[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 26 20:14:32 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17d141d5 by security tracker role at 2026-02-26T20:14:24+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,15 +15,15 @@ CVE-2026-28296 (A flaw was found in the FTP GVfs backend. A remote attacker coul
 CVE-2026-28295 (A flaw was found in the FTP GVfs backend. A malicious FTP server can e ...)
 	TODO: check
 CVE-2026-28138 (Deserialization of Untrusted Data vulnerability in Stylemix uListing u ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-28136 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-28132 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-28131 (Insertion of Sensitive Information Into Sent Data vulnerability in WPV ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-28083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27510 (Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the ...)
 	TODO: check
 CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU)  ...)
@@ -31,9 +31,9 @@ CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11
 CVE-2026-27141 (Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a ...)
 	TODO: check
 CVE-2026-26979 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-26973 (Discourse is an open source discussion platform. Versions prior to 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-26938 (Improper Neutralization of Special Elements Used in a Template Engine  ...)
 	TODO: check
 CVE-2026-26937 (Uncontrolled Resource Consumption (CWE-400) in the Timelion component  ...)
@@ -49,17 +49,17 @@ CVE-2026-26932 (Improper Validation of Array Index (CWE-129) in the PostgreSQL p
 CVE-2026-26682 (An issue in fastCMS before v.0.1.6 allows a local attacker to execute  ...)
 	TODO: check
 CVE-2026-26265 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-26228 (VideoLAN VLC for Android prior to version 3.7.0 contains a path traver ...)
 	TODO: check
 CVE-2026-26227 (VideoLAN VLC for Android prior to version 3.7.0 contains an authentica ...)
 	TODO: check
 CVE-2026-26207 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-26078 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-26077 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-23939 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	TODO: check
 CVE-2026-23750 (Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap ...)
@@ -75,13 +75,13 @@ CVE-2026-22722 (A malicious actor with authenticated user privileges on a Window
 CVE-2026-22715 (VMWare Workstation and Fusion contain a logic flaw in the management o ...)
 	TODO: check
 CVE-2026-1565 (The User Frontend: AI Powered Frontend Posting, User Directory, Profil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1241 (The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to  ...)
 	TODO: check
 CVE-2026-1198 (SIMPLE.ERP is vulnerable to the SQL Injection in search functionality  ...)
 	TODO: check
 CVE-2025-71057 (Improper session management in D-Link Wireless N 300 ADSL2+ Modem Rout ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-64999 (Improper neutralization of input in Checkmk versions 2.4.0 before 2.4. ...)
 	TODO: check
 CVE-2025-56605 (A reflected Cross-Site Scripting (XSS) vulnerability exists in the reg ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17d141d5f0ab40106b43888335101da59aeabd4d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17d141d5f0ab40106b43888335101da59aeabd4d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260226/42ac0943/attachment.htm>

More information about the debian-security-tracker-commits mailing list