[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Thu, 18 Jun 2026 00:45:03 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4899cbc1 by Moritz Muehlenhoff at 2026-06-18T09:44:39+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,19 +7,19 @@ CVE-2026-8050 (In SignalRGB versions prior to 1.3.7.0, seven 
of the thirteen IOC
 CVE-2026-8049 (In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device 
object ...)
        TODO: check
 CVE-2026-55740 (Nur-Alam39 bus-ticket (no released versions; latest commit 
459cabdbeb9 ...)
-       TODO: check
+       NOT-FOR-US: Nur-Alam39 bus-ticket
 CVE-2026-55202 (Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to 
properly v ...)
        TODO: check
 CVE-2026-55201 (Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a 
path trave ...)
-       TODO: check
+       NOT-FOR-US: Evil-WinRM
 CVE-2026-55200 (libssh2 through 1.11.1, fixed in commit 7acf3df contains an 
out-of-bou ...)
        TODO: check
 CVE-2026-55199 (libssh2 through 1.11.1, fixed in commit 1762685, contains a 
pre-authen ...)
        TODO: check
 CVE-2026-54533 (vantage6 is an open-source infrastructure for privacy 
preserving analy ...)
-       TODO: check
+       NOT-FOR-US: vantage6
 CVE-2026-54445 (vantage6 is an open-source infrastructure for privacy 
preserving analy ...)
-       TODO: check
+       NOT-FOR-US: vantage6
 CVE-2026-54388 (Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to 
reject req ...)
        TODO: check
 CVE-2026-54387 (Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to 
reconcile  ...)
@@ -29,19 +29,19 @@ CVE-2026-54386 (marimo before 0.23.9 contains a reflected 
cross-site scripting v
 CVE-2026-53676 (ThingsBoard contains a prototype pollution vulnerability which 
may lea ...)
        TODO: check
 CVE-2026-50268 (Steeltoe is an open source project that provides a collection 
of libra ...)
-       TODO: check
+       NOT-FOR-US: Steeltoe
 CVE-2026-50267 (Steeltoe is an open source project that provides a collection 
of libra ...)
-       TODO: check
+       NOT-FOR-US: Steeltoe
 CVE-2026-50202 (Steeltoe is an open source project that provides a collection 
of libra ...)
-       TODO: check
+       NOT-FOR-US: Steeltoe
 CVE-2026-50201 (Steeltoe is an open source project that provides a collection 
of libra ...)
-       TODO: check
+       NOT-FOR-US: Steeltoe
 CVE-2026-50200 (Steeltoe is an open source project that provides a collection 
of libra ...)
-       TODO: check
+       NOT-FOR-US: Steeltoe
 CVE-2026-50196 (Steeltoe is an open source project that provides a collection 
of libra ...)
-       TODO: check
+       NOT-FOR-US: Steeltoe
 CVE-2026-50194 (Steeltoe is an open source project that provides a collection 
of libra ...)
-       TODO: check
+       NOT-FOR-US: Steeltoe
 CVE-2026-50107 (When NGINX Plus or NGINX Open Source is configured as the data 
plane f ...)
        TODO: check
 CVE-2026-49133 (Typemill before 2.24.0 contains a path traversal vulnerability 
that al ...)
@@ -49,7 +49,7 @@ CVE-2026-49133 (Typemill before 2.24.0 contains a path 
traversal vulnerability t
 CVE-2026-48997 (e107 is a content management system (CMS). Versions  2.3.5 and 
earlier ...)
        TODO: check
 CVE-2026-48991 (XianYuLauncher is a Minecraft Java Edition launcher. In 
versions prior ...)
-       TODO: check
+       NOT-FOR-US: XianYuLauncher
 CVE-2026-48990 (joserfc is a Python library that provides an implementation of 
several ...)
        TODO: check
 CVE-2026-48989 (Windows-MCP is an open-source project that integrates AI 
agents with W ...)
@@ -65,39 +65,39 @@ CVE-2026-48822 (Shaarli is a personal bookmarking service. 
Versions 0.16.1 and p
 CVE-2026-48821 (Shaarli is a personal bookmarking service. Versions 0.16.1 and 
prior c ...)
