[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 30 08:50:34 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
11fa0c88 by Salvatore Bonaccorso at 2026-05-30T09:50:14+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,7 +4,7 @@ CVE-2026-XXXX [Attacker-controlled heap out-of-bounds write in libvncclient Tigh
 CVE-2026-9831 (A race condition in the shared Extreme Platform ONE IAM Gateway API-ke ...)
 	NOT-FOR-US: Extreme Networks
 CVE-2026-4387 (StrongDM Desktop Application before 23.74.0 (Desktop Client before 53. ...)
-	TODO: check
+	NOT-FOR-US: StrongDM Desktop Application
 CVE-2026-48811 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
 	NOT-FOR-US: FreeScout
 CVE-2026-48810 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
@@ -44,7 +44,7 @@ CVE-2026-45151 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Plat
 CVE-2026-45149 (The brace-expansion library generates arbitrary strings containing a c ...)
 	TODO: check
 CVE-2026-44640 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform.  ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ MQTT Broker (NanoMQ)
 CVE-2026-44422 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	TODO: check
 CVE-2026-44421 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
@@ -320,11 +320,11 @@ CVE-2026-40425 (The administrator account for the  Danelec MacGregor Voyage Data
 CVE-2026-3655 (The OTP Login With Phone Number, OTP Verification plugin for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-39292 (Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file u ...)
-	TODO: check
+	NOT-FOR-US: Falco Solutions PHPPageBuilder
 CVE-2026-39276 (The template upload feature in Emlog Pro v2.6.9 has a path traversal v ...)
 	NOT-FOR-US: Emlog
 CVE-2026-39229 (Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter o ...)
-	TODO: check
+	NOT-FOR-US: Bolt CMS
 CVE-2026-36324 (SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Si ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-35674 (OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the ...)
@@ -336,17 +336,17 @@ CVE-2026-35630 (OpenClaw before 2026.5.18 contains an authorization bypass vulne
 CVE-2026-34507 (OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQ ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-33386 (QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insec ...)
-	TODO: check
+	NOT-FOR-US: QuickCMS
 CVE-2026-33384 (QuickCMS allows a user's session identifier to be set before authentic ...)
-	TODO: check
+	NOT-FOR-US: QuickCMS
 CVE-2026-32906 (OpenClaw before 2026.5.12 contains a privilege escalation vulnerabilit ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-32905 (OpenClaw before 2026.5.4 contains an authorization bypass vulnerabilit ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-10108 (xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: xiaomusic
 CVE-2026-10107 (MoviePilot v2 contains a server-side request forgery vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: MoviePilot
 CVE-2026-10105 (agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse ve ...)
 	TODO: check
 CVE-2026-10101 (ACM/MCE assisted-service writes raw referenced pull-secret contents in ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11fa0c88d91eb8d8db12c3c254780323be9d003c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11fa0c88d91eb8d8db12c3c254780323be9d003c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260530/40cdd773/attachment.htm>

More information about the debian-security-tracker-commits mailing list