Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1075956d by Salvatore Bonaccorso at 2026-06-23T22:04:22+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -144,45 +144,45 @@ CVE-2026-54301 (n8n is an open source workflow automation
platform. Prior to 1.1
CVE-2026-54257 (Electron is a framework for writing cross-platform desktop
application ...)
- electron <itp> (bug #842420)
CVE-2026-54157 (LobeHub is a work-and-lifestyle space to find, build, and
collaborate ...)
- TODO: check
+ NOT-FOR-US: LobeHub
CVE-2026-54022 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54021 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54019 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54018 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54016 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54015 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54014 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54013 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54012 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54011 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54010 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54009 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54008 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54007 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-54006 (Open WebUI is a self-hosted artificial intelligence platform
designed ...)
- TODO: check
+ NOT-FOR-US: Open WebUI
CVE-2026-53755 (Crawl4AI is an open-source LLM friendly web crawler & scraper.
Prior t ...)
- TODO: check
+ NOT-FOR-US: Crawl4AI
CVE-2026-53754 (Crawl4AI is an open-source LLM friendly web crawler & scraper.
Prior t ...)
- TODO: check
+ NOT-FOR-US: Crawl4AI
CVE-2026-53753 (Crawl4AI is an open-source LLM friendly web crawler & scraper.
Prior t ...)
- TODO: check
+ NOT-FOR-US: Crawl4AI
CVE-2026-53662 (immich is a high performance self-hosted photo and video
management so ...)
- TODO: check
+ NOT-FOR-US: immich
CVE-2026-52846 (Caddy is an extensible server platform that uses TLS by
default. Prior ...)
TODO: check
CVE-2026-52845 (Caddy is an extensible server platform that uses TLS by
default. Prior ...)
@@ -190,7 +190,7 @@ CVE-2026-52845 (Caddy is an extensible server platform that
uses TLS by default.
CVE-2026-52844 (Caddy is an extensible server platform that uses TLS by
default. Prior ...)
TODO: check
CVE-2026-52673 (SQL Injection vulnerability in Cboard v.0.4.2 and before
allows a remo ...)
- TODO: check
+ NOT-FOR-US: Cboard
CVE-2026-50574 (yt-dlp is a command-line audio/video downloader. Prior to
2026.06.09, ...)
TODO: check
CVE-2026-50023 (yt-dlp is a command-line audio/video downloader. Prior to
2026.06.09, ...)
@@ -198,53 +198,53 @@ CVE-2026-50023 (yt-dlp is a command-line audio/video
downloader. Prior to 2026.0
CVE-2026-50019 (yt-dlp is a command-line audio/video downloader. From
2023.09.24 until ...)
TODO: check
CVE-2026-4983 (Open VSX Registry does not sanitize SVG files uploaded as
extension ic ...)
- TODO: check
+ NOT-FOR-US: Open VSX Registry
CVE-2026-4610 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-49983 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-49860 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-49859 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-49465 (n8n is an open source workflow automation platform. Prior to
1.123.48, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-49444 (n8n is an open source workflow automation platform. Prior to
1.123.48, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-49440 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-49411 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-49406 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-49402 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-49401 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
Prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-48520 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-48519 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-45732 (n8n is an open source workflow automation platform. Prior to
1.123.43, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-45692 (Caddy is an extensible server platform that uses TLS by
default. From ...)
TODO: check
CVE-2026-45135 (Caddy is an extensible server platform that uses TLS by
default. From ...)
TODO: check
CVE-2026-44792 (n8n is an open source workflow automation platform. Prior to
1.123.43, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-44791 (n8n is an open source workflow automation platform. Prior to
1.123.43, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-44790 (n8n is an open source workflow automation platform. Prior to
1.123.43, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-44789 (n8n is an open source workflow automation platform. Prior to
1.123.43, ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-44726 (Deno is a JavaScript, TypeScript, and WebAssembly runtime.
From 2.0.0 ...)
- TODO: check
+ NOT-FOR-US: Deno
CVE-2026-44089 (TotolinkEX1200L router is vulnerable to Buffer Overflow in the
login f ...)
NOT-FOR-US: TOTOLINK
CVE-2026-42867 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
- TODO: check
+ NOT-FOR-US: Langflow
CVE-2026-35019 (NetComm NF20MESH routers running firmware R6B031 and earlier
contain a ...)
TODO: check
CVE-2026-35018 (NetComm NF20MESH routers running firmware R6B031 and earlier
contain a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1075956d994f845f05d759705310479291c57a86
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1075956d994f845f05d759705310479291c57a86
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits