Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac0fa982 by Salvatore Bonaccorso at 2026-03-20T21:48:14+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -67,9 +67,9 @@ CVE-2026-33369 (Zimbra Collaboration (ZCS) 10.0 and 10.1
contains an LDAP inject
CVE-2026-33368 (Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a
reflected cr ...)
NOT-FOR-US: Zimbra
CVE-2026-33312 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33192 (Free5GC is an open-source Linux Foundation project for 5th
generation ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33140 (PySpector is a static analysis security testing (SAST)
Framework engin ...)
TODO: check
CVE-2026-33139 (PySpector is a static analysis security testing (SAST)
Framework engin ...)
@@ -83,7 +83,7 @@ CVE-2026-33134 (WeGIA is a web manager for charitable
institutions. Versions 3.6
CVE-2026-33133 (WeGIA is a web manager for charitable institutions. In
versions 3.6.5 ...)
NOT-FOR-US: WeGIA
CVE-2026-33132 (ZITADEL is an open source identity management platform.
Versions prior ...)
- TODO: check
+ NOT-FOR-US: ZZitadel
CVE-2026-33131 (H3 is a minimal H(TTP) framework. Versions 2.0.0-0 through
2.0.1-rc.14 ...)
TODO: check
CVE-2026-33130 (Uptime Kuma is an open source, self-hosted monitoring tool. In
version ...)
@@ -105,7 +105,7 @@ CVE-2026-33081 (PinchTab is a standalone HTTP server that
gives AI agents direct
CVE-2026-33080 (Filament is a collection of full-stack components for
accelerated Lara ...)
TODO: check
CVE-2026-33075 (FastGPT is an AI Agent building platform. In versions 4.14.8.3
and bel ...)
- TODO: check
+ NOT-FOR-US: FastGPT
CVE-2026-33072 (FileRise is a self-hosted web file manager / WebDAV server. In
version ...)
TODO: check
CVE-2026-33071 (FileRise is a self-hosted web file manager / WebDAV server. In
version ...)
@@ -115,11 +115,11 @@ CVE-2026-33070 (FileRise is a self-hosted web file
manager / WebDAV server. In v
CVE-2026-33069 (PJSIP is a free and open source multimedia communication
library writt ...)
TODO: check
CVE-2026-33068 (Claude Code is an agentic coding tool. Versions prior to
2.1.53 resolv ...)
- TODO: check
+ NOT-FOR-US: Claude Code
CVE-2026-33067 (SiYuan is a personal knowledge management system. Versions
3.6.0 and b ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-33066 (SiYuan is a personal knowledge management system. In versions
3.6.0 an ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-33010 (mcp-memory-service is an open-source memory backend for
multi-agent sy ...)
TODO: check
CVE-2026-32989 (Precurio Intranet Portal 4.4 contains a cross-site request
forgery vul ...)
@@ -331,19 +331,19 @@ CVE-2026-33301 (OpenEMR is a free and open source
electronic health records and
CVE-2026-33299 (OpenEMR is a free and open source electronic health records
and medica ...)
NOT-FOR-US: OpenEMR
CVE-2026-33289 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-33288 (SuiteCRM is an open-source, enterprise-ready Customer
Relationship Man ...)
- TODO: check
+ NOT-FOR-US: SuiteCRM
CVE-2026-33191 (Free5GC is an open-source Linux Foundation project for 5th
generation ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33065 (Free5GC is an open-source Linux Foundation project for 5th
generation ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33064 (Free5GC is an open-source Linux Foundation project for 5th
generation ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33063 (free5GC is an open source 5G core network. free5GC AUSF prior
to versi ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33062 (free5GC is an open source 5G core network. free5GC NRF prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-33061 (exactyl is a customisable game management panel and billing
system. Co ...)
TODO: check
CVE-2026-33060 (CKAN MCP Server is a tool for querying CKAN open data portals.
Version ...)
@@ -359,41 +359,41 @@ CVE-2026-33054 (Mesop is a Python-based UI framework that
allows users to build
CVE-2026-33053 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
TODO: check
CVE-2026-33051 (Craft CMS is a content management system (CMS). In versions
5.9.0-beta ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33043 (WWBN AVideo is an open source video platform. In versions 25.0
and bel ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33041 (WWBN AVideo is an open source video platform. In versions 25.0
and bel ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33040 (libp2p-rust is the official rust language Implementation of
the libp2p ...)
TODO: check
CVE-2026-33039 (WWBN AVideo is an open source video platform. In versions 25.0
and bel ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33038 (WWBN AVideo is an open source video platform. Versions 25.0
and below ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33037 (WWBN AVideo is an open source video platform. In versions 25.0
and bel ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33036 (fast-xml-parser allows users to process XML from JS object
without C/C ...)
TODO: check
CVE-2026-33035 (WWBN AVideo is an open source video platform. In versions 25.0
and bel ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33025 (AVideo is a video-sharing Platform. Versions prior to 8.0
contain a SQ ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33024 (AVideo is a video-sharing Platform. Versions prior to 8.0
contain a Se ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-33022 (Tekton Pipelines project provides k8s-style resources for
declaring CI ...)
TODO: check
CVE-2026-33017 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33013 (Micronaut Framework is a JVM-based full stack Java framework
designed ...)
- TODO: check
+ NOT-FOR-US: Micronaut Framework
CVE-2026-33012 (Micronaut Framework is a JVM-based full stack Java framework
designed ...)
- TODO: check
+ NOT-FOR-US: Micronaut Framework
CVE-2026-33011 (Nest is a framework for building scalable Node.js server-side
applicat ...)
TODO: check
CVE-2026-32985 (Xerte Online Toolkits versions 3.14 and earlier contain an
unauthentic ...)
- TODO: check
+ NOT-FOR-US: Xerte Online Toolkits
CVE-2026-32954 (ERP is a free and open source Enterprise Resource Planning
tool. In ve ...)
- TODO: check
+ NOT-FOR-US: ERP
CVE-2026-32950 (SQLBot is an intelligent data query system based on a large
language m ...)
TODO: check
CVE-2026-32949 (SQLBot is an intelligent data query system based on a large
language m ...)
@@ -413,9 +413,9 @@ CVE-2026-32940 (SiYuan is a personal knowledge management
system. In versions 3.
CVE-2026-32939 (DataEase is an open source data visualization analysis tool.
Versions ...)
NOT-FOR-US: DataEase
CVE-2026-32938 (SiYuan is a personal knowledge management system. In versions
3.6.0 an ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-32937 (free5GC is an open source 5G core network. free5GC CHF prior
to versio ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-32935 (phpseclib is a PHP secure communications library. Projects
using versi ...)
TODO: check
CVE-2026-32933 (AutoMapper is a convention-based object-object mapper in .NET.
Version ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac0fa982a5c9ebe33972c8f8ebca042ba728eb86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac0fa982a5c9ebe33972c8f8ebca042ba728eb86
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
