[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon May 11 20:24:33 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03c746ff by Moritz Muehlenhoff at 2026-05-11T21:24:25+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39,7 +39,7 @@ CVE-2026-6956 (ATutor is vulnerable to Reflected XSS in/install/install.php endp
 CVE-2026-6909 (ATutor is vulnerable to Reflected XSS in/install/upgrade.php endpoint. ...)
 	NOT-FOR-US: ATutor
 CVE-2026-6815 (An arbitrary file write vulnerability exists in Casdoor's Local File S ...)
-	TODO: check
+	NOT-FOR-US: Casdoor
 CVE-2026-6093 (Corteza contains a SQL injection vulnerability in its Microsoft SQL Se ...)
 	NOT-FOR-US: Corteza
 CVE-2026-4802 (A flaw was found in Cockpit. This vulnerability allows a remote attack ...)
@@ -47,9 +47,9 @@ CVE-2026-4802 (A flaw was found in Cockpit. This vulnerability allows a remote a
 CVE-2026-45224 (Crabbox before 0.9.0 contains a path traversal vulnerability in the Is ...)
 	NOT-FOR-US: Crabbox
 CVE-2026-45223 (Crabbox before 0.9.0 contains an authentication bypass vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Crabbox
 CVE-2026-45222 (Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates th ...)
-	TODO: check
+	NOT-FOR-US: Summarize
 CVE-2026-45006 (OpenClaw before 2026.4.23 contains an improper access control vulnerab ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-45005 (OpenClaw before 2026.4.23 caches resolved webhook route secrets backed ...)
@@ -85,31 +85,31 @@ CVE-2026-44991 (OpenClaw before 2026.4.21 contains an authorization bypass vulne
 CVE-2026-44777 (jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordi ...)
 	TODO: check
 CVE-2026-44738 (Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandb ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2026-44737 (grav-plugin-admin is the admin plugin for Grav is an HTML user interfa ...)
-	TODO: check
+	NOT-FOR-US: Grav plugi
 CVE-2026-44659 (Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser inc ...)
-	TODO: check
+	NOT-FOR-US: Zen
 CVE-2026-44658 (Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs enter ...)
-	TODO: check
+	NOT-FOR-US: Zen
 CVE-2026-44643 (Angular Expressions provides expressions for the Angular.JS web framew ...)
 	TODO: check
 CVE-2026-44413 (In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users coul ...)
 	NOT-FOR-US: JetBrains
 CVE-2026-44226 (pyLoad is a free and open-source download manager written in Python. P ...)
-	TODO: check
+	- pyload <itp> (bug #1001980)
 CVE-2026-44201 (Wagtail is an open source content management system built on Django. P ...)
-	TODO: check
+	NOT-FOR-US: Wagtail CMS
 CVE-2026-44200 (Wagtail is an open source content management system built on Django. P ...)
-	TODO: check
+	NOT-FOR-US: Wagtail CMS
 CVE-2026-44199 (Wagtail is an open source content management system built on Django. P ...)
-	TODO: check
+	NOT-FOR-US: Wagtail CMS
 CVE-2026-44198 (Wagtail is an open source content management system built on Django. P ...)
-	TODO: check
+	NOT-FOR-US: Wagtail CMS
 CVE-2026-44197 (Wagtail is an open source content management system built on Django. P ...)
-	TODO: check
+	NOT-FOR-US: Wagtail CMS
 CVE-2026-43995 (Flowise is a drag & drop user interface to build a customized large la ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2026-43969 (Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerabi ...)
 	TODO: check
 CVE-2026-43968 (Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerabi ...)
@@ -126,51 +126,51 @@ CVE-2026-43894 (jq is a command-line JSON processor. In 1.8.1 and earlier, when
 CVE-2026-43826 (The OpenSearch logging provider, when configured with a `host` URL tha ...)
