[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 21 20:21:19 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
097ec720 by Salvatore Bonaccorso at 2026-05-21T21:20:52+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2026-9157 (Improper input validation, Unrestricted upload of file with dangerous ...)
- TODO: check
+ NOT-FOR-US: Gmission
CVE-2026-9089 (The ConnectWise Automate\u2122 Agent does not fully verify the authent ...)
- TODO: check
+ NOT-FOR-US: ConnectWise
CVE-2026-5434 (Honeywell Control Network Module (CNM)contains insertion of sensitive ...)
NOT-FOR-US: Honeywell
CVE-2026-5433 (Honeywell Control Network Module (CNM)contains command injection vulne ...)
@@ -13,79 +13,79 @@ CVE-2026-4858 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <=
CVE-2026-4055 (Mattermost versions 11.5.x <= 11.5.1 fail to validate team-level run_c ...)
TODO: check
CVE-2026-48249 (Open ISES Tickets before 3.44.2 disables TLS certificate verification ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48248 (Open ISES Tickets before 3.44.2 disables TLS certificate verification ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48247 (Open ISES Tickets before 3.44.2 disables TLS certificate verification ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48246 (Open ISES Tickets before 3.44.2 disables TLS certificate verification ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48245 (Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48244 (Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48243 (Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse- ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48242 (Open ISES Tickets before 3.44.2 contains hardcoded MySQL database conn ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48241 (Open ISES Tickets before 3.44.2 contains hardcoded MySQL database cred ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48240 (Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48239 (Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48238 (Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48237 (Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48236 (Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48235 (Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48234 (Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48233 (Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48232 (Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48231 (Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48230 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48229 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48228 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48227 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48226 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48225 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48224 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48223 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48222 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48221 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48220 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48219 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48218 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48217 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48216 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48215 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48214 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48213 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
- TODO: check
+ NOT-FOR-US: Open ISES Tickets
CVE-2026-48207 (Deserialization of untrusted data in Apache Fory PyFory. PyFory's Redu ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-45760 ((Externally Controlled Reference to a Resource in Another Sphere), (Au ...)
@@ -450,7 +450,7 @@ CVE-2026-48172 (LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege e
CVE-2026-47782 (Android App "RoboForm Password Manager" provided by Siber Systems, Inc ...)
NOT-FOR-US: Siber Systems
CVE-2026-47099 (TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vuln ...)
- TODO: check
+ NOT-FOR-US: TeleJSON
CVE-2026-45444 (Unrestricted Upload of File with Dangerous Type vulnerability in WP Sw ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-40165 (authentik is an open-source identity provider. Versions 2025.12.4 and ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/097ec7202cbd2b8300656f078f4c4904fe303f06
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/097ec7202cbd2b8300656f078f4c4904fe303f06
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260521/e7e2d731/attachment.htm>
More information about the debian-security-tracker-commits
mailing list