[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 27 21:11:09 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7cdd886d by Salvatore Bonaccorso at 2026-05-27T22:10:45+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -145,7 +145,7 @@ CVE-2026-48877 (Insertion of Sensitive Information Into Sent Data vulnerability
 CVE-2026-48545 (Gradio before version 6.15.0 contains a cookie injection vulnerability ...)
 	NOT-FOR-US: Gradio
 CVE-2026-48544 (Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulner ...)
-	TODO: check
+	NOT-FOR-US: Taipy
 CVE-2026-48153 (Budibase is an open-source low-code platform. Prior to 3.39.0, fetchTo ...)
 	NOT-FOR-US: Budibase
 CVE-2026-48152 (Budibase is an open-source low-code platform. Prior to 3.39.0, the sin ...)
@@ -167,9 +167,9 @@ CVE-2026-48128 (Budibase is an open-source low-code platform. Prior to 3.39.0, t
 CVE-2026-48027 (Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a mal ...)
 	TODO: check
 CVE-2026-47119 (Agent Zero before version 1.15 contains a stored cross-site scripting  ...)
-	TODO: check
+	NOT-FOR-US: Agent Zero
 CVE-2026-47118 (Agent Zero before version 1.15 contains a path traversal vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Agent Zero
 CVE-2026-47104 (libusb before version 1.0.30 contains a one-byte out-of-bounds read vu ...)
 	TODO: check
 CVE-2026-46427 (Budibase is an open-source low-code platform. Prior to 3.38.3, removeS ...)
@@ -195,21 +195,21 @@ CVE-2026-45571 (go-git is an extensible git implementation library written in pu
 CVE-2026-45570 (go-git is an extensible git implementation library written in pure Go. ...)
 	TODO: check
 CVE-2026-45548 (Budibase is an open-source low-code platform. Prior to 3.34.8, the pro ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-45335 (WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an ...)
 	NOT-FOR-US: WeGIA
 CVE-2026-45090 (Dalfox is a powerful open-source XSS scanner and utility focused on au ...)
-	TODO: check
+	NOT-FOR-US: Dalfox
 CVE-2026-45089 (Dalfox is a powerful open-source XSS scanner and utility focused on au ...)
-	TODO: check
+	NOT-FOR-US: Dalfox
 CVE-2026-45088 (Dalfox is a powerful open-source XSS scanner and utility focused on au ...)
-	TODO: check
+	NOT-FOR-US: Dalfox
 CVE-2026-45087 (Dalfox is a powerful open-source XSS scanner and utility focused on au ...)
-	TODO: check
+	NOT-FOR-US: Dalfox
 CVE-2026-45081 (Frappe HR is an open-source human resources management solution (HRMS) ...)
-	TODO: check
+	NOT-FOR-US: Frappe HR
 CVE-2026-45061 (Budibase is an open-source low-code platform. Prior to 3.35.10, the Pl ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-45047 (bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandl ...)
 	TODO: check
 CVE-2026-45046 (Gryph provides a security layer for AI coding agents. Prior to 0.7.0,  ...)
@@ -221,9 +221,9 @@ CVE-2026-45022 (go-git is an extensible git implementation library written in pu
 CVE-2026-44988 (LibVNCClient is a library for easy implementation of a VNC client. In  ...)
 	TODO: check
 CVE-2026-44972 (GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 ...)
-	TODO: check
+	NOT-FOR-US: GuardDog
 CVE-2026-44971 (GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 ...)
-	TODO: check
+	NOT-FOR-US: GuardDog
 CVE-2026-44902 (opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.21 ...)
 	TODO: check
 CVE-2026-44839 (RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1 ...)
@@ -2214,29 +2214,29 @@ CVE-2026-48593 (Uncontrolled Resource Consumption vulnerability in oban-bg oban_
 CVE-2026-48592 (Missing Authorization vulnerability in oban-bg oban_web ('Elixir.Oban. ...)
 	TODO: check
 CVE-2026-47672 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...)
-	TODO: check
+	NOT-FOR-US: epa4all-client
 CVE-2026-45575 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...)
-	TODO: check
+	NOT-FOR-US: epa4all-client
 CVE-2026-45574 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...)
-	TODO: check
+	NOT-FOR-US: epa4all-client
 CVE-2026-45413 (MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, u ...)
-	TODO: check
+	NOT-FOR-US: MaxKB
 CVE-2026-45412 (MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, S ...)
-	TODO: check
+	NOT-FOR-US: MaxKB
 CVE-2026-45298 (Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2 ...)
-	TODO: check
+	NOT-FOR-US: Dozzle
 CVE-2026-44985 (Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2 ...)
-	TODO: check
+	NOT-FOR-US: Dozzle
 CVE-2026-44983 (smallbitvec is a growable bit-vector for Rust, optimized for size. Fro ...)
 	TODO: check
 CVE-2026-44966 (Velocity.js is a JavaScript implementation of the Apache Velocity temp ...)
 	TODO: check
 CVE-2026-44905 (Vanetza is an open-source implementation of the ETSI C-ITS protocol su ...)
-	TODO: check
+	NOT-FOR-US: Vanetza
 CVE-2026-44903 (Prometheus is an open-source monitoring system and time series databas ...)
 	TODO: check
 CVE-2026-44900 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...)
-	TODO: check
+	NOT-FOR-US: epa4all-client
 CVE-2026-44899 (Mistune is a Python Markdown parser with renderers and plugins. Prior  ...)
 	TODO: check
 CVE-2026-44898 (Mistune is a Python Markdown parser with renderers and plugins. Prior  ...)
@@ -2248,7 +2248,7 @@ CVE-2026-44896 (Mistune is a Python Markdown parser with renderers and plugins.
 CVE-2026-44895 (GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0 ...)
 	TODO: check
 CVE-2026-44847 (MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, M ...)
-	TODO: check
+	NOT-FOR-US: MaxKB
 CVE-2026-44844 (eml_parser serves as a python module for parsing eml files and returni ...)
 	TODO: check
 CVE-2026-44843 (LangChain is a framework for building agents and LLM-powered applicati ...)
@@ -2571,7 +2571,7 @@ CVE-2026-48134 (When the DLP is active, the UserCheck Web Portal contains an inp
 CVE-2026-48133 (When the Identity Awareness blade is enabled with Browser-Based Authen ...)
 	NOT-FOR-US: Check Point
 CVE-2026-48132 (The Security Gateway does not correctly validate a length value in cer ...)
-	TODO: check
+	NOT-FOR-US: Check Point
 CVE-2026-48131 (The VPN service may mishandle an unexpected IKE fragment value receive ...)
 	NOT-FOR-US: Check Point
 CVE-2026-48126 (Algernon is a small self-contained pure-Go web server. Prior to 1.17.8 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cdd886d0689862ac5a19c4ed52483eea2382774

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cdd886d0689862ac5a19c4ed52483eea2382774
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/949bc1b4/attachment.htm>

More information about the debian-security-tracker-commits mailing list