[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed May 27 20:45:49 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e792f26f by Salvatore Bonaccorso at 2026-05-27T21:45:24+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-9689 (A flaw was found in Keycloak, an open-source identity and access
 CVE-2026-9674 (A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob  ...)
 	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-9617 (PostgreSQL Anonymizer contains a vulnerability that allows a user to g ...)
-	TODO: check
+	NOT-FOR-US: PostgreSQL Anonymizer
 CVE-2026-9035 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 ...)
 	NOT-FOR-US: IBM
 CVE-2026-8942 (The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-S ...)
@@ -29,7 +29,7 @@ CVE-2026-8175 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix P
 CVE-2026-8143 (The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-8054 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: dotCMS
 CVE-2026-8042 (The Github Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-7876 (IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19)
@@ -45,7 +45,7 @@ CVE-2026-7365 (IBM Operations Analytics - Log Analysis and IBM SmartCloud Analyt
 CVE-2026-7254 (IBM OPENBMC FW1110.00 through FW1110.11is vulnerable to denial of serv ...)
 	NOT-FOR-US: IBM
 CVE-2026-6957 (Mattermost Plugins versions <=1.1.5 fail to sanitize filenames receive ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Plugins
 CVE-2026-6938 (IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass wh ...)
 	NOT-FOR-US: IBM
 CVE-2026-6936 (IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attac ...)
@@ -143,27 +143,27 @@ CVE-2026-48906 (The vulnerability in the Tassos Framework Plugin allows users to
 CVE-2026-48877 (Insertion of Sensitive Information Into Sent Data vulnerability in Tom ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48545 (Gradio before version 6.15.0 contains a cookie injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2026-48544 (Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulner ...)
 	TODO: check
 CVE-2026-48153 (Budibase is an open-source low-code platform. Prior to 3.39.0, fetchTo ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-48152 (Budibase is an open-source low-code platform. Prior to 3.39.0, the sin ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-48151 (Budibase is an open-source low-code platform. Prior to 3.39.0, the web ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-48150 (Budibase is an open-source low-code platform. Prior to 3.39.0, /api/pu ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-48149 (Budibase is an open-source low-code platform. Prior to 3.39.0, the Bud ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-48148 (Budibase is an open-source low-code platform. Prior to 3.35.3,  the Ve ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-48147 (Budibase is an open-source low-code platform. Prior to 3.35.4, the bui ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-48146 (Budibase is an open-source low-code platform. Prior to 3.39.0, the OAu ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-48128 (Budibase is an open-source low-code platform. Prior to 3.39.0, the exe ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-48027 (Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a mal ...)
 	TODO: check
 CVE-2026-47119 (Agent Zero before version 1.15 contains a stored cross-site scripting  ...)
@@ -173,23 +173,23 @@ CVE-2026-47118 (Agent Zero before version 1.15 contains a path traversal vulnera
 CVE-2026-47104 (libusb before version 1.0.30 contains a one-byte out-of-bounds read vu ...)
 	TODO: check
 CVE-2026-46427 (Budibase is an open-source low-code platform. Prior to 3.38.3, removeS ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-46426 (Budibase is an open-source low-code platform. Prior to 3.38.2, the fil ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-46425 (Budibase is an open-source low-code platform. Prior to 3.38.2, package ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-46424 (Budibase is an open-source low-code platform. Prior to 3.38.2, the pub ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-45719 (Budibase is an open-source low-code platform. Prior to 3.38.1, the V1  ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-45718 (Budibase is an open-source low-code platform. Prior to 3.38.1, the row ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-45717 (Budibase is an open-source low-code platform. Prior to 3.38.1, Budibas ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-45716 (Budibase is an open-source low-code platform. Prior to 3.38.1, the POS ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-45715 (Budibase is an open-source low-code platform. Prior to 3.38.1, the RES ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-45571 (go-git is an extensible git implementation library written in pure Go. ...)
 	TODO: check
 CVE-2026-45570 (go-git is an extensible git implementation library written in pure Go. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e792f26f48a7dbb2dd822340ba866e5ebe6ca959

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e792f26f48a7dbb2dd822340ba866e5ebe6ca959
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/a920b93b/attachment.htm>
