[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 18 20:14:53 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9038eb69 by security tracker role at 2026-02-18T20:14:47+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,27 +21,27 @@ CVE-2026-2654 (A weakness has been identified in huggingface smolagents 1.24.0.
 CVE-2026-2653 (A security flaw has been discovered in admesh up to 0.98.5. This issue ...)
 	TODO: check
 CVE-2026-2507 (When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed traffic can ...)
-	TODO: check
+	NOT-FOR-US: F5
 CVE-2026-2495 (The WPNakama \u2013 Team and multi-Client Collaboration, Editorial and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2464 (Path traversal vulnerability in the AMR Printer Management 1.01 Beta w ...)
 	TODO: check
 CVE-2026-2426 (The WP-DownloadManager plugin for WordPress is vulnerable to Path Trav ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2386 (The The Plus Addons for Elementor \u2013 Addons for Elementor, Page Te ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2329 (An unauthenticated stack-based buffer overflow vulnerability exists in ...)
 	TODO: check
 CVE-2026-2230 (The Booking Calendar plugin for WordPress is vulnerable to Insecure Di ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2127 (The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to un ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2126 (The User Submitted Posts \u2013 Enable Users to Submit Posts from the  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-27100 (Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Paramet ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-27099 (Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1 through 2.54 ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-25500 (Rack is a modular Ruby web server interface. Prior to versions 2.2.22, ...)
 	TODO: check
 CVE-2026-23491 (InvoicePlane is a self-hosted open source application for managing inv ...)
@@ -49,27 +49,27 @@ CVE-2026-23491 (InvoicePlane is a self-hosted open source application for managi
 CVE-2026-22860 (Rack is a modular Ruby web server interface. Prior to versions 2.2.22, ...)
 	TODO: check
 CVE-2026-20144 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.8, and  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20142 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20141 (In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9,  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20139 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20138 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20137 (In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-1942 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1941 (The WP Event Aggregator plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1656 (The Business Directory Plugin for WordPress is vulnerable to authoriza ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1649 (The Community Events plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1582 (The WP All Export plugin for WordPress is vulnerable to Sensitive Info ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1441 (Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web  ...)
 	TODO: check
 CVE-2026-1440 (Reflected Cross-Site Scripting (XSS) vulnerability in the Graylog Web  ...)
@@ -85,17 +85,17 @@ CVE-2026-1436 (Improper Access Control (IDOR) in the Graylog API, version 2.2.3,
 CVE-2026-1435 (Not properly invalidated session vulnerability in Graylog Web Interfac ...)
 	TODO: check
 CVE-2026-1426 (The Advanced AJAX Product Filters plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1404 (The Ultimate Member \u2013 User Profile, Registration, Login, Member D ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1317 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0875 (A maliciously crafted MODEL file, when parsed through certain Autodesk ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2026-0874 (A maliciously crafted CATPART file, when parsed through certain Autode ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-8781 (The Bookster \u2013 WordPress Appointment Booking Plugin plugin for Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8308 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-7630 (Improper Restriction of Excessive Authentication Attempts, Improper Au ...)
@@ -103,27 +103,27 @@ CVE-2025-7630 (Improper Restriction of Excessive Authentication Attempts, Improp
 CVE-2025-70998 (UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered t ...)
 	TODO: check
 CVE-2025-70152 (code-projects Community Project Scholars Tracking System 1.0 is vulner ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-70151 (code-projects Scholars Tracking System 1.0 allows an authenticated att ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-70150 (CodeAstro Membership Management System 1.0 contains a missing authenti ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-70149 (CodeAstro Membership Management System 1.0 is vulnerable to SQL Inject ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-70148 (Missing authentication and authorization in print_membership_card.php  ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2025-70147 (Missing authentication in /admin/student.php and /admin/teacher.php in ...)
 	TODO: check
 CVE-2025-70146 (Missing authentication in multiple administrative action scripts under ...)
 	TODO: check
 CVE-2025-70141 (SourceCodester Customer Support System 1.0 contains an incorrect acces ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-70064 (PHPGurukul Hospital Management System v4.0 contains a Privilege Escala ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-70063 (The 'Medical History' module in PHPGurukul Hospital Management System  ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-70062 (PHPGurukul Hospital Management System v4.0 contains a Cross-Site Reque ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-69287 (The BSV Blockchain SDK is a unified TypeScript SDK for developing scal ...)
 	TODO: check
 CVE-2025-65791 (ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/im ...)
@@ -133,47 +133,47 @@ CVE-2025-65519 (mayswind ezbookkeeping versions 1.2.0 and earlier contain a crit
 CVE-2025-61982 (An arbitrary code execution vulnerability exists in the Code Stream di ...)
 	TODO: check
 CVE-2025-60038 (A vulnerabilityhas been identified in Rexroth IndraWorks. This flaw al ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2025-60037 (A vulnerabilityhas been identified in Rexroth IndraWorks. This flaw al ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2025-60036 (A vulnerability has been identified in the UA.Testclient utility, whic ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2025-60035 (A vulnerabilityhas been identified in the OPC.Testclient utility, whic ...)
-	TODO: check
+	NOT-FOR-US: Bosch
 CVE-2025-59920 (When hours are entered in time at work, version 7.0.5, it performs a quer ...)
 	TODO: check
 CVE-2025-33253 (NVIDIA NeMo Framework contains a vulnerability where an attacker could ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33252 (NVIDIA NeMo Framework contains a vulnerability where an attacker could ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33251 (NVIDIA NeMo Framework contains a vulnerability where an attacker could ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33250 (NVIDIA NeMo Framework contains a vulnerability where an attacker could ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33249 (NVIDIA NeMo Framework for all platforms contains a vulnerability in a  ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33246 (NVIDIA NeMo Framework for all platforms contains a vulnerability in th ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33245 (NVIDIA NeMo Framework contains a vulnerability where malicious data co ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33243 (NVIDIA NeMo Framework contains a vulnerability where an attacker could ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33241 (NVIDIA NeMo Framework contains a vulnerability where an attacker could ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-33240 (NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tu ...)
 	TODO: check
 CVE-2025-33239 (NVIDIA Megatron Bridge contains a vulnerability in a data merging tuto ...)
 	TODO: check
 CVE-2025-33236 (NVIDIA NeMo Framework contains a vulnerability where malicious data cr ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2025-15579 (Deserialization of Untrusted Data vulnerability in OpenText\u2122 Dire ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2025-14799 (The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14444 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14340 (Cross-site scripting in REST Management Interface in Payara Server <4. ...)
-	TODO: check
+	NOT-FOR-US: Payara
 CVE-2025-14009 (A critical vulnerability exists in the NLTK downloader component of nl ...)
 	TODO: check
 CVE-2025-13965
@@ -181,11 +181,11 @@ CVE-2025-13965
 CVE-2025-13933
 	REJECTED
 CVE-2025-13727 (The Video Share VOD \u2013 Turnkey Video Site Builder Script plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13602
 	REJECTED
 CVE-2025-11185 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-23230 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
 	{DSA-6141-1}
 	- linux 6.18.12-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9038eb6940d746e4af5c020adcc15d9577ce5b78

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9038eb6940d746e4af5c020adcc15d9577ce5b78
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260218/0bfc0963/attachment.htm>

More information about the debian-security-tracker-commits mailing list