[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 4 08:20:22 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b188c3e by security tracker role at 2026-04-04T07:20:15+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2026-5485 (OS command injection in the browser-based authentication component in  ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-5484 (A weakness has been identified in BookStackApp BookStack up to 26.03.  ...)
 	TODO: check
 CVE-2026-3571 (The Pie Register \u2013 User Registration, Profiles & Content Restrict ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-35616 (A improper access control vulnerability in Fortinet FortiClientEMS 7.4 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2026-35562 (Allocation of resources without limits in the parsing components in Am ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-35561 (Insufficient authentication security controls in the browser-based aut ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-35560 (Improper certificate validation in the identity provider connection co ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-35559 (Out-of-bounds write in the query processing components in Amazon Athen ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-35558 (Improper neutralization of special elements in the authentication comp ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-35468 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
 	TODO: check
 CVE-2026-34990 (OpenPrinting CUPS is an open source printing system for Linux and othe ...)
@@ -35,7 +35,7 @@ CVE-2026-34953 (PraisonAI is a multi-agent teams system. Prior to version 4.5.97
 CVE-2026-34952 (PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the  ...)
 	TODO: check
 CVE-2026-34947 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-34939 (PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPT ...)
 	TODO: check
 CVE-2026-34938 (PraisonAI is a multi-agent teams system. Prior to version 1.5.90, exec ...)
@@ -53,9 +53,9 @@ CVE-2026-34933 (Avahi is a system which facilitates service discovery on a local
 CVE-2026-34824 (Mesop is a Python-based UI framework that allows users to build web ap ...)
 	TODO: check
 CVE-2026-34788 (Emlog is an open source website building system. In versions 2.6.2 and ...)
-	TODO: check
+	NOT-FOR-US: Emlog
 CVE-2026-34787 (Emlog is an open source website building system. In versions 2.6.2 and ...)
-	TODO: check
+	NOT-FOR-US: Emlog
 CVE-2026-34780 (Electron is a framework for writing cross-platform desktop application ...)
 	TODO: check
 CVE-2026-34779 (Electron is a framework for writing cross-platform desktop application ...)
@@ -89,13 +89,13 @@ CVE-2026-34766 (Electron is a framework for writing cross-platform desktop appli
 CVE-2026-34612 (Kestra is an open-source, event-driven orchestration platform. Prior t ...)
 	TODO: check
 CVE-2026-34607 (Emlog is an open source website building system. In versions 2.6.2 and ...)
-	TODO: check
+	NOT-FOR-US: Emlog
 CVE-2026-34511 (OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state p ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-34229 (Emlog is an open source website building system. Prior to version 2.6. ...)
-	TODO: check
+	NOT-FOR-US: Emlog
 CVE-2026-34228 (Emlog is an open source website building system. Prior to version 2.6. ...)
-	TODO: check
+	NOT-FOR-US: Emlog
 CVE-2026-34061 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
 	TODO: check
 CVE-2026-34052 (LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Pr ...)
@@ -111,9 +111,9 @@ CVE-2026-32662 (Development and test API endpoints are present that mirror produ
 CVE-2026-32646 (A specific administrative endpoint is accessible without proper authen ...)
 	TODO: check
 CVE-2026-2949 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2924 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons & Ecosystem ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-28798 (ZimaOS is a fork of CasaOS, an operating system for Zima devices and x ...)
 	TODO: check
 CVE-2026-28797 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
@@ -131,7 +131,7 @@ CVE-2026-27833 (Piwigo is an open source photo gallery application for the web.
 CVE-2026-27634 (Piwigo is an open source photo gallery application for the web. Prior  ...)
 	TODO: check
 CVE-2026-27481 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-27447 (OpenPrinting CUPS is an open source printing system for Linux and othe ...)
 	TODO: check
 CVE-2026-26058 (Zulip is an open-source team collaboration tool. From version 1.4.0 to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b188c3e4f9863823d64d57a4f7de9d90ab46556

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b188c3e4f9863823d64d57a4f7de9d90ab46556
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260404/25c41073/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list