[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ea7b815e by Moritz Muehlenhoff at 2026-02-12T11:25:47+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-26235 (JUNG Smart Visu Server 1.1.1050 contains a 
denial of service vul
 CVE-2026-26234 (JUNG Smart Visu Server 1.1.1050 contains a request header 
manipulation ...)
        NOT-FOR-US: JUNG Smart Visu Server
 CVE-2026-26215 (manga-image-translator versionbeta-0.3 and prior in shared API 
mode co ...)
-       TODO: check
+       NOT-FOR-US: manga-image-translator
 CVE-2026-26158 (A flaw was found in BusyBox. This vulnerability allows an 
attacker to  ...)
        - busybox <unfixed>
        NOTE: 
https://git.busybox.net/busybox/commit/?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb
@@ -31,37 +31,37 @@ CVE-2026-26086
 CVE-2026-26085
        REJECTED
 CVE-2026-26031 (Frappe Learning Management System (LMS) is a learning system 
that help ...)
-       TODO: check
+       NOT-FOR-US: Frappe Learning Management System (LMS)
 CVE-2026-26029 (sf-mcp-server is an implementation of Salesforce MCP server 
for Claude ...)
-       TODO: check
+       NOT-FOR-US: sf-mcp-serverFrappe Learning Management System (LMS)
 CVE-2026-26023 (Dify is an open-source LLM app development platform. Prior to 
1.13.0,  ...)
-       TODO: check
+       NOT-FOR-US: Dify
 CVE-2026-26021 (set-in provides the set value of nested associative structure 
given ar ...)
        TODO: check
 CVE-2026-26019 (LangChain is a framework for building LLM-powered 
applications. Prior  ...)
-       TODO: check
+       NOT-FOR-US: LangChain
 CVE-2026-26014 (Pion DTLS is a Go implementation of Datagram Transport Layer 
Security. ...)
        TODO: check
 CVE-2026-26012 (vaultwarden is an unofficial Bitwarden compatible server 
written in Ru ...)
-       TODO: check
+       - vaultwarden <itp> (bug #1067023)
 CVE-2026-26010 (OpenMetadata is a unified metadata platform. Prior to 1.11.8, 
calls is ...)
-       TODO: check
+       NOT-FOR-US: OpenMetadata
 CVE-2026-25999 (Klaw is a self-service Apache Kafka Topic 
Management/Governance tool/p ...)
-       TODO: check
+       NOT-FOR-US: Klaw
 CVE-2026-25994 (PJSIP is a free and open source multimedia communication 
library writt ...)
        TODO: check
 CVE-2026-25935 (Vikunja is a todo-app to organize your life. Prior to 1.1.0, 
TaskGlanc ...)
-       TODO: check
+       NOT-FOR-US: Vikunja
 CVE-2026-25924 (Kanboard is project management software focused on Kanban 
methodology. ...)
        TODO: check
 CVE-2026-25759 (Statmatic is a Laravel and Git powered content management 
system (CMS) ...)
-       TODO: check
+       NOT-FOR-US: Statmatic
 CVE-2026-25676 (The installer of M-Track Duo HD version 1.0.0 contains an 
issue with t ...)
-       TODO: check
+       NOT-FOR-US: M-Track Duo HD
 CVE-2026-25633 (Statamic is a, Laravel + Git powered CMS designed for building 
website ...)
-       TODO: check
+       NOT-FOR-US: Statmatic
 CVE-2026-25062 (Outline is a service that allows for collaborative 
documentation. Prio ...)
-       TODO: check
+       NOT-FOR-US: Outline
 CVE-2026-23857 (Dell Update Package (DUP) Framework, versions 23.12.00 through 
24.12.0 ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-23856 (Dell iDRAC Service Module (iSM) for Windows, versions prior to 
6.0.3.1 ...)
@@ -197,19 +197,19 @@ CVE-2026-20601 (A permissions issue was addressed with 
additional restrictions.
 CVE-2026-1729 (The AdForest theme for WordPress is vulnerable to 
authentication bypas ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-1669 (Arbitrary file read in the model loading mechanism (HDF5 
integration)  ...)
-       TODO: check
+       - keras <removed>
 CVE-2026-1537 (The LatePoint \u2013 Calendar Booking Plugin for Appointments 
and Even ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-0969 (The serialize function used to compile MDX in next-mdx-remote 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: next-mdx-remote
 CVE-2025-68663 (Outline is a service that allows for collaborative 
documentation. Prio ...)
-       TODO: check
+       NOT-FOR-US: Outline
 CVE-2025-67135 (Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm 
System 1.25. ...)
-       TODO: check
+       NOT-FOR-US: PGST PG107 Alarm System
 CVE-2025-64487 (Outline is a service that allows for collaborative 
documentation. Prio ...)
-       TODO: check
+       NOT-FOR-US: Outline
 CVE-2025-64074 (A path-traversal vulnerability in the logout functionality of 
Shenzhen ...)
-       TODO: check
+       NOT-FOR-US: Shenzhen Zhibotong Electronics ZBT WE2001
 CVE-2025-46310 (This issue was addressed through improved state management. 
This issue ...)
        NOT-FOR-US: Apple
 CVE-2025-46305 (The issue was addressed with improved bounds checks. This 
issue is fix ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea7b815e25f7feaa51c53c043901d5db5fb8652d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea7b815e25f7feaa51c53c043901d5db5fb8652d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits