[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 27 20:15:13 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef27997c by security tracker role at 2026-02-27T20:15:03+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,31 +3,31 @@ CVE-2026-3327 (Authenticated Iframe Injection in Dato CMS Web Previews plugin. T
 CVE-2026-3304 (Multer is a node.js middleware for handling `multipart/form-data`. A v ...)
 	TODO: check
 CVE-2026-3277 (The OpenID Connect (OIDC) authentication configuration in PowerShell   ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-3223 (Arbitrary file write & potential privilege escalation exploiting zip s ...)
 	TODO: check
 CVE-2026-2880 (A vulnerability in @fastify/middie versions < 9.2.0 can result in auth ...)
 	TODO: check
 CVE-2026-2831 (The MailArchiver plugin for WordPress is vulnerable to SQL Injection v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2751 (Blind SQL Injection via unsanitized array keys in Service Dependencies ...)
-	TODO: check
+	NOT-FOR-US: Centreon
 CVE-2026-2750 (Improper Input Validation vulnerability in Centreon Centreon Open Tick ...)
-	TODO: check
+	NOT-FOR-US: Centreon
 CVE-2026-2749 (Vulnerability in Centreon Centreon Open Tickets on Central Server on L ...)
-	TODO: check
+	NOT-FOR-US: Centreon
 CVE-2026-2383 (The Simple Download Monitor plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2362 (The WP Accessibility plugin for WordPress is vulnerable to Stored DOM- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2359 (Multer is a node.js middleware for handling `multipart/form-data`. A v ...)
 	TODO: check
 CVE-2026-2293 (A NestJS application using @nestjs/platform-fastify can allow bypass o ...)
 	TODO: check
 CVE-2026-2252 (An XML External Entity (XXE) vulnerability allows malicious user to pe ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2026-2251 (Improper limitation of a pathname to a restricted directory (Path Trav ...)
-	TODO: check
+	NOT-FOR-US: Xerox
 CVE-2026-28354 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
 	TODO: check
 CVE-2026-27947 (Group-Office is an enterprise customer relationship management and gro ...)
@@ -89,9 +89,9 @@ CVE-2026-26862 (CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DO
 CVE-2026-26861 (CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Si ...)
 	TODO: check
 CVE-2026-25147 (OpenEMR is a free and open source electronic health records and medica ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2026-24488 (OpenEMR is a free and open source electronic health records and medica ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2026-24352 (PluXml CMS allows a user's session identifier to be set before authent ...)
 	TODO: check
 CVE-2026-24351 (PluXml CMS is vulnerable to Stored XSS in Static Pages editing functio ...)
@@ -103,33 +103,33 @@ CVE-2026-22717 (Out-of-bound read vulnerability in VMware Workstation 25H1 and b
 CVE-2026-22716 (Out-of-bound write vulnerability in VMware Workstation 25H1 and below  ...)
 	TODO: check
 CVE-2026-21660 (Hardcoded Email Credentials Saved as Plaintext in Firmware (CWE-256: P ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2026-21659 (Unauthenticated Remote Code Execution and Information Disclosure due t ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2026-21658 (Unauthenticated Remote Code Execution i.e Improper Control of Generati ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2026-21657 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2026-21656 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2026-21654 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2026-21619 (Uncontrolled Resource Consumption, Deserialization of Untrusted Data v ...)
 	TODO: check
 CVE-2026-1627 (An attacker may exploit the use of outdated and weak MAC algorithms in ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-1626 (An attacker may exploit the use of weak CBC-based cipher suites in the ...)
-	TODO: check
+	NOT-FOR-US: SICK AG
 CVE-2026-1434 (Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An a ...)
 	TODO: check
 CVE-2026-1305 (The Japanized for WooCommerce plugin for WordPress is vulnerable to Im ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-69437 (PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploade ...)
 	TODO: check
 CVE-2025-15498 (Pro3W CMS if vulnerable toSQL injection attacks.Improper neutralizatio ...)
 	TODO: check
 CVE-2025-14142 (The Electric Enquiries plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11950 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-11252 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -137,7 +137,7 @@ CVE-2025-11252 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2025-11251 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2024-10938 (The OVRI Payment plugin for WordPress contains malicious .htaccess fil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2019-25497 (osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows  ...)
 	TODO: check
 CVE-2019-25496 (osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef27997c1d321713ef6060dc42f75529a173ffcb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef27997c1d321713ef6060dc42f75529a173ffcb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260227/9dbedc23/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list