[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 26 21:34:21 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
93c0c8ea by Salvatore Bonaccorso at 2026-03-26T22:31:10+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -24,19 +24,19 @@ CVE-2026-4867 (Impact: A bad regular expression is generated any time you have
- node-path-to-regexp <unfixed>
NOTE: https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2
CVE-2026-4862 (A security vulnerability has been detected in UTT HiPER 1250GW up to 3 ...)
- TODO: check
+ NOT-FOR-US: UTT
CVE-2026-4861 (A weakness has been identified in Wavlink WL-NU516U1 260227. This vuln ...)
NOT-FOR-US: Wavlink
CVE-2026-4860 (A security flaw has been discovered in 648540858 wvp-GB28181-pro up to ...)
- TODO: check
+ NOT-FOR-US: 648540858 wvp-GB28181-pro
CVE-2026-4809 (plank/laravel-mediable through version 6.4.0 can allow upload of a dan ...)
- TODO: check
+ NOT-FOR-US: plank/laravel-mediable
CVE-2026-4274 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...)
TODO: check
CVE-2026-4263 (Vulnerability of incorrect authorization inHiJiffy Chatbot allows an a ...)
- TODO: check
+ NOT-FOR-US: HiJiffy Chatbot
CVE-2026-4262 (Vulnerability of incorrect authorization inHiJiffy Chatbot allows an a ...)
- TODO: check
+ NOT-FOR-US: HiJiffy Chatbot
CVE-2026-3116 (Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fai ...)
TODO: check
CVE-2026-3115 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...)
@@ -52,13 +52,13 @@ CVE-2026-3109 (Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate we
CVE-2026-3108 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...)
TODO: check
CVE-2026-34071 (Stirling-PDF is a locally hosted web application that allows you to pe ...)
- TODO: check
+ NOT-FOR-US: Stirling-PDF
CVE-2026-33732 (srvx is a universal server based on web standards. Prior to version 0. ...)
- TODO: check
+ NOT-FOR-US: srvx
CVE-2026-33632 (ClearanceKit intercepts file-system access events on macOS and enforce ...)
- TODO: check
+ NOT-FOR-US: ClearanceKit
CVE-2026-33631 (ClearanceKit intercepts file-system access events on macOS and enforce ...)
- TODO: check
+ NOT-FOR-US: ClearanceKit
CVE-2026-33536 (ImageMagick is free and open-source software used for editing and mani ...)
TODO: check
CVE-2026-33535 (ImageMagick is free and open-source software used for editing and mani ...)
@@ -66,79 +66,79 @@ CVE-2026-33535 (ImageMagick is free and open-source software used for editing an
CVE-2026-33532 (`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML ...)
TODO: check
CVE-2026-33531 (InvenTree is an Open Source Inventory Management System. Prior to vers ...)
- TODO: check
+ NOT-FOR-US: InvenTree
CVE-2026-33530 (InvenTree is an Open Source Inventory Management System. Prior to vers ...)
- TODO: check
+ NOT-FOR-US: InvenTree
CVE-2026-33529 (Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Pr ...)
- TODO: check
+ NOT-FOR-US: Zoraxy
CVE-2026-33528 (GoDoxy is a reverse proxy and container orchestrator for self-hosters. ...)
- TODO: check
+ NOT-FOR-US: GoDoxy
CVE-2026-33525 (Authelia is an open-source authentication and authorization server pro ...)
- TODO: check
+ NOT-FOR-US: Authelia
CVE-2026-33506 (Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML ...)
- TODO: check
+ NOT-FOR-US: Ory Polis
CVE-2026-33505 (Ory Keto is am open source authorization server for managing permissio ...)
- TODO: check
+ NOT-FOR-US: Ory Keto
CVE-2026-33504 (Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to ...)
- TODO: check
+ NOT-FOR-US: Ory Hydra
CVE-2026-33503 (Ory Kratos is an identity, user management and authentication system f ...)
- TODO: check
+ NOT-FOR-US: Ory Kratos
CVE-2026-33496 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control ...)
