[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 24 08:13:44 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4473fac1 by security tracker role at 2026-01-24T08:13:38+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55,51 +55,51 @@ CVE-2026-24139 (MyTube is a self-hosted downloader and player for several video
 CVE-2026-24136 (Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.2 ...)
 	TODO: check
 CVE-2026-24128 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2026-24127 (Typemill is a flat-file, Markdown-based CMS designed for informational ...)
 	TODO: check
 CVE-2026-22586 (Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Clo ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2026-22585 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sale ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2026-22583 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2026-22582 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2026-1386 (A UNIX symbolic link following issue in the jailer component in Firecr ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-1257 (The Administrative Shortcodes plugin for WordPress is vulnerable to Lo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1103 (The AIKTP plugin for WordPress is vulnerable to unauthorized modificat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1099 (The Administrative Shortcodes plugin for WordPress is vulnerable to St ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1097 (The ThemeRuby Multi Authors \u2013 Assign Multiple Writers to Posts pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1095 (The Canto Testimonials plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1088 (The Login Page Editor plugin for WordPress is vulnerable to Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1084 (The Cookie consent for developers plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1081 (The Set Bulk Post Categories plugin for WordPress is vulnerable to Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1076 (The Star Review Manager plugin for WordPress is vulnerable to Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1075 (The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Reques ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1070 (The Alex User Counter plugin for WordPress is vulnerable to Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0991
 	REJECTED
 CVE-2026-0807 (The Frontis Blocks plugin for WordPress is vulnerable to Server-Side R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0806 (The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection vi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-70458 (A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the Dom ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-70457 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester M ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2025-67264 (An OS command injection vulnerability in the com.sprd.engineermode com ...)
 	TODO: check
 CVE-2025-52026 (An information disclosure vulnerability exists in the /srvs/membersrv/ ...)
@@ -113,29 +113,29 @@ CVE-2025-52023 (A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru
 CVE-2025-52022 (A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2 ...)
 	TODO: check
 CVE-2025-14985 (The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14941 (The GZSEO plugin for WordPress is vulnerable to authorization bypass l ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14906 (The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14903 (The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14843 (The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14797 (The Same Category Posts plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14629 (The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14609 (The Wise Analytics plugin for WordPress is vulnerable to Missing Autho ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13952 (A web page that contains unusual GPU shader code is loaded from the In ...)
-	TODO: check
+	NOT-FOR-US: Imagination Technologies
 CVE-2025-13676 (The JustClick registration plugin for WordPress is vulnerable to Refle ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13374 (The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary fi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12836 (The VK Google Job Posting Manager plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12780
 	REJECTED
 CVE-2026-24636 (Missing Authorization vulnerability in Syed Balkhi Sugar Calendar (Lit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4473fac1b3a9c78871ecdde99b15aebcb5ab40ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4473fac1b3a9c78871ecdde99b15aebcb5ab40ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260124/5c29b0d1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list