[Git][security-tracker-team/security-tracker][master] Process some new NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 6 08:29:09 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e2c2535 by Salvatore Bonaccorso at 2026-05-06T09:28:35+02:00
Process some new NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2026-7856 (A flaw has been found in D-Link DI-8100 16.07.26A1. This affects
 CVE-2026-7573 (An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoin ...)
 	TODO: check
 CVE-2026-7572 (An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUni ...)
-	TODO: check
+	NOT-FOR-US: Velociraptor
 CVE-2026-5753 (The All-in-One WP Migration Unlimited Extension plugin for WordPress i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-44405 (In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 a ...)
@@ -16,55 +16,55 @@ CVE-2026-44331 (In ProFTPD through 1.3.9a before 7666224, a SQL injection vulner
 	NOTE: https://github.com/proftpd/proftpd/issues/2057
 	NOTE: https://github.com/proftpd/proftpd/commit/766622456440fbca33abd7927c523673a11d1ed1
 CVE-2026-41950 (Dify before version 1.14.0 contains an authorization bypass vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2026-40934 (Jupyter Server is the backend for Jupyter web applications. In version ...)
 	TODO: check
 CVE-2026-40331 (Masa CMS is an open source content management system. In versions 7.2. ...)
-	TODO: check
+	NOT-FOR-US: Masa CMS
 CVE-2026-40330 (Masa CMS is an open source content management system. In versions 7.2. ...)
-	TODO: check
+	NOT-FOR-US: Masa CMS
 CVE-2026-40329 (Masa CMS is an open source content management system. In versions 7.5. ...)
-	TODO: check
+	NOT-FOR-US: Masa CMS
 CVE-2026-40280 (Gotenberg is an API-based document conversion tool. In versions 8.30.1 ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-40110 (Jupyter Server is the backend for Jupyter web applications. In version ...)
 	TODO: check
 CVE-2026-40075 (OpenMRS Core is an open source electronic medical record system platfo ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2026-40068 (In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust det ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2026-3208 (The Mercado Pago payments for WooCommerce plugin for WordPress is vuln ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-39849 (Pi-hole FTL is the core engine of the Pi-hole network-level advertisem ...)
-	TODO: check
+	NOT-FOR-US: Pi-Hole
 CVE-2026-39383 (Gotenberg is an API-based document conversion tool. In version 8.29.1, ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-38947 (FluentCMS 1.2.3 is vulnerable to Cross Site Scripting (XSS) in TextHTM ...)
-	TODO: check
+	NOT-FOR-US: FluentCMS
 CVE-2026-35579 (CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, th ...)
 	TODO: check
 CVE-2026-35453 (PhpSpreadsheet is a library for reading and writing spreadsheet files. ...)
-	TODO: check
+	NOT-FOR-US: PhpSpreadsheet
 CVE-2026-35397 (Jupyter Server is the backend for Jupyter web applications. In version ...)
 	TODO: check
 CVE-2026-34596 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie-Plus
 CVE-2026-34527 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie-Plus
 CVE-2026-34464 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie-Plus
 CVE-2026-34462 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie-Plus
 CVE-2026-34461 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie-Plus
 CVE-2026-34459 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie-Plus
 CVE-2026-34458 (Sandboxie-Plus is an open source sandbox-based isolation software for  ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie-Plus
 CVE-2026-34084 (PhpSpreadsheet is a library for reading and writing spreadsheet files. ...)
-	TODO: check
+	NOT-FOR-US: PhpSpreadsheet
 CVE-2026-33975 (Twenty is an open source CRM built with NestJS (Node.js). In versions  ...)
-	TODO: check
+	NOT-FOR-US: Twenty CRM
 CVE-2026-33489 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.14 ...)
 	TODO: check
 CVE-2026-33420 (Vaultwarden is a Bitwarden-compatible server written in Rust. In versi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e2c2535e404620fe7852aadebfe849e4c2273fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e2c2535e404620fe7852aadebfe849e4c2273fd
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260506/0d76d349/attachment.htm>

More information about the debian-security-tracker-commits mailing list