[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jan 16 20:15:56 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73f17025 by security tracker role at 2026-01-16T20:15:07+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2026-23731 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, Th ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-23730 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-23729 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-23728 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-23727 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-23726 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-23725 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-23724 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-23723 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-23722 (WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a  ...)
-	TODO: check
+	NOT-FOR-US: WeGIA
 CVE-2026-23645 (SiYuan is self-hosted, open source personal knowledge management softw ...)
 	TODO: check
 CVE-2026-23634 (Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to  ...)
@@ -37,21 +37,21 @@ CVE-2026-22876 (Path Traversal vulnerability exists in multiple Network Cameras
 CVE-2026-22782 (RustFS is a distributed object storage system built in Rust. From >= 1 ...)
 	TODO: check
 CVE-2026-21625 (User provided uploads to the Easy Discuss component for Joomla aren't  ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-21624 (Lack of input filterung leads to a persistent XSS vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-21623 (Lack of input filterung leads to a persistent XSS vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-20894 (Cross-site scripting vulnerability exists in multiple Network Cameras  ...)
 	TODO: check
 CVE-2026-20759 (OS Command Injection vulnerability exists in multiple Network Cameras  ...)
 	TODO: check
 CVE-2026-1004 (The Essential Addons for Elementor plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0949 (PEM versions prior to 9.8.1 are affected by a stored Cross-site Script ...)
 	TODO: check
 CVE-2026-0913 (The User Submitted Posts \u2013 Enable Users to Submit Posts from the  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0823
 	REJECTED
 CVE-2026-0696 (In ConnectWise PSA versions older than 2026.1, certain session cookies ...)
@@ -69,29 +69,29 @@ CVE-2026-0613 (The Librarian contains an internal port scanning vulnerability, f
 CVE-2026-0612 (The Librarian contains a information leakage vulnerability through the ...)
 	TODO: check
 CVE-2025-71020 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-70746 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-69581 (An issue was discovered in Chamillo LMS 1.11.2. The Social Network /pe ...)
 	TODO: check
 CVE-2025-68924 (In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can ...)
-	TODO: check
+	NOT-FOR-US: Umbraco CMS
 CVE-2025-68921 (SteelSeries Nahimic 3 1.10.7 allows Directory traversal.)
 	TODO: check
 CVE-2025-59870 (HCL MyXalytics v6.7 is affected by improper management of a static JWT ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-48647 (In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, t ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2025-43508 (A logging issue was addressed with improved data redaction. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-31186 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-29943 (Write what were condition within AMD CPUs may allow an admin-privilege ...)
 	TODO: check
 CVE-2025-24090 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-24089 (A permissions issue was addressed with additional restrictions. This i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-15104 (Nu Html Checker (validator.nu) contains a restriction bypass that allo ...)
 	TODO: check
 CVE-2025-15032 (Missing about:blank indicator in custom-sized new windows in Dia befor ...)
@@ -99,25 +99,25 @@ CVE-2025-15032 (Missing about:blank indicator in custom-sized new windows in Dia
 CVE-2025-14894 (Livewire Filemanager, commonly used in Laravel applications, contains  ...)
 	TODO: check
 CVE-2025-14844 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14822 (Mattermost versions 10.11.x <= 10.11.8 fail to validate input size bef ...)
 	TODO: check
 CVE-2025-14757 (The Cost Calculator Builder plugin for WordPress is vulnerable to Unau ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14510 (Incorrect Implementation of Authentication Algorithm vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: ABB group
 CVE-2025-14435 (Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11 ...)
 	TODO: check
 CVE-2025-12007 (There is a vulnerability in the Supermicro BMC firmware validation log ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2025-12006 (There is a vulnerability in the Supermicro BMC firmware validation log ...)
-	TODO: check
+	NOT-FOR-US: Supermicro
 CVE-2024-54556 (This issue was addressed through improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-44238 (The issue was addressed with improved bounds checks. This issue is fix ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2024-44210 (This issue was addressed with improved permissions checking. This issu ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2021-47847 (Disk Sorter Server 13.6.12 contains an unquoted service path vulnerabi ...)
 	TODO: check
 CVE-2021-47845 (Spy Emergency 25.0.650 contains an unquoted service path vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73f17025d57b93793981e663f8f6662db9ffad46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73f17025d57b93793981e663f8f6662db9ffad46
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260116/ac291dbe/attachment.htm>

More information about the debian-security-tracker-commits mailing list