Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ae35648b by Salvatore Bonaccorso at 2026-03-24T21:56:47+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10,25 +10,25 @@ CVE-2026-4775 (A flaw was found in the libtiff library. A
remote attacker could
CVE-2026-4649 (Apache Artemis before version 2.52.0 is affected by an
authentication ...)
TODO: check
CVE-2026-33769 (Astro is a web framework. From version 2.10.10 to before
version 5.18. ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2026-33768 (Astro is a web framework. Prior to version 10.0.2, the
@astrojs/vercel ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2026-33700 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33680 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33679 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33678 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33677 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33676 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33675 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33668 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33627 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-33624 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -50,15 +50,15 @@ CVE-2026-33508 (Parse Server is an open source backend that
can be deployed to a
CVE-2026-33498 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-33497 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33484 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33475 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33474 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33473 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33429 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-33421 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -66,75 +66,75 @@ CVE-2026-33421 (Parse Server is an open source backend that
can be deployed to a
CVE-2026-33419 (MinIO is a high-performance object storage system. Prior to
RELEASE.20 ...)
TODO: check
CVE-2026-33418 (DiceBear is an avatar library for designers and developers.
Prior to v ...)
- TODO: check
+ NOT-FOR-US: DiceBear
CVE-2026-33417 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-33409 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-33407 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-33401 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-33400 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-33399 (Wallos is an open-source, self-hostable personal subscription
tracker. ...)
- TODO: check
+ NOT-FOR-US: Wallos
CVE-2026-33353 (Soft Serve is a self-hostable Git server for the command line.
From ve ...)
- TODO: check
+ NOT-FOR-US: Soft Serve
CVE-2026-33349 (fast-xml-parser allows users to process XML from JS object
without C/C ...)
TODO: check
CVE-2026-33345 (solidtime is an open-source time-tracking app. Prior to
version 0.11.6 ...)
- TODO: check
+ NOT-FOR-US: solidtime
CVE-2026-33344 (Dagu is a workflow engine with a built-in Web user interface.
From ver ...)
- TODO: check
+ NOT-FOR-US: Dagu
CVE-2026-33340 (LoLLMs WEBUI provides the Web user interface for Lord of Large
Languag ...)
- TODO: check
+ NOT-FOR-US: LoLLMs WEBUI
CVE-2026-33336 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33335 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33334 (Vikunja is an open-source self-hosted task management
platform. Starti ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33332 (NiceGUI is a Python-based UI framework. Prior to version
3.9.0, NiceGU ...)
- TODO: check
+ NOT-FOR-US: NiceGUI
CVE-2026-33331 (oRPC is an tool that helps build APIs that are end-to-end
type-safe an ...)
- TODO: check
+ NOT-FOR-US: oRPC
CVE-2026-33330 (FileRise is a self-hosted web file manager / WebDAV server.
Prior to v ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2026-33329 (FileRise is a self-hosted web file manager / WebDAV server.
From versi ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2026-33326 (Keystone is a content management system for Node.js. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Keystone CMS
CVE-2026-33323 (Parse Server is an open source backend that can be deployed to
any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-33322 (MinIO is a high-performance object storage system. From
RELEASE.2022-1 ...)
TODO: check
CVE-2026-33316 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33315 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33314 (pyLoad is a free and open-source download manager written in
Python. P ...)
TODO: check
CVE-2026-33313 (Vikunja is an open-source self-hosted task management
platform. Prior ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-33311 (DiceBear is an avatar library for designers and developers.
Starting i ...)
- TODO: check
+ NOT-FOR-US: DiceBear
CVE-2026-33310 (Intake is a package for finding, investigating, loading and
disseminat ...)
- TODO: check
+ NOT-FOR-US: Intake
CVE-2026-33309 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-33162 (Craft CMS is a content management system (CMS). From version
5.3.0 to ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33161 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33160 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33159 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33158 (Craft CMS is a content management system (CMS). From version
4.0.0-RC1 ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-33157 (Craft CMS is a content management system (CMS). From version
5.6.0 to ...)
- TODO: check
+ NOT-FOR-US: Craft CMS
CVE-2026-32948 (sbt is a build tool for Scala, Java, and others. From version
0.9.5 to ...)
TODO: check
CVE-2026-32854 (LibVNCServer versions 0.9.15 and prior (fixed incommit
dc78dee) contai ...)
@@ -146,21 +146,21 @@ CVE-2026-32647 (NGINX Open Source and NGINX Plus have a
vulnerability in the ngx
CVE-2026-30932 (Froxlor is open source server administration software. Prior
to versio ...)
TODO: check
CVE-2026-30662 (ConcreteCMS v9.4.7 contains a Denial of Service (DoS)
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ConcreteCMS
CVE-2026-30661 (iCMS v8.0.0 contains a Cross-Site Scripting (XSS)
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: iCMS
CVE-2026-30655 (SQL injection in Solicitante::resetaSenha() in
esiclivre/esiclivre v0. ...)
