[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 27 20:49:20 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1bd67ac by Salvatore Bonaccorso at 2026-02-27T21:46:32+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2026-2362 (The WP Accessibility plugin for WordPress is vulnerable to Stored
 CVE-2026-2359 (Multer is a node.js middleware for handling `multipart/form-data`. A v ...)
 	NOT-FOR-US: Node multer
 CVE-2026-2293 (A NestJS application using @nestjs/platform-fastify can allow bypass o ...)
-	TODO: check
+	NOT-FOR-US: NestJS nest
 CVE-2026-2252 (An XML External Entity (XXE) vulnerability allows malicious user to pe ...)
 	NOT-FOR-US: Xerox
 CVE-2026-2251 (Improper limitation of a pathname to a restricted directory (Path Trav ...)
@@ -129,35 +129,35 @@ CVE-2026-1305 (The Japanized for WooCommerce plugin for WordPress is vulnerable
 CVE-2025-69437 (PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploade ...)
 	NOT-FOR-US: PublicCMS
 CVE-2025-15498 (Pro3W CMS if vulnerable toSQL injection attacks.Improper neutralizatio ...)
-	TODO: check
+	NOT-FOR-US: Pro3W CMS
 CVE-2025-14142 (The Electric Enquiries plugin for WordPress is vulnerable to Stored Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11950 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: KNOWHY Advanced Technology rading Ltd. Co. EduAsist
 CVE-2025-11252 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Signum Technology Promotion and Training Inc. Windesk.Fm
 CVE-2025-11251 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Dayneks Software Industry and Trade Inc. E-Commerce Platform
 CVE-2024-10938 (The OVRI Payment plugin for WordPress contains malicious .htaccess fil ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2019-25497 (osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows  ...)
-	TODO: check
+	NOT-FOR-US: osCommerce
 CVE-2019-25496 (osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows  ...)
-	TODO: check
+	NOT-FOR-US: osCommerce
 CVE-2019-25495 (osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows  ...)
-	TODO: check
+	NOT-FOR-US: osCommerce
 CVE-2019-25494 (Homey BNB V4 contains an SQL injection vulnerability in the administra ...)
-	TODO: check
+	NOT-FOR-US: Homey BNB
 CVE-2019-25493 (Homey BNB V4 contains an SQL injection vulnerability that allows unaut ...)
-	TODO: check
+	NOT-FOR-US: Homey BNB
 CVE-2019-25492 (Homey BNB V4 contains an SQL injection vulnerability that allows unaut ...)
-	TODO: check
+	NOT-FOR-US: Homey BNB
 CVE-2019-25491 (Homey BNB V4 contains an SQL injection vulnerability that allows unaut ...)
-	TODO: check
+	NOT-FOR-US: Homey BNB
 CVE-2019-25490 (Homey BNB V4 contains a SQL injection vulnerability that allows unauth ...)
-	TODO: check
+	NOT-FOR-US: Homey BNB
 CVE-2019-25489 (Homey BNB V4 contains a SQL injection vulnerability that allows unauth ...)
-	TODO: check
+	NOT-FOR-US: Homey BNB
 CVE-2026-3302 (A weakness has been identified in SourceCodester Doctor Appointment Sy ...)
 	NOT-FOR-US: SourceCodester
 CVE-2026-3301 (A security flaw has been discovered in Totolink N300RH 6.1c.1353_B2019 ...)
@@ -417,9 +417,9 @@ CVE-2026-1558 (The WP Recipe Maker plugin for WordPress is vulnerable to an Inse
 CVE-2026-1442 (Since the encryption algorithm used to protect firmware updates is its ...)
 	NOT-FOR-US: Unitree
 CVE-2025-15567 (Insufficient protection mechanisms in the Health Module may lead to pa ...)
-	TODO: check
+	NOT-FOR-US: Vivo
 CVE-2025-15509 (TheSmartRemote module has insufficient restrictions on loading URLs, w ...)
-	TODO: check
+	NOT-FOR-US: Vivo
 CVE-2025-14149 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14040 (The Automotive Car Dealership Business WordPress Theme for WordPress i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1bd67ac5f7bdec6d0f0ded76b6ab86064a8babf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1bd67ac5f7bdec6d0f0ded76b6ab86064a8babf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260227/2ce4872d/attachment.htm>

More information about the debian-security-tracker-commits mailing list