[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 02 Jan 2026 12:22:00 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
505227ca by Salvatore Bonaccorso at 2026-01-02T21:20:50+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2026-21446 (Bagisto is an open source laravel eCommerce platform. In 
versions on t ...)
-       TODO: check
+       NOT-FOR-US: Bagisto
 CVE-2026-21445 (Langflow is a tool for building and deploying AI-powered 
agents and wo ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-21440 (AdonisJS is a TypeScript-first web framework. A Path Traversal 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: AdonisJS
 CVE-2026-21433 (Emlog is an open source website building system. Versions up 
to and in ...)
-       TODO: check
+       NOT-FOR-US: emlog
 CVE-2026-21432 (Emlog is an open source website building system. Version 
2.5.23 has a  ...)
-       TODO: check
+       NOT-FOR-US: emlog
 CVE-2026-21431 (Emlog is an open source website building system. Version 
2.5.23 has a  ...)
-       TODO: check
+       NOT-FOR-US: emlog
 CVE-2026-21430 (Emlog is an open source website building system. In version 
2.5.23, ar ...)
-       TODO: check
+       NOT-FOR-US: emlog
 CVE-2026-21429 (Emlog is an open source website building system. In version 
2.5.23, th ...)
-       TODO: check
+       NOT-FOR-US: emlog
 CVE-2026-0571 (A security flaw has been discovered in yeqifu warehouse up to 
aaf29962 ...)
-       TODO: check
+       NOT-FOR-US: yeqifu warehouse
 CVE-2026-0570 (A vulnerability was found in code-projects Online Music Site 
1.0. This ...)
        NOT-FOR-US: code-projects
 CVE-2026-0569 (A vulnerability has been found in code-projects Online Music 
Site 1.0. ...)
@@ -35,27 +35,27 @@ CVE-2026-0546 (A vulnerability was determined in 
code-projects Content Managemen
 CVE-2025-9110 (An exposure of sensitive system information to an unauthorized 
control ...)
        NOT-FOR-US: QNAP
 CVE-2025-69417 (In the plex.tv backend for Plex Media Server (PMS) through 
2025-12-31, ...)
-       TODO: check
+       NOT-FOR-US: Plex Media Server (PMS)
 CVE-2025-69416 (In the plex.tv backend for Plex Media Server (PMS) through 
2025-12-31, ...)
-       TODO: check
+       NOT-FOR-US: Plex Media Server (PMS)
 CVE-2025-69415 (In Plex Media Server (PMS) through 1.42.2.10156, ability to 
access /my ...)
-       TODO: check
+       NOT-FOR-US: Plex Media Server (PMS)
 CVE-2025-69414 (Plex Media Server (PMS) through 1.42.2.10156 allows retrieval 
of a per ...)
-       TODO: check
+       NOT-FOR-US: Plex Media Server (PMS)
 CVE-2025-69284 (Plane is an an open-source project management tool. In 
plane.io, a gue ...)
-       TODO: check
+       NOT-FOR-US: Plane
 CVE-2025-67269 (An integer underflow vulnerability exists in the `nextstate()` 
functio ...)
        TODO: check
 CVE-2025-67268 (gpsd before commit dc966aa contains a heap-based out-of-bounds 
write v ...)
        TODO: check
 CVE-2025-67160 (An issue in Vatilon v1.12.37-20240124 allows attackers to 
access sensi ...)
-       TODO: check
+       NOT-FOR-US: Vatilon
 CVE-2025-67159 (Vatilon v1.12.37-20240124 was discovered to transmit user 
credentials  ...)
-       TODO: check
+       NOT-FOR-US: Vatilon
 CVE-2025-67158 (An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint 
of Revote ...)
-       TODO: check
+       NOT-FOR-US: Revotech
 CVE-2025-65125 (SQL injection in gosaliajainam/online-movie-booking 5.5 in 
movie_detai ...)
-       TODO: check
+       NOT-FOR-US: gosaliajainam/online-movie-booking
 CVE-2025-62857 (A cross-site scripting (XSS) vulnerability has been reported 
to affect ...)
        NOT-FOR-US: QNAP
 CVE-2025-62852 (A buffer overflow vulnerability has been reported to affect 
several QN ...)
@@ -121,7 +121,7 @@ CVE-2025-48721 (A buffer overflow vulnerability has been 
reported to affect seve
 CVE-2025-47208 (An allocation of resources without limits or throttling 
vulnerability  ...)
        NOT-FOR-US: QNAP
 CVE-2025-45286 (A cross-site scripting (XSS) vulnerability in mccutchen 
httpbin v2.17. ...)
-       TODO: check
+       NOT-FOR-US: mccutchen httpbin
 CVE-2025-44013 (A NULL pointer dereference vulnerability has been reported to 
affect s ...)
        NOT-FOR-US: QNAP
 CVE-2025-35002
@@ -1343,7 +1343,7 @@ CVE-2025-34122
 CVE-2025-34094
        REJECTED
 CVE-2025-15439 (A vulnerability was identified in Daptin 0.10.3. Affected by 
this vuln ...)
-       TODO: check
+       NOT-FOR-US: Daptin
 CVE-2025-15438 (A vulnerability was determined in PluXml up to 5.8.22. 
Affected is the ...)
        TODO: check
 CVE-2025-15437 (A vulnerability was found in LigeroSmart up to 6.1.24. This 
affects an ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/505227cab2d3a1fece0b4b58f04f8e2141caf760

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/505227cab2d3a1fece0b4b58f04f8e2141caf760
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to