[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 3 20:14:06 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1fc4955e by security tracker role at 2026-02-03T20:13:57+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,93 +47,93 @@ CVE-2026-25234 (PEAR is a framework and distribution system for reusable PHP com
CVE-2026-25233 (PEAR is a framework and distribution system for reusable PHP component ...)
TODO: check
CVE-2026-25036 (Missing Authorization vulnerability in WP Chill Passster content-prote ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25028 (Missing Authorization vulnerability in Element Invader ElementInvader ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25027 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25024 (Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams Thir ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25023 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25022 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25021 (Missing Authorization vulnerability in Mizan Themes Mizan Demo Importe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25020 (Missing Authorization vulnerability in WP connect WP Sync for Notion w ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25019 (Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25016 (Missing Authorization vulnerability in Nelio Software Nelio Popups nel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25015 (Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25014 (Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25012 (Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-ba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25011 (Missing Authorization vulnerability in Northern Beaches Websites WP Cu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25010 (Missing Authorization vulnerability in ILLID Share This Image share-th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24998 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24997 (Missing Authorization vulnerability in Wired Impact Wired Impact Volun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24996 (Missing Authorization vulnerability in wpelemento WPElemento Importer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24995 (Missing Authorization vulnerability in Iulia Cazan Latest Post Shortco ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24994 (Missing Authorization vulnerability in sunshinephotocart Sunshine Phot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24992 (Insertion of Sensitive Information Into Sent Data vulnerability in WPF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24991 (Authorization Bypass Through User-Controlled Key vulnerability in HT P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24990 (Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24985 (Missing Authorization vulnerability in approveme WP Forms Signature Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24984 (Missing Authorization vulnerability in Brecht Visual Link Preview visu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24982 (Missing Authorization vulnerability in Brainstorm Force Spectra ultima ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24967 (Missing Authorization vulnerability in ameliabooking Amelia ameliabook ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24966 (Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24965 (Missing Authorization vulnerability in Wasiliy Strecker / ContestGalle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24962 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24961 (Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24958 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24957 (Missing Authorization vulnerability in WP Chill Strong Testimonials st ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24954 (Deserialization of Untrusted Data vulnerability in magepeopleteam WpEv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24951 (Missing Authorization vulnerability in Saad Iqbal myCred mycred allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24947 (Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24945 (Missing Authorization vulnerability in Themefic Ultimate Addons for Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24942 (Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24940 (Missing Authorization vulnerability in Themefic Travelfic Toolkit trav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24939 (Missing Authorization vulnerability in WP Chill Modula Image Gallery m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24938 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24774 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
TODO: check
CVE-2026-24773 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
@@ -163,23 +163,23 @@ CVE-2026-24665 (The Open eClass platform (formerly known as GUnet eClass) is a c
CVE-2026-24664 (The Open eClass platform (formerly known as GUnet eClass) is a complet ...)
TODO: check
CVE-2026-24441 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose a ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-24434 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-24427 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose s ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-24426 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior containa ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-24149 (NVIDIA Megatron-LM for all platforms contains a vulnerability in a scr ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-23795 (Improper Restriction of XML External Entity Reference vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-23794 (Reflected XSS in Apache Syncope's Enduser Login page. An attacker that ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-22228 (An authenticated user with high privileges may trigger a denial\u2011o ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-22220 (A lack of proper input validation in the HTTP processing path in TP-Li ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-21862 (RustFS is a distributed object storage system built in Rust. Prior to ...)
TODO: check
CVE-2026-1846
@@ -257,13 +257,13 @@ CVE-2025-67849 (A flaw was found in Moodle. This cross-site scripting (XSS) vuln
CVE-2025-67848 (A flaw was found in Moodle. This authentication bypass vulnerability a ...)
TODO: check
CVE-2025-67189 (A buffer overflow vulnerability exists in the setParentalRules interfa ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-67188 (A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.520 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-67187 (A stack-based buffer overflow vulnerability was identified in TOTOLINK ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-67186 (TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vul ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-66374 (CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a loc ...)
TODO: check
CVE-2025-65924 (ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags spe ...)
@@ -279,17 +279,17 @@ CVE-2025-63624 (SQL Injection vulnerability in Shandong Kede Electronics Co., Lt
CVE-2025-63372 (Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Direc ...)
TODO: check
CVE-2025-62673 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-62501 (SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-62405 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-62404 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-61983 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-61944 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-61506 (An issue was discovered in MediaCrush thru 1.0.1 allowing remote unaut ...)
TODO: check
CVE-2025-60865 (Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.5 ...)
@@ -299,13 +299,13 @@ CVE-2025-5319 (Improper Neutralization of Special Elements used in an SQL Comman
CVE-2025-59902 (HTML injection vulnerability in NICE Chat. This vulnerability allows a ...)
TODO: check
CVE-2025-59487 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-59482 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-59439 (An issue was discovered in Samsung Modem Exynos through 2025-08-29. In ...)
TODO: check
CVE-2025-58455 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-58348 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
TODO: check
CVE-2025-58347 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
@@ -325,23 +325,23 @@ CVE-2025-58341 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Pr
CVE-2025-58340 (An issue was discovered in the Wi-Fi driver in Samsung Mobile Processo ...)
TODO: check
CVE-2025-58077 (Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-57529 (YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL In ...)
TODO: check
CVE-2025-52633 (HCL AION is affected by a Permanent Cookie Containing Sensitive Sessio ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52631 (HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Se ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52629 (HCL AION is susceptible to Missing Content-Security-Policy. An The ab ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52628 (HCL AION is affected by a Cookie with Insecure, Improper, or Missing S ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52627 (Root File System Not Mounted as Read-Only configuration vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52626 (A Potential Command Injection vulnerability in HCL AION. An This can ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52623 (HCL AION is affected by an Autocomplete HTML Attribute Not Disabled fo ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-46651 (Tiny File Manager through 2.6 contains a server-side request forgery ( ...)
TODO: check
CVE-2025-41065 (Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fc4955eeb67402278fabf9a96268916acbe015d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fc4955eeb67402278fabf9a96268916acbe015d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260203/94bb30cf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list