[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Wed, 13 May 2026 02:38:07 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
963d0a58 by Moritz Muehlenhoff at 2026-05-13T11:37:37+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,23 +5,23 @@ CVE-2026-8336 (After invoking $_internalJsEmit, which is not 
intended to be dire
 CVE-2026-8202 (Using a densely populated chars mask and a large input string 
in the M ...)
        TODO: check
 CVE-2026-8201 (A use-after-free vulnerability exists in MongoDB's Field-Level 
Encrypt ...)
-       TODO: check
+       - mongodb <removed>
 CVE-2026-8200 (When schema validation is enabled on a collection and an update 
or ins ...)
-       TODO: check
+       - mongodb <removed>
 CVE-2026-8199 (An authenticated user can cause excess memory usage via bitwise 
match  ...)
-       TODO: check
+       - mongodb <removed>
 CVE-2026-8108 (The installation of Fuji Tellus adds a driver to the kernel 
which gran ...)
-       TODO: check
+       NOT-FOR-US: Fuji Tellus
 CVE-2026-8053 (An issue in MongoDB Server's time-series collection 
implementation all ...)
-       TODO: check
+       - mongodb <removed>
 CVE-2026-8052 (HashiCorp Nomad\u2019s exec2 task driver prior to 0.1.2 is 
vulnerable  ...)
-       TODO: check
+       - nomad <removed>
 CVE-2026-7635 (The coreActivity: Activity Logging for WordPress plugin for 
WordPress  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-7619 (The Charitable \u2013 Donation Plugin for WordPress \u2013 
Fundraising ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-7474 (HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are 
vulnerable to  ...)
-       TODO: check
+       - nomad <removed>
 CVE-2026-7051 (The Blog2Social: Social Media Auto Post & Scheduler plugin for 
WordPre ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-6965 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
@@ -29,21 +29,21 @@ CVE-2026-6965 (The Tutor LMS \u2013 eLearning and online 
course solution plugin
 CVE-2026-6962 (The Cost of Goods: Product Cost & Profit Calculator for 
WooCommerce pl ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-6959 (HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are 
vulnerable to  ...)
-       TODO: check
+       - nomad <removed>
 CVE-2026-6929 (The JoomSport \u2013 for Sports: Team & League, Football, 
Hockey & mor ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-6888 (Successful exploitation of the SQL injection vulnerability 
could allow ...)
-       TODO: check
+       NOT-FOR-US: Advantech SaaS Composer
 CVE-2026-6828 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, 
Quiz, & Co ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-5371 (The MonsterInsights \u2013 Google Analytics Dashboard for 
WordPress (W ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-45227 (Heym before 0.0.21 contains a sandbox escape vulnerability in 
the cust ...)
-       TODO: check
+       NOT-FOR-US: Heym
 CVE-2026-45226 (Heym before 0.0.21 contains an authorization bypass 
vulnerability in w ...)
-       TODO: check
+       NOT-FOR-US: Heym
 CVE-2026-45225 (Heym before 0.0.21 contains a path traversal vulnerability in 
the file ...)
-       TODO: check
+       NOT-FOR-US: Heym
 CVE-2026-44874 (A vulnerability exists in the web-based management interface 
of an AOS ...)
        NOT-FOR-US: HPE
 CVE-2026-44873 (A session management vulnerability in AOS-8 allows previously 
authenti ...)
@@ -91,15 +91,15 @@ CVE-2026-44853 (Command injection vulnerabilities exist in 
the web-based managem
 CVE-2026-44852 (An authenticated remote code execution vulnerability exists in 
the AOS ...)
        NOT-FOR-US: HPE
 CVE-2026-44612 (Bytello Share (Windows Edition) installer executable provided 
by Bytel ...)
-       TODO: check
+       NOT-FOR-US: Bytello
 CVE-2026-44548 (ChurchCRM is an open-source church management system. Prior to 
7.3.2,  ...)
        NOT-FOR-US: ChurchCRM
 CVE-2026-44547 (ChurchCRM is an open-source church management system. From 
7.2.0 to 7. ...)
        NOT-FOR-US: ChurchCRM
 CVE-2026-44403 (Wing FTP Server 8.1.2 contains an authenticated remote code 
execution  ...)
-       TODO: check
+       NOT-FOR-US: Wing FTP Server
 CVE-2026-44352 (Flowsint is an open-source OSINT graph exploration tool 
designed for c ...)
-       TODO: check
+       NOT-FOR-US: Flowsint
 CVE-2026-44347 (Warpgate is an open source SSH, HTTPS and MySQL bastion host 
for Linux ...)
        TODO: check
 CVE-2026-44341 (GoJobs is a REST API for a Job Board platform. The application 
exposes ...)
@@ -145,9 +145,9 @@ CVE-2026-44225 (Pulpy is a lightweight, cross-platform 
desktop application packa
 CVE-2026-44224 (Wiki.js is an open source wiki app built on Node.js. Prior to 
2.5.313, ...)
        TODO: check
 CVE-2026-44223 (vLLM is an inference and serving engine for large language 
models (LLM ...)
-       TODO: check
+       - vllm <itp> (bug #1095237)
 CVE-2026-44222 (vLLM is an inference and serving engine for large language 
models (LLM ...)
-       TODO: check
+       - vllm <itp> (bug #1095237)
 CVE-2026-44221 (ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated 
users an ...)
        TODO: check
 CVE-2026-44220 (ciguard is a static security auditor for CI/CD pipelines. From 
0.8.0 t ...)
@@ -163,11 +163,11 @@ CVE-2026-44215 (NanaZip is an open source file archive. 
From 5.0.1252.0 to befor
 CVE-2026-44015 (Nginx UI is a web user interface for the Nginx web server. In 
2.3.4 an ...)
        TODO: check
 CVE-2026-44012 (Craft CMS is a content management system (CMS). From 5.0.0-RC1 
to befo ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2026-44011 (Craft CMS is a content management system (CMS). From 4.0.0 to 
before 4 ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2026-44010 (Craft CMS is a content management system (CMS). From 4.0.0 to 
before 4 ...)
-       TODO: check
+       NOT-FOR-US: Craft CMS
 CVE-2026-43948 (wger is a free, open-source workout and fitness manager. Prior 
to 2.6, ...)
        TODO: check
 CVE-2026-43685 (A Remote Code Execution vulnerability in Claris FileMaker 
Cloud allowe ...)
@@ -15435,6 +15435,7 @@ CVE-2026-5958 (When sed is invoked with both -i 
(in-place edit) and --follow-sym
        [bookworm] - sed <no-dsa> (Minor issue)
        [bullseye] - sed <postponed> (Minor issue; can be fixed in next update)
        NOTE: 
https://gitweb.git.savannah.gnu.org/gitweb/?p=sed.git;a=commit;h=6b9b43c55ccd3beadbc0094b983c82bdb389f33b
+       NOTE: https://www.openwall.com/lists/oss-security/2026/05/13/1
 CVE-2026-5760 (SGLang's reranking endpoint (/v1/rerank) achieves Remote Code 
Executio ...)
        NOT-FOR-US: SGLang
 CVE-2026-4048 (OS Command Injection Remote Code Execution Vulnerability in UI 
in Prog ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963d0a589c14e53564c322f87430efda0f7771d8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/963d0a589c14e53564c322f87430efda0f7771d8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to