[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 27 08:14:26 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8ddd40c3 by security tracker role at 2026-02-27T08:14:18+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-3302 (A weakness has been identified in SourceCodester Doctor Appointment Sy ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-3301 (A security flaw has been discovered in Totolink N300RH 6.1c.1353_B2019 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-3293 (A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0 ...)
 	TODO: check
 CVE-2026-3292 (A security vulnerability has been detected in jizhiCMS up to 2.5.6. Af ...)
@@ -23,15 +23,15 @@ CVE-2026-3282 (A flaw has been found in libvips 8.19.0. This vulnerability affec
 CVE-2026-3281 (A vulnerability was detected in libvips 8.19.0. This affects the funct ...)
 	TODO: check
 CVE-2026-3275 (A weakness has been identified in Tenda F453 1.0.0.3. This affects the ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-3274 (A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-3273 (A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-3272 (A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-3271 (A vulnerability was found in Tenda F453 1.0.0.3. This impacts the func ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2026-3270 (A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. Thi ...)
 	TODO: check
 CVE-2026-3269 (A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted ...)
@@ -47,11 +47,11 @@ CVE-2026-3263 (A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Ord
 CVE-2026-3262 (A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Ord ...)
 	TODO: check
 CVE-2026-3261 (A flaw has been found in itsourcecode School Management System 1.0. Th ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-3037 (An OS command injection vulnerability exists in XWEB Pro version 1.12. ...)
 	TODO: check
 CVE-2026-2428 (The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-28370 (In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0 ...)
 	TODO: check
 CVE-2026-28364 (In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Mar ...)
@@ -73,15 +73,15 @@ CVE-2026-28269 (Kiteworks is a private data network (PDN). Prior to version 9.2.
 CVE-2026-28230 (SteVe is an open-source EV charging station management system. In vers ...)
 	TODO: check
 CVE-2026-28227 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-28226 (Phishing Club is a phishing simulation and man-in-the-middle framework ...)
 	TODO: check
 CVE-2026-28225 (Manyfold is an open source, self-hosted web application for managing a ...)
 	TODO: check
 CVE-2026-28219 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-28218 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-28217 (hoppscotch is an open source API development ecosystem. Prior to versi ...)
 	TODO: check
 CVE-2026-28216 (hoppscotch is an open source API development ecosystem. Prior to versi ...)
@@ -121,25 +121,25 @@ CVE-2026-27638 (Actual is a local-first personal finance tool. Prior to version
 CVE-2026-27457 (Weblate is a web based localization tool. Prior to version 5.16.1, the ...)
 	TODO: check
 CVE-2026-27449 (Umbraco Engage is a business intelligence platform. A vulnerability ha ...)
-	TODO: check
+	NOT-FOR-US: Umbraco CMS
 CVE-2026-27162 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-27154 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-27153 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-27152 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-27151 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-27150 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-27149 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-27028 (WebSocket endpoints lack proper authentication mechanisms, enabling  a ...)
 	TODO: check
 CVE-2026-27021 (Discourse is an open source discussion platform. Prior to versions 202 ...)
-	TODO: check
+	NOT-FOR-US: Discourse
 CVE-2026-26305 (The WebSocket Application Programming Interface lacks restrictions on  ...)
 	TODO: check
 CVE-2026-26290 (The WebSocket backend uses charging station identifiers to uniquely  a ...)
@@ -233,9 +233,9 @@ CVE-2026-20742 (An OS command injection   vulnerability exists in XWEB Pro versi
 CVE-2026-20733 (Charging station authentication identifiers are publicly accessible vi ...)
 	TODO: check
 CVE-2026-1585 (An unquoted Windows service executable path vulnerability in IJ Scan U ...)
-	TODO: check
+	NOT-FOR-US: Canon
 CVE-2026-1558 (The WP Recipe Maker plugin for WordPress is vulnerable to an Insecure  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1442 (Since the encryption algorithm used to protect firmware updates is its ...)
 	TODO: check
 CVE-2025-15567 (Insufficient protection mechanisms in the Health Module may lead to pa ...)
@@ -243,11 +243,11 @@ CVE-2025-15567 (Insufficient protection mechanisms in the Health Module may lead
 CVE-2025-15509 (TheSmartRemote module has insufficient restrictions on loading URLs, w ...)
 	TODO: check
 CVE-2025-14149 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14040 (The Automotive Car Dealership Business WordPress Theme for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12981 (The Listee theme for WordPress is vulnerable to privilege escalation i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-31364 (Improper handling of direct memory writes in the input-output memory m ...)
 	TODO: check
 CVE-2026-XXXX [rashes Opus buffer overruns]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ddd40c357390c141460865541bacb685c556ce8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8ddd40c357390c141460865541bacb685c556ce8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260227/76ce5d65/attachment.htm>

More information about the debian-security-tracker-commits mailing list