Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
74ec3bfb by Salvatore Bonaccorso at 2026-07-15T22:35:27+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,19 +5,19 @@ CVE-2026-8281
CVE-2026-8055
REJECTED
CVE-2026-62948 (OpenWrt is a Linux operating system targeting embedded
devices. Prior ...)
- TODO: check
+ NOT-FOR-US: OpenWrt
CVE-2026-62947 (OpenWrt is a Linux operating system targeting embedded
devices. Prior ...)
- TODO: check
+ NOT-FOR-US: OpenWrt
CVE-2026-62843 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-62685 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-62683 (File Browser is a file managing interface for uploading,
deleting, pre ...)
- TODO: check
+ NOT-FOR-US: File Browser
CVE-2026-62389 (ws before 8.21.1 contains a memory exhaustion vulnerability in
lib/rec ...)
TODO: check
CVE-2026-62378 (RustFS Console is a web management console for the RustFS
distributed ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-62294 (Flameshot is powerful yet simple to use screenshot software.
Prior to ...)
TODO: check
CVE-2026-62287
@@ -47,7 +47,7 @@ CVE-2026-62165
CVE-2026-62164
REJECTED
CVE-2026-61873 (Grav before 9.1.8 contains an arbitrary file write
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-61872 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory
leak in th ...)
TODO: check
CVE-2026-61871 (ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory
leak in th ...)
@@ -83,23 +83,23 @@ CVE-2026-61835 (Directus is a real-time API and App
dashboard for managing SQL d
CVE-2026-61829
REJECTED
CVE-2026-61828 (Nixpkgs is a collection of software packages that can be
installed wit ...)
- TODO: check
+ NOT-FOR-US: Nixpkgs
CVE-2026-61740 (LightRAG provides simple and fast retrieval-augmented
generation. Prio ...)
- TODO: check
+ NOT-FOR-US: LightRAG
CVE-2026-61736 (LightRAG provides simple and fast retrieval-augmented
generation. Prio ...)
- TODO: check
+ NOT-FOR-US: LightRAG
CVE-2026-61710
REJECTED
CVE-2026-61684 (FastGPT is a knowledge-based AI application platform. In
4.15.0-beta4, ...)
- TODO: check
+ NOT-FOR-US: FastGPT
CVE-2026-61646 (FastGPT is a knowledge-based AI application platform. Prior to
4.15.0- ...)
- TODO: check
+ NOT-FOR-US: FastGPT
CVE-2026-61644 (FastGPT is a knowledge-based AI application platform. From
4.14.17 unt ...)
- TODO: check
+ NOT-FOR-US: FastGPT
CVE-2026-61643 (FastGPT is a knowledge-based AI application platform. From
4.14.17 unt ...)
- TODO: check
+ NOT-FOR-US: FastGPT
CVE-2026-61613 (Cursor is a code editor built for programming with AI. Prior
to the Cl ...)
- TODO: check
+ NOT-FOR-US: Cursor
CVE-2026-61606
REJECTED
CVE-2026-61605
@@ -115,31 +115,31 @@ CVE-2026-61452 (The Grav API plugin
(getgrav/grav-plugin-api) before 2.0.4 conta
CVE-2026-61451 (The Grav API plugin (grav-plugin-api) before 1.0.4 does not
validate t ...)
TODO: check
CVE-2026-61449 (Grav 2.0.1 contains a decompression-bomb size-cap bypass in
ZipArchive ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2026-61446 (PraisonAI (praisonaiagents) before 1.6.78 contains a remote
code execu ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61443 (PraisonAI before 1.6.78 contains a remote code execution
vulnerability ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61440 (PraisonAI Platform before 0.1.9 fails to properly authorize
label and ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61438 (PraisonAI before 4.6.78 contains a remote code execution
vulnerability ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61436 (PraisonAI before 4.6.78 fails to verify Svix webhook
signatures in Age ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61435 (PraisonAI before 4.6.78 contains an authentication bypass in
the Call ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61433 (PraisonAI before 4.6.78 fails to safely encode deployment
configuratio ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61430 (PraisonAI before 1.6.78 contains a server-side request forgery
vulnera ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61427 (PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport
without ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-61371 (Microsoft AVML before 0.17.0 could follow a symlink when
opening a des ...)
TODO: check
CVE-2026-60087 (PraisonAI before 1.6.78 caches tool approval decisions by tool
name on ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-60085 (PraisonAI before 4.6.78 contains an unenforced security policy
vulnera ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-60065 (When NGINX Plus is configured to use the Message Queuing
Telemetry Tra ...)
TODO: check
CVE-2026-60062 (The NGINX Agent config_dirsdirective allows a low-privileged
attacker ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74ec3bfb96b2d095c4cd53627e3e87bdf9950ac0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74ec3bfb96b2d095c4cd53627e3e87bdf9950ac0
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits