[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 19 20:30:31 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b6ee335 by Salvatore Bonaccorso at 2026-02-19T21:30:06+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,9 +3,9 @@ CVE-2026-2817 (Use of insecure directory in Spring Data Geode snapshot import ex
 CVE-2026-2744
 	REJECTED
 CVE-2026-2736 (Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which ...)
-	TODO: check
+	NOT-FOR-US: Alkacon OpenCms
 CVE-2026-2735 (Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which oc ...)
-	TODO: check
+	NOT-FOR-US: Alkacon OpenCms
 CVE-2026-2718 (The Dealia \u2013 Request a Quote plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2716 (The Client Testimonial Slider plugin for WordPress is vulnerable to St ...)
@@ -74,13 +74,13 @@ CVE-2026-26345 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the publi
 	- spip 4.4.9+dfsg-1
 	NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-8.html
 CVE-2026-26339 (Hyland Alfresco Transformation Service allows unauthenticated attacker ...)
-	TODO: check
+	NOT-FOR-US: Hyland
 CVE-2026-26338 (Hyland Alfresco Transformation Service allows unauthenticated attacker ...)
-	TODO: check
+	NOT-FOR-US: Hyland
 CVE-2026-26337 (Hyland Alfresco Transformation Service allows unauthenticated attacker ...)
-	TODO: check
+	NOT-FOR-US: Hyland
 CVE-2026-26336 (Hyland Alfresco allows unauthenticated attackers to read arbitrary fil ...)
-	TODO: check
+	NOT-FOR-US: Hyland
 CVE-2026-26318 (systeminformation is a System and OS information library for node.js.  ...)
 	TODO: check
 CVE-2026-26280 (systeminformation is a System and OS information library for node.js.  ...)
@@ -103,13 +103,13 @@ CVE-2026-26201 (emp3r0r is a C2 designed by Linux users for Linux environments.
 CVE-2026-26200 (HDF5 is software for managing data. Prior to version 1.14.4-2, an atta ...)
 	TODO: check
 CVE-2026-26193 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-26192 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
-	TODO: check
+	NOT-FOR-US: Open WebUI
 CVE-2026-26189 (Trivy Action runs Trivy as GitHub action to scan a Docker container im ...)
 	TODO: check
 CVE-2026-26063 (CediPay is a crypto-to-fiat app for the Ghanaian market. A vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: CediPay
 CVE-2026-26059 (ChurchCRM is an open-source church management system. In versions prio ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2026-26057 (Skill Scanner is a security scanner for AI Agent Skills that detects p ...)
@@ -127,9 +127,9 @@ CVE-2026-25766 (Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on W
 CVE-2026-25755 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, use ...)
 	TODO: check
 CVE-2026-25739 (Indico is an event management system that uses Flask-Multipass, a mult ...)
-	TODO: check
+	NOT-FOR-US: Indico
 CVE-2026-25738 (Indico is an event management system that uses Flask-Multipass, a mult ...)
-	TODO: check
+	NOT-FOR-US: Indico
 CVE-2026-25535 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, use ...)
 	TODO: check
 CVE-2026-25527 (changedetection.io is a free open source web page change detection too ...)
@@ -311,41 +311,41 @@ CVE-2026-23804 (Missing Authorization vulnerability in BBR Plugins Better Busine
 CVE-2026-23803 (Server-Side Request Forgery (SSRF) vulnerability in Burhan Nasir Smart ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23621 (GFI MailEssentials AI versions prior to22.4 contain an arbitrary direc ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23620 (GFI MailEssentials AI versions prior to22.4 contain an arbitrary file  ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23619 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23618 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23617 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23616 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23615 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23614 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23613 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23612 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23611 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23610 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23609 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23608 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23607 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23606 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23605 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23604 (GFI MailEssentials AI versions prior to22.4 contain a stored cross-sit ...)
-	TODO: check
+	NOT-FOR-US: GFI MailEssentials AI
 CVE-2026-23549 (Deserialization of Untrusted Data vulnerability in magepeopleteam WpEv ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23548 (Missing Authorization vulnerability in designinvento DirectoryPress di ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b6ee3355c12a69aef71b9ddfbfe3b9f0dd38164

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b6ee3355c12a69aef71b9ddfbfe3b9f0dd38164
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260219/6fd808ea/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list