Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ea3244e by Salvatore Bonaccorso at 2026-05-29T22:05:26+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -199,11 +199,11 @@ CVE-2026-45555 (Roslyn CodeLens MCP Server is a
Roslyn-based MCP server providin
CVE-2026-45551 (Group-Office is an enterprise customer relationship management
and gro ...)
NOT-FOR-US: Group-Office
CVE-2026-45312 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation)
engine. ...)
- TODO: check
+ NOT-FOR-US: RAGFlow
CVE-2026-45043 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-44962 (Plesk contains an XPath injection vulnerability in the APS
Application ...)
- TODO: check
+ NOT-FOR-US: Plesk
CVE-2026-44698 (Home Assistant is open source home automation software that
puts local ...)
TODO: check
CVE-2026-44697 (Klever-Go is the Go implementation of the Klever blockchain
protocol. ...)
@@ -961,9 +961,9 @@ CVE-2026-45410 (TREK is a collaborative travel planner.
Prior to 3.0.18, early r
CVE-2026-45403 (AnythingLLM is an application that turns pieces of content
into contex ...)
NOT-FOR-US: AnythingLLM
CVE-2026-45366 (typescript-utcp is a typescript implementation of UTCP. Prior
to 1.1.2 ...)
- TODO: check
+ NOT-FOR-US: typescript-utcp
CVE-2026-45364 (Better Auth is an authentication and authorization library for
TypeScr ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2026-45344 (LinkAce is a self-hosted archive to collect website links.
Prior to 2. ...)
NOT-FOR-US: LinkAce
CVE-2026-45343 (LinkAce is a self-hosted archive to collect website links.
Prior to 2. ...)
@@ -1366,7 +1366,7 @@ CVE-2026-45297 (OpenReplay is a self-hosted session
replay suite. Prior to 1.26.
CVE-2026-45296 (OpenReplay is a self-hosted session replay suite. Prior to
1.26.0, Ope ...)
NOT-FOR-US: OpenReplay
CVE-2026-45292 (opentelemetry-java is the Java implementation of the
OpenTelemetry API ...)
- TODO: check
+ NOT-FOR-US: opentelemetry-java
CVE-2026-45261 (GitButler is a modern Git-based version control interface for
AI-power ...)
NOT-FOR-US: GitButler
CVE-2026-45078 (Synapse is an open source Matrix homeserver implementation.
Prior to 1 ...)
@@ -1390,7 +1390,7 @@ CVE-2026-45039 (RustFS is a distributed object storage
system built in Rust. Pri
CVE-2026-45021 (Kuma is a modern Envoy-based service mesh that can run on
every cloud ...)
NOT-FOR-US: Kuma
CVE-2026-45017 (Python Liquid is a Python engine for the Liquid template
language. Pri ...)
- TODO: check
+ NOT-FOR-US: Python Liquid
CVE-2026-44798 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
TODO: check
CVE-2026-44797 (Nautobot is a Network Source of Truth and Network Automation
Platform. ...)
@@ -2244,7 +2244,7 @@ CVE-2026-46402 (Microsoft UFO open-source framework for
intelligent automation a
CVE-2026-45322 (Microsoft UFO open-source framework for intelligent automation
across ...)
NOT-FOR-US: Microsoft UFO
CVE-2026-45152 (uniget is a universal installer and updater for (container)
tools. Pri ...)
- TODO: check
+ NOT-FOR-US: uniget
CVE-2026-45136 (claude-code-cache-fix is a cache optimization proxy for Claude
Code. F ...)
NOT-FOR-US: claude-code-cache-fix
CVE-2026-45134 (LangSmith Client SDKs provide SDK's for interacting with the
LangSmith ...)
@@ -2256,13 +2256,13 @@ CVE-2026-45104 (MapServer is a system for developing
web-based GIS applications.
CVE-2026-45102 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
NOT-FOR-US: OneUptime
CVE-2026-45083 (The Goobi viewer is a web application that allows digitised
material t ...)
- TODO: check
+ NOT-FOR-US: Goobi viewer
CVE-2026-44888 (Pi.Alert is a WIFI / LAN intruder detector with web service
monitoring ...)
