[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 24 20:57:21 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ae35648b by Salvatore Bonaccorso at 2026-03-24T21:56:47+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10,25 +10,25 @@ CVE-2026-4775 (A flaw was found in the libtiff library. A remote attacker could
CVE-2026-4649 (Apache Artemis before version 2.52.0 is affected by an authentication ...)
TODO: check
CVE-2026-33769 (Astro is a web framework. From version 2.10.10 to before version 5.18. ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2026-33768 (Astro is a web framework. Prior to version 10.0.2, the @astrojs/vercel ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2026-33700 (Vikunja is an open-source self-hosted task management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33680 (Vikunja is an open-source self-hosted task management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33679 (Vikunja is an open-source self-hosted task management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33678 (Vikunja is an open-source self-hosted task management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33677 (Vikunja is an open-source self-hosted task management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33676 (Vikunja is an open-source self-hosted task management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33675 (Vikunja is an open-source self-hosted task management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33668 (Vikunja is an open-source self-hosted task management platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33627 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-33624 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -50,15 +50,15 @@ CVE-2026-33508 (Parse Server is an open source backend that can be deployed to a
CVE-2026-33498 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-33497 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33484 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33475 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33474 (Vikunja is an open-source self-hosted task management platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33473 (Vikunja is an open-source self-hosted task management platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33429 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-33421 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -66,75 +66,75 @@ CVE-2026-33421 (Parse Server is an open source backend that can be deployed to a
CVE-2026-33419 (MinIO is a high-performance object storage system. Prior to RELEASE.20 ...)
TODO: check
CVE-2026-33418 (DiceBear is an avatar library for designers and developers. Prior to v ...)
- TODO: check
+ NOT-FOR-US: DiceBear
CVE-2026-33417 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-33409 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-33407 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-33401 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-33400 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-33399 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-33353 (Soft Serve is a self-hostable Git server for the command line. From ve ...)
- TODO: check
+ NOT-FOR-US: Soft Serve
CVE-2026-33349 (fast-xml-parser allows users to process XML from JS object without C/C ...)
TODO: check
CVE-2026-33345 (solidtime is an open-source time-tracking app. Prior to version 0.11.6 ...)
- TODO: check
+ NOT-FOR-US: solidtime
CVE-2026-33344 (Dagu is a workflow engine with a built-in Web user interface. From ver ...)
- TODO: check
+ NOT-FOR-US: Dagu
CVE-2026-33340 (LoLLMs WEBUI provides the Web user interface for Lord of Large Languag ...)
- TODO: check
+ NOT-FOR-US: LoLLMs WEBUI
CVE-2026-33336 (Vikunja is an open-source self-hosted task management platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33335 (Vikunja is an open-source self-hosted task management platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33334 (Vikunja is an open-source self-hosted task management platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33332 (NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGU ...)
- TODO: check
+ NOT-FOR-US: NiceGUI
CVE-2026-33331 (oRPC is an tool that helps build APIs that are end-to-end type-safe an ...)
- TODO: check
+ NOT-FOR-US: oRPC
CVE-2026-33330 (FileRise is a self-hosted web file manager / WebDAV server. Prior to v ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2026-33329 (FileRise is a self-hosted web file manager / WebDAV server. From versi ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2026-33326 (Keystone is a content management system for Node.js. Prior to version ...)
- TODO: check
+ NOT-FOR-US: Keystone CMS
CVE-2026-33323 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-33322 (MinIO is a high-performance object storage system. From RELEASE.2022-1 ...)
TODO: check
CVE-2026-33316 (Vikunja is an open-source self-hosted task management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33315 (Vikunja is an open-source self-hosted task management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33314 (pyLoad is a free and open-source download manager written in Python. P ...)
TODO: check
CVE-2026-33313 (Vikunja is an open-source self-hosted task management platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33311 (DiceBear is an avatar library for designers and developers. Starting i ...)
- TODO: check
+ NOT-FOR-US: DiceBear
CVE-2026-33310 (Intake is a package for finding, investigating, loading and disseminat ...)
- TODO: check
+ NOT-FOR-US: Intake
CVE-2026-33309 (Langflow is a tool for building and deploying AI-powered agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33162 (Craft CMS is a content management system (CMS). From version 5.3.0 to ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33161 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33160 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33159 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33158 (Craft CMS is a content management system (CMS). From version 4.0.0-RC1 ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33157 (Craft CMS is a content management system (CMS). From version 5.6.0 to ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-32948 (sbt is a build tool for Scala, Java, and others. From version 0.9.5 to ...)
