[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 23 20:14:14 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef3219a9 by security tracker role at 2026-04-23T19:14:08+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,13 +15,13 @@ CVE-2026-6885 (Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology
 CVE-2026-6074 (A path traversal condition in Intrado 911 Emergency Gateway could allo ...)
 	TODO: check
 CVE-2026-5464 (The ExactMetrics \u2013 Google Analytics Dashboard for WordPress (Webs ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-5039 (TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug prot ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2026-41909 (OpenClaw before 2026.4.20 contains an improper authorization vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41908 (OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerab ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-41461 (SocialEngine versions 7.8.0 and prior contain a blind server-side requ ...)
 	TODO: check
 CVE-2026-41460 (SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerab ...)
@@ -67,11 +67,11 @@ CVE-2026-3960 (A critical remote code execution vulnerability exists in the unau
 CVE-2026-3259 (A Generation of Error Message Containing Sensitive Information vulnera ...)
 	TODO: check
 CVE-2026-39440 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-39087 (An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to exe ...)
 	TODO: check
 CVE-2026-35225 (An unauthenticated remote attacker is able to exhaust all available TC ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2026-33694 (This vulnerability allows an attacker to create a junction, enabling t ...)
 	TODO: check
 CVE-2026-31533 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
@@ -81,47 +81,47 @@ CVE-2026-31532 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2026-31531 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	TODO: check
 CVE-2026-31181 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31179 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31178 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31177 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31176 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31175 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31174 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31173 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31172 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31171 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31169 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31168 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31167 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31166 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31165 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31164 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31163 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31162 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31160 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-31159 (An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-28040 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23751 (Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (o ...)
 	TODO: check
 CVE-2025-70994 (Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a  ...)
@@ -131,9 +131,9 @@ CVE-2025-66286 (An API design flaw in WebKitGTK and WPE WebKit allows untrusted
 CVE-2025-62373 (Pipecat is an open-source Python framework for building real-time voic ...)
 	TODO: check
 CVE-2025-62110 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-62104 (Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-50229 (Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing  ...)
 	TODO: check
 CVE-2026-6856



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef3219a9bad8b69b49b15d759592b481a96067ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef3219a9bad8b69b49b15d759592b481a96067ca
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260423/44f0c36b/attachment.htm>

More information about the debian-security-tracker-commits mailing list