Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cdd886d by Salvatore Bonaccorso at 2026-05-27T22:10:45+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -145,7 +145,7 @@ CVE-2026-48877 (Insertion of Sensitive Information Into
Sent Data vulnerability
CVE-2026-48545 (Gradio before version 6.15.0 contains a cookie injection
vulnerability ...)
NOT-FOR-US: Gradio
CVE-2026-48544 (Taipy 4.1.1, fixed in commit 129fd40, contains a path
traversal vulner ...)
- TODO: check
+ NOT-FOR-US: Taipy
CVE-2026-48153 (Budibase is an open-source low-code platform. Prior to 3.39.0,
fetchTo ...)
NOT-FOR-US: Budibase
CVE-2026-48152 (Budibase is an open-source low-code platform. Prior to 3.39.0,
the sin ...)
@@ -167,9 +167,9 @@ CVE-2026-48128 (Budibase is an open-source low-code
platform. Prior to 3.39.0, t
CVE-2026-48027 (Nx Console is the user interface for Nx & Lerna. On 19 May
2026, a mal ...)
TODO: check
CVE-2026-47119 (Agent Zero before version 1.15 contains a stored cross-site
scripting ...)
- TODO: check
+ NOT-FOR-US: Agent Zero
CVE-2026-47118 (Agent Zero before version 1.15 contains a path traversal
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Agent Zero
CVE-2026-47104 (libusb before version 1.0.30 contains a one-byte out-of-bounds
read vu ...)
TODO: check
CVE-2026-46427 (Budibase is an open-source low-code platform. Prior to 3.38.3,
removeS ...)
@@ -195,21 +195,21 @@ CVE-2026-45571 (go-git is an extensible git
implementation library written in pu
CVE-2026-45570 (go-git is an extensible git implementation library written in
pure Go. ...)
TODO: check
CVE-2026-45548 (Budibase is an open-source low-code platform. Prior to 3.34.8,
the pro ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-45335 (WeGIA is a web manager for charitable institutions. Prior to
3.7.3, an ...)
NOT-FOR-US: WeGIA
CVE-2026-45090 (Dalfox is a powerful open-source XSS scanner and utility
focused on au ...)
- TODO: check
+ NOT-FOR-US: Dalfox
CVE-2026-45089 (Dalfox is a powerful open-source XSS scanner and utility
focused on au ...)
- TODO: check
+ NOT-FOR-US: Dalfox
CVE-2026-45088 (Dalfox is a powerful open-source XSS scanner and utility
focused on au ...)
- TODO: check
+ NOT-FOR-US: Dalfox
CVE-2026-45087 (Dalfox is a powerful open-source XSS scanner and utility
focused on au ...)
- TODO: check
+ NOT-FOR-US: Dalfox
CVE-2026-45081 (Frappe HR is an open-source human resources management
solution (HRMS) ...)
- TODO: check
+ NOT-FOR-US: Frappe HR
CVE-2026-45061 (Budibase is an open-source low-code platform. Prior to
3.35.10, the Pl ...)
- TODO: check
+ NOT-FOR-US: Budibase
CVE-2026-45047 (bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the
apiHandl ...)
TODO: check
CVE-2026-45046 (Gryph provides a security layer for AI coding agents. Prior to
0.7.0, ...)
@@ -221,9 +221,9 @@ CVE-2026-45022 (go-git is an extensible git implementation
library written in pu
CVE-2026-44988 (LibVNCClient is a library for easy implementation of a VNC
client. In ...)
TODO: check
CVE-2026-44972 (GuardDog is a CLI tool to identify malicious PyPI packages.
From 2.6.0 ...)
- TODO: check
+ NOT-FOR-US: GuardDog
CVE-2026-44971 (GuardDog is a CLI tool to identify malicious PyPI packages.
From 1.0.0 ...)
- TODO: check
+ NOT-FOR-US: GuardDog
CVE-2026-44902 (opentelemetry-js is the OpenTelemetry JavaScript Client. Prior
to 0.21 ...)
TODO: check
CVE-2026-44839 (RabbitMQ is a messaging and streaming broker. From 3.7.0 to
before 4.1 ...)
@@ -2214,29 +2214,29 @@ CVE-2026-48593 (Uncontrolled Resource Consumption
vulnerability in oban-bg oban_
CVE-2026-48592 (Missing Authorization vulnerability in oban-bg oban_web
('Elixir.Oban. ...)
TODO: check
CVE-2026-47672 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the
Telemat ...)
- TODO: check
+ NOT-FOR-US: epa4all-client
CVE-2026-45575 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the
Telemat ...)
- TODO: check
+ NOT-FOR-US: epa4all-client
CVE-2026-45574 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the
Telemat ...)
- TODO: check
+ NOT-FOR-US: epa4all-client
CVE-2026-45413 (MaxKB is an open-source AI assistant for enterprise. Prior to
2.9.1, u ...)
- TODO: check
+ NOT-FOR-US: MaxKB
CVE-2026-45412 (MaxKB is an open-source AI assistant for enterprise. Prior to
2.9.1, S ...)
- TODO: check
+ NOT-FOR-US: MaxKB
CVE-2026-45298 (Dozzle is a realtime log viewer for docker containers. Prior
to 10.5.2 ...)
- TODO: check
+ NOT-FOR-US: Dozzle
CVE-2026-44985 (Dozzle is a realtime log viewer for docker containers. Prior
to 10.5.2 ...)
- TODO: check
+ NOT-FOR-US: Dozzle
CVE-2026-44983 (smallbitvec is a growable bit-vector for Rust, optimized for
size. Fro ...)
TODO: check
CVE-2026-44966 (Velocity.js is a JavaScript implementation of the Apache
Velocity temp ...)
TODO: check
CVE-2026-44905 (Vanetza is an open-source implementation of the ETSI C-ITS
protocol su ...)
- TODO: check
+ NOT-FOR-US: Vanetza
CVE-2026-44903 (Prometheus is an open-source monitoring system and time series
databas ...)
TODO: check
CVE-2026-44900 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the
Telemat ...)
- TODO: check
+ NOT-FOR-US: epa4all-client
CVE-2026-44899 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
TODO: check
CVE-2026-44898 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
@@ -2248,7 +2248,7 @@ CVE-2026-44896 (Mistune is a Python Markdown parser with
renderers and plugins.
CVE-2026-44895 (GitLab MCP Server lets an AI agent talk directly to GitLab.
Prior to 0 ...)
TODO: check
CVE-2026-44847 (MaxKB is an open-source AI assistant for enterprise. Prior to
2.9.0, M ...)
- TODO: check
+ NOT-FOR-US: MaxKB
CVE-2026-44844 (eml_parser serves as a python module for parsing eml files and
returni ...)
TODO: check
CVE-2026-44843 (LangChain is a framework for building agents and LLM-powered
applicati ...)
@@ -2571,7 +2571,7 @@ CVE-2026-48134 (When the DLP is active, the UserCheck Web
Portal contains an inp
CVE-2026-48133 (When the Identity Awareness blade is enabled with
Browser-Based Authen ...)
NOT-FOR-US: Check Point
CVE-2026-48132 (The Security Gateway does not correctly validate a length
value in cer ...)
- TODO: check
+ NOT-FOR-US: Check Point
CVE-2026-48131 (The VPN service may mishandle an unexpected IKE fragment value
receive ...)
NOT-FOR-US: Check Point
CVE-2026-48126 (Algernon is a small self-contained pure-Go web server. Prior
to 1.17.8 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cdd886d0689862ac5a19c4ed52483eea2382774
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cdd886d0689862ac5a19c4ed52483eea2382774
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
