[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu May 7 22:20:18 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ae7336f by Moritz Muehlenhoff at 2026-05-07T23:18:33+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34,9 +34,9 @@ CVE-2026-8084 (A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. T
 CVE-2026-8083 (A vulnerability was found in SourceCodester Pharmacy Sales and Invento ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-8081 (A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Af ...)
-	TODO: check
+	NOT-FOR-US: CLIProxyAPI
 CVE-2026-8080 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-7821 (Improper certificate validation in Ivanti EPMM beforeversions 12.6.1.1 ...)
 	NOT-FOR-US: Ivanti
 CVE-2026-7415 (The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to all ...)
@@ -48,15 +48,15 @@ CVE-2026-7413 (A hidden, persistent backdoor was found in Yarbo firmware v2.3.9
 CVE-2026-6973 (An Improper Input Validation in Ivanti EPMMbeforeversions 12.6.1.1, 12 ...)
 	NOT-FOR-US: Ivanti
 CVE-2026-6805 (Vulnerability on the external sharing feature in Cryptobox allows an a ...)
-	TODO: check
+	NOT-FOR-US: Cryptobox
 CVE-2026-6795 (URL redirection to untrusted site ('open redirect') vulnerability in D ...)
 	NOT-FOR-US: DivvyDrive
 CVE-2026-6508 (Origin Validation Error vulnerability in TUBITAK BILGEM Software Techn ...)
 	NOT-FOR-US: TUBITAK
 CVE-2026-6002 (Improper neutralization of Script-Related HTML tags in a web page (bas ...)
-	TODO: check
+	NOT-FOR-US: DivvyDrive
 CVE-2026-5791 (Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Informat ...)
-	TODO: check
+	NOT-FOR-US: DivvyDrive
 CVE-2026-5788 (An Improper Access Control in Ivanti EPMM beforeversions 12.6.1.1, 12. ...)
 	NOT-FOR-US: Ivanti
 CVE-2026-5787 (An Improper Certificate Validation in Ivanti EPMM before versions 12.6 ...)
@@ -64,7 +64,7 @@ CVE-2026-5787 (An Improper Certificate Validation in Ivanti EPMM before versions
 CVE-2026-5786 (An Improper Access Control vulnerability in Ivanti EPMM before version ...)
 	NOT-FOR-US: Ivanti
 CVE-2026-5784 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: DivvyDrive
 CVE-2026-44742 (Postorius through 1.3.13 does not escape HTML in the message subject w ...)
 	TODO: check
 CVE-2026-44407 (A remote denial-of-service vulnerability exists in the ZTE Cloud PC cl ...)
@@ -72,7 +72,7 @@ CVE-2026-44407 (A remote denial-of-service vulnerability exists in the ZTE Cloud
 CVE-2026-44406 (ZTE Cloud PC clientuSmartView contains a DLL hijacking vulnerability;  ...)
 	NOT-FOR-US: ZTE
 CVE-2026-44349 (Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, pr ...)
-	TODO: check
+	NOT-FOR-US: Daptin
 CVE-2026-44264 (Weblate is a web based localization tool. Prior to version 5.17.1, the ...)
 	- weblate <itp> (bug #745661)
 CVE-2026-44263 (Weblate is a web based localization tool. Prior to version 5.17.1, the ...)
@@ -102,19 +102,19 @@ CVE-2026-41688 (Wallos is an open-source, self-hostable personal subscription tr
 CVE-2026-41687 (Wallos is an open-source, self-hostable personal subscription tracker. ...)
 	NOT-FOR-US: Wallos
 CVE-2026-41654 (Weblate is a web based localization tool. Prior to version 5.17.1, an  ...)
-	TODO: check
+	- weblate <itp> (bug #745661)
 CVE-2026-41653 (BentoPDF is a client-side PDF toolkit that is self hostable. Prior to  ...)
-	TODO: check
+	NOT-FOR-US: BentoPDF
 CVE-2026-41650 (fast-xml-parser allows users to process XML from JS object without C/C ...)
 	TODO: check
 CVE-2026-41644 (monetr is a budgeting application for recurring expenses. Prior to ver ...)
-	TODO: check
+	NOT-FOR-US: monetr
 CVE-2026-41643 (GoBGP is an open source Border Gateway Protocol (BGP) implementation i ...)
 	TODO: check
 CVE-2026-41642 (GoBGP is an open source Border Gateway Protocol (BGP) implementation i ...)
 	TODO: check
 CVE-2026-41589 (Wish is an SSH server with defaults and a collection of middlewares. F ...)
-	TODO: check
+	NOT-FOR-US: Wish SSH
 CVE-2026-41554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-41519 (Weblate is a web based localization tool. Prior to version 5.17.1, whe ...)
@@ -124,9 +124,9 @@ CVE-2026-41505 (RELATE is a web-based courseware package. Prior to commit 2f68e1
 CVE-2026-41490 (Dagster is an orchestration platform for the development, production,  ...)
 	NOT-FOR-US: Dagster
 CVE-2026-41422 (Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.4, th ...)
-	TODO: check
+	NOT-FOR-US: Daptin
 CVE-2026-3953 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: Proticaret E-Commerce
 CVE-2026-37709 (Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2026-36458 (ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content par ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ae7336f9fdd4ff2dac9b1fd75d28a445a81c58a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ae7336f9fdd4ff2dac9b1fd75d28a445a81c58a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260507/0b46b347/attachment.htm>

More information about the debian-security-tracker-commits mailing list