Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
924cadcd by Salvatore Bonaccorso at 2026-02-12T21:29:07+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,33 +1,33 @@
CVE-2026-2276 (Reflected Cross-Site Scripting (XSS) vulnerability in the Wix
web appl ...)
TODO: check
CVE-2026-26219 (newbee-mall stores and verifies user passwords using an
unsalted MD5 h ...)
- TODO: check
+ NOT-FOR-US: newbee-mall
CVE-2026-26218 (newbee-mall includes pre-seeded administrator accounts in its
database ...)
- TODO: check
+ NOT-FOR-US: newbee-mall
CVE-2026-26217 (Crawl4AI versions prior to 0.8.0 contain a local file
inclusion vulner ...)
- TODO: check
+ NOT-FOR-US: Crawl4AI
CVE-2026-26216 (Crawl4AI versions prior to 0.8.0 contain a remote code
execution vulne ...)
- TODO: check
+ NOT-FOR-US: Crawl4AI
CVE-2026-26214 (Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version
3.0.8 a ...)
- TODO: check
+ NOT-FOR-US: Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android)
CVE-2026-25949 (Traefik is an HTTP reverse proxy and load balancer. Prior to
3.6.8, th ...)
TODO: check
CVE-2026-25933 (Arduino App Lab is a cross-platform IDE for developing Arduino
Apps. P ...)
- TODO: check
+ NOT-FOR-US: Arduino App Lab
CVE-2026-25922 (authentik is an open-source identity provider. Prior to
2025.8.6, 2025 ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-25768 (LavinMQ is a high-performance message queue & streaming
server. Before ...)
- TODO: check
+ NOT-FOR-US: LavinMQ
CVE-2026-25767 (LavinMQ is a high-performance message queue & streaming
server. Before ...)
- TODO: check
+ NOT-FOR-US: LavinMQ
CVE-2026-25748 (authentik is an open-source identity provider. Prior to
2025.10.4 and ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-25227 (authentik is an open-source identity provider. From 2021.3.1
to before ...)
- TODO: check
+ NOT-FOR-US: authentik
CVE-2026-24895 (FrankenPHP is a modern application server for PHP. Prior to
1.11.2, Fr ...)
- TODO: check
+ NOT-FOR-US: FrankenPHP
CVE-2026-24894 (FrankenPHP is a modern application server for PHP. Prior to
1.11.2, wh ...)
- TODO: check
+ NOT-FOR-US: FrankenPHP
CVE-2026-24044 (Element Server Suite Community Edition (ESS Community) deploys
a Matri ...)
TODO: check
CVE-2026-22821 (mreporting is the more reporting GLPI plugin. Prior to 1.9.4,
there is ...)
@@ -216,7 +216,7 @@ CVE-2026-26029 (sf-mcp-server is an implementation of
Salesforce MCP server for
CVE-2026-26023 (Dify is an open-source LLM app development platform. Prior to
1.13.0, ...)
NOT-FOR-US: Dify
CVE-2026-26021 (set-in provides the set value of nested associative structure
given ar ...)
- TODO: check
+ NOT-FOR-US: set-in Node.js module
CVE-2026-26019 (LangChain is a framework for building LLM-powered
applications. Prior ...)
NOT-FOR-US: LangChain
CVE-2026-26014 (Pion DTLS is a Go implementation of Datagram Transport Layer
Security. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/924cadcdd4b3b6e5e8883e2831bc9323c168766c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/924cadcdd4b3b6e5e8883e2831bc9323c168766c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
