Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e53fb352 by Moritz Muehlenhoff at 2026-06-27T13:26:45+02:00
auto-nfu: Add rule for Flowise

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -1057,21 +1057,21 @@ CVE-2026-10097 (wolfSSL's AVX2-optimized ML-KEM 
implementation (mlkem_cmp_avx2)
 CVE-2025-71340 (picklescan through 0.0.26 fails to detect malicious pickle 
files that  ...)
        TODO: check
 CVE-2025-71338 (Flowise contains a path traversal vulnerability in the 
/api/v1/documen ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2025-71336 (Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and 
earlier) con ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2025-71335 (Flowise before 3.0.10 (affected versions 3.0.7 and earlier) 
fails to i ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2025-71334 (Flowise before 3.0.6 (affected versions 2.2.8 and earlier) 
contains an ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2025-71333 (Flowise through 2.2.4 contains an unauthenticated arbitrary 
file uploa ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2025-71328 (Flowise before 3.0.10 contains an unverified password change 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2025-71327 (Flowise contains an authentication bypass vulnerability in the 
unprote ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2025-71324 (Flowise before 3.0.6 contains an arbitrary file read 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2025-60465 (A use-after-free in the gf_filter_pid_inst_swap function 
(/filter_core ...)
        TODO: check
 CVE-2025-60464 (A use-after-free in the gf_sei_load_from_state_internal 
function (/fil ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -895,6 +895,8 @@
   description: '.*\bEmlog\b.*'
 - reason: ESAFENET
   description: '.*\bESAFENET\b.*'
+- reason: Flowise
+  description: '.*\bFlowise\b.*'
 - reason: Intelbras
   description: '.*\b(?i:Intelbras)\b.*'
 - reason: IrfanView



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e53fb352f3b4906f0062a2916fe1b5095d3c0f2e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e53fb352f3b4906f0062a2916fe1b5095d3c0f2e
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to