Improper neutralization of special elements used in an os command ('os ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fe75b29973a5581ed680cddac992e7f07f72523
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fe75b29973a5581ed680cddac992e7f07f72523
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260320/c73158c2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list