[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 29 20:43:23 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce5b67b3 by Salvatore Bonaccorso at 2026-05-29T21:42:57+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,19 +23,19 @@ CVE-2026-9189 (The Contact Form 7 \u2013 PayPal & Stripe Add-on plugin for WordP
 CVE-2026-9051 (There is an authentication bypass vulnerability in the NI SystemLink E ...)
 	NOT-FOR-US: National Instruments
 CVE-2026-8326 (Path traversal vulnerability in Remote Spark (https://www.Remotespark. ...)
-	TODO: check
+	NOT-FOR-US: Remote Spark
 CVE-2026-7786 (Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Et ...)
-	TODO: check
+	NOT-FOR-US: Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware
 CVE-2026-6824 (A stored cross-site scripting (XSS) vulnerability exists in certain 1x ...)
-	TODO: check
+	NOT-FOR-US: CP Plus
 CVE-2026-6075 (The Media Library Assistant plugin for WordPress is vulnerable to Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5768 (The Frontier X2 device allows unauthenticated BLE read/write access to ...)
-	TODO: check
+	NOT-FOR-US: Frontier X2 device
 CVE-2026-5386 (The affectedKMW CCTV Security Cameras arevulnerable to a critical unau ...)
-	TODO: check
+	NOT-FOR-US: KMW CCTV Security Cameras
 CVE-2026-4776 (An SQL injection vulnerability exists in Mautic's API contact filterin ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2026-4290 (The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-49386 (In JetBrains YouTrack before 2026.1.13570 improper access control allo ...)
@@ -81,123 +81,123 @@ CVE-2026-49367 (In JetBrains IntelliJ IDEA before 2026.1.1 command execution was
 CVE-2026-49366 (In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possi ...)
 	TODO: check
 CVE-2026-49325 (Improper handling of physical conditions in the bike-shutdown control  ...)
-	TODO: check
+	NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
 CVE-2026-49324 (Uncontrolled resource consumption in the Wireless Control Module (WCM) ...)
-	TODO: check
+	NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
 CVE-2026-49323 (Weak authentication between the Wireless Control Module (WCM) and the  ...)
-	TODO: check
+	NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
 CVE-2026-49322 (Weak authentication in the Wireless Control Module (WCM) of the Indian ...)
-	TODO: check
+	NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
 CVE-2026-49318 (Incorrect behavior order in the Infotainment / Digital Round display o ...)
-	TODO: check
+	NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
 CVE-2026-49317 (Incorrect behavior order in the Infotainment / Digital Round display o ...)
-	TODO: check
+	NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
 CVE-2026-49316 (Expected behavior violation in the in-vehicle network of the Indian Mo ...)
-	TODO: check
+	NOT-FOR-US: Indian Motorcycle Scout Bobber + Tech 2025 model year
 CVE-2026-49201 (The upload.cgi binary, responsible for processing device backups, cont ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2026-49200 (The acer_cgi.log file in the device firmware is accessible without aut ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2026-49199 (Crafted MQTT messages can trigger command injection, resulting in root ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2026-49198 (Improper access control in the MQTT broker allows wildcard topic subsc ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2026-49197 (Web endpoints intended for the Acer Connect app improperly validate th ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2026-49196 (The Wi-Fi device blocking feature fails to sanitize MAC address input, ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2026-49195 (Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on  ...)
-	TODO: check
+	NOT-FOR-US: Acer
 CVE-2026-48527 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. V ...)
-	TODO: check
+	NOT-FOR-US: HAX CMS
 CVE-2026-48501 (GitHub CLI (gh) is GitHub\u2019s official command line tool. Prior to  ...)
 	TODO: check
 CVE-2026-47745 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admi ...)
-	TODO: check
+	NOT-FOR-US: Shopper
 CVE-2026-47744 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two dist ...)
-	TODO: check
+	NOT-FOR-US: Shopper
 CVE-2026-47742 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form ...)
-	TODO: check
+	NOT-FOR-US: Shopper
 CVE-2026-47741 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOr ...)
-	TODO: check
+	NOT-FOR-US: Shopper
 CVE-2026-47740 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple ...)
-	TODO: check
+	NOT-FOR-US: Shopper
 CVE-2026-47696 (WWBN AVideo is an open source video platform. In 29.0 and earlier, plu ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-47694 (WWBN AVideo is an open source video platform. In 29.0 and earlier, AVi ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-47179 (Arcane is an interface for managing Docker containers, images, network ...)
-	TODO: check
+	NOT-FOR-US: Arcane
 CVE-2026-47125 (Arcane is an interface for managing Docker containers, images, network ...)
-	TODO: check
+	NOT-FOR-US: Arcane
 CVE-2026-46579 (A flaw was found in the OpenShift Router. When a Route has `insecureEd ...)
-	TODO: check
+	NOT-FOR-US: Red Hat OpenShift Router
 CVE-2026-46510 (form-data-objectizer converts FormData to object. Prior to 1.0.1, form ...)
-	TODO: check
+	NOT-FOR-US: form-data-objectizer
 CVE-2026-46376 (FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 1 ...)
-	TODO: check
+	NOT-FOR-US: FreePBX
 CVE-2026-46372 (SillyTavern is a locally installed user interface that allows users to ...)
-	TODO: check
+	NOT-FOR-US: SillyTavern
 CVE-2026-46344 (liboqs is a C-language cryptographic library that provides implementat ...)
 	TODO: check
 CVE-2026-46337 (WWBN AVideo is an open source video platform. In 29.0 and earlier, an  ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-45731 (WWBN AVideo is an open source video platform. In 29.0 and earlier, vie ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-45707 (n8n-MCP is an MCP server that provides AI assistants access to n8n nod ...)
