[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed Feb 11 21:47:15 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d266eecb by Salvatore Bonaccorso at 2026-02-11T22:46:52+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44,11 +44,11 @@ CVE-2026-2313 (Use after free in CSS in Google Chrome prior to 145.0.7632.45 all
 CVE-2026-2295 (The WPZOOM Addons for Elementor \u2013 Starter Templates & Widgets plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2250 (The /dbviewer/ web endpoint in METIS WIC devices is exposed without au ...)
-	TODO: check
+	NOT-FOR-US: METIS
 CVE-2026-2249 (METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based  ...)
-	TODO: check
+	NOT-FOR-US: METIS
 CVE-2026-2248 (METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based  ...)
-	TODO: check
+	NOT-FOR-US: METIS
 CVE-2026-25869 (MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnera ...)
 	NOT-FOR-US: MiniGal Nano
 CVE-2026-25868 (MiniGal Nano version 0.3.5 and prior contain a reflected cross-site sc ...)
@@ -100,23 +100,23 @@ CVE-2026-0229 (A denial-of-service (DoS) vulnerability in the Advanced DNS Secur
 CVE-2026-0228 (An improper certificate validation vulnerability in PAN-OS allows user ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2025-9986 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
-	TODO: check
+	NOT-FOR-US: DIGIKENT
 CVE-2025-8668 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: Turboard
 CVE-2025-8025 (Missing Authentication for Critical Function, Improper Access Control  ...)
-	TODO: check
+	NOT-FOR-US: Dinosoft ERP
 CVE-2025-70297 (A stored cross-site scripting (XSS) vulnerability in the recipe asset  ...)
 	TODO: check
 CVE-2025-70296 (A stored HTML injection vulnerability in the Recipe Notes rendering co ...)
 	TODO: check
 CVE-2025-70085 (An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer ha ...)
-	TODO: check
+	NOT-FOR-US: OpenSatKit
 CVE-2025-70084 (Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers ...)
-	TODO: check
+	NOT-FOR-US: OpenSatKit
 CVE-2025-70083 (An issue was discovered in OpenSatKit 2.2.1. The DirName field in the  ...)
-	TODO: check
+	NOT-FOR-US: OpenSatKit
 CVE-2025-70029 (An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to ob ...)
-	TODO: check
+	NOT-FOR-US: Sunbird-Ed SunbirdEd-portal
 CVE-2025-69874 (nanotar through 0.2.0 has a path traversal vulnerability in parseTar() ...)
 	TODO: check
 CVE-2025-69873 (ajv (Another JSON Schema Validator) through version 8.17.1 is vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d266eecbe25fa567acf0965d7cdbc90a06549ae1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d266eecbe25fa567acf0965d7cdbc90a06549ae1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260211/79d30e7a/attachment-0001.htm>
