[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 10 20:13:16 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a85703c9 by security tracker role at 2026-02-10T20:13:10+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2026-2303 (The mongo-go-driver repositorycontains CGo bindings for GSSAPI (K
CVE-2026-2302 (Under specific conditions when processing a maliciously crafted value ...)
TODO: check
CVE-2026-2268 (The Ninja Forms plugin for WordPress is vulnerable to Sensitive Inform ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-26009 (Catalyst is a platform built for enterprise game server hosts, game co ...)
TODO: check
CVE-2026-26003 (FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attac ...)
@@ -23,9 +23,9 @@ CVE-2026-25805 (Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not
CVE-2026-25728 (ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 ...)
TODO: check
CVE-2026-25656 (A vulnerability has been identified in SINEC NMS (All versions), User ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25655 (A vulnerability has been identified in SINEC NMS (All versions < V4.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25613 (An authorized user may disable the MongoDB server by issuing a query a ...)
TODO: check
CVE-2026-25612 (The internal locking mechanism of the MongoDB server uses an internal ...)
@@ -47,25 +47,25 @@ CVE-2026-24343 (Improper Neutralization of Data within XPath Expressions ('XPath
CVE-2026-24045 (Docmost is open-source collaborative wiki and documentation software. ...)
TODO: check
CVE-2026-23720 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23719 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23718 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23717 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23716 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23715 (A vulnerability has been identified in Simcenter Femap (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23655 (Cleartext storage of sensitive information in Azure Compute Gallery al ...)
TODO: check
CVE-2026-22923 (A vulnerability has been identified in NX (All versions < V2512). The ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-22153 (An Authentication Bypass by Primary Weakness vulnerability [CWE-305] v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-21743 (A missing authorization vulnerability in Fortinet FortiAuthenticator 6 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-21537 (Improper control of generation of code ('code injection') in Microsoft ...)
TODO: check
CVE-2026-21533 (Improper privilege management in Windows Remote Desktop allows an auth ...)
@@ -105,93 +105,93 @@ CVE-2026-21510 (Protection mechanism failure in Windows Shell allows an unauthor
CVE-2026-21508 (Improper authentication in Windows Storage allows an authorized attack ...)
TODO: check
CVE-2026-21358 (InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21357 (InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21355 (DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21354 (DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Ove ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21353 (DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Ove ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21352 (DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21351 (After Effects versions 25.6 and earlier are affected by a Use After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21350 (After Effects versions 25.6 and earlier are affected by a NULL Pointer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21349 (Lightroom Desktop versions 15.1 and earlier are affected by an out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21348 (Substance3D - Modeler versions 1.22.5 and earlier are affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21347 (Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21346 (Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21345 (Substance3D - Stager versions 3.1.6 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21344 (Substance3D - Stager versions 3.1.6 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21343 (Substance3D - Stager versions 3.1.6 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21342 (Substance3D - Stager versions 3.1.6 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21341 (Substance3D - Stager versions 3.1.6 and earlier are affected by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21340 (Substance3D - Designer versions 15.1.0 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21339 (Substance3D - Designer versions 15.1.0 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21338 (Substance3D - Designer versions 15.1.0 and earlier are affected by a N ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21337 (Substance3D - Designer versions 15.1.0 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21336 (Substance3D - Designer versions 15.1.0 and earlier are affected by a N ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21335 (Substance3D - Designer versions 15.1.0 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21334 (Substance3D - Designer versions 15.1.0 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21332 (InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21330 (After Effects versions 25.6 and earlier are affected by an Access of R ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21329 (After Effects versions 25.6 and earlier are affected by a Use After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21328 (After Effects versions 25.6 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21327 (After Effects versions 25.6 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21326 (After Effects versions 25.6 and earlier are affected by a Use After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21325 (After Effects versions 25.6 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21324 (After Effects versions 25.6 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21323 (After Effects versions 25.6 and earlier are affected by a Use After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21322 (After Effects versions 25.6 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21321 (After Effects versions 25.6 and earlier are affected by an Integer Ove ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21320 (After Effects versions 25.6 and earlier are affected by a Use After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21319 (After Effects versions 25.6 and earlier are affected by an Out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21318 (After Effects versions 25.6 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21317 (Audition versions 25.3 and earlier are affected by an out-of-bounds re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21316 (Audition versions 25.3 and earlier are affected by an Access of Memory ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21315 (Audition versions 25.3 and earlier are affected by an Out-of-bounds Re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21314 (Audition versions 25.3 and earlier are affected by an out-of-bounds re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21313 (Audition versions 25.3 and earlier are affected by an out-of-bounds re ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21312 (Audition versions 25.3 and earlier are affected by an out-of-bounds wr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21261 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
TODO: check
CVE-2026-21260 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
@@ -261,13 +261,13 @@ CVE-2026-20846 (Buffer over-read in Windows GDI+ allows an unauthorized attacker
CVE-2026-20841 (Improper neutralization of special elements used in a command ('comman ...)
