[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 4 08:14:21 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2c77c7c1 by security tracker role at 2026-03-04T08:14:11+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-3487 (A vulnerability was found in itsourcecode College Management System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-3486 (A vulnerability has been found in itsourcecode College Management Syst ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-3485 (A flaw has been found in D-Link DIR-868L 110b03. This affects the func ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-3452 (Concrete CMS below version 9.4.8 is vulnerable toRemote Code Execution ...)
TODO: check
CVE-2026-3266 (Missing Authorization vulnerability in OpenText\u2122 Filr allows Auth ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2026-3244 (In Concrete CMS below version 9.4.8, A stored cross-site scripting (XS ...)
TODO: check
CVE-2026-3242 (In Concrete CMS below version 9.4.8, a rogue administrator can add sto ...)
@@ -17,27 +17,27 @@ CVE-2026-3241 (In Concrete CMS below version 9.4.8, astored cross-site scripting
CVE-2026-3240 (In Concrete CMS below version 9.4.8, auser with permission to edit a p ...)
TODO: check
CVE-2026-3224 (Authentication bypass in the Microsoft Entra ID (Azure AD) authenticat ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-3204 (Improper input validation in the error message page in Devolutions Se ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-3130 (Improper Enforcement of Behavioral Controls inDevolutions Server 2025. ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-3076
REJECTED
CVE-2026-2994 (Concrete CMS below version 9.4.8 is subject toCSRF by a Rogue Administ ...)
TODO: check
CVE-2026-2732 (The Enable Media Replace plugin for WordPress is vulnerable to unautho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2590 (Improper enforcement of the Disable password saving in vaults setting ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-2363 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2292 (The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2289 (The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2025 (The Mail Mint WordPress plugin before 1.19.5 does not have authorizat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-28778 (International Datacasting Corporation (IDC) SFX Series SuperFlex Satel ...)
TODO: check
CVE-2026-28777 (International Datacasting Corporation (IDC) SFX2100 Satellite Receiv ...)
@@ -83,57 +83,57 @@ CVE-2026-26272 (HomeBox is a home inventory and organization system. Prior to 0.
CVE-2026-26266 (AliasVault is a privacy-first password manager with built-in email ali ...)
TODO: check
CVE-2026-25906 (Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Reso ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-25590 (The GLPI Inventory Plugin handles network discovery, inventory, softwa ...)
TODO: check
CVE-2026-25146 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-24898 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-24848 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-24502 (Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contai ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-24415 (OpenSTAManager is an open source management software for technical ass ...)
TODO: check
CVE-2026-21866 (Dify is an open-source LLM app development platform. Prior to 1.11.2, ...)
TODO: check
CVE-2026-1980 (The WPBookit plugin for WordPress is vulnerable to unauthorized data d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1945 (The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1775 (The Labkotec LID-3300IP has an existing vulnerability in the ice detec ...)
TODO: check
CVE-2026-1713 (IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1651 (The Email Subscribers by Icegram Express plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1567 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML Ext ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1273 (The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites \u20 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0869 (Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorize ...)
- TODO: check
+ NOT-FOR-US: Brocade
CVE-2025-70241 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-70240 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-70239 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-70237 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-70234 (Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the cu ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-14480 (IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14456 (IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13688 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13687 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13686 (IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3494 (In MariaDB server version through 11.8.5, when server audit plugin is ...)
NOT-FOR-US: Amazon
CVE-2026-3484 (A vulnerability was detected in PhialsBasement nmap-mcp-server up to b ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c77c7c1817ae2939551a92b5ea380deeb289d5a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c77c7c1817ae2939551a92b5ea380deeb289d5a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260304/187235f2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list