[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 1 20:14:33 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a2a2a96 by security tracker role at 2026-04-01T19:14:20+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,19 +9,19 @@ CVE-2026-5259 (A vulnerability was determined in AutohomeCorp frostmourne up to
 CVE-2026-5199 (A writer role user in an attacker-controlled namespace could signal, d ...)
 	TODO: check
 CVE-2026-5175 (Improper access control in the multi-factor authentication (MFA) manag ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-4989 (Improper input validation in the gateway health check feature in Devol ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-4927 (Exposure of sensitive information in the users MFA feature in Devoluti ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-4925 (Improper access control in the users MFA feature in Devolutions Server ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-4924 (Improper  authentication in the two-factor authentication (2FA) featur ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-4829 (Improper authentication in the external OAuth authentication flow in D ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-4828 (Improper authentication in the OAuth login functionality in Devolution ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-4370 (A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 ...)
 	TODO: check
 CVE-2026-3877 (A reflected cross-site scripting (XSS) vulnerability in the dashboard  ...)
@@ -41,7 +41,7 @@ CVE-2026-35000 (ChangeDetection.io versions prior to 0.54.7 contain a protection
 CVE-2026-34999 (OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentica ...)
 	TODO: check
 CVE-2026-34889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-34875 (An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1. ...)
 	TODO: check
 CVE-2026-34874 (An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0. ...)
@@ -55,7 +55,7 @@ CVE-2026-34604 (Tina is a headless content management system. Prior to version 2
 CVE-2026-34603 (Tina is a headless content management system. Prior to version 2.2.2,  ...)
 	TODO: check
 CVE-2026-34510 (OpenClaw before 2026.3.22 contains a path traversal vulnerability in W ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-34447 (Open Neural Network Exchange (ONNX) is an open standard for machine le ...)
 	TODO: check
 CVE-2026-34446 (Open Neural Network Exchange (ONNX) is an open standard for machine le ...)
@@ -77,7 +77,7 @@ CVE-2026-34159 (llama.cpp is an inference of several LLM models in C/C++. Prior
 CVE-2026-34076 (Clerk JavaScript is the official JavaScript repository for Clerk authe ...)
 	TODO: check
 CVE-2026-34072 (Cr*nMaster (cronmaster) is a Cronjob management UI with human readable ...)
-	TODO: check
+	NOT-FOR-US: Next.js
 CVE-2026-33990 (Docker Model Runner (DMR) is software used to manage, run, and deploy  ...)
 	TODO: check
 CVE-2026-33978 (Notesnook is a note-taking app focused on user privacy & ease of use.  ...)
@@ -85,17 +85,17 @@ CVE-2026-33978 (Notesnook is a note-taking app focused on user privacy & ease of
 CVE-2026-33949 (Tina is a headless content management system. Prior to version 2.2.2,  ...)
 	TODO: check
 CVE-2026-31027 (TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-30643 (An issue was discovered in DedeCMS 5.7.118 allowing attackers to execu ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2026-30573 (A Business Logic vulnerability exists in SourceCodester Pharmacy Produ ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30526 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30523 (A Business Logic vulnerability exists in SourceCodester Loan Managemen ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30522 (A Business Logic vulnerability exists in SourceCodester Loan Managemen ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-30292 (An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF ...)
 	TODO: check
 CVE-2026-30291 (An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Re ...)
@@ -113,11 +113,11 @@ CVE-2026-29598 (Multiple stored cross-site scripting (XSS) vulnerabilities in th
 CVE-2026-29014 (MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP  ...)
 	TODO: check
 CVE-2026-28265 (PowerStore, contains a Path Traversal vulnerability in the Service use ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-27489 (Open Neural Network Exchange (ONNX) is an open standard for machine le ...)
 	TODO: check
 CVE-2026-27101 (Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application versio ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-25835 (Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a ...)
 	TODO: check
 CVE-2026-25834 (Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.)
@@ -129,27 +129,27 @@ CVE-2026-25601 (A vulnerability was identified in MEPIS RM, an industrial softwa
 CVE-2026-24096 (Insufficient permission validation on multiple REST API Quick Setup en ...)
 	TODO: check
 CVE-2026-23899 (An improper access check allows unauthorized access to webservice endp ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-23898 (Lack of input validation leads to an arbitrary file deletion vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-22768 (Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Ass ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-22767 (Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Syml ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-21632 (Lack of output escaping for article titles leads to XSS vectors in var ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-21631 (Lack of output escaping leads to a XSS vector in the multilingual asso ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-21630 (Improperly built order clauses lead to a SQL injection vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-21629 (The ajax component was excluded from the default logged-in-user check  ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-20174 (A vulnerability in the Metadata update feature of Cisco Nexus Dashboar ...)
 	TODO: check
 CVE-2026-20160 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem)  ...)
 	TODO: check
 CVE-2026-20155 (A vulnerability in the web-based management interface of Cisco Evolved ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20151 (A vulnerability in the web interface of Cisco Smart Software Manager O ...)
 	TODO: check
 CVE-2026-20097 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
@@ -173,13 +173,13 @@ CVE-2026-20087 (A vulnerability in the web-based management interface of Cisco I
 CVE-2026-20085 (A vulnerability in the web-based management interface of Cisco IMC cou ...)
 	TODO: check
 CVE-2026-20042 (A vulnerability in the configuration backup feature of Cisco Nexus Das ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20041 (A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Ins ...)
 	TODO: check
 CVE-2026-1879 (A vulnerability was detected in Harvard University IQSS Dataverse up t ...)
 	TODO: check
 CVE-2026-0932 (Blind server-side request forgery (SSRF) vulnerability in legacy conne ...)
-	TODO: check
+	NOT-FOR-US: M-Files
 CVE-2026-0522 (A local file inclusion vulnerability in the upload/download flow of th ...)
 	TODO: check
 CVE-2025-67807 (The login mechanism of Sage DPW 2025_06_004 displays distinct response ...)
@@ -189,9 +189,9 @@ CVE-2025-67806 (The login mechanism of Sage DPW 2021_06_004 displays distinct re
 CVE-2025-67805 (A non-default configuration in Sage DPW 2025_06_004 allows unauthentic ...)
 	TODO: check
 CVE-2025-13535 (The King Addons for Elementor plugin for WordPress is vulnerable to mu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-53828 (Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a ...)
-	TODO: check
+	NOT-FOR-US: Ericsson
 CVE-2024-43028 (A command injection vulnerability in the component /jmreport/show of j ...)
 	TODO: check
 CVE-2024-40489 (There is an injection vulnerability in jeecg boot versions 3.0.0 to 3. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a2a2a96a37ccfa12983ea58fce3c48dcb101daa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a2a2a96a37ccfa12983ea58fce3c48dcb101daa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260401/55d482ea/attachment.htm>

More information about the debian-security-tracker-commits mailing list