[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 28 20:14:27 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d09901d by security tracker role at 2026-04-28T19:14:21+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,15 +15,15 @@ CVE-2026-7291 (A weakness has been identified in o2oa up to 10.0. This affects t
 CVE-2026-7290 (A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is t ...)
 	TODO: check
 CVE-2026-7289 (A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affect ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-7288 (A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnera ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-7283 (A security flaw has been discovered in SourceCodester Pharmacy Sales a ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7282 (A vulnerability was identified in SourceCodester Pharmacy Sales and In ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7281 (A vulnerability was determined in SourceCodester Pharmacy Sales and In ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7280 (AVACAST developed by eMPIA Technology has a Unquoted Service Path vuln ...)
 	TODO: check
 CVE-2026-7279 (AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerabili ...)
@@ -33,39 +33,39 @@ CVE-2026-7272 (A flaw has been found in WilliamCloudQi matlab-mcp-server up to a
 CVE-2026-7271 (A vulnerability was detected in DV0x creative-ad-agent up to 751b9e514 ...)
 	TODO: check
 CVE-2026-7269 (A vulnerability was found in SourceCodester Pharmacy Sales and Invento ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7268 (A vulnerability has been found in SourceCodester Pizzafy Ecommerce Sys ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7267 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0.  ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7266 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7265 (A security vulnerability has been detected in SourceCodester Pizzafy E ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7264 (A weakness has been identified in SourceCodester Pizzafy Ecommerce Sys ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-7248 (A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects t ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-7247 (A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-7244 (A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b202 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-7243 (A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-7242 (A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-7241 (A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Thi ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-7240 (A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-7238 (A flaw has been found in code-projects Online Music Site 1.0. This aff ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-7237 (A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Aff ...)
 	TODO: check
 CVE-2026-7235 (A security vulnerability has been detected in ErlichLiu claude-agent-s ...)
 	TODO: check
 CVE-2026-6706 (Improper  access control in the vault documentation feature in Devolut ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-6238 (The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the  ...)
 	TODO: check
 CVE-2026-5944 (An improper access control vulnerability exists in the Cisco Intersigh ...)
@@ -81,9 +81,9 @@ CVE-2026-5779 (An insecure direct object reference (IDOR) vulnerability in MphRx
 CVE-2026-5435 (The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the  ...)
 	TODO: check
 CVE-2026-4911 (The Booking Package plugin for WordPress is vulnerable to Price Manipu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4805 (The Woostify plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-41873 (** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Re ...)
 	TODO: check
 CVE-2026-41607 (Out-of-bounds Read vulnerability in Apache Thrift.  This issue affects ...)
@@ -99,17 +99,17 @@ CVE-2026-41526 (In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to
 CVE-2026-41525 (KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with A ...)
 	TODO: check
 CVE-2026-40980 (In Spring AI, a malicious PDF file can be crafted that triggers the al ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40979 (In Spring AI, having access to a shared environment can expose the ONN ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40978 (SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allow ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40969 (The raw message of every server-side AuthenticationException is return ...)
 	TODO: check
 CVE-2026-40968 (When an authenticated user is denied access to a gRPC method, their au ...)
 	TODO: check
 CVE-2026-40966 (In Spring AI, an attacker can bypass conversation isolation and exfilt ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-40556 (GNU nano creates the user\u2019s ~/.local directory with overly permis ...)
 	TODO: check
 CVE-2026-40552 (mpGabinet is vulnerable to Remote Command Execution. An authorized use ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d09901df16539cc285c14a07ffb72d069054a9c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d09901df16539cc285c14a07ffb72d069054a9c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/7d2a1ac4/attachment.htm>

More information about the debian-security-tracker-commits mailing list