[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 23 08:27:35 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
552931a5 by security tracker role at 2026-04-23T07:27:28+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,19 +5,19 @@ CVE-2026-6874 (A vulnerability was determined in ericc-ch copilot-api up to 0.7.
 CVE-2026-6019 (http.cookies.Morsel.js_output() returns an inline <script> snippet and ...)
 	TODO: check
 CVE-2026-5935 (IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9 ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-5926 (IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Secur ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-4919 (IBM Guardium Data Protection 12.1 is vulnerable to cross-site scriptin ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-4918 (IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site s ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-4917 (IBM Guardium Data Protection 12.1 could allow an administrative user t ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-4512 (The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sani ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4106 (The HT Mega Addons for Elementor  WordPress plugin before 3.0.7 contai ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4049
 	REJECTED
 CVE-2026-41988 (uuid before 14.0.0 can make unexpected writes when external output buf ...)
@@ -99,15 +99,15 @@ CVE-2026-40517 (radare2 prior to 6.1.4 contains a command injection vulnerabilit
 CVE-2026-40062 (A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earl ...)
 	TODO: check
 CVE-2026-3844 (The Breeze Cache plugin for WordPress is vulnerable to arbitrary file  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3837 (An authenticated attacker can persist crafted values in multiple field ...)
 	TODO: check
 CVE-2026-3673 (An authenticated attacker can store a crafted tag value in _user_tags  ...)
 	TODO: check
 CVE-2026-3621 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 I ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-3361 (The WP Store Locator plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3007 (Successful exploitation of the stored cross-site scripting (XSS) vulne ...)
 	TODO: check
 CVE-2026-34488 (IP Setting Software contains an issue with the DLL search path, which  ...)
@@ -135,21 +135,21 @@ CVE-2026-33471 (nimiq-block contains block primitives to be used in Nimiq's Rust
 CVE-2026-32679 (The installers of LiveOn Meet Client for Windows (Downloader5Installer ...)
 	TODO: check
 CVE-2026-2951 (The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for Gutenberg ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-29198 (In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11 ...)
 	TODO: check
 CVE-2026-1923 (The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1726 (IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5. ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-1352 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UN ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-1274 (IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a B ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2026-1272 (IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Sec ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36074 (IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-10549 (EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnera ...)
 	TODO: check
 CVE-2026-40215



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/552931a58b914c9f16ead71adb87f6164f1c69b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/552931a58b914c9f16ead71adb87f6164f1c69b0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260423/593d7dec/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list