TODO: check
CVE-2026-1997 (Certain HP OfficeJet Pro printers may expose information if Cross\u201 ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-1996 (Certain HP OfficeJet Pro printers may be vulnerable to potential denia ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-1922 (The The Events Calendar Shortcode & Block plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1866 (The Name Directory plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1850 (Complex queries can cause excessive memory usage in MongoDB Query Plan ...)
TODO: check
CVE-2026-1849 (MongoDB Server may experience an out-of-memory failure while evaluatin ...)
@@ -279,15 +279,15 @@ CVE-2026-1847 (Inserting certain large documents into a replica set could lead t
CVE-2026-1774 (CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollu ...)
TODO: check
CVE-2026-1603 (An authentication bypass in Ivanti Endpoint Manager before version 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-1602 (SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allow ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-0653 (On TP-Link Tapo C260 v1, aguest\u2011level authenticated user can bypa ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-0652 (On TP-Link Tapo C260 v1, command injection vulnerability exists due to ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-0651 (On TP-Link Tapo C260 v1, path traversal is possible due to improper ha ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-7636 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-7347 (Authorization Bypass Through User-Controlled Key vulnerability in Dini ...)
@@ -299,15 +299,15 @@ CVE-2025-6967 (Execution After Redirect (EAR) vulnerability in Sarman Soft Softw
CVE-2025-6010
REJECTED
CVE-2025-68686 (An Exposure of Sensitive Information to an Unauthorized Actor vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-64157 (A use of externally-controlled format string vulnerability in Fortinet ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-62676 (An Improper Link Resolution Before File Access ('Link Following') vuln ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-62439 (An Improper Verification of Source of a Communication Channel vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-55018 (An inconsistent interpretation of http requests ('http request smuggli ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54514 (Improper isolation of shared resources on a system on a chip by a mali ...)
TODO: check
CVE-2025-52536 (Improper Prevention of Lock Bit Modification in SEV firmware could all ...)
@@ -315,7 +315,7 @@ CVE-2025-52536 (Improper Prevention of Lock Bit Modification in SEV firmware cou
CVE-2025-52534 (Improper bound check within AMD CPU microcode can allow a malicious gu ...)
TODO: check
CVE-2025-52436 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-48517 (Insufficient Granularity of Access Control in SEV firmware could allow ...)
TODO: check
CVE-2025-48515 (Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot ...)
@@ -325,7 +325,7 @@ CVE-2025-48514 (Insufficient Granularity of Access Control in SEV firmware can a
CVE-2025-48509 (Missing Checks in certain functions related to RMP initialization can ...)
TODO: check
CVE-2025-40587 (A vulnerability has been identified in Polarion V2404 (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-36522 (Incorrect default permissions for some Intel(R) Chipset Software befor ...)
TODO: check
CVE-2025-36511 (Incorrect default permissions for some Intel(R) Memory and Storage Too ...)
@@ -419,11 +419,11 @@ CVE-2025-15570 (A vulnerability was found in ckolivas lrzip up to 0.651. This im
CVE-2025-15569 (A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ...)
TODO: check
CVE-2025-14895 (The PopupKit plugin for WordPress is vulnerable to authorization bypas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11242 (Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer ...)
TODO: check
CVE-2025-11004 (The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scr ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2025-0031 (A use after free in the SEV firmware could allow a malicous hypervisor ...)
TODO: check
CVE-2025-0029 (Improper handling of error condition during host-induced faults can al ...)
@@ -433,7 +433,7 @@ CVE-2025-0012 (Improper handling of overlap between the segmented reverse map ta
CVE-2024-54192 (An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ...)
TODO: check
CVE-2024-52334 (A vulnerability has been identified in syngo.plaza VB30E (All versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2024-36355 (Improper input validation in the SMM handler could allow an attacker w ...)
TODO: check
CVE-2024-36311 (A Time-of-check time-of-use (TOCTOU) race condition in the SMM communi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a85703c9d68c83c1029a3c6973734529b3a91567
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a85703c9d68c83c1029a3c6973734529b3a91567
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260210/6d6a28b0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list