[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Fri Apr 3 20:15:03 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cea7b82a by security tracker role at 2026-04-03T19:14:55+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,15 +23,15 @@ CVE-2026-5462 (A vulnerability was identified in Wahoo Fitness SYSTM App up to 7
 CVE-2026-5458 (A weakness has been identified in Noelse Individuals & Pro App up to 2 ...)
 	TODO: check
 CVE-2026-4350 (The Perfmatters plugin for WordPress is vulnerable to arbitrary file d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4108 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are  ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2026-4107 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are  ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2026-3880 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are  ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2026-3879 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are  ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2026-35218 (Budibase is an open-source low-code platform. Prior to version 3.32.5, ...)
 	TODO: check
 CVE-2026-35216 (Budibase is an open-source low-code platform. Prior to version 3.33.4, ...)
@@ -43,17 +43,17 @@ CVE-2026-32186 (Microsoft Bing Elevation of Privilege Vulnerability)
 CVE-2026-31818 (Budibase is an open-source low-code platform. Prior to version 3.33.4, ...)
 	TODO: check
 CVE-2026-28756 (Zohocorp ManageEngine Exchange Reporter Plusversions before 5802 are v ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2026-28754 (Zohocorp ManageEngine Exchange Reporter Plusversions before 5802 are v ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2026-28736 (** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to valida ...)
 	TODO: check
 CVE-2026-28703 (Zohocorp ManageEngine Exchange Reporter Plusversions before 5802 are v ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2026-28373 (The Stackfield Desktop App before 1.10.2 for macOS and Windows contain ...)
 	TODO: check
 CVE-2026-27655 (Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are  ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2026-27124 (FastMCP is the standard framework for building MCP applications. Prior ...)
 	TODO: check
 CVE-2026-26477 (An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacke ...)
@@ -67,7 +67,7 @@ CVE-2026-25044 (Budibase is an open-source low-code platform. Prior to version 3
 CVE-2026-25043 (Budibase is an open-source low-code platform. Prior to version 3.23.25 ...)
 	TODO: check
 CVE-2026-0545 (In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/ ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2025-7024 (Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connec ...)
 	TODO: check
 CVE-2025-68153 (Juju is an open source application orchestration engine that enables a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cea7b82a6cfe3750fa8224297bd1707059a3e50b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cea7b82a6cfe3750fa8224297bd1707059a3e50b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/bf838765/attachment.htm>