- TODO: check
+ NOT-FOR-US: ORY Oathkeeper
CVE-2026-33495 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control ...)
- TODO: check
+ NOT-FOR-US: ORY Oathkeeper
CVE-2026-33494 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control ...)
- TODO: check
+ NOT-FOR-US: ORY Oathkeeper
CVE-2026-33491 (Zen C is a systems programming language that compiles to human-readabl ...)
TODO: check
CVE-2026-33490 (H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc ...)
- TODO: check
+ NOT-FOR-US: H3
CVE-2026-33487 (goxmlsig provides XML Digital Signatures implemented in Go. Prior to v ...)
TODO: check
CVE-2026-33486 (Roadiz is a polymorphic content management system based on a node syst ...)
- TODO: check
+ NOT-FOR-US: Roadiz
CVE-2026-33481 (Syft is a a CLI tool and Go library for generating a Software Bill of ...)
TODO: check
CVE-2026-33477 (FileRise is a self-hosted web-based file manager with multi-file uploa ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2026-33470 (Frigate is a network video recorder (NVR) with realtime local object d ...)
- TODO: check
+ NOT-FOR-US: Frigate
CVE-2026-33469 (Frigate is a network video recorder (NVR) with realtime local object d ...)
- TODO: check
+ NOT-FOR-US: Frigate
CVE-2026-33468 (Kysely is a type-safe TypeScript SQL query builder. Prior to version 0 ...)
- TODO: check
+ NOT-FOR-US: Kysely
CVE-2026-33442 (Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.1 ...)
- TODO: check
+ NOT-FOR-US: Kysely
CVE-2026-33438 (Stirling-PDF is a locally hosted web application that allows you to pe ...)
- TODO: check
+ NOT-FOR-US: Stirling-PDF
CVE-2026-33430 (Briefcase is a tool for converting a Python project into a standalone ...)
- TODO: check
+ NOT-FOR-US: Briefcase
CVE-2026-33413 (etcd is a distributed key-value store for the data of a distributed sy ...)
TODO: check
CVE-2026-33402 (Sakai is a Collaboration and Learning Environment (CLE). In versions 2 ...)
- TODO: check
+ NOT-FOR-US: Sakai
CVE-2026-33397 (The Angular SSR is a server-rise rendering tool for Angular applicatio ...)
TODO: check
CVE-2026-33396 (OneUptime is an open-source monitoring and observability platform. Pri ...)
- TODO: check
+ NOT-FOR-US: OneUptime
CVE-2026-33343 (etcd is a distributed key-value store for the data of a distributed sy ...)
TODO: check
CVE-2026-33153 (Tandoor Recipes is an application for managing recipes, planning meals ...)
- TODO: check
+ NOT-FOR-US: Tandoor Recipes
CVE-2026-33152 (Tandoor Recipes is an application for managing recipes, planning meals ...)
- TODO: check
+ NOT-FOR-US: Tandoor Recipes
CVE-2026-33149 (Tandoor Recipes is an application for managing recipes, planning meals ...)
- TODO: check
+ NOT-FOR-US: Tandoor Recipes
CVE-2026-33148 (Tandoor Recipes is an application for managing recipes, planning meals ...)
- TODO: check
+ NOT-FOR-US: Tandoor Recipes
CVE-2026-33015 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2026-33014 (EVerest is an EV charging software stack. Prior to version 2026.02.0, ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2026-33009 (EVerest is an EV charging software stack. Versions prior to 2026.02.0 ...)
- TODO: check
+ NOT-FOR-US: EVerest
CVE-2026-32857 (Firecrawl version 2.8.0 and prior contain a server-side request forger ...)
- TODO: check
+ NOT-FOR-US: Firecrawl
CVE-2026-32846 (OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path t ...)
NOT-FOR-US: OpenClaw
CVE-2026-32287 (Boolean XPath expressions that evaluate to true can cause an infinite ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93c0c8ea0a948c768b78ec2826063c56b8a9ed66
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93c0c8ea0a948c768b78ec2826063c56b8a9ed66
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260326/42ffa37c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list