[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 20 08:28:27 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
87853dd3 by Salvatore Bonaccorso at 2026-05-20T09:28:13+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2026-9057 (A broken access control issue has been identified in the Talend Admini ...)
-	TODO: check
+	NOT-FOR-US: Talend Administration Center
 CVE-2026-9056 (A stored cross-site scripting vulnerability has been found in the Tale ...)
-	TODO: check
+	NOT-FOR-US: Talend Administration Center
 CVE-2026-9010 (The Boost plugin for WordPress is vulnerable to time-based SQL Injecti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-9003 (E-LAN Hybrid Recording System developed by TONNET has a SQL Injection  ...)
-	TODO: check
+	NOT-FOR-US: TONNET
 CVE-2026-8922 (A flaw was found in Keycloak. When both realm-level and client-level ` ...)
 	- keycloak <itp> (bug #1088287)
 CVE-2026-8912 (The Contest Gallery plugin for WordPress is vulnerable to SQL Injectio ...)
@@ -31,13 +31,13 @@ CVE-2026-8624 (The LJ comments import: reloaded plugin for WordPress is vulnerab
 CVE-2026-8610 (The TypeSquare Webfonts for ConoHa plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-8605 (In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: ScadaBR
 CVE-2026-8604 (In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker ...)
-	TODO: check
+	NOT-FOR-US: ScadaBR
 CVE-2026-8603 (In ScadaBR version 1.2.0, an OS Command Injection vulnerability could  ...)
-	TODO: check
+	NOT-FOR-US: ScadaBR
 CVE-2026-8602 (In ScadaBR version 1.2.0, a Missing Authentication for Critical Functi ...)
-	TODO: check
+	NOT-FOR-US: ScadaBR
 CVE-2026-8495 (Missing Authorization vulnerability in Drupal Date iCal allows Forcefu ...)
 	NOT-FOR-US: Drupal core and addons
 CVE-2026-8493 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
@@ -65,7 +65,7 @@ CVE-2026-8073 (The Kirki \u2013 Freeform Page Builder, Website Builder & Customi
 CVE-2026-8038 (The Faces of Users plugin for WordPress is vulnerable to Stored Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-7860 (A possible information disclosure vulnerability exists in the Vaadin M ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2026-7637 (The Boost plugin for WordPress is vulnerable to PHP Object Injection i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-7571 (A flaw was found in Keycloak. A low-privilege user, with knowledge of  ...)
@@ -83,7 +83,7 @@ CVE-2026-7467 (The Read More & Accordion plugin for WordPress is vulnerable to P
 CVE-2026-7462 (The VatanSMS WP SMS plugin for WordPress is vulnerable to Reflected Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-7460 (mailcow-dockerized contains a stored cross-site scripting vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: mailcow-dockerized
 CVE-2026-7385 (The Decent Comments WordPress plugin before 3.0.2 does not restrict ac ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-7307 (A flaw was found in Keycloak. A remote, unauthenticated attacker can s ...)
@@ -155,11 +155,11 @@ CVE-2026-47783 (In memcached before 1.6.42, username data for SASL password data
 	- memcached <unfixed>
 	NOTE: Fixed by: https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed (1.6.42)
 CVE-2026-47358 (Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forg ...)
-	TODO: check
+	NOT-FOR-US: Terrascan
 CVE-2026-47357 (Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forg ...)
-	TODO: check
+	NOT-FOR-US: Terrascan
 CVE-2026-47356 (Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forg ...)
-	TODO: check
+	NOT-FOR-US: Terrascan
 CVE-2026-47323 (Camel-CXF and Camel-Knative Message Header Injection via Missing Inbou ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-47317 (Uncontrolled Recursion vulnerability in Samsung Open Source Escargot a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87853dd38a5664597fdf72ca64d2fc5d79e523e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/87853dd38a5664597fdf72ca64d2fc5d79e523e6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/0f8ad92e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list