[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 26 08:14:58 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94b36bb7 by security tracker role at 2026-02-26T08:14:50+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,19 +5,19 @@ CVE-2026-3200 (A vulnerability was identified in z-9527 admin 1.0/2.0. The affec
 CVE-2026-3172 (Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through ...)
 	TODO: check
 CVE-2026-2694 (The The Events Calendar plugin for WordPress is vulnerable to unauthor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2506 (The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2499 (The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2498 (The WP Social Meta plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2489 (The TP2WP Importer plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2356 (The User Registration & Membership \u2013 Custom Registration Form, Lo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2029 (The Livemesh Addons for Beaver Builder plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-27976 (Zed, a code editor, has an extension installer allows tar/gzip downloa ...)
 	TODO: check
 CVE-2026-27975 (Ajenti is a Linux and BSD modular server admin panel. Prior to version ...)
@@ -59,7 +59,7 @@ CVE-2026-27946 (ZITADEL is an open source identity management platform. Prior to
 CVE-2026-27945 (ZITADEL is an open source identity management platform. Zitadel Action ...)
 	TODO: check
 CVE-2026-27943 (OpenEMR is a free and open source electronic health records and medica ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2026-27942 (fast-xml-parser allows users to validate XML, parse XML to JS object,  ...)
 	TODO: check
 CVE-2026-27941 (OpenLIT is an open source platform for AI engineering. Prior to versio ...)
@@ -187,7 +187,7 @@ CVE-2026-22728 (Bitnami Sealed Secretsis vulnerable to a scope-widening attack d
 CVE-2026-22721 (VMware Aria Operations contains a privilege escalation vulnerability.  ...)
 	TODO: check
 CVE-2026-1779 (The User Registration & Membership plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1698 (A HTTP Host header attack vulnerability affects WebClient and the WebS ...)
 	TODO: check
 CVE-2026-1697 (The Secure and SameSite attribute are missing in the GraphicalData web ...)
@@ -203,11 +203,11 @@ CVE-2026-1693 (The OAuth grant type Resource Owner Password Credentials (ROPC) f
 CVE-2026-1692 (A missing origin validation in WebSockets vulnerability affects the Gr ...)
 	TODO: check
 CVE-2026-1557 (The WP Responsive Images plugin for WordPress is vulnerable to Path Tr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1311 (The Worry Proof Backup plugin for WordPress is vulnerable to Path Trav ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0542 (ServiceNow has addressed a remote code execution vulnerability that wa ...)
-	TODO: check
+	NOT-FOR-US: ServiceNow
 CVE-2026-3190
 	- keycloak <itp> (bug #1088287)
 CVE-2026-3184 [Access control bypass due to improper hostname canonicalization]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94b36bb761d82d8dd870c5b83e15f333f272758e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94b36bb761d82d8dd870c5b83e15f333f272758e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260226/0536f92c/attachment.htm>

More information about the debian-security-tracker-commits mailing list