[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 11 Mar 2026 01:35:57 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9a046b75 by Moritz Muehlenhoff at 2026-03-11T09:35:28+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2026-3911 (A flaw was found in Keycloak. An authenticated user with the 
view-user ...)
-       TODO: check
+       - keycloak <itp> (bug #1088287)
 CVE-2026-3903 (The Modular DS: Monitor, update, and backup multiple websites 
plugin f ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-3884 (Versions of the package spin.js before 3.0.0 are vulnerable to 
Cross-s ...)
        TODO: check
 CVE-2026-3826 (IFTOP developed by WellChoose has a Local File Inclusion 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: WellChoose
 CVE-2026-3825 (IFTOP developed by WellChoose has a Reflected Cross-site 
Scripting vul ...)
-       TODO: check
+       NOT-FOR-US: WellChoose
 CVE-2026-3824 (IFTOP developed by WellChoose has an Open redirect 
vulnerability, allo ...)
-       TODO: check
+       NOT-FOR-US: WellChoose
 CVE-2026-3534 (The Astra theme for WordPress is vulnerable to Stored 
Cross-Site Scrip ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-3453 (The ProfilePress plugin for WordPress is vulnerable to Insecure 
Direct ...)
@@ -17,7 +17,7 @@ CVE-2026-3453 (The ProfilePress plugin for WordPress is 
vulnerable to Insecure D
 CVE-2026-3222 (The WP Maps plugin for WordPress is vulnerable to time-based 
blind SQL ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-31844 (An authenticated SQL Injection vulnerability (CWE-89) exists 
in the Ko ...)
-       TODO: check
+       - koha <itp> (bug #702134)
 CVE-2026-31838 (Istio is an open platform to connect, manage, and secure 
microservices ...)
        TODO: check
 CVE-2026-31837 (Istio is an open platform to connect, manage, and secure 
microservices ...)
@@ -31,7 +31,7 @@ CVE-2026-31832 (Umbraco is an ASP.NET CMS. From 14.0.0 to 
before 16.5.1 and 17.2
 CVE-2026-31830 (sigstore-ruby is a pure Ruby implementation of the sigstore 
verify com ...)
        TODO: check
 CVE-2026-31829 (Flowise is a drag & drop user interface to build a customized 
large la ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2026-31828 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        TODO: check
 CVE-2026-31827 (Alienbin is an anonymous code and text sharing web service. In 
1.0.0 a ...)
@@ -39,19 +39,19 @@ CVE-2026-31827 (Alienbin is an anonymous code and text 
sharing web service. In 1
 CVE-2026-31826 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.8. ...)
        TODO: check
 CVE-2026-31825 (Sylius is an Open Source eCommerce Framework on Symfony. 
Sylius API fi ...)
-       TODO: check
+       NOT-FOR-US: Sylius
 CVE-2026-31824 (Sylius is an Open Source eCommerce Framework on Symfony. A 
Time-of-Che ...)
-       TODO: check
+       NOT-FOR-US: Sylius
 CVE-2026-31823 (Sylius is an Open Source eCommerce Framework on Symfony. An 
authentica ...)
-       TODO: check
+       NOT-FOR-US: Sylius
 CVE-2026-31822 (Sylius is an Open Source eCommerce Framework on Symfony. A 
cross-site  ...)
-       TODO: check
+       NOT-FOR-US: Sylius
 CVE-2026-31821 (Sylius is an Open Source eCommerce Framework on Symfony. The 
POST /api ...)
-       TODO: check
+       NOT-FOR-US: Sylius
 CVE-2026-31820 (Sylius is an Open Source eCommerce Framework on Symfony. An 
authentica ...)
-       TODO: check
+       NOT-FOR-US: Sylius
 CVE-2026-31819 (Sylius is an Open Source eCommerce Framework on Symfony. 
CurrencySwitc ...)
-       TODO: check
+       NOT-FOR-US: Sylius
 CVE-2026-31817 (OliveTin gives access to predefined shell commands from a web 
interfac ...)
        TODO: check
 CVE-2026-31815 (Unicorn adds modern reactive component functionality to your 
Django te ...)
@@ -59,41 +59,41 @@ CVE-2026-31815 (Unicorn adds modern reactive component 
functionality to your Dja
 CVE-2026-31812 (Quinn is a pure-Rust, async-compatible implementation of the 
IETF QUIC ...)
        TODO: check
 CVE-2026-31809 (SiYuan is a personal knowledge management system. Prior to 
3.5.10, SiY ...)
-       TODO: check
+       NOT-FOR-US: SiYuan
 CVE-2026-31808 (file-type detects the file type of a file, stream, or data. 
Prior to 2 ...)
        TODO: check
 CVE-2026-31807 (SiYuan is a personal knowledge management system. Prior to 
3.5.10, SiY ...)
-       TODO: check
+       NOT-FOR-US: SiYuan
 CVE-2026-31801 (zot is ancontainer image/artifact registry based on the Open 
Container ...)
        TODO: check
 CVE-2026-31800 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-30972 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-30967 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-30966 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-30965 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-30962 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-30954 (LinkAce is a self-hosted archive to collect website links. In 
2.1.0 an ...)
-       TODO: check
+       NOT-FOR-US: LinkAce
 CVE-2026-30953 (LinkAce is a self-hosted archive to collect website links. 
When a user ...)
-       TODO: check
+       NOT-FOR-US: LinkAce
 CVE-2026-30952 (liquidjs is a Shopify / GitHub Pages compatible template 
engine in pur ...)
        TODO: check
 CVE-2026-30951 (Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL 
injecti ...)
        TODO: check
 CVE-2026-30949 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-30948 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-30947 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-30946 (Parse Server is an open source backend that can be deployed to 
any inf ...)
-       TODO: check
+       NOT-FOR-US: Parse Server
 CVE-2026-30837 (Elysia is a Typescript framework for request validation, type 
inferenc ...)
        TODO: check
 CVE-2026-2918 (The Happy Addons for Elementor plugin for WordPress is 
vulnerable to I ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a046b75986a47314c7eb67d0549c650007bd13e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a046b75986a47314c7eb67d0549c650007bd13e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to