Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a938f40e by Salvatore Bonaccorso at 2026-05-09T13:26:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -104,7 +104,7 @@ CVE-2026-42307 (Vim is an open source, command line text 
editor. Prior to versio
 CVE-2026-42302 (FastGPT is an AI Agent building platform. From version 4.14.10 
to befo ...)
        NOT-FOR-US: FastGPT
 CVE-2026-42301 (pyp2spec generates working Fedora RPM spec file for Python 
projects. P ...)
-       TODO: check
+       NOT-FOR-US: pyp2spec
 CVE-2026-42298 (Postiz is an AI social media scheduling tool. Prior to commit 
da44801, ...)
        NOT-FOR-US: Postiz
 CVE-2026-42297 (Argo Workflows is an open source container-native workflow 
engine for  ...)
@@ -116,59 +116,59 @@ CVE-2026-42295 (Argo Workflows is an open source 
container-native workflow engin
 CVE-2026-42294 (Argo Workflows is an open source container-native workflow 
engine for  ...)
        NOT-FOR-US: Argo
 CVE-2026-42291 (SysReptor is a fully customizable pentest reporting platform. 
From ver ...)
-       TODO: check
+       NOT-FOR-US: SysReptor
 CVE-2026-42287 (Emlog is an open source website building system. Prior to 
version 2.6. ...)
        NOT-FOR-US: Emlog
 CVE-2026-42286 (Emlog is an open source website building system. Prior to 
version 2.6. ...)
        NOT-FOR-US: Emlog
 CVE-2026-42282 (n8n-MCP is an MCP server that provides AI assistants access to 
n8n nod ...)
-       TODO: check
+       NOT-FOR-US: n8n-MCP
 CVE-2026-42224 (ipl/web is a set of common web components for php projects. 
Prior to v ...)
-       TODO: check
+       NOT-FOR-US: ipl/web
 CVE-2026-42213 (SolidCAM-GPPL-IDE is an unofficial, independently developed 
extension, ...)
-       TODO: check
+       NOT-FOR-US: SolidCAM-GPPL-IDE
 CVE-2026-42212 (SolidCAM-GPPL-IDE is an unofficial, independently developed 
extension, ...)
-       TODO: check
+       NOT-FOR-US: SolidCAM-GPPL-IDE
 CVE-2026-42209 (FlashMQ is a MQTT broker/server, designed for multi-CPU 
environments.  ...)
-       TODO: check
+       NOT-FOR-US: FlashMQ
 CVE-2026-42206 (Roadiz is a polymorphic content management system based on a 
node syst ...)
-       TODO: check
+       NOT-FOR-US: Roadiz
 CVE-2026-42205 (Avo is a framework to create admin panels for Ruby on Rails 
apps. Prio ...)
-       TODO: check
+       NOT-FOR-US: Avo
 CVE-2026-42202 (nova-toggle-5 enables fliping booleans in the index. Prior to 
version  ...)
-       TODO: check
+       NOT-FOR-US: nova-toggle-5
 CVE-2026-42199 (Grid is a data structure grid for rust. From version 0.17.0 to 
before  ...)
        TODO: check
 CVE-2026-42195 (draw.io is a configurable diagramming and whiteboarding 
application. P ...)
-       TODO: check
+       NOT-FOR-US: jgraph/drawio
 CVE-2026-42193 (Plunk is an open-source email platform built on top of AWS 
SES. Prior  ...)
-       TODO: check
+       NOT-FOR-US: Plunk
 CVE-2026-42192 (Plunk is an open-source email platform built on top of AWS 
SES. Prior  ...)
-       TODO: check
+       NOT-FOR-US: Plunk
 CVE-2026-42190 (RedwoodSDK is a server-first React framework. From version 
1.0.0-beta. ...)
-       TODO: check
+       NOT-FOR-US: RedwoodSDK
 CVE-2026-42189 (Russh is a Rust SSH client & server library. Prior to version 
0.60.1,  ...)
-       TODO: check
+       NOT-FOR-US: Russh
 CVE-2026-42185 (People is an application to handle users and teams, and 
distribute per ...)
        TODO: check
 CVE-2026-42183 (Argo Workflows is an open source container-native workflow 
engine for  ...)
-       TODO: check
+       NOT-FOR-US: Argo
 CVE-2026-42181 (Lemmy is a link aggregator and forum for the fediverse. Prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: Lemmy
 CVE-2026-42180 (Lemmy is a link aggregator and forum for the fediverse. Prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: Lemmy
 CVE-2026-42176 (Scoold is a Q&A and a knowledge sharing platform for teams. 
Prior to v ...)
-       TODO: check
+       NOT-FOR-US: Scoold
 CVE-2026-42174 (Kirby is an open-source content management system. Prior to 
versions 4 ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-42160 (Data Space Portal is an open-source Software as a Service 
(SaaS) solut ...)
-       TODO: check
+       NOT-FOR-US: Data Space Portal
 CVE-2026-42137 (Kirby is an open-source content management system. Prior to 
versions 4 ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-42069 (Kirby is an open-source content management system. Prior to 
versions 4 ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-42051 (Kirby is an open-source content management system. Prior to 
versions 4 ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-41705 (Spring AI's MilvusVectorStore#doDelete(List) implementation is 
vulnera ...)
        NOT-FOR-US: VMware
 CVE-2026-41520 (Cilium is a networking, observability, and security solution 
with an e ...)
@@ -176,13 +176,13 @@ CVE-2026-41520 (Cilium is a networking, observability, 
and security solution wit
 CVE-2026-41517 (Emlog is an open source website building system. Prior to 
version 2.6. ...)
        NOT-FOR-US: Emlog
 CVE-2026-41495 (n8n-MCP is an MCP server that provides AI assistants access to 
n8n nod ...)
-       TODO: check
+       NOT-FOR-US: n8n-MCP
 CVE-2026-41486 (Ray is an AI compute engine. From version 2.54.0 to before 
version 2.5 ...)
-       TODO: check
+       NOT-FOR-US: Ray
 CVE-2026-41432 (New API is a large language mode (LLM) gateway and artificial 
intellig ...)
-       TODO: check
+       NOT-FOR-US: New API
 CVE-2026-41311 (LiquidJS is a Shopify / GitHub Pages compatible template 
engine in pur ...)
-       TODO: check
+       NOT-FOR-US: LiquidJS
 CVE-2025-15634 (A missing authorization vulnerability in HCL BigFix WebUI 
allows an au ...)
        NOT-FOR-US: HCL
 CVE-2025-15633 (An improper authorization vulnerability in HCL BigFix WebUI 
allows an  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a938f40ea13fe541d8f9d8be73bed695533c25b4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a938f40ea13fe541d8f9d8be73bed695533c25b4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to