[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 9 08:13:59 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad50e21e by security tracker role at 2026-01-09T08:13:53+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,37 +25,37 @@ CVE-2026-22588 (Spree is an open source e-commerce solution built with Ruby on R
 CVE-2026-21409 (Improper authorization vulnerability exists in RICOH Streamline NX 3.5 ...)
 	TODO: check
 CVE-2026-20976 (Improper input validation in Galaxy Store prior to version 4.6.02 allo ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2026-20975 (Improper handling of insufficient permission in Samsung Cloud prior to ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2026-20974 (Improper input validation in data related to network restrictions prio ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2026-20973 (Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Rel ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2026-20972 (Improper Export of Android Application Components in UwbTest prior to  ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2026-20971 (Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows  ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2026-20970 (Improper access control in SLocation prior to SMR Jan-2026 Release 1 a ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2026-20969 (Improper input validation in SecSettings prior to SMR Jan-2026 Release ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2026-20968 (Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local ...)
-	TODO: check
+	NOT-FOR-US: Samsung Mobile
 CVE-2026-0733 (A vulnerability was determined in PHPGurukul Online Course Registratio ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2026-0732 (A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-0731 (A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impac ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-0730 (A flaw has been found in PHPGurukul Staff Leave Management System 1.0. ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2026-0729 (A vulnerability was detected in code-projects Intern Membership Manage ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-0728 (A security vulnerability has been detected in code-projects Intern Mem ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-0563 (The WP Google Street View (with 360\xb0 virtual tour) & Google maps +  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-70974 (Fastjson before 1.2.48 mishandles autoType because, when an @type key  ...)
 	TODO: check
 CVE-2025-68719 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configurati ...)
@@ -67,55 +67,55 @@ CVE-2025-68717 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentic
 CVE-2025-68716 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH servic ...)
 	TODO: check
 CVE-2025-66315 (There is a configuration defect vulnerability in the version server of ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2025-15464 (Exported Activity allows external applications to gain application con ...)
 	TODO: check
 CVE-2025-15057 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15055 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-15019 (The BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14980 (The BetterDocs plugin for WordPress is vulnerable to Sensitive Informa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14937 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14893 (The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14886 (The Japanized for WooCommerce plugin for WordPress is vulnerable to un ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14803 (The NEX-Forms  WordPress plugin before 9.1.8 does not sanitise and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14782 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14741 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14736 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14720 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14718 (The Schedule Post Changes With PublishPress Future plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14657 (The Eventin \u2013 Event Manager, Events Calendar, Event Tickets and R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14574 (The weDocs plugin for WordPress is vulnerable to Sensitive Information ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14505 (The ECDSA implementation of the Elliptic package generates incorrect s ...)
 	TODO: check
 CVE-2025-14436 (The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14146 (The Booking Calendar plugin for WordPress is vulnerable to Sensitive I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13935 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13934 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13753 (The WP Table Builder \u2013 Drag & Drop Table Builder plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13749 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify HTML, C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13628 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0716
 	- libsoup3 <unfixed>
 	- libsoup2.4 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad50e21e0267bea42bbd6f3204f15a0024d05190

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad50e21e0267bea42bbd6f3204f15a0024d05190
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260109/285a2313/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list