- TODO: check
+ NOT-FOR-US: Pi.Alert
CVE-2026-44887 (Pi.Alert is a WIFI / LAN intruder detector with web service
monitoring ...)
- TODO: check
+ NOT-FOR-US: Pi.Alert
CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder detector with web service
monitoring ...)
- TODO: check
+ NOT-FOR-US: Pi.Alert
CVE-2026-44724 (systeminformation is a System and OS information library for
node.js. ...)
TODO: check
CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and
assessment pl ...)
@@ -2574,9 +2574,9 @@ CVE-2026-45081 (Frappe HR is an open-source human
resources management solution
CVE-2026-45061 (Budibase is an open-source low-code platform. Prior to
3.35.10, the Pl ...)
NOT-FOR-US: Budibase
CVE-2026-45047 (bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the
apiHandl ...)
- TODO: check
+ NOT-FOR-US: bird-lg-go
CVE-2026-45046 (Gryph provides a security layer for AI coding agents. Prior to
0.7.0, ...)
- TODO: check
+ NOT-FOR-US: Gryph
CVE-2026-45027 (WeGIA is a web manager for charitable institutions. In
versions prior ...)
NOT-FOR-US: WeGIA
CVE-2026-45022 (go-git is an extensible git implementation library written in
pure Go. ...)
@@ -2591,7 +2591,7 @@ CVE-2026-44972 (GuardDog is a CLI tool to identify
malicious PyPI packages. From
CVE-2026-44971 (GuardDog is a CLI tool to identify malicious PyPI packages.
From 1.0.0 ...)
NOT-FOR-US: GuardDog
CVE-2026-44902 (opentelemetry-js is the OpenTelemetry JavaScript Client. Prior
to 0.21 ...)
- TODO: check
+ NOT-FOR-US: opentelemetry-js
CVE-2026-44839 (RabbitMQ is a messaging and streaming broker. From 3.7.0 to
before 4.1 ...)
TODO: check
CVE-2026-44838 (RabbitMQ is a messaging and streaming broker. From 4.2.0 to
before 4.2 ...)
@@ -4665,7 +4665,7 @@ CVE-2026-44985 (Dozzle is a realtime log viewer for
docker containers. Prior to
CVE-2026-44983 (smallbitvec is a growable bit-vector for Rust, optimized for
size. Fro ...)
TODO: check
CVE-2026-44966 (Velocity.js is a JavaScript implementation of the Apache
Velocity temp ...)
- TODO: check
+ NOT-FOR-US: Velocity.js
CVE-2026-44905 (Vanetza is an open-source implementation of the ETSI C-ITS
protocol su ...)
NOT-FOR-US: Vanetza
CVE-2026-44903 (Prometheus is an open-source monitoring system and time series
databas ...)
@@ -4681,13 +4681,13 @@ CVE-2026-44897 (Mistune is a Python Markdown parser
with renderers and plugins.
CVE-2026-44896 (Mistune is a Python Markdown parser with renderers and
plugins. In 3.2 ...)
TODO: check
CVE-2026-44895 (GitLab MCP Server lets an AI agent talk directly to GitLab.
Prior to 0 ...)
- TODO: check
+ NOT-FOR-US: GitLab MCP Server
CVE-2026-44847 (MaxKB is an open-source AI assistant for enterprise. Prior to
2.9.0, M ...)
NOT-FOR-US: MaxKB
CVE-2026-44844 (eml_parser serves as a python module for parsing eml files and
returni ...)
- TODO: check
+ NOT-FOR-US: eml_parser Python module
CVE-2026-44843 (LangChain is a framework for building agents and LLM-powered
applicati ...)
- TODO: check
+ NOT-FOR-US: LangChain
CVE-2026-44837 (view_component is a framework for building reusable, testable,
and enc ...)
TODO: check
CVE-2026-44836 (view_component is a framework for building reusable, testable,
and enc ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea3244e212feafcdb8b249d6dc23acec6ee3ad9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea3244e212feafcdb8b249d6dc23acec6ee3ad9
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits