[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 28 08:27:28 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16fade5a by Salvatore Bonaccorso at 2026-03-28T09:27:06+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2026-5027 (The 'POST /api/v2/files' endpoint does not sanitize the 'filename' par ...)
-	TODO: check
+	NOT-FOR-US: langflow
 CVE-2026-5026 (The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG f ...)
-	TODO: check
+	NOT-FOR-US: langflow
 CVE-2026-5025 (The '/logs' and '/logs-stream' endpoints in the log router allow any a ...)
-	TODO: check
+	NOT-FOR-US: langflow
 CVE-2026-5022 (The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enf ...)
-	TODO: check
+	NOT-FOR-US: langflow
 CVE-2026-5010 (A reflected Cross-Site Scripting (XSS) vulnerability has been discover ...)
-	TODO: check
+	NOT-FOR-US: Clickedu
 CVE-2026-4992 (A flaw has been found in wandb OpenUI up to 1.0. This affects the func ...)
-	TODO: check
+	NOT-FOR-US: wandb OpenUI
 CVE-2026-4991 (A vulnerability was detected in QDOCS Smart School Management System u ...)
-	TODO: check
+	NOT-FOR-US: QDOCS Smart School Management System
 CVE-2026-4990 (A security vulnerability has been detected in chatwoot up to 4.11.1. T ...)
-	TODO: check
+	NOT-FOR-US: chatwoot
 CVE-2026-4988 (A security flaw has been discovered in Open5GS 2.7.6. This issue affec ...)
 	TODO: check
 CVE-2026-4987 (The SureForms \u2013 Contact Form, Payment Form & Other Custom Form Bu ...)
@@ -21,7 +21,7 @@ CVE-2026-4987 (The SureForms \u2013 Contact Form, Payment Form & Other Custom Fo
 CVE-2026-4985 (A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulner ...)
 	TODO: check
 CVE-2026-4984 (The Twilio integration webhook handler accepts any POST request withou ...)
-	TODO: check
+	NOT-FOR-US: botpress
 CVE-2026-4982 (A user with permission "update world" in any Venueless world is able t ...)
 	NOT-FOR-US: rami.io products
 CVE-2026-4980 (A local file disclosure vulnerability in the XInclude processing compo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16fade5a87322aa54249fef65bd917928c918190

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16fade5a87322aa54249fef65bd917928c918190
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/6a1ace1b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list