        TODO: check
 CVE-2026-48820 (CakePHP is a rapid development framework for PHP. In versions 
4.5.11 a ...)
-       TODO: check
+       NOT-FOR-US: CakePHP
 CVE-2026-48817 (Starlette is a lightweight ASGI framework/toolkit. In versions 
1.0.1 a ...)
        TODO: check
 CVE-2026-48814 (Network-AI is a TypeScript/Node.js multi-agent orchestrator. 
In versio ...)
-       TODO: check
+       NOT-FOR-US: Network-AI
 CVE-2026-48768 (TypeBot is a chatbot builder tool. In versions 3.16.1 and 
earlier, POS ...)
-       TODO: check
+       NOT-FOR-US: TypeBot
 CVE-2026-48764 (TypeBot is a chatbot builder tool. In versions prior to 
3.17.2, SSRF v ...)
-       TODO: check
+       NOT-FOR-US: TypeBot
 CVE-2026-48759 (TypeBot is a chatbot builder tool. Versions 3.15.2 and below 
have an I ...)
-       TODO: check
+       NOT-FOR-US: TypeBot
 CVE-2026-45617 (LiquidJS is a Shopify/GitHub Pages compatible template engine 
written  ...)
-       TODO: check
+       NOT-FOR-US: LiquidJS
 CVE-2026-45357 (LiquidJS is a Shopify/GitHub Pages compatible template engine 
written  ...)
-       TODO: check
+       NOT-FOR-US: LiquidJS
 CVE-2026-44646 (LiquidJS is a Shopify/GitHub Pages compatible template engine 
written  ...)
-       TODO: check
+       NOT-FOR-US: LiquidJS
 CVE-2026-44645 (LiquidJS is a Shopify/GitHub Pages compatible template engine 
written  ...)
-       TODO: check
+       NOT-FOR-US: LiquidJS
 CVE-2026-44644 (LiquidJS is a Shopify/GitHub Pages compatible template engine 
written  ...)
-       TODO: check
+       NOT-FOR-US: LiquidJS
 CVE-2026-32682 (When NGINX Gateway Fabric is configured using GRPCRoutes, an 
authentic ...)
        TODO: check
 CVE-2026-12569 (A critical remote code execution (RCE) vulnerability has been 
reported ...)
-       TODO: check
+       NOT-FOR-US: PTC WindChill
 CVE-2026-12568 (The postman_download module uses the workspace name field from 
the Pos ...)
-       TODO: check
+       NOT-FOR-US: bbot
 CVE-2026-12567 (The github_workflows module constructs local directory paths 
from user ...)
-       TODO: check
+       NOT-FOR-US: bbot
 CVE-2026-12566 (The docker_pull module uses the realm parameter from a Docker 
registry ...)
-       TODO: check
+       NOT-FOR-US: bbot
 CVE-2026-12565 (The unarchive internal module's archive extraction commands 
perform no ...)
-       TODO: check
+       NOT-FOR-US: bbot
 CVE-2026-12530 (Improper neutralization of argument delimiters in the 
install_packages ...)
        NOT-FOR-US: Amazon
 CVE-2026-12529 (A security vulnerability has been detected in SourceCodester 
CET Autom ...)
@@ -139,9 +139,9 @@ CVE-2026-10029 (The Event Koi Lite \u2013 Events Calendar, 
Event Management, RSV
 CVE-2026-10023 (The Dokan: AI Powered WooCommerce Multivendor Marketplace 
Solution \u2 ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-27928 (vantage6 is an open-source infrastructure for privacy 
preserving analy ...)
-       TODO: check
+       NOT-FOR-US: vantage6
 CVE-2024-24769 (vantage6 is an open-source infrastructure for privacy 
preserving analy ...)
-       TODO: check
+       NOT-FOR-US: vantage6
 CVE-2026-9697 (Impact: undici's ProxyAgent silently drops the requestTls 
option when  ...)
        - node-undici <unfixed>
        NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-vmh5-mc38-953g



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4899cbc1bca17044867ee208804c56c1cd2f7a68

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4899cbc1bca17044867ee208804c56c1cd2f7a68
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to