[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed May 6 11:46:27 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0bddef55 by Moritz Muehlenhoff at 2026-05-06T12:46:06+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -222,7 +222,7 @@ CVE-2026-7857 (A vulnerability has been found in D-Link DI-8100 16.07.26A1. This
 CVE-2026-7856 (A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an un ...)
 	NOT-FOR-US: D-Link
 CVE-2026-7573 (An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoin ...)
-	TODO: check
+	NOT-FOR-US: Velociraptor
 CVE-2026-7572 (An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUni ...)
 	NOT-FOR-US: Velociraptor
 CVE-2026-5753 (The All-in-One WP Migration Unlimited Extension plugin for WordPress i ...)
@@ -295,7 +295,7 @@ CVE-2026-33489 (CoreDNS is a DNS server that chains plugins. In versions prior t
 CVE-2026-33420 (Vaultwarden is a Bitwarden-compatible server written in Rust. In versi ...)
 	- vaultwarden <itp> (bug #1067023)
 CVE-2026-33324 (SQLBot is an intelligent Text-to-SQL system based on large language mo ...)
-	TODO: check
+	NOT-FOR-US: SQLBot
 CVE-2026-33190 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.14 ...)
 	- coredns <itp> (bug #880676)
 CVE-2026-32936 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.14 ...)
@@ -303,11 +303,11 @@ CVE-2026-32936 (CoreDNS is a DNS server that chains plugins. In versions prior t
 CVE-2026-32934 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.14 ...)
 	- coredns <itp> (bug #880676)
 CVE-2026-32699 (FacturaScripts is an open source accounting and invoicing software. In ...)
-	TODO: check
+	NOT-FOR-US: FacturaScripts
 CVE-2026-32603 (Sandboxie is an open source sandbox-based isolation software for Windo ...)
-	TODO: check
+	NOT-FOR-US: Sandboxie
 CVE-2026-31893 (Tunnelblick is an open source graphic user interface for OpenVPN on ma ...)
-	TODO: check
+	NOT-FOR-US: Tunnelblick
 CVE-2026-2306 (The Ninja Tables \u2013 Easy Data Table Builder plugin for WordPress i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-71256 (In nr modem, there is a possible improper input validation. This could ...)
@@ -323,7 +323,7 @@ CVE-2025-71252 (In Modem IMS, there is a possible improper input validation. Thi
 CVE-2025-71251 (In IMS, there is a possible system crash due to improper input validat ...)
 	NOT-FOR-US: Unisoc
 CVE-2024-52911 (Bitcoin Core through 28.x has a security issue, the details of which a ...)
-	TODO: check
+	- bitcoin <removed>
 CVE-2026-39852 (Quarkus is a Java framework for building cloud-native applications. In ...)
 	NOT-FOR-US: Quarkus
 CVE-2026-28780 (Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HT ...)
@@ -451,7 +451,7 @@ CVE-2026-38428 (Kestra v1.3.3 and before is vulnerable to SQL Injection. The vul
 CVE-2026-36356 (The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MD ...)
 	NOT-FOR-US: MeiG Smart FORGE_SLT711 devices
 CVE-2026-36355 (The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (a ...)
-	TODO: check
+	NOT-FOR-US: Realtek
 CVE-2026-34408 (An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 f ...)
 	NOT-FOR-US: Gambio
 CVE-2026-32689 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
@@ -2539,7 +2539,7 @@ CVE-2026-7512 (A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The a
 CVE-2026-7510 (A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affect ...)
 	NOT-FOR-US: OWAP DefectDojo
 CVE-2026-7508 (A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an ...)
-	TODO: check
+	NOT-FOR-US: Bootstrap CMS
 CVE-2026-7506 (A vulnerability has been found in SourceCodester Hotel Management Syst ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-7505 (A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bddef55d3cf5241d491fe40d681d1b8f828acaf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0bddef55d3cf5241d491fe40d681d1b8f828acaf
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260506/7804ba50/attachment.htm>

More information about the debian-security-tracker-commits mailing list