[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 21 08:32:45 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ffc16a34 by Salvatore Bonaccorso at 2026-03-21T09:32:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2026-4510 (A weakness has been identified in PbootCMS up to 3.2.12. This impacts  ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2026-4509 (A security flaw has been discovered in PbootCMS up to 3.2.12. This aff ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2026-4508 (A vulnerability was identified in PbootCMS up to 3.2.12. The impacted  ...)
-	TODO: check
+	NOT-FOR-US: PbootCMS
 CVE-2026-4507 (A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. T ...)
-	TODO: check
+	NOT-FOR-US: Mindinventory MindSQL
 CVE-2026-4506 (A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impact ...)
-	TODO: check
+	NOT-FOR-US: Mindinventory MindSQL
 CVE-2026-4373 (The JetFormBuilder plugin for WordPress is vulnerable to arbitrary fil ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-4302 (The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable  ...)
@@ -45,7 +45,7 @@ CVE-2026-3997 (The Text Toggle plugin for WordPress is vulnerable to Stored Cros
 CVE-2026-3996 (The WP Games Embed plugin for WordPress is vulnerable to Stored Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3864 (A vulnerability was discovered in the Kubernetes CSI Driver for NFS wh ...)
-	TODO: check
+	NOT-FOR-US: Kubernetes CSI Driver for NFS
 CVE-2026-3651 (The Build App Online plugin for WordPress is vulnerable to unauthorize ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3645 (The Punnel \u2013 Landing Page Builder plugin for WordPress is vulnera ...)
@@ -105,7 +105,7 @@ CVE-2026-3331 (The Lobot Slider Administrator plugin for WordPress is vulnerable
 CVE-2026-3003 (The Vagaro Booking Widget plugin for WordPress is vulnerable to Stored ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-33476 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2026-33428 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
 	NOT-FOR-US: Discourse
 CVE-2026-33427 (Discourse is an open-source discussion platform. Prior to versions 202 ...)
@@ -129,9 +129,9 @@ CVE-2026-33251 (Discourse is an open-source discussion platform. Prior to versio
 CVE-2026-33243 (barebox is a bootloader. In barebox from version 2016.03.0 to before v ...)
 	TODO: check
 CVE-2026-33238 (WWBN AVideo is an open source video platform. Prior to version 26.0, t ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-33237 (WWBN AVideo is an open source video platform. Prior to version 26.0, t ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-33236 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...)
 	TODO: check
 CVE-2026-33231 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...)
@@ -141,9 +141,9 @@ CVE-2026-33230 (NLTK (Natural Language Toolkit) is a suite of open source Python
 CVE-2026-33228 (flatted is a circular JSON parser. Prior to version 3.4.2, the parse() ...)
 	TODO: check
 CVE-2026-33226 (Budibase is a low code platform for creating internal tools, workflows ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-33221 (Nhost is an open source Firebase alternative with GraphQL. Prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Nhost
 CVE-2026-33210 (Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to be ...)
 	TODO: check
 CVE-2026-33209 (Avo is a framework to create admin panels for Ruby on Rails apps. Prio ...)
@@ -151,21 +151,21 @@ CVE-2026-33209 (Avo is a framework to create admin panels for Ruby on Rails apps
 CVE-2026-33204 (SimpleJWT is a simple JSON web token library written in PHP. Prior to  ...)
 	TODO: check
 CVE-2026-33203 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2026-33194 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2026-33186 (gRPC-Go is the Go language implementation of gRPC. Versions prior to 1 ...)
 	TODO: check
 CVE-2026-33180 (HAPI FHIR is a complete implementation of the HL7 FHIR standard for he ...)
-	TODO: check
+	NOT-FOR-US: HAPI FHIR
 CVE-2026-33179 (libfuse is the reference implementation of the Linux FUSE. From versio ...)
 	TODO: check
 CVE-2026-33177 (Statamic is a Laravel and Git powered content management system (CMS). ...)
-	TODO: check
+	NOT-FOR-US: Statamic CMS
 CVE-2026-33172 (Statamic is a Laravel and Git powered content management system (CMS). ...)
-	TODO: check
+	NOT-FOR-US: Statamic CMS
 CVE-2026-33171 (Statamic is a Laravel and Git powered content management system (CMS). ...)
-	TODO: check
+	NOT-FOR-US: Statamic CMS
 CVE-2026-33166 (Allure 2 is the version 2.x branch of Allure Report, a multi-language  ...)
 	TODO: check
 CVE-2026-33165 (libde265 is an open source implementation of the h.265 video codec. Pr ...)
@@ -187,9 +187,9 @@ CVE-2026-33147 (GMT is an open source collection of command-line tools for manip
 CVE-2026-33144 (GPAC is an open-source multimedia framework. Prior to commit 86b0e36,  ...)
 	TODO: check
 CVE-2026-33143 (OneUptime is a solution for monitoring and managing online services. P ...)
-	TODO: check
+	NOT-FOR-US: OneUptime
 CVE-2026-33142 (OneUptime is a solution for monitoring and managing online services. P ...)
-	TODO: check
+	NOT-FOR-US: OneUptime
 CVE-2026-32899 (OpenClaw versions prior to 2026.2.25 fail to consistently apply sender ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-32898 (OpenClaw versions prior to 2026.2.23 contain an authorization bypass v ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffc16a340f396ef5f75c57058455c49e1bbaa3f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffc16a340f396ef5f75c57058455c49e1bbaa3f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260321/3b9e8da0/attachment.htm>

More information about the debian-security-tracker-commits mailing list