[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 08 May 2026 01:23:47 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
df01d4bb by Moritz Muehlenhoff at 2026-05-08T10:17:57+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,6 @@ CVE-2026-7258
        NOTE: 
https://github.com/php/php-src/commit/dc9e21b81c143faa9677bb0cf157e83960a24d0d
        NOTE: 
https://github.com/php/php-src/commit/398b7dabfbd2e8f4f4ed2065dbcf3e3794e8ca47
        NOTE: 
https://github.com/php/php-src/commit/a38418777f65780d9d622197677e90567690fc07
-       NOTE: https://github.com/php/php-src/commit/
 CVE-2026-7568
        - php8.4 <unfixed>
        - php8.2 <removed>
@@ -65,7 +64,7 @@ CVE-2026-7263
 CVE-2026-8149 (A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA 
BC-FIPS on  ...)
        TODO: check
 CVE-2026-8148 (NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a 
local atta ...)
-       TODO: check
+       NOT-FOR-US: NAVER MYBOX Explorer for Windows
 CVE-2026-8142 (VINCE versions 3.0.38 and earlier do not properly verify the 
From addr ...)
        TODO: check
 CVE-2026-8138 (A vulnerability was found in Tenda CX12L 16.03.53.12. This 
issue affec ...)
@@ -75,7 +74,7 @@ CVE-2026-8137 (A vulnerability has been found in Totolink 
X5000R 9.1.0u.6369_B20
 CVE-2026-8136 (A flaw has been found in SourceCodester Pharmacy Sales and 
Inventory S ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-8133 (A security vulnerability has been detected in zyx0814 FilePress 
up to  ...)
-       TODO: check
+       NOT-FOR-US: Filepress
 CVE-2026-8132 (A weakness has been identified in CodeAstro Leave Management 
System 1. ...)
        NOT-FOR-US: CodeAstro
 CVE-2026-8131 (A security flaw has been discovered in SourceCodester SUP 
Online Shopp ...)
@@ -87,7 +86,7 @@ CVE-2026-8129 (A vulnerability was determined in 
SourceCodester SUP Online Shopp
 CVE-2026-8128 (A vulnerability was found in SourceCodester SUP Online Shopping 
1.0. T ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-8127 (A vulnerability has been found in eladmin up to 2.7. Impacted 
is the f ...)
-       TODO: check
+       NOT-FOR-US: eladmin
 CVE-2026-8126 (A flaw has been found in SourceCodester Comment System 1.0. 
This issue ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-8125 (A vulnerability was detected in code-projects Simple Chat 
System 1.0.  ...)
@@ -175,25 +174,25 @@ CVE-2026-42279 (solidtime is an open-source time-tracking 
app. In version 0.12.0
 CVE-2026-42278 (UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to 
commit fb6e ...)
        TODO: check
 CVE-2026-42277 (Onyx is an open-source AI platform. Prior to versions 3.0.9, 
3.1.6, an ...)
-       TODO: check
+       NOT-FOR-US: Onyx
 CVE-2026-42276 (Onyx is an open-source AI platform. Prior to versions 3.0.9, 
3.1.6, an ...)
-       TODO: check
+       NOT-FOR-US: Onyx
 CVE-2026-42275 (zrok is software for sharing web services, files, and network 
resource ...)
        TODO: check
 CVE-2026-42274 (Heimdall is a cloud native Identity Aware Proxy and Access 
Control Dec ...)
-       TODO: check
+       NOT-FOR-US: Heimdall
 CVE-2026-42273 (Heimdall is a cloud native Identity Aware Proxy and Access 
Control Dec ...)
-       TODO: check
+       NOT-FOR-US: Heimdall
 CVE-2026-42272 (Heimdall is a cloud native Identity Aware Proxy and Access 
Control Dec ...)
-       TODO: check
+       NOT-FOR-US: Heimdall
 CVE-2026-42271 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-42267 (Kimai is an open-source time tracking application. From 
version 2.27.0 ...)
-       TODO: check
+       NOT-FOR-US: Kimai
 CVE-2026-42264 (Axios is a promise based HTTP client for the browser and 
Node.js. From ...)
        TODO: check
 CVE-2026-42261 (PromptHub is an all-in-one AI toolbox for prompt, skill, and 
agent man ...)
-       TODO: check
+       NOT-FOR-US: PromptHub
 CVE-2026-42259 (Saltcorn is an extensible, open source, no-code database 
application b ...)
        TODO: check
 CVE-2026-42241 (ParquetSharp is a .NET library for reading and writing Apache 
Parquet  ...)
@@ -203,31 +202,31 @@ CVE-2026-42239 (Budibase is an open-source low-code 
platform. Prior to version 3
 CVE-2026-42225 (PJSIP is a free and open source multimedia communication 
library writt ...)
        TODO: check
 CVE-2026-42203 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-42150 (wlc is a Weblate command-line client using Weblate's REST API. 
Prior t ...)
        TODO: check
 CVE-2026-42047 (Inngest is a platform for running event-driven and scheduled 
backgroun ...)
        NOT-FOR-US: Next.js
 CVE-2026-41929 (Vvveb before 1.0.8.2 contains an unauthenticated reflected 
cross-site  ...)
-       TODO: check
+       NOT-FOR-US: Vvveb CMS
 CVE-2026-41928 (Vvveb before 1.0.8.2 contains an information disclosure 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Vvveb CMS
 CVE-2026-41900 (OpenLearnX is an open-source, decentralized learning and 
assessment pl ...)
-       TODO: check
+       NOT-FOR-US: OpenLearnX
 CVE-2026-41692 (i18nextify is a JavaScript library that adds website 
internationalizat ...)
        TODO: check
 CVE-2026-41691 (Copilot said: i18nextify is a JavaScript library that adds 
i18nextify  ...)
        TODO: check
 CVE-2026-41646 (Nuclei is a vulnerability scanner built on a simple YAML-based 
DSL. Fr ...)
-       TODO: check
+       NOT-FOR-US: Nuclei
 CVE-2026-41645 (Nuclei is a vulnerability scanner built on a simple YAML-based 
DSL. Fr ...)
-       TODO: check
+       NOT-FOR-US: Nuclei
 CVE-2026-41501 (electerm is an open-sourced 
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
-       TODO: check
+       NOT-FOR-US: electerm
 CVE-2026-41500 (electerm is an open-sourced 
terminal/ssh/sftp/telnet/serialport/RDP/VN ...)
-       TODO: check
+       NOT-FOR-US: electerm
 CVE-2026-41498 (Kimai is an open-source time tracking application. Prior to 
version 2. ...)
-       TODO: check
+       NOT-FOR-US: Kimai
 CVE-2026-41105 (Server-side request forgery (ssrf) in Azure Notification 
Service allow ...)
        NOT-FOR-US: Microsoft
 CVE-2026-40214 (In OpenStack Cyborg before 16.0.1, the Accelerator Request 
(ARQ) API d ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df01d4bb727cd385dd679333b9725a481eaa9339

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/df01d4bb727cd385dd679333b9725a481eaa9339
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to