[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 9 12:26:46 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a938f40e by Salvatore Bonaccorso at 2026-05-09T13:26:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -104,7 +104,7 @@ CVE-2026-42307 (Vim is an open source, command line text editor. Prior to versio
 CVE-2026-42302 (FastGPT is an AI Agent building platform. From version 4.14.10 to befo ...)
 	NOT-FOR-US: FastGPT
 CVE-2026-42301 (pyp2spec generates working Fedora RPM spec file for Python projects. P ...)
-	TODO: check
+	NOT-FOR-US: pyp2spec
 CVE-2026-42298 (Postiz is an AI social media scheduling tool. Prior to commit da44801, ...)
 	NOT-FOR-US: Postiz
 CVE-2026-42297 (Argo Workflows is an open source container-native workflow engine for  ...)
@@ -116,59 +116,59 @@ CVE-2026-42295 (Argo Workflows is an open source container-native workflow engin
 CVE-2026-42294 (Argo Workflows is an open source container-native workflow engine for  ...)
 	NOT-FOR-US: Argo
 CVE-2026-42291 (SysReptor is a fully customizable pentest reporting platform. From ver ...)
-	TODO: check
+	NOT-FOR-US: SysReptor
 CVE-2026-42287 (Emlog is an open source website building system. Prior to version 2.6. ...)
 	NOT-FOR-US: Emlog
 CVE-2026-42286 (Emlog is an open source website building system. Prior to version 2.6. ...)
 	NOT-FOR-US: Emlog
 CVE-2026-42282 (n8n-MCP is an MCP server that provides AI assistants access to n8n nod ...)
-	TODO: check
+	NOT-FOR-US: n8n-MCP
 CVE-2026-42224 (ipl/web is a set of common web components for php projects. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: ipl/web
 CVE-2026-42213 (SolidCAM-GPPL-IDE is an unofficial, independently developed extension, ...)
-	TODO: check
+	NOT-FOR-US: SolidCAM-GPPL-IDE
 CVE-2026-42212 (SolidCAM-GPPL-IDE is an unofficial, independently developed extension, ...)
-	TODO: check
+	NOT-FOR-US: SolidCAM-GPPL-IDE
 CVE-2026-42209 (FlashMQ is a MQTT broker/server, designed for multi-CPU environments.  ...)
-	TODO: check
+	NOT-FOR-US: FlashMQ
 CVE-2026-42206 (Roadiz is a polymorphic content management system based on a node syst ...)
-	TODO: check
+	NOT-FOR-US: Roadiz
 CVE-2026-42205 (Avo is a framework to create admin panels for Ruby on Rails apps. Prio ...)
-	TODO: check
+	NOT-FOR-US: Avo
 CVE-2026-42202 (nova-toggle-5 enables fliping booleans in the index. Prior to version  ...)
-	TODO: check
+	NOT-FOR-US: nova-toggle-5
 CVE-2026-42199 (Grid is a data structure grid for rust. From version 0.17.0 to before  ...)
 	TODO: check
 CVE-2026-42195 (draw.io is a configurable diagramming and whiteboarding application. P ...)
-	TODO: check
+	NOT-FOR-US: jgraph/drawio
 CVE-2026-42193 (Plunk is an open-source email platform built on top of AWS SES. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Plunk
 CVE-2026-42192 (Plunk is an open-source email platform built on top of AWS SES. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Plunk
 CVE-2026-42190 (RedwoodSDK is a server-first React framework. From version 1.0.0-beta. ...)
-	TODO: check
+	NOT-FOR-US: RedwoodSDK
 CVE-2026-42189 (Russh is a Rust SSH client & server library. Prior to version 0.60.1,  ...)
-	TODO: check
+	NOT-FOR-US: Russh
 CVE-2026-42185 (People is an application to handle users and teams, and distribute per ...)
 	TODO: check
 CVE-2026-42183 (Argo Workflows is an open source container-native workflow engine for  ...)
-	TODO: check
+	NOT-FOR-US: Argo
 CVE-2026-42181 (Lemmy is a link aggregator and forum for the fediverse. Prior to versi ...)
-	TODO: check
+	NOT-FOR-US: Lemmy
 CVE-2026-42180 (Lemmy is a link aggregator and forum for the fediverse. Prior to versi ...)
-	TODO: check
+	NOT-FOR-US: Lemmy
 CVE-2026-42176 (Scoold is a Q&A and a knowledge sharing platform for teams. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Scoold
 CVE-2026-42174 (Kirby is an open-source content management system. Prior to versions 4 ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2026-42160 (Data Space Portal is an open-source Software as a Service (SaaS) solut ...)
-	TODO: check
+	NOT-FOR-US: Data Space Portal
 CVE-2026-42137 (Kirby is an open-source content management system. Prior to versions 4 ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2026-42069 (Kirby is an open-source content management system. Prior to versions 4 ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2026-42051 (Kirby is an open-source content management system. Prior to versions 4 ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2026-41705 (Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnera ...)
 	NOT-FOR-US: VMware
 CVE-2026-41520 (Cilium is a networking, observability, and security solution with an e ...)
@@ -176,13 +176,13 @@ CVE-2026-41520 (Cilium is a networking, observability, and security solution wit
 CVE-2026-41517 (Emlog is an open source website building system. Prior to version 2.6. ...)
 	NOT-FOR-US: Emlog
 CVE-2026-41495 (n8n-MCP is an MCP server that provides AI assistants access to n8n nod ...)
-	TODO: check
+	NOT-FOR-US: n8n-MCP
 CVE-2026-41486 (Ray is an AI compute engine. From version 2.54.0 to before version 2.5 ...)
-	TODO: check
+	NOT-FOR-US: Ray
 CVE-2026-41432 (New API is a large language mode (LLM) gateway and artificial intellig ...)
-	TODO: check
+	NOT-FOR-US: New API
 CVE-2026-41311 (LiquidJS is a Shopify / GitHub Pages compatible template engine in pur ...)
-	TODO: check
+	NOT-FOR-US: LiquidJS
 CVE-2025-15634 (A missing authorization vulnerability in HCL BigFix WebUI allows an au ...)
 	NOT-FOR-US: HCL
 CVE-2025-15633 (An improper authorization vulnerability in HCL BigFix WebUI allows an  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a938f40ea13fe541d8f9d8be73bed695533c25b4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a938f40ea13fe541d8f9d8be73bed695533c25b4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260509/ee02e369/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list