[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 12 21:06:53 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16177a3f by Salvatore Bonaccorso at 2026-02-12T22:06:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-2276 (Reflected Cross-Site Scripting (XSS) vulnerability in the Wix web appl ...)
-	TODO: check
+	NOT-FOR-US: Wix web application
 CVE-2026-26219 (newbee-mall stores and verifies user passwords using an unsalted MD5 h ...)
 	NOT-FOR-US: newbee-mall
 CVE-2026-26218 (newbee-mall includes pre-seeded administrator accounts in its database ...)
@@ -29,17 +29,17 @@ CVE-2026-24895 (FrankenPHP is a modern application server for PHP. Prior to 1.11
 CVE-2026-24894 (FrankenPHP is a modern application server for PHP. Prior to 1.11.2, wh ...)
 	NOT-FOR-US: FrankenPHP
 CVE-2026-24044 (Element Server Suite Community Edition (ESS Community) deploys a Matri ...)
-	TODO: check
+	NOT-FOR-US: Element Server Suite Community Edition (ESS Community)
 CVE-2026-22821 (mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is ...)
-	TODO: check
+	NOT-FOR-US: GLPI plugin
 CVE-2026-21722 (Public dashboards with annotations enabled did not limit their annotat ...)
 	TODO: check
 CVE-2026-21438 (webtransport-go is an implementation of the WebTransport protocol. Pri ...)
-	TODO: check
+	NOT-FOR-US: webtransport-go
 CVE-2026-21435 (webtransport-go is an implementation of the WebTransport protocol. Pri ...)
-	TODO: check
+	NOT-FOR-US: webtransport-go
 CVE-2026-21434 (webtransport-go is an implementation of the WebTransport protocol. Fro ...)
-	TODO: check
+	NOT-FOR-US: webtransport-go
 CVE-2026-1671 (The Activity Log for WordPress plugin for WordPress is vulnerable to u ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1356 (The Converter for Media \u2013 Optimize images | Convert WebP & AVIF p ...)
@@ -51,17 +51,17 @@ CVE-2026-1316 (The Customer Reviews for WooCommerce plugin for WordPress is vuln
 CVE-2026-1104 (The FastDup \u2013 Fastest WordPress Migration & Duplicator plugin for ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-70981 (CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list qu ...)
-	TODO: check
+	NOT-FOR-US: CordysCRM
 CVE-2025-70886 (An issue in halo v.2.22.4 and before allows a remote attacker to cause ...)
-	TODO: check
+	NOT-FOR-US: Halo
 CVE-2025-70314 (webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request.  ...)
-	TODO: check
+	NOT-FOR-US: webfsd
 CVE-2025-69807 (p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, whic ...)
-	TODO: check
+	NOT-FOR-US: p2r3 Bareiron
 CVE-2025-69806 (p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which  ...)
-	TODO: check
+	NOT-FOR-US: p2r3 Bareiron
 CVE-2025-69752 (An issue in the "My Details" user profile functionality of Ideagen Q-P ...)
-	TODO: check
+	NOT-FOR-US: Ideagen Q-Pulse
 CVE-2025-69634 (Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0. ...)
 	TODO: check
 CVE-2025-67433 (A heap buffer overflow in the processRequest function of Open TFTP Ser ...)
@@ -671,7 +671,7 @@ CVE-2025-69872 (DiskCache (python-diskcache) through 5.6.3 uses Python pickle fo
 	NOTE: https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md
 	TODO: check, check upstream (report) status
 CVE-2025-69871 (A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and e ...)
-	TODO: check
+	NOT-FOR-US: Medusa
 CVE-2025-68406 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
 	NOT-FOR-US: QNAP
 CVE-2025-66278 (A path traversal vulnerability has been reported to affect File Statio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16177a3fe64e262425a5477289500775beace83d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16177a3fe64e262425a5477289500775beace83d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260212/559c52f0/attachment.htm>

More information about the debian-security-tracker-commits mailing list