[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 4 20:14:14 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
53171348 by security tracker role at 2026-02-04T20:14:08+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55,7 +55,7 @@ CVE-2026-23624 (GLPI is a free asset and IT management software package. In vers
 CVE-2026-22549 (A vulnerability exists in F5 BIG-IP Container Ingress Services that ma ...)
 	TODO: check
 CVE-2026-22548 (When a BIG-IP Advanced WAF or ASM security policy is configured on a v ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2026-22247 (GLPI is a free asset and IT management software package. From version  ...)
 	TODO: check
 CVE-2026-22044 (GLPI is a free asset and IT management software package. From version  ...)
@@ -63,7 +63,7 @@ CVE-2026-22044 (GLPI is a free asset and IT management software package. From ve
 CVE-2026-21893 (n8n is an open source workflow automation platform. From version 0.187 ...)
 	TODO: check
 CVE-2026-20732 (A vulnerability exists in an undisclosed BIG-IP Configuration utility  ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2026-20730 (A vulnerability exists in BIG-IP Edge Client and browser VPN clients o ...)
 	TODO: check
 CVE-2026-20123 (A vulnerability in the web-based management interface of Cisco Evolved ...)
@@ -81,35 +81,35 @@ CVE-2026-1642 (A vulnerability exists in NGINX OSS and NGINX Plus when configure
 CVE-2026-1622 (Neo4j Enterprise and Community editions versions prior to 2026.01.3 an ...)
 	TODO: check
 CVE-2026-1370 (The SIBS woocommerce payment gateway plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0873 (On a Cryptobox platform where administrator segregation based on entit ...)
 	TODO: check
 CVE-2026-0816 (The All push notification for WP plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0743 (The WP Content Permission plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0742 (The Smart Appointment & Booking plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0681 (The Extended Random Number Generator plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0679 (The Fortis for WooCommerce plugin for WordPress is vulnerable to autho ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0662 (A maliciously crafted project directory, when opening a max file in Au ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2026-0661 (A maliciously crafted RGB file, when parsed through Autodesk 3ds Max,  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2026-0660 (A maliciously crafted GIF file, when parsed through Autodesk 3ds Max,  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2026-0659 (A maliciously crafted USD file, when loaded or imported into Autodesk  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2026-0572 (The WebPurify Profanity Filter plugin for WordPress is vulnerable to u ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0538 (A maliciously crafted GIF file, when parsed through Autodesk 3ds Max,  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2026-0537 (A maliciously crafted RGB file, when parsed through Autodesk 3ds Max,  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2026-0536 (A maliciously crafted GIF file, when parsed through Autodesk 3ds Max,  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-70997 (A vulnerability has been discovered in eladmin v2.7 and before. This v ...)
 	TODO: check
 CVE-2025-70545 (A stored cross-site scripting (XSS) vulnerability exists in the web ma ...)
@@ -133,25 +133,25 @@ CVE-2025-59818 (This vulnerability allows authenticated attackers to execute arb
 CVE-2025-41085 (Stored Cross-Site Scripting (XSS) vulnerability type in Apidog  in the ...)
 	TODO: check
 CVE-2025-15508 (The Magic Import Document Extractor plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15507 (The Magic Import Document Extractor plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15487 (The Code Explorer plugin for WordPress is vulnerable to Path Traversal ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15482 (The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15368 (The SportsPress plugin for WordPress is vulnerable to Local File Inclu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15285 (The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unaut ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15268 (The Infility Global plugin for WordPress is vulnerable to unauthentica ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15260 (The MyRewards \u2013 Loyalty Points and Rewards for WooCommerce plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14740 (Docker Desktop for Windows contains multiple incorrect permission assi ...)
-	TODO: check
+	NOT-FOR-US: Docker products not packaged in Debian
 CVE-2025-14461 (The Xendit Payment plugin for WordPress is vulnerable to unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-23109 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.18.8-1
 	[trixie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53171348f9ee8b80bebd79c9740073438713b80d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53171348f9ee8b80bebd79c9740073438713b80d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260204/b657aecf/attachment.htm>

More information about the debian-security-tracker-commits mailing list