[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 6 08:13:56 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a1cb467 by security tracker role at 2026-02-06T08:13:48+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-2010 (A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d ...)
 	TODO: check
 CVE-2026-2009 (A flaw has been found in SourceCodester Gas Agency Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-2008 (A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd ...)
 	TODO: check
 CVE-2026-2000 (A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is  ...)
@@ -29,7 +29,7 @@ CVE-2026-24300 (Azure Front Door Elevation of Privilege Vulnerability)
 CVE-2026-23623 (Collabora Online is a collaborative online office suite based on Libre ...)
 	TODO: check
 CVE-2026-21626 (Access control settings for forum post custom fields are not applied t ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-21532 (Azure Function Information Disclosure Vulnerability)
 	TODO: check
 CVE-2026-1998 (A flaw has been found in micropython up to 1.27.0. This vulnerability  ...)
@@ -65,25 +65,25 @@ CVE-2026-1963 (A vulnerability was found in WeKan up to 8.20. This affects an un
 CVE-2026-1962 (A vulnerability has been found in WeKan up to 8.20. The impacted eleme ...)
 	TODO: check
 CVE-2026-1909 (The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1888 (The Docus \u2013 YouTube Video Playlist plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1808 (The Orange Confort+ accessibility toolbar for WordPress plugin for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1401 (The Tune Library plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1279 (The Employee Directory plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1228 (The Timeline Block \u2013 Beautiful Timeline Builder for WordPress (Ve ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0598 (A security flaw was identified in the Ansible Lightspeed API conversat ...)
 	TODO: check
 CVE-2026-0521 (A reflected cross-site scripting (XSS) vulnerability in the PDF export ...)
 	TODO: check
 CVE-2026-0391 (User interface (ui) misrepresentation of critical information in Micro ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-0106 (In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap d ...)
-	TODO: check
+	NOT-FOR-US: Google devices
 CVE-2025-68458 (Webpack is a module bundler. From version 5.49.0 to before 5.104.1, wh ...)
 	TODO: check
 CVE-2025-68157 (Webpack is a module bundler. From version 5.49.0 to before 5.104.0, wh ...)
@@ -93,9 +93,9 @@ CVE-2025-32393 (AutoGPT is a platform that allows users to create, deploy, and m
 CVE-2025-15566 (A security issue was discovered in ingress-nginxwhere the `nginx.ingre ...)
 	TODO: check
 CVE-2025-12131 (A truncated 802.15.4 packet can lead to an assert, resulting in a deni ...)
-	TODO: check
+	NOT-FOR-US: Silicon Labs
 CVE-2025-10753 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-25630
 	REJECTED
 CVE-2026-23797 (In Quick.Cart user passwords are stored in plaintext form. An attacker ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1cb467efabd4abf3383de8e63fdd87fd41a372

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1cb467efabd4abf3383de8e63fdd87fd41a372
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260206/8775d682/attachment.htm>

More information about the debian-security-tracker-commits mailing list