[Git][security-tracker-team/security-tracker][master] Process some NFUs

Fri, 22 May 2026 00:36:16 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
462b683f by Salvatore Bonaccorso at 2026-05-22T09:35:29+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-9264 (A cross-site scripting (XSS) vulnerability in SketchUp 2026's 
Dynamic  ...)
-       TODO: check
+       NOT-FOR-US: SketchUp
 CVE-2026-9104 (The Draft List plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-9054 (An attacker sending tcp, il, rudp, rudp, or gre packets with a 
length  ...)
@@ -9,59 +9,59 @@ CVE-2026-9053 (Mothra would respect a default value given by 
a website for HTML
 CVE-2026-9018 (The Easy Elements for Elementor \u2013 Addons & Website 
Templates plug ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-8435 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8434 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8433 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8432 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8428 (Concrete CMS 9.5.0 and below emits a CSRF token in the 
local_available ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8427 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8426 (Concrete CMS 9.5.0 and below does not validate a CSRF token 
before pro ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8421 (Concrete CMS 9.5.0 and below contains a CSRF vulnerability in 
the inst ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8417 (Concrete CMS 9.5.0 and below does not validate a CSRF token 
before pro ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8416 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8415 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8414 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8413 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8412 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8411 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8410 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8409 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8352
        REJECTED
 CVE-2026-8350 (Concrete CMS 9.5.0 and below is vulnerable to missing 
authorization in ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8337 (Concrete CMS 9.5.0 and below is vulnerable to IDOR in 
surveys.To be vu ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8327 (Concrete CMS below 9.5.0 and below is vulnerable to password 
change wi ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8245 (Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in 
Legacy  ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8240 (Concrete CMS 9.5.0 and below isvulnerable to unauthenticated 
page meta ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8239 (Concrete CMS 9.5.0 and below is vulnerable to 
IDOR.The'/ccm/frontend/c ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8238 (Concrete CMS 9.5.0 and below is vulnerable to 
IDOR.The'/ccm/frontend/c ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8237 (Concrete CMS 9.5.0 and below is vulnerable to IDOR.The 
`/ccm/frontend/ ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8236 (Concrete CMS 9.5.0 and below is vulnerable to IDOR combined 
with a mis ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2026-8205 (Concrete CMS 9.5.0 and below is vulnerable to authorization 
bypass in  ...)
        TODO: check
 CVE-2026-8204 (Concrete CMS 9.5.0 and below is vulnerable to authorization 
Bypass in  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/462b683f7dfb373ca3e7438dd12f9078309a79d2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/462b683f7dfb373ca3e7438dd12f9078309a79d2
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to