[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 19 21:17:24 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad9a01c6 by Salvatore Bonaccorso at 2026-02-19T22:16:54+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-2817 (Use of insecure directory in Spring Data Geode snapshot import extract ...)
-	TODO: check
+	NOT-FOR-US: Spring Data Geode
 CVE-2026-2744
 	REJECTED
 CVE-2026-2736 (Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which ...)
@@ -11,9 +11,9 @@ CVE-2026-2718 (The Dealia \u2013 Request a Quote plugin for WordPress is vulnera
 CVE-2026-2716 (The Client Testimonial Slider plugin for WordPress is vulnerable to St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2409 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Delinea
 CVE-2026-2274 (A SSRF and Arbitrary File Read vulnerability in AppSheet Core in Googl ...)
-	TODO: check
+	NOT-FOR-US: Google AppSheet
 CVE-2026-2243 (A flaw was found in QEMU. A specially crafted VMDK image could trigger ...)
 	- qemu <unfixed>
 	NOTE: https://lore.kernel.org/qemu-devel/CAJ9qJssSwxkmEVethg57-Ph6maEfButSaV-r07ma9_x1sp6wYg@mail.gmail.com/
@@ -60,7 +60,7 @@ CVE-2026-27050 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Rea
 CVE-2026-27042 (Missing Authorization vulnerability in WPDeveloper NotificationX notif ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27013 (Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0 ...)
-	TODO: check
+	NOT-FOR-US: Fabric.js
 CVE-2026-26362 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Pa ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-26361 (Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External C ...)
@@ -83,24 +83,24 @@ CVE-2026-26337 (Hyland Alfresco Transformation Service allows unauthenticated at
 CVE-2026-26336 (Hyland Alfresco allows unauthenticated attackers to read arbitrary fil ...)
 	NOT-FOR-US: Hyland
 CVE-2026-26318 (systeminformation is a System and OS information library for node.js.  ...)
-	TODO: check
+	NOT-FOR-US: systeminformation Node.js module
 CVE-2026-26280 (systeminformation is a System and OS information library for node.js.  ...)
-	TODO: check
+	NOT-FOR-US: systeminformation Node.js module
 CVE-2026-26278 (fast-xml-parser allows users to validate XML, parse XML to JS object,  ...)
 	TODO: check
 CVE-2026-26267 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to versions 22. ...)
-	TODO: check
+	NOT-FOR-US: soroban-sdk
 CVE-2026-26223 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the private are ...)
 	- spip 4.4.9+dfsg-1
 	NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-8.html
 CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versi ...)
-	TODO: check
+	NOT-FOR-US: opa-envoy-plugun
 CVE-2026-26203 (PJSIP is a free and open source multimedia communication library. Vers ...)
 	TODO: check
 CVE-2026-26202 (Penpot is an open-source design tool for design and code collaboration ...)
-	TODO: check
+	NOT-FOR-US: Penpot
 CVE-2026-26201 (emp3r0r is a C2 designed by Linux users for Linux environments. Prior  ...)
-	TODO: check
+	NOT-FOR-US: emp3r0r
 CVE-2026-26200 (HDF5 is software for managing data. Prior to version 1.14.4-2, an atta ...)
 	TODO: check
 CVE-2026-26193 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
@@ -114,13 +114,13 @@ CVE-2026-26063 (CediPay is a crypto-to-fiat app for the Ghanaian market. A vulne
 CVE-2026-26059 (ChurchCRM is an open-source church management system. In versions prio ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2026-26057 (Skill Scanner is a security scanner for AI Agent Skills that detects p ...)
-	TODO: check
+	NOT-FOR-US: Skill Scanner
 CVE-2026-26030 (Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Semantic Kernel
 CVE-2026-26016 (Wings is the server control plane for Pterodactyl, a free, open-source ...)
-	TODO: check
+	NOT-FOR-US: Wings
 CVE-2026-25998 (strongMan is a management interface for strongSwan, an OpenSource IPse ...)
-	TODO: check
+	NOT-FOR-US: strongMan
 CVE-2026-25940 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, use ...)
 	TODO: check
 CVE-2026-25766 (Echo is a Go web framework. In versions 5.0.0 through 5.0.2 on Windows ...)
@@ -134,7 +134,7 @@ CVE-2026-25738 (Indico is an event management system that uses Flask-Multipass,
 CVE-2026-25535 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, use ...)
 	TODO: check
 CVE-2026-25527 (changedetection.io is a free open source web page change detection too ...)
-	TODO: check
+	NOT-FOR-US: changedetection.io
 CVE-2026-25473 (Missing Authorization vulnerability in AA-Team WZone woozone allows Ex ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25472 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -300,7 +300,7 @@ CVE-2026-25000 (Missing Authorization vulnerability in Kraft Plugins Wheel of Li
 CVE-2026-24999 (Missing Authorization vulnerability in Alma Alma alma-gateway-for-wooc ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24834 (Kata Containers is an open source project focusing on a standard imple ...)
-	TODO: check
+	NOT-FOR-US: Kata Containers
 CVE-2026-24392 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24375 (Missing Authorization vulnerability in WP Swings Ultimate Gift Cards F ...)
@@ -382,11 +382,11 @@ CVE-2026-1461 (The Simple Membership plugin for WordPress is vulnerable to Impro
 CVE-2026-1219 (The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by So ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9953 (Authorization Bypass Through User-Controlled SQL Primary Key vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: DATABASE Software Training Consulting Ltd.
 CVE-2025-9062 (Authorization Bypass Through User-Controlled Key vulnerability in MeCO ...)
-	TODO: check
+	NOT-FOR-US: MeCODE Informatics and Engineering Services Ltd. Envanty
 CVE-2025-8350 (Execution After Redirect (EAR), Missing Authentication for Critical Fu ...)
-	TODO: check
+	NOT-FOR-US: Inrove Software and Internet Services BiEticaret CMS
 CVE-2025-71250
 	REJECTED
 CVE-2025-71249
@@ -402,7 +402,7 @@ CVE-2025-71245
 CVE-2025-71244 (SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form ...)
 	TODO: check
 CVE-2025-71243 (The 'Saisies pour formulaire' (Saisies) plugin for SPIP versions 5.4.0 ...)
-	TODO: check
+	NOT-FOR-US: SPIP plugin
 CVE-2025-71242 (SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disc ...)
 	TODO: check
 CVE-2025-71241 (SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS ...)
@@ -412,9 +412,9 @@ CVE-2025-71240 (SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted
 CVE-2025-69725 (An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlash ...)
 	TODO: check
 CVE-2025-69674 (Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (B ...)
-	TODO: check
+	NOT-FOR-US: CDATA
 CVE-2025-67304 (In Ruckus Network Director (RND) < 4.5.0.54, the OVA appliance contain ...)
-	TODO: check
+	NOT-FOR-US: Ruckus
 CVE-2025-55853 (SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request F ...)
 	TODO: check
 CVE-2025-41023 (An authentication bypass vulnerability has been found in Thesamur's Au ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad9a01c67c26e97ffc85d19e4f91faa1d727fc7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad9a01c67c26e97ffc85d19e4f91faa1d727fc7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260219/857f88a9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list