TODO: check
CVE-2026-30653 (An issue in Free5GC v.4.2.0 and before allows a remote
attacker to cau ...)
- TODO: check
+ NOT-FOR-US: Free5GC
CVE-2026-2417 (A Missing Authentication for Critical Function vulnerability in
Pharos ...)
TODO: check
CVE-2026-29840 (JiZhiCMS v2.5.6 and before contains a Stored Cross-Site
Scripting (XSS ...)
- TODO: check
+ NOT-FOR-US: JiZhiCMS
CVE-2026-29839 (DedeCMS v5.7.118 was discovered to contain a Cross-Site
Request Forger ...)
NOT-FOR-US: DedeCMS
CVE-2026-29772 (Astro is a web framework. Prior to version 10.0.0, Astro's
Server Isla ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2026-28755 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_strea ...)
TODO: check
CVE-2026-28753 (NGINX Plus and NGINX Open Source have a vulnerability in the
ngx_mail_ ...)
@@ -561,7 +561,7 @@ CVE-2026-3138 (The Product Filter for WooCommerce by WBW
plugin for WordPress is
CVE-2026-3079 (The LearnDash LMS plugin for WordPress is vulnerable to blind
time-bas ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3055 (Insufficient input validation inNetScaler ADC and NetScaler
Gateway wh ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2026-33856 (Missing Release of Memory after Effective Lifetime
vulnerability in Mo ...)
NOT-FOR-US: MolotovCherry Android-ImageMagick7
CVE-2026-33855 (Integer Overflow or Wraparound vulnerability in MolotovCherry
Android- ...)
@@ -605,11 +605,11 @@ CVE-2026-33281 (Ella Core is a 5G core designed for
private networks. Versions p
CVE-2026-33252 (The Go MCP SDK used Go's standard encoding/json. Prior to
version 1.4. ...)
TODO: check
CVE-2026-33242 (Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2
have a P ...)
- TODO: check
+ NOT-FOR-US: Salvo
CVE-2026-33241 (Salvo is a Rust web framework. Prior to version 0.89.3,
Salvo's form d ...)
- TODO: check
+ NOT-FOR-US: Salvo
CVE-2026-33211 (Tekton Pipelines project provides k8s-style resources for
declaring CI ...)
- TODO: check
+ NOT-FOR-US: Tekton Pipelines project
CVE-2026-33202 (Active Storage allows users to attach cloud and local files in
Rails a ...)
TODO: check
CVE-2026-33195 (Active Storage allows users to attach cloud and local files in
Rails a ...)
@@ -629,7 +629,7 @@ CVE-2026-33168 (Action View provides conventions and
helpers for building web pa
CVE-2026-33167 (Action Pack is a Rubygem for building web applications on the
Rails fr ...)
TODO: check
CVE-2026-33046 (Indico is an event management system that uses
Flask-Multipass, a mult ...)
- TODO: check
+ NOT-FOR-US: Indico
CVE-2026-32913 (OpenClaw before 2026.3.7 contains an improper header
validation vulner ...)
NOT-FOR-US: OpenClaw
CVE-2026-32912
@@ -657,17 +657,17 @@ CVE-2026-32900
CVE-2026-32642 (Incorrect Authorization (CWE-863)vulnerability in Apache
Artemis, Apac ...)
TODO: check
CVE-2026-32300 (Connect-CMS is a content management system. In versions on the
1.x ser ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32299 (Connect-CMS is a content management system. In versions on the
1.x ser ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32279 (Connect-CMS is a content management system. In versions on the
1.x ser ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32278 (Connect-CMS is a content management system. In versions on the
1.x ser ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32277 (Connect-CMS is a content management system. In versions 1.35.0
through ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32276 (Connect-CMS is a content management system. In versions on the
1.x ser ...)
- TODO: check
+ NOT-FOR-US: Connect-CMS
CVE-2026-32066
REJECTED
CVE-2026-32047
@@ -890,19 +890,19 @@ CVE-2026-32850 (MailEnable versions prior to10.55 contain
a reflected cross-site
CVE-2026-32845 (cgltf version 1.15 and prior contain an integer overflow
vulnerability ...)
NOT-FOR-US: cgltf
CVE-2026-31851 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 does ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31850 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 store ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31849 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 does ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31848 (Nexxt Solutions Nebula 300+ firmware through version
12.01.01.37 store ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31847 (Hidden functionality in the /goform/setSysTools endpoint in
Nexxt Solu ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-31846 (An unauthenticated credential disclosure vulnerability in the
/goform/ ...)
- TODO: check
+ NOT-FOR-US: Nexxt Solutions Nebula 300+ firmware
CVE-2026-30886 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
- TODO: check
+ NOT-FOR-US: New API
CVE-2026-30849 (Mantis Bug Tracker (MantisBT) is an open source issue tracker.
Version ...)
TODO: check
CVE-2026-30007 (XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a
crafted .t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae35648b06a3672ecb274bc18acd45404282db89
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ae35648b06a3672ecb274bc18acd45404282db89
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
