[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6de5a771 by Salvatore Bonaccorso at 2026-01-01T17:04:34+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,11 +5,11 @@ CVE-2025-69412 (KDE messagelib before 25.11.90 ignores SSL errors for threatMatc
 	- kf5-messagelib <removed>
 	NOTE: https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3 (v25.11.90)
 CVE-2025-69288 (Titra is open source project time tracking software. Prior to version  ...)
-	TODO: check
+	NOT-FOR-US: Titra
 CVE-2025-69286 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
-	TODO: check
+	NOT-FOR-US: RAGFlow
 CVE-2025-68700 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
-	TODO: check
+	NOT-FOR-US: RAGFlow
 CVE-2025-67711 (There is a stored cross site scripting issue in Esri ArcGIS Server 11. ...)
 	NOT-FOR-US: Esri
 CVE-2025-67710 (There is a stored cross site scripting issue in Esri ArcGIS Server 11. ...)
@@ -37,7 +37,7 @@ CVE-2025-50053 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-47566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-34469 (Cowrie versions prior to 2.9.0 contain a server-side request forgery ( ...)
-	TODO: check
+	NOT-FOR-US: Cowrie
 CVE-2025-31054 (Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie all ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30628 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -45,7 +45,7 @@ CVE-2025-30628 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2025-28973 (Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermar ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28949 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress Media Library Folders
 CVE-2025-22203
 	REJECTED
 CVE-2025-22202
@@ -99,17 +99,17 @@ CVE-2025-22155
 CVE-2025-22154
 	REJECTED
 CVE-2025-15398 (A security vulnerability has been detected in Uasoft badaso up to 2.9. ...)
-	TODO: check
+	NOT-FOR-US: Uasoft badaso
 CVE-2025-13820 (The Comments  WordPress plugin before 7.6.40 does not properly validat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11157 (A high-severity remote code execution vulnerability exists in feast-de ...)
-	TODO: check
+	NOT-FOR-US: feast-dev/feast
 CVE-2023-7332 (PocketMine-MP versions prior to 4.18.1 contain an improper input valid ...)
-	TODO: check
+	NOT-FOR-US: PocketMine-MP
 CVE-2023-7331 (A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0 ...)
-	TODO: check
+	NOT-FOR-US: PKrystian Full-Stack-Bank
 CVE-2015-10145 (Gargoyle router management utility versions 1.5.x contain an authentic ...)
-	TODO: check
+	NOT-FOR-US: Gargoyle router management utility
 CVE-2025-66160 (Missing Authorization vulnerability in merkulove Select Graphist for E ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-66159 (Missing Authorization vulnerability in merkulove Walker for Elementor  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6de5a7714844b0981094be7abc5a2cd73f8b0bd0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6de5a7714844b0981094be7abc5a2cd73f8b0bd0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260101/90e13ee0/attachment-0001.htm>