[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 6 08:14:10 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2bd862a by security tracker role at 2026-01-06T08:14:00+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,17 +35,17 @@ CVE-2026-21439 (badkeys is a tool and library for checking cryptographic public
 CVE-2026-21411 (Authentication bypass issue exists in OpenBlocks series versions prior ...)
 	TODO: check
 CVE-2026-0625 (Multiple D-Link DSL gateway devices contain a command injection vulner ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-0621 (Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 con ...)
 	TODO: check
 CVE-2026-0607 (A flaw has been found in code-projects Online Music Site 1.0. This aff ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-0606 (A vulnerability was detected in code-projects Online Music Site 1.0. A ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-0605 (A security vulnerability has been detected in code-projects Online Mus ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-0604 (The FastDup \u2013 Fastest WordPress Migration & Duplicator plugin for ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-69197 (Pterodactyl is a free, open-source game server management panel. Versi ...)
 	TODO: check
 CVE-2025-68954 (Pterodactyl is a free, open-source game server management panel. Versi ...)
@@ -81,103 +81,103 @@ CVE-2025-64422 (Coolify is an open-source and self-hostable tool for managing se
 CVE-2025-61916 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...)
 	TODO: check
 CVE-2025-4776 (The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scrip ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-20807 (In dpe, there is a possible out of bounds write due to an integer over ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20806 (In dpe, there is a possible memory corruption due to use after free. T ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20805 (In dpe, there is a possible memory corruption due to use after free. T ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20804 (In dpe, there is a possible memory corruption due to use after free. T ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20803 (In dpe, there is a possible memory corruption due to an integer overfl ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20802 (In geniezone, there is a possible memory corruption due to use after f ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20801 (In seninf, there is a possible memory corruption due to a race conditi ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20800 (In mminfra, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20799 (In c2ps, there is a possible memory corruption due to use after free.  ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20798 (In battery, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20797 (In battery, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20796 (In imgsys, there is a possible out of bounds write due to improper inp ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20795 (In KeyInstall, there is a possible out of bounds write due to a missin ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20794 (In Modem, there is a possible system crash due to improper input valid ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20793 (In Modem, there is a possible system crash due to incorrect error hand ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20787 (In display, there is a possible memory corruption due to use after fre ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20786 (In display, there is a possible memory corruption due to use after fre ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20785 (In display, there is a possible memory corruption due to use after fre ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20784 (In display, there is a possible memory corruption due to uninitialized ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20783 (In display, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20782 (In display, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20781 (In display, there is a possible memory corruption due to use after fre ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20780 (In display, there is a possible memory corruption due to use after fre ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20779 (In display, there is a possible use after free due to a race condition ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20778 (In display, there is a possible out of bounds write due to a missing b ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20762 (In Modem, there is a possible system crash due to incorrect error hand ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20761 (In Modem, there is a possible system crash due to incorrect error hand ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-20760 (In Modem, there is a possible read of uninitialized heap data due to a ...)
-	TODO: check
+	NOT-FOR-US: MediaTek
 CVE-2025-15385 (Insufficient Verification of Data Authenticity vulnerability in TECNO  ...)
-	TODO: check
+	NOT-FOR-US: TECNO Mobile
 CVE-2025-15364 (The Download Manager plugin for WordPress is vulnerable to privilege e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15001 (The FS Registration Password plugin for WordPress is vulnerable to pri ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14997 (The BuddyPress Xprofile Custom Field Types plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14996 (The AS Password Field In Default Registration Form plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14441 (The Popupkit plugin for WordPress is vulnerable to arbitrary subscribe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14438 (The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14371 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with Open ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14153 (The Page Expire Popup/Redirection for WordPress plugin for WordPress i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14120 (The URL Image Importer plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14034 (The ilGhera Support System for WooCommerce plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13812 (The GamiPress \u2013 Gamification plugin to reward points, achievement ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13746 (The ForumWP \u2013 Forum & Discussion Board plugin for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13652 (The CBX Bookmark & Favorite plugin for WordPress is vulnerable to gene ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13409 (The Form Vibes \u2013 Database Manager for Forms plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13215 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12793 (An uncontrolled DLL loading path vulnerability exists in AsusSoftwareM ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2025-12067 (The Table Field Add-on for ACF and SCF plugin for WordPress is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11723 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11370 (The Popup and Slider Builder by Depicter \u2013 Add Email collecting P ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-69225 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2bd862a8c6ea6b399ae49692abc0b17b495d21c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2bd862a8c6ea6b399ae49692abc0b17b495d21c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260106/5cd9f52d/attachment.htm>

More information about the debian-security-tracker-commits mailing list