[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 10 08:13:51 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed4a7ad5 by security tracker role at 2026-01-10T08:13:41+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,7 +71,7 @@ CVE-2026-22594 (Ghost is a Node.js content management system. In versions 5.105.
 CVE-2026-22589 (Spree is an open source e-commerce solution built with Ruby on Rails.  ...)
 	TODO: check
 CVE-2026-22584 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2026-22030 (React Router is a router for React. In @remix-run/server-runtime versi ...)
 	TODO: check
 CVE-2026-22029 (React Router is a router for React. In @remix-run/router version prior ...)
@@ -97,15 +97,15 @@ CVE-2026-21897 (CryptoLib provides a software-only solution using the CCSDS Spac
 CVE-2026-21884 (React Router is a router for React. In @remix-run/react version prior  ...)
 	TODO: check
 CVE-2026-0830 (Processing specially crafted workspace folder names could allow for ar ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2025-68470 (React Router is a router for React. In versions 6.0.0 through 6.30.1 a ...)
 	TODO: check
 CVE-2025-65091 (XWiki Full Calendar Macro displays objects from the wiki on the calend ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-65090 (XWiki Full Calendar Macro displays objects from the wiki on the calend ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2025-62487 (### Details On October 1, 2025, Palantir discovered that images upload ...)
-	TODO: check
+	NOT-FOR-US: Palantir
 CVE-2025-61686 (React Router is a router for React. In @react-router/node versions 7.0 ...)
 	TODO: check
 CVE-2025-61676 (October is a Content Management System (CMS) and web platform. Prior t ...)
@@ -119,13 +119,13 @@ CVE-2025-59057 (React Router is a router for React. In @remix-run/react versions
 CVE-2025-51626 (SQL injection vulnerability in pss.sale.com 1.0 via the id parameter t ...)
 	TODO: check
 CVE-2025-46299 (A memory initialization issue was addressed with improved memory handl ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-46298 (The issue was addressed with improved memory handling. This issue is f ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-46297 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-46286 (A logic issue was addressed with improved validation. This issue is fi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-15502 (A vulnerability was identified in Sangfor Operation and Maintenance Ma ...)
 	TODO: check
 CVE-2025-15501 (A vulnerability was determined in Sangfor Operation and Maintenance Ma ...)
@@ -135,11 +135,11 @@ CVE-2025-15500 (A vulnerability was found in Sangfor Operation and Maintenance M
 CVE-2025-15499 (A vulnerability has been found in Sangfor Operation and Maintenance Ma ...)
 	TODO: check
 CVE-2025-14948 (The miniOrange OTP Verification and SMS Notification for WooCommerce p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14943 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13457 (The WooCommerce Square plugin for WordPress is vulnerable to Insecure  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-22198 (GestSup versions up to and including 3.2.56 contain a pre-authenticati ...)
 	NOT-FOR-US: GestSup
 CVE-2026-22197 (GestSup versions up to and including 3.2.56 contain multiple SQL injec ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed4a7ad546c3378d9dcb7a078e7c1a3f3b1ed0bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed4a7ad546c3378d9dcb7a078e7c1a3f3b1ed0bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260110/0bbcd9d4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list