[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 14 20:50:13 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bf21f47d by Salvatore Bonaccorso at 2026-05-14T21:49:40+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,15 +4,15 @@ CVE-2026-43961
NOTE: https://github.com/vim/vim/security/advisories/GHSA-66hr-7p6x-x5j3
NOTE: Fixed by: https://github.com/vim/vim/commit/8af0f098c3a42a28661d0295364e (v9.2.0480)
CVE-2026-8621 (Crabbox prior to v0.12.0 contains an authentication bypass vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Crabbox
CVE-2026-8468 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- TODO: check
+ NOT-FOR-US: elixir-plug
CVE-2026-8295 (An integer overflow vulnerability in the simdjson document-builder API ...)
- TODO: check
+ NOT-FOR-US: simdjson document-builder
CVE-2026-7805
REJECTED
CVE-2026-6923 (A side-channel attack, which requires a physical presence to the TPM, ...)
- TODO: check
+ NOT-FOR-US: Nuvoton
CVE-2026-6514 (The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary Fil ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6512 (The InfusedWoo Pro plugin for WordPress is vulnerable to authorization ...)
@@ -28,11 +28,11 @@ CVE-2026-6174 (The CC Child Pages plugin for WordPress is vulnerable to Stored C
CVE-2026-6145 (The User Registration & Membership plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6008 (Authorization bypass through User-Controlled key vulnerability in Im P ...)
- TODO: check
+ NOT-FOR-US: DijiDemi
CVE-2026-5798 (Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versi ...)
- TODO: check
+ NOT-FOR-US: Stel Order
CVE-2026-5790 (Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, l ...)
- TODO: check
+ NOT-FOR-US: Stel Order
CVE-2026-4031 (The Database Backup for WordPress plugin for WordPress is vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4030 (The Database Backup for WordPress plugin for WordPress is vulnerable t ...)
@@ -46,68 +46,68 @@ CVE-2026-46469 (An issue was discovered in GStreamer gst-plugins-good before 1.2
CVE-2026-45448 (CWE-601 URL redirection to untrusted site ('open redirect'))
TODO: check
CVE-2026-45375 (SiYuan is an open-source personal knowledge management system. Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-45371 (SiYuan is an open-source personal knowledge management system. Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-45205 (Uncontrolled Recursion vulnerability in Apache Commons. When processi ...)
- commons-configuration2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/14/5
NOTE: https://github.com/apache/commons-configuration/pull/634
NOTE: https://github.com/apache/commons-configuration/commit/b51f6bf26e774f3416fdf782a5e1edf33f32ba82 (commons-configuration-2.15.0-RC1)
CVE-2026-45148 (SiYuan is an open-source personal knowledge management system. Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-45147 (SiYuan is an open-source personal knowledge management system. Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-44827 (Diffusers is the a library for pretrained diffusion models. Prior to ...)
- TODO: check
+ NOT-FOR-US: Diffusers
CVE-2026-44670 (SiYuan is an open-source personal knowledge management system. Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-44633 (Live Helper Chat is an open-source application that enables live suppo ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2026-44592 (Gradient is a nix-based continuous integration system. In 1.1.0, when ...)
- TODO: check
+ NOT-FOR-US: Gradient
CVE-2026-44589 (Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBl ...)
- TODO: check
+ NOT-FOR-US: Nuxt OG Image
CVE-2026-44588 (SiYuan is an open-source personal knowledge management system. Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-44586 (SiYuan is an open-source personal knowledge management system. From 2. ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-44544 (gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an ...)
TODO: check
CVE-2026-44542 (FileBrowser Quantum is a free, self-hosted, web-based file manager. Pr ...)
- TODO: check
+ NOT-FOR-US: FileBrowser Quantum
CVE-2026-44523 (Note Mark is an open-source note-taking application. Prior to 0.19.4, ...)
- TODO: check
+ NOT-FOR-US: Note Mark
CVE-2026-44522 (Note Mark is an open-source note-taking application. From 0.13.0 to be ...)
- TODO: check
+ NOT-FOR-US: Note Mark
CVE-2026-44520 (Docling-Graph turns documents into validated Pydantic objects, then bu ...)
- TODO: check
+ NOT-FOR-US: Docling-Graph
CVE-2026-44516 (Valtimo is an open-source business process automation platform. From 1 ...)
- TODO: check
+ NOT-FOR-US: Valtimo
CVE-2026-44515 (Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nex ...)
- TODO: check
+ NOT-FOR-US: Nextcloud News
CVE-2026-44514 (Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.1 ...)
- TODO: check
+ NOT-FOR-US: Kubetail
CVE-2026-44513 (Diffusers is the a library for pretrained diffusion models. Prior to ...)
- TODO: check
+ NOT-FOR-US: Diffusers
CVE-2026-44511 (Katalyst Koi is a framework for building Rails admin functionality. Pr ...)
- TODO: check
+ NOT-FOR-US: Katalyst Koi
CVE-2026-44504 (Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9 ...)
- TODO: check
+ NOT-FOR-US: Aegra
CVE-2026-44503 (The RedirectHandler middleware in microsoft/kiota-java (com.microsoft. ...)
- TODO: check
+ NOT-FOR-US: microsoft/kiota-java
CVE-2026-44501 (DataHub is an open-source metadata platform. Prior to 1.5.0.3, The Dat ...)
- TODO: check
+ NOT-FOR-US: DataHub
CVE-2026-44484 (PyTorch Lightning is a deep learning framework to pretrain and finetun ...)
TODO: check
CVE-2026-44482 (soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark ...)
- TODO: check
+ NOT-FOR-US: SoundCloud
CVE-2026-44375 (Nerdbank.MessagePack is a NativeAOT-compatible MessagePack serializati ...)
- TODO: check
+ NOT-FOR-US: Nerdbank.MessagePack
CVE-2026-44374 (Backstage is an open framework for building developer portals. Prior t ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2026-44371 (Open OnDemand is an open-source high-performance computing portal. Pri ...)
- TODO: check
+ NOT-FOR-US: Open OnDemand
CVE-2026-44348 (PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4 ...)
TODO: check
CVE-2026-44312 (css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Pa ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf21f47d229294c0a87ca8dd5517015e83f108c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf21f47d229294c0a87ca8dd5517015e83f108c9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/73fe3f8e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list