[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 8 09:23:38 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
df01d4bb by Moritz Muehlenhoff at 2026-05-08T10:17:57+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,6 @@ CVE-2026-7258
 	NOTE: https://github.com/php/php-src/commit/dc9e21b81c143faa9677bb0cf157e83960a24d0d
 	NOTE: https://github.com/php/php-src/commit/398b7dabfbd2e8f4f4ed2065dbcf3e3794e8ca47
 	NOTE: https://github.com/php/php-src/commit/a38418777f65780d9d622197677e90567690fc07
-	NOTE: https://github.com/php/php-src/commit/
 CVE-2026-7568
 	- php8.4 <unfixed>
 	- php8.2 <removed>
@@ -65,7 +64,7 @@ CVE-2026-7263
 CVE-2026-8149 (A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on  ...)
 	TODO: check
 CVE-2026-8148 (NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local atta ...)
-	TODO: check
+	NOT-FOR-US: NAVER MYBOX Explorer for Windows
 CVE-2026-8142 (VINCE versions 3.0.38 and earlier do not properly verify the From addr ...)
 	TODO: check
 CVE-2026-8138 (A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affec ...)
@@ -75,7 +74,7 @@ CVE-2026-8137 (A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20
 CVE-2026-8136 (A flaw has been found in SourceCodester Pharmacy Sales and Inventory S ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-8133 (A security vulnerability has been detected in zyx0814 FilePress up to  ...)
-	TODO: check
+	NOT-FOR-US: Filepress
 CVE-2026-8132 (A weakness has been identified in CodeAstro Leave Management System 1. ...)
 	NOT-FOR-US: CodeAstro
 CVE-2026-8131 (A security flaw has been discovered in SourceCodester SUP Online Shopp ...)
@@ -87,7 +86,7 @@ CVE-2026-8129 (A vulnerability was determined in SourceCodester SUP Online Shopp
 CVE-2026-8128 (A vulnerability was found in SourceCodester SUP Online Shopping 1.0. T ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-8127 (A vulnerability has been found in eladmin up to 2.7. Impacted is the f ...)
-	TODO: check
+	NOT-FOR-US: eladmin
 CVE-2026-8126 (A flaw has been found in SourceCodester Comment System 1.0. This issue ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-8125 (A vulnerability was detected in code-projects Simple Chat System 1.0.  ...)
@@ -175,25 +174,25 @@ CVE-2026-42279 (solidtime is an open-source time-tracking app. In version 0.12.0
 CVE-2026-42278 (UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6e ...)
 	TODO: check
 CVE-2026-42277 (Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, an ...)
-	TODO: check
+	NOT-FOR-US: Onyx
 CVE-2026-42276 (Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, an ...)
-	TODO: check
+	NOT-FOR-US: Onyx
 CVE-2026-42275 (zrok is software for sharing web services, files, and network resource ...)
 	TODO: check
 CVE-2026-42274 (Heimdall is a cloud native Identity Aware Proxy and Access Control Dec ...)
-	TODO: check
+	NOT-FOR-US: Heimdall
 CVE-2026-42273 (Heimdall is a cloud native Identity Aware Proxy and Access Control Dec ...)
-	TODO: check
+	NOT-FOR-US: Heimdall
 CVE-2026-42272 (Heimdall is a cloud native Identity Aware Proxy and Access Control Dec ...)
-	TODO: check
+	NOT-FOR-US: Heimdall
 CVE-2026-42271 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or  ...)
-	TODO: check
+	NOT-FOR-US: LiteLLM
 CVE-2026-42267 (Kimai is an open-source time tracking application. From version 2.27.0 ...)
-	TODO: check
+	NOT-FOR-US: Kimai
 CVE-2026-42264 (Axios is a promise based HTTP client for the browser and Node.js. From ...)
 	TODO: check
 CVE-2026-42261 (PromptHub is an all-in-one AI toolbox for prompt, skill, and agent man ...)
-	TODO: check
+	NOT-FOR-US: PromptHub
 CVE-2026-42259 (Saltcorn is an extensible, open source, no-code database application b ...)
 	TODO: check
 CVE-2026-42241 (ParquetSharp is a .NET library for reading and writing Apache Parquet  ...)
@@ -203,31 +202,31 @@ CVE-2026-42239 (Budibase is an open-source low-code platform. Prior to version 3
 CVE-2026-42225 (PJSIP is a free and open source multimedia communication library writt ...)
 	TODO: check
 CVE-2026-42203 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or  ...)
-	TODO: check
+	NOT-FOR-US: LiteLLM
 CVE-2026-42150 (wlc is a Weblate command-line client using Weblate's REST API. Prior t ...)
 	TODO: check
 CVE-2026-42047 (Inngest is a platform for running event-driven and scheduled backgroun ...)
 	NOT-FOR-US: Next.js
 CVE-2026-41929 (Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site  ...)
-	TODO: check
+	NOT-FOR-US: Vvveb CMS
 CVE-2026-41928 (Vvveb before 1.0.8.2 contains an information disclosure vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Vvveb CMS
 CVE-2026-41900 (OpenLearnX is an open-source, decentralized learning and assessment pl ...)
-	TODO: check
+	NOT-FOR-US: OpenLearnX
 CVE-2026-41692 (i18nextify is a JavaScript library that adds website internationalizat ...)
 	TODO: check
 CVE-2026-41691 (Copilot said: i18nextify is a JavaScript library that adds i18nextify  ...)
 	TODO: check
 CVE-2026-41646 (Nuclei is a vulnerability scanner built on a simple YAML-based DSL. Fr ...)
-	TODO: check
+	NOT-FOR-US: Nuclei
 CVE-2026-41645 (Nuclei is a vulnerability scanner built on a simple YAML-based DSL. Fr ...)
-	TODO: check
+	NOT-FOR-US: Nuclei
 CVE-2026-41501 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
-	TODO: check
+	NOT-FOR-US: electerm
 CVE-2026-41500 (electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
-	TODO: check
+	NOT-FOR-US: electerm
 CVE-2026-41498 (Kimai is an open-source time tracking application. Prior to version 2. ...)
-	TODO: check
+	NOT-FOR-US: Kimai
 CVE-2026-41105 (Server-side request forgery (ssrf) in Azure Notification Service allow ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-40214 (In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API d ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df01d4bb727cd385dd679333b9725a481eaa9339

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df01d4bb727cd385dd679333b9725a481eaa9339
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/2cde3666/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list