TODO: check
CVE-2026-32854 (LibVNCServer versions 0.9.15 and prior (fixed incommit dc78dee) contai ...)
@@ -146,21 +146,21 @@ CVE-2026-32647 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx
CVE-2026-30932 (Froxlor is open source server administration software. Prior to versio ...)
TODO: check
CVE-2026-30662 (ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ConcreteCMS
CVE-2026-30661 (iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: iCMS
CVE-2026-30655 (SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0. ...)
TODO: check
CVE-2026-30653 (An issue in Free5GC v.4.2.0 and before allows a remote attacker to cau ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-2417 (A Missing Authentication for Critical Function vulnerability in Pharos ...)
TODO: check
CVE-2026-29840 (JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: JiZhiCMS
CVE-2026-29839 (DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forger ...)
NOT-FOR-US: DedeCMS
CVE-2026-29772 (Astro is a web framework. Prior to version 10.0.0, Astro's Server Isla ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2026-28755 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_strea ...)
TODO: check
CVE-2026-28753 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_ ...)
@@ -561,7 +561,7 @@ CVE-2026-3138 (The Product Filter for WooCommerce by WBW plugin for WordPress is
CVE-2026-3079 (The LearnDash LMS plugin for WordPress is vulnerable to blind time-bas ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3055 (Insufficient input validation inNetScaler ADC and NetScaler Gateway wh ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2026-33856 (Missing Release of Memory after Effective Lifetime vulnerability in Mo ...)
NOT-FOR-US: MolotovCherry Android-ImageMagick7
CVE-2026-33855 (Integer Overflow or Wraparound vulnerability in MolotovCherry Android- ...)
@@ -605,11 +605,11 @@ CVE-2026-33281 (Ella Core is a 5G core designed for private networks. Versions p
CVE-2026-33252 (The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4. ...)
TODO: check
CVE-2026-33242 (Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a P ...)
- TODO: check
+ NOT-FOR-US: Salvo
CVE-2026-33241 (Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form d ...)
- TODO: check
+ NOT-FOR-US: Salvo
CVE-2026-33211 (Tekton Pipelines project provides k8s-style resources for declaring CI ...)
- TODO: check
+ NOT-FOR-US: Tekton Pipelines project
CVE-2026-33202 (Active Storage allows users to attach cloud and local files in Rails a ...)
TODO: check
CVE-2026-33195 (Active Storage allows users to attach cloud and local files in Rails a ...)
@@ -629,7 +629,7 @@ CVE-2026-33168 (Action View provides conventions and helpers for building web pa
CVE-2026-33167 (Action Pack is a Rubygem for building web applications on the Rails fr ...)
TODO: check
CVE-2026-33046 (Indico is an event management system that uses Flask-Multipass, a mult ...)
- TODO: check
+ NOT-FOR-US: Indico
CVE-2026-32913 (OpenClaw before 2026.3.7 contains an improper header validation vulner ...)
NOT-FOR-US: OpenClaw
CVE-2026-32912
@@ -657,17 +657,17 @@ CVE-2026-32900
CVE-2026-32642 (Incorrect Authorization (CWE-863)vulnerability in Apache Artemis, Apac ...)
TODO: check
CVE-2026-32300 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32299 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32279 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32278 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32277 (Connect-CMS is a content management system. In versions 1.35.0 through ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32276 (Connect-CMS is a content management system. In versions on the 1.x ser ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32066
REJECTED
CVE-2026-32047
@@ -890,19 +890,19 @@ CVE-2026-32850 (MailEnable versions prior to10.55 contain a reflected cross-site
CVE-2026-32845 (cgltf version 1.15 and prior contain an integer overflow vulnerability ...)
NOT-FOR-US: cgltf
CVE-2026-31851 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31850 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 store ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31849 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31848 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 store ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31847 (Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solu ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31846 (An unauthenticated credential disclosure vulnerability in the /goform/ ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-30886 (New API is a large language mode (LLM) gateway and artificial intellig ...)
- TODO: check
+ NOT-FOR-US: New API
CVE-2026-30849 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. Version ...)
TODO: check
CVE-2026-30007 (XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae35648b06a3672ecb274bc18acd45404282db89
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae35648b06a3672ecb274bc18acd45404282db89
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260324/c22433ef/attachment.htm>
More information about the debian-security-tracker-commits
mailing list