-	TODO: check
+	NOT-FOR-US: n8n-MCP
 CVE-2026-45668 (Trilium Notes is a cross-platform, hierarchical note taking applicatio ...)
-	TODO: check
+	NOT-FOR-US: Trilium Notes
 CVE-2026-45663 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29 ...)
-	TODO: check
+	NOT-FOR-US: Dokploy
 CVE-2026-45662 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29 ...)
-	TODO: check
+	NOT-FOR-US: Dokploy
 CVE-2026-45661 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26 ...)
-	TODO: check
+	NOT-FOR-US: Dokploy
 CVE-2026-45660 (Statamic is a Laravel and Git powered content management system (CMS). ...)
-	TODO: check
+	NOT-FOR-US: Statamic CMS
 CVE-2026-45633 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26 ...)
-	TODO: check
+	NOT-FOR-US: Dokploy
 CVE-2026-45632 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26 ...)
-	TODO: check
+	NOT-FOR-US: Dokploy
 CVE-2026-45631 (Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0. ...)
-	TODO: check
+	NOT-FOR-US: Dokploy
 CVE-2026-45630 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28 ...)
-	TODO: check
+	NOT-FOR-US: Dokploy
 CVE-2026-45629 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28 ...)
-	TODO: check
+	NOT-FOR-US: Dokploy
 CVE-2026-45628 (Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29 ...)
-	TODO: check
+	NOT-FOR-US: Dokploy
 CVE-2026-45627 (Arcane is an interface for managing Docker containers, images, network ...)
-	TODO: check
+	NOT-FOR-US: Arcane
 CVE-2026-45626 (Arcane is an interface for managing Docker containers, images, network ...)
-	TODO: check
+	NOT-FOR-US: Arcane
 CVE-2026-45625 (Arcane is an interface for managing Docker containers, images, network ...)
-	TODO: check
+	NOT-FOR-US: Arcane
 CVE-2026-45620 (WWBN AVideo is an open source video platform. In 29.0 and earlier, obj ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-45619 (WWBN AVideo is an open source video platform. In 29.0 and earlier, Epg ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-45615 (mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory sa ...)
-	TODO: check
+	NOT-FOR-US: mouse07410/asn1c
 CVE-2026-45611
 	REJECTED
 CVE-2026-45610 (WWBN AVideo is an open source video platform. In 29.0 and earlier, the ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-45609 (mcp-security provides Security and Authorization support for Model Con ...)
-	TODO: check
+	NOT-FOR-US: mcp-security
 CVE-2026-45582 (n8n-MCP is an MCP server that provides AI assistants access to n8n nod ...)
-	TODO: check
+	NOT-FOR-US: n8n-MCP
 CVE-2026-45580 (WWBN AVideo is an open source video platform. In 29.0 and earlier, the ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-45578 (WWBN AVideo is an open source video platform. In 29.0 and earlier, the ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-45577 (Neotoma provides versioned records that persist across agent runs. Fro ...)
-	TODO: check
+	NOT-FOR-US: Neotoma
 CVE-2026-45555 (Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing sema ...)
-	TODO: check
+	NOT-FOR-US: Roslyn CodeLens MCP Server
 CVE-2026-45551 (Group-Office is an enterprise customer relationship management and gro ...)
-	TODO: check
+	NOT-FOR-US: Group-Office
 CVE-2026-45312 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
 	TODO: check
 CVE-2026-45043 (RustFS is a distributed object storage system built in Rust. Prior to  ...)
@@ -921,7 +921,7 @@ CVE-2026-46840 (Vulnerability in Oracle REST Data Services (component: Backend-a
 CVE-2026-46839 (Vulnerability in Oracle REST Data Services (component: Core).  Support ...)
 	NOT-FOR-US: Oracle
 CVE-2026-46837 (Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Bus ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46835 (Vulnerability in the Net Service component of Oracle Database Server.  ...)
 	NOT-FOR-US: Oracle
 CVE-2026-46834 (Vulnerability in the Net Service component of Oracle Database Server.  ...)
@@ -933,27 +933,27 @@ CVE-2026-46830 (Vulnerability in Oracle REST Data Services (component: Mongoapi)
 CVE-2026-46829 (Vulnerability in Oracle REST Data Services (component: Mongoapi).  Sup ...)
 	NOT-FOR-US: Oracle
 CVE-2026-46828 (Vulnerability in the Oracle Payroll product of Oracle E-Business Suite ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46827 (Vulnerability in the Oracle Payroll product of Oracle E-Business Suite ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46826 (Vulnerability in the Oracle Payroll product of Oracle E-Business Suite ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46824 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2026-46823 (Vulnerability in the Oracle Public Sector Financials (International) p ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46822 (Vulnerability in the Oracle iAssets product of Oracle E-Business Suite ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46821 (Vulnerability in the Oracle Financials Common Modules product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46820 (Vulnerability in the Oracle Financials Common Modules product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46819 (Vulnerability in the Oracle Internet Procurement Connector product of  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46818 (Vulnerability in the Oracle Payments product of Oracle E-Business Suit ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46817 (Vulnerability in the Oracle Payments product of Oracle E-Business Suit ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2026-46775 (Vulnerability in Oracle REST Data Services (component: Core).  Support ...)
 	NOT-FOR-US: Oracle
 CVE-2026-45410 (TREK is a collaborative travel planner. Prior to 3.0.18, early return  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce5b67b3c5f83a080d5ab09bc862a79eb32b212e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce5b67b3c5f83a080d5ab09bc862a79eb32b212e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/f79fa8f6/attachment.htm>

More information about the debian-security-tracker-commits mailing list