Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bf21f47d by Salvatore Bonaccorso at 2026-05-14T21:49:40+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4,15 +4,15 @@ CVE-2026-43961
NOTE: https://github.com/vim/vim/security/advisories/GHSA-66hr-7p6x-x5j3
NOTE: Fixed by:
https://github.com/vim/vim/commit/8af0f098c3a42a28661d0295364e (v9.2.0480)
CVE-2026-8621 (Crabbox prior to v0.12.0 contains an authentication bypass
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Crabbox
CVE-2026-8468 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: elixir-plug
CVE-2026-8295 (An integer overflow vulnerability in the simdjson
document-builder API ...)
- TODO: check
+ NOT-FOR-US: simdjson document-builder
CVE-2026-7805
REJECTED
CVE-2026-6923 (A side-channel attack, which requires a physical presence to
the TPM, ...)
- TODO: check
+ NOT-FOR-US: Nuvoton
CVE-2026-6514 (The InfusedWoo Pro plugin for WordPress is vulnerable to
Arbitrary Fil ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6512 (The InfusedWoo Pro plugin for WordPress is vulnerable to
authorization ...)
@@ -28,11 +28,11 @@ CVE-2026-6174 (The CC Child Pages plugin for WordPress is
vulnerable to Stored C
CVE-2026-6145 (The User Registration & Membership plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6008 (Authorization bypass through User-Controlled key vulnerability
in Im P ...)
- TODO: check
+ NOT-FOR-US: DijiDemi
CVE-2026-5798 (Unsafe object reference (IDOR) in Stel Order v3.25.1 and
earlier versi ...)
- TODO: check
+ NOT-FOR-US: Stel Order
CVE-2026-5790 (Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and
earlier, l ...)
- TODO: check
+ NOT-FOR-US: Stel Order
CVE-2026-4031 (The Database Backup for WordPress plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4030 (The Database Backup for WordPress plugin for WordPress is
vulnerable t ...)
@@ -46,68 +46,68 @@ CVE-2026-46469 (An issue was discovered in GStreamer
gst-plugins-good before 1.2
CVE-2026-45448 (CWE-601 URL redirection to untrusted site ('open redirect'))
TODO: check
CVE-2026-45375 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-45371 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-45205 (Uncontrolled Recursion vulnerability in Apache Commons. When
processi ...)
- commons-configuration2 <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/14/5
NOTE: https://github.com/apache/commons-configuration/pull/634
NOTE:
https://github.com/apache/commons-configuration/commit/b51f6bf26e774f3416fdf782a5e1edf33f32ba82
(commons-configuration-2.15.0-RC1)
CVE-2026-45148 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-45147 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-44827 (Diffusers is the a library for pretrained diffusion models.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Diffusers
CVE-2026-44670 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-44633 (Live Helper Chat is an open-source application that enables
live suppo ...)
- TODO: check
+ NOT-FOR-US: Live Helper Chat
CVE-2026-44592 (Gradient is a nix-based continuous integration system. In
1.1.0, when ...)
- TODO: check
+ NOT-FOR-US: Gradient
CVE-2026-44589 (Nuxt OG Image generates OG Images with Vue templates in Nuxt.
The isBl ...)
- TODO: check
+ NOT-FOR-US: Nuxt OG Image
CVE-2026-44588 (SiYuan is an open-source personal knowledge management system.
Prior t ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-44586 (SiYuan is an open-source personal knowledge management system.
From 2. ...)
- TODO: check
+ NOT-FOR-US: SiYuan
CVE-2026-44544 (gittuf is a platform-agnostic Git security system. Prior to
0.14.0, an ...)
TODO: check
CVE-2026-44542 (FileBrowser Quantum is a free, self-hosted, web-based file
manager. Pr ...)
- TODO: check
+ NOT-FOR-US: FileBrowser Quantum
CVE-2026-44523 (Note Mark is an open-source note-taking application. Prior to
0.19.4, ...)
- TODO: check
+ NOT-FOR-US: Note Mark
CVE-2026-44522 (Note Mark is an open-source note-taking application. From
0.13.0 to be ...)
- TODO: check
+ NOT-FOR-US: Note Mark
CVE-2026-44520 (Docling-Graph turns documents into validated Pydantic objects,
then bu ...)
- TODO: check
+ NOT-FOR-US: Docling-Graph
CVE-2026-44516 (Valtimo is an open-source business process automation
platform. From 1 ...)
- TODO: check
+ NOT-FOR-US: Valtimo
CVE-2026-44515 (Nextcloud News is an RSS/Atom feed reader. Prior to
28.3.0-beta.1, Nex ...)
- TODO: check
+ NOT-FOR-US: Nextcloud News
CVE-2026-44514 (Kubetail is a real-time logging dashboard for Kubernetes.
Prior to 0.1 ...)
- TODO: check
+ NOT-FOR-US: Kubetail
CVE-2026-44513 (Diffusers is the a library for pretrained diffusion models.
Prior to ...)
- TODO: check
+ NOT-FOR-US: Diffusers
CVE-2026-44511 (Katalyst Koi is a framework for building Rails admin
functionality. Pr ...)
- TODO: check
+ NOT-FOR-US: Katalyst Koi
CVE-2026-44504 (Aegra is a drop-in replacement for LangSmith Deployments.
Prior to 0.9 ...)
- TODO: check
+ NOT-FOR-US: Aegra
CVE-2026-44503 (The RedirectHandler middleware in microsoft/kiota-java
(com.microsoft. ...)
- TODO: check
+ NOT-FOR-US: microsoft/kiota-java
CVE-2026-44501 (DataHub is an open-source metadata platform. Prior to 1.5.0.3,
The Dat ...)
- TODO: check
+ NOT-FOR-US: DataHub
CVE-2026-44484 (PyTorch Lightning is a deep learning framework to pretrain and
finetun ...)
TODO: check
CVE-2026-44482 (soundcloud-rpc is a SoundCloud Client with Discord Rich
Presence, Dark ...)
- TODO: check
+ NOT-FOR-US: SoundCloud
CVE-2026-44375 (Nerdbank.MessagePack is a NativeAOT-compatible MessagePack
serializati ...)
- TODO: check
+ NOT-FOR-US: Nerdbank.MessagePack
CVE-2026-44374 (Backstage is an open framework for building developer portals.
Prior t ...)
- TODO: check
+ NOT-FOR-US: Backstage
CVE-2026-44371 (Open OnDemand is an open-source high-performance computing
portal. Pri ...)
- TODO: check
+ NOT-FOR-US: Open OnDemand
CVE-2026-44348 (PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to
before 1.0.4 ...)
TODO: check
CVE-2026-44312 (css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0,
the CSS Pa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf21f47d229294c0a87ca8dd5517015e83f108c9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf21f47d229294c0a87ca8dd5517015e83f108c9
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