 	TODO: check
 CVE-2026-43640 (Bitwarden Server prior to v2026.4.1 does not require master-password r ...)
-	TODO: check
+	NOT-FOR-US: Bitwarden
 CVE-2026-43639 (Bitwarden Server prior to v2026.4.0 contains a missing authorization v ...)
-	TODO: check
+	NOT-FOR-US: Bitwarden
 CVE-2026-43638 (Bitwarden Server prior to v2026.4.1 contains a missing authorization v ...)
-	TODO: check
+	NOT-FOR-US: Bitwarden
 CVE-2026-42871 (WeGIA is a web manager for charitable institutions. In versions prior  ...)
 	NOT-FOR-US: WeGIA
 CVE-2026-42866 (Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix ...)
 	TODO: check
 CVE-2026-42865 (Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the ...)
-	TODO: check
+	NOT-FOR-US: Inbox Zero
 CVE-2026-42864 (FireFighter is an incident management application. Prior to 0.0.54, th ...)
-	TODO: check
+	NOT-FOR-US: FireFighter
 CVE-2026-42860 (The Open edx Enterprise Service app provides enterprise features to th ...)
 	TODO: check
 CVE-2026-42859 (Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication ...)
 	TODO: check
 CVE-2026-42858 (Open edX Platform enables the authoring and delivery of online learnin ...)
-	TODO: check
+	NOT-FOR-US: Open edX Platform
 CVE-2026-42857 (Open edX Platform enables the authoring and delivery of online learnin ...)
-	TODO: check
+	NOT-FOR-US: Open edX Platform
 CVE-2026-42856 (Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to  ...)
-	TODO: check
+	NOT-FOR-US: Network-AI
 CVE-2026-42845 (The form plugin for Grav adds the ability to create and use forms. Pri ...)
-	TODO: check
+	NOT-FOR-US: Grav plugin
 CVE-2026-42843 (Grav API Plugin is a RESTful API for Grav CMS that provides full headl ...)
-	TODO: check
+	NOT-FOR-US: Grav plugin
 CVE-2026-42842 (The form plugin for Grav adds the ability to create and use forms. Pri ...)
-	TODO: check
+	NOT-FOR-US: Grav plugin
 CVE-2026-42841 (Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authentic ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2026-42613 (Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::r ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2026-42612 (Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cro ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2026-42611 (Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privil ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2026-42610 (Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privil ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2026-42609 (Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business l ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2026-42608 (Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a P ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2026-42607 (Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authentic ...)
-	TODO: check
+	NOT-FOR-US: Grav CMS
 CVE-2026-42603 (OWASP BLT is a QA testing and vulnerability disclosure platform that e ...)
 	TODO: check
 CVE-2026-42349 (Clerk JavaScript is the official JavaScript repository for Clerk authe ...)
@@ -178,13 +178,13 @@ CVE-2026-42349 (Clerk JavaScript is the official JavaScript repository for Clerk
 CVE-2026-42316 (kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft  ...)
 	TODO: check
 CVE-2026-42315 (pyLoad is a free and open-source download manager written in Python. P ...)
-	TODO: check
+	- pyload <itp> (bug #1001980)
 CVE-2026-42314 (pyLoad is a free and open-source download manager written in Python. P ...)
-	TODO: check
+	- pyload <itp> (bug #1001980)
 CVE-2026-42313 (pyLoad is a free and open-source download manager written in Python. P ...)
-	TODO: check
+	- pyload <itp> (bug #1001980)
 CVE-2026-42312 (pyLoad is a free and open-source download manager written in Python. P ...)
-	TODO: check
+	- pyload <itp> (bug #1001980)
 CVE-2026-41951 (Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which ...)
 	TODO: check
 CVE-2026-41431 (Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03c746ff5fd87b38b16a3f9e1411d90f0ccbb97b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03c746ff5fd87b38b16a3f9e1411d90f0ccbb97b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260511/0447bd3f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list