Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c4cc7a33 by Salvatore Bonaccorso at 2026-05-15T21:29:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12,7 +12,7 @@ CVE-2026-8398 (A supply chain attack compromised the official
installation packa
CVE-2026-7563 (The Classified Listing \u2013 AI-Powered Classified ads &
Business Dir ...)
NOT-FOR-US: WordPress plugin
CVE-2026-7182 (Diagram's export module is vulnerable to Path Traversal in src
attribu ...)
- TODO: check
+ NOT-FOR-US: DHTMLX Diagram
CVE-2026-7046 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin
for Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6415 (The Advanced Custom Fields: Font Awesome plugin for WordPress
is vulne ...)
@@ -30,51 +30,51 @@ CVE-2026-4054 (Mattermost versions 11.5.x <= 11.5.1,
10.11.x <= 10.11.13, 11.4.x
CVE-2026-4053 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail
to enfo ...)
TODO: check
CVE-2026-46508 (Turborepo is a high-performance build system for JavaScript
and TypeSc ...)
- TODO: check
+ NOT-FOR-US: Turborepo
CVE-2026-46483 (Vim is an open source, command line text editor. Prior to
9.2.0479, a ...)
TODO: check
CVE-2026-46474 (Trog::TOTP versions before 1.006 for Perl generate secrets
using rand. ...)
- TODO: check
+ NOT-FOR-US: Trog::TOTP Perl module
CVE-2026-46408 (Vvveb is a powerful and easy to use CMS with page builder to
build web ...)
- TODO: check
+ NOT-FOR-US: Vvveb
CVE-2026-46407 (Vvveb is a powerful and easy to use CMS with page builder to
build web ...)
- TODO: check
+ NOT-FOR-US: Vvveb
CVE-2026-46383 (Microsoft APM is an open-source, community-driven dependency
manager f ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-46367 (phpMyFAQ before 4.1.2 contains a stored cross-site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-46366 (phpMyFAQ before 4.1.2 contains an information disclosure
vulnerability ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-46365 (phpMyFAQ before 4.1.2 contains a missing authorization
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-46364 (phpMyFAQ before 4.1.2 contains an unauthenticated SQL
injection vulner ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-46363 (phpMyFAQ before 4.1.2 contains a stored cross-site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-46362 (phpMyFAQ before 4.1.2 contains an authorization bypass
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-46361 (phpMyFAQ before 4.1.2 contains a stored cross-site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-46360 (phpMyFAQ before 4.1.2 contains a stored cross-site scripting
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-46359 (phpMyFAQ before 4.1.2 contains a sql injection vulnerability
in Curren ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2026-45803 (`gh` is GitHub\u2019s official command line tool. From 1.6.0
to before ...)
TODO: check
CVE-2026-45800 (Vvveb is a powerful and easy to use CMS with page builder to
build web ...)
- TODO: check
+ NOT-FOR-US: Vvveb
CVE-2026-45773 (Turborepo is a high-performance build system for JavaScript
and TypeSc ...)
- TODO: check
+ NOT-FOR-US: Turborepo
CVE-2026-45772 (Turborepo is a high-performance build system for JavaScript
and TypeSc ...)
- TODO: check
+ NOT-FOR-US: Turborepo
CVE-2026-45736 (ws is an open source WebSocket client and server for Node.js.
Prior to ...)
TODO: check
CVE-2026-45622 (Vvveb is a powerful and easy to use CMS with page builder to
build web ...)
- TODO: check
+ NOT-FOR-US: Vvveb
CVE-2026-45616 (Vvveb is a powerful and easy to use CMS with page builder to
build web ...)
- TODO: check
+ NOT-FOR-US: Vvveb
CVE-2026-45539 (Microsoft APM is an open-source, community-driven dependency
manager f ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-45038 (Tabby (formerly Terminus) is a highly configurable terminal
emulator. ...)
TODO: check
CVE-2026-45037 (Tabby (formerly Terminus) is a highly configurable terminal
emulator. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4cc7a33c8194af3ef8e805e8599da5c6f7b64f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4cc7a33c8194af3ef8e805e8599da5c6f7b64f7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
