[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 15 20:29:44 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4cc7a33 by Salvatore Bonaccorso at 2026-05-15T21:29:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12,7 +12,7 @@ CVE-2026-8398 (A supply chain attack compromised the official installation packa
 CVE-2026-7563 (The Classified Listing \u2013 AI-Powered Classified ads & Business Dir ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-7182 (Diagram's export module is vulnerable to Path Traversal in src attribu ...)
-	TODO: check
+	NOT-FOR-US: DHTMLX Diagram
 CVE-2026-7046 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin for Wo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6415 (The Advanced Custom Fields: Font Awesome plugin for WordPress is vulne ...)
@@ -30,51 +30,51 @@ CVE-2026-4054 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x
 CVE-2026-4053 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enfo ...)
 	TODO: check
 CVE-2026-46508 (Turborepo is a high-performance build system for JavaScript and TypeSc ...)
-	TODO: check
+	NOT-FOR-US: Turborepo
 CVE-2026-46483 (Vim is an open source, command line text editor. Prior to 9.2.0479, a  ...)
 	TODO: check
 CVE-2026-46474 (Trog::TOTP versions before 1.006 for Perl generate secrets using rand. ...)
-	TODO: check
+	NOT-FOR-US: Trog::TOTP Perl module
 CVE-2026-46408 (Vvveb is a powerful and easy to use CMS with page builder to build web ...)
-	TODO: check
+	NOT-FOR-US: Vvveb
 CVE-2026-46407 (Vvveb is a powerful and easy to use CMS with page builder to build web ...)
-	TODO: check
+	NOT-FOR-US: Vvveb
 CVE-2026-46383 (Microsoft APM is an open-source, community-driven dependency manager f ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-46367 (phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-46366 (phpMyFAQ before 4.1.2 contains an information disclosure vulnerability ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-46365 (phpMyFAQ before 4.1.2 contains a missing authorization vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-46364 (phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulner ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-46363 (phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-46362 (phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-46361 (phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-46360 (phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-46359 (phpMyFAQ before 4.1.2 contains a sql injection vulnerability in Curren ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-45803 (`gh` is GitHub\u2019s official command line tool. From 1.6.0 to before ...)
 	TODO: check
 CVE-2026-45800 (Vvveb is a powerful and easy to use CMS with page builder to build web ...)
-	TODO: check
+	NOT-FOR-US: Vvveb
 CVE-2026-45773 (Turborepo is a high-performance build system for JavaScript and TypeSc ...)
-	TODO: check
+	NOT-FOR-US: Turborepo
 CVE-2026-45772 (Turborepo is a high-performance build system for JavaScript and TypeSc ...)
-	TODO: check
+	NOT-FOR-US: Turborepo
 CVE-2026-45736 (ws is an open source WebSocket client and server for Node.js. Prior to ...)
 	TODO: check
 CVE-2026-45622 (Vvveb is a powerful and easy to use CMS with page builder to build web ...)
-	TODO: check
+	NOT-FOR-US: Vvveb
 CVE-2026-45616 (Vvveb is a powerful and easy to use CMS with page builder to build web ...)
-	TODO: check
+	NOT-FOR-US: Vvveb
 CVE-2026-45539 (Microsoft APM is an open-source, community-driven dependency manager f ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-45038 (Tabby (formerly Terminus) is a highly configurable terminal emulator.  ...)
 	TODO: check
 CVE-2026-45037 (Tabby (formerly Terminus) is a highly configurable terminal emulator.  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4cc7a33c8194af3ef8e805e8599da5c6f7b64f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4cc7a33c8194af3ef8e805e8599da5c6f7b64f7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260515/7dc8629d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list