Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
98679ecf by Salvatore Bonaccorso at 2026-06-23T21:41:54+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -39,29 +39,29 @@ CVE-2026-56371 (ImageMagick before 7.1.2-15 and 6.9.13-40
contains a memory leak
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/e6394098af39a9689bb5f0b4eb6a9968e449a8d3
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/073e3e31bb8f3646db365994cf618e998853bef7
(6.9.13-39)
CVE-2026-56322 (Capgo before 12.128.2 contains an information disclosure
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56315 (picklescan before 1.0.4 fails to block at least seven Python
standard ...)
- TODO: check
+ NOT-FOR-US: picklescan
CVE-2026-56301 (Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running
the dev ...)
- TODO: check
+ NOT-FOR-US: Nuxt
CVE-2026-56275 (Flowise before 3.1.0 contains a server-side request forgery
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-56274 (Flowise before 3.1.2 contains multiple OS command injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-56263 (Crawl4AI before 0.8.7 contains a stored cross-site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Crawl4AI
CVE-2026-56258 (Crawl4AI before 0.8.8 contains an arbitrary file write
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Crawl4AI
CVE-2026-56248 (Cap-go capgo (capgo-backend) before 12.128.12 contains an
unauthentica ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56243 (Capgo before 12.128.2 contains a security control bypass
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56234 (Capgo before 12.128.2 contains a credential validation
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56225 (Capgo before 12.128.2 contains an authorization bypass
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56222 (Capgo before 12.128.2 contains an authorization bypass
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Cap-go
CVE-2026-56117 (dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a
heap use-af ...)
TODO: check
CVE-2026-56116 (dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a
memory leak ...)
@@ -73,69 +73,69 @@ CVE-2026-56114 (dhcpcd through 10.3.2, fixed in commit
2f00c7b, contains a one-b
CVE-2026-56113 (dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a
heap use-af ...)
TODO: check
CVE-2026-55736 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
- TODO: check
+ NOT-FOR-US: ash-project ash
CVE-2026-55517 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-55450 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-55447 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-55446 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-55423 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-55255 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-55249 (@rtk-ai/rtk-rewrite transparently rewrites shell commands
executed via ...)
NOT-FOR-US: OpenClaw
CVE-2026-54892 (Inefficient algorithmic complexity in Plug's nested-parameter
decoder ...)
TODO: check
CVE-2026-54324 (Daytona is a secure and elastic infrastructure runtime for
AI-generate ...)
- TODO: check
+ NOT-FOR-US: Daytona
CVE-2026-54323 (Daytona is a secure and elastic infrastructure runtime for
AI-generate ...)
- TODO: check
+ NOT-FOR-US: Daytona
CVE-2026-54322 (Daytona is a secure and elastic infrastructure runtime for
AI-generate ...)
- TODO: check
+ NOT-FOR-US: Daytona
CVE-2026-54321 (Daytona is a secure and elastic infrastructure runtime for
AI-generate ...)
- TODO: check
+ NOT-FOR-US: Daytona
CVE-2026-54320 (Daytona is a secure and elastic infrastructure runtime for
AI-generate ...)
- TODO: check
+ NOT-FOR-US: Daytona
CVE-2026-54319 (Daytona is a secure and elastic infrastructure runtime for
AI-generate ...)
- TODO: check
+ NOT-FOR-US: Daytona
CVE-2026-54318 (Home Assistant is open source home automation software that
puts local ...)
- TODO: check
+ NOT-FOR-US: Home Assistant
CVE-2026-54317 (Home Assistant is open source home automation software that
puts local ...)
- TODO: check
+ NOT-FOR-US: Home Assistant
CVE-2026-54316 (Claude Code is an agentic coding tool. From 0.2.54 until
2.1.163, bec ...)
- TODO: check
+ NOT-FOR-US: Claude Code
CVE-2026-54314 (n8n is an open source workflow automation platform. Prior to
2.24.0, t ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54313 (n8n is an open source workflow automation platform. Prior to
2.24.0, a ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54312 (n8n is an open source workflow automation platform. Prior to
2.24.0, a ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54311 (n8n is an open source workflow automation platform. Prior to
2.25.7 an ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54310 (n8n is an open source workflow automation platform. Prior to
2.25.7 an ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54309 (n8n is an open source workflow automation platform. Prior to
2.25.7 an ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54308 (n8n is an open source workflow automation platform. Prior to
2.25.7 an ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54307 (n8n is an open source workflow automation platform. Prior to
1.123.55, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54306 (n8n is an open source workflow automation platform. Prior to
2.25.7 an ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54305 (n8n is an open source workflow automation platform. Prior to
1.123.55, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54304 (n8n is an open source workflow automation platform. Prior to
1.123.55, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54303 (n8n is an open source workflow automation platform. Prior to
2.24.0, a ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54302 (n8n is an open source workflow automation platform. Prior to
1.123.55, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54301 (n8n is an open source workflow automation platform. Prior to
1.123.55, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-54257 (Electron is a framework for writing cross-platform desktop
application ...)
TODO: check
CVE-2026-54157 (LobeHub is a work-and-lifestyle space to find, build, and
collaborate ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98679ecfa3c86d82a5c756921a73c0cf2aa0fc95
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98679ecfa3c86d82a5c756921a73c0cf2aa0fc95
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits