[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 10 08:14:35 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
43937cdd by security tracker role at 2026-03-10T08:14:27+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-3585 (The The Events Calendar plugin for WordPress is vulnerable to Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-31816 (Budibase is a low code platform for creating internal tools, workflows ...)
TODO: check
CVE-2026-31802 (node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, ...)
@@ -49,7 +49,7 @@ CVE-2026-30862 (Appsmith is a platform to build admin panels, internal tools, an
CVE-2026-30240 (Budibase is a low code platform for creating internal tools, workflows ...)
TODO: check
CVE-2026-2364 (If a legitimate user confirms a self-update prompt or initiate an inst ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2026-29773 (Kubewarden is a policy engine for Kubernetes. Kubewarden cluster opera ...)
TODO: check
CVE-2026-28693 (ImageMagick is free and open-source software used for editing and mani ...)
@@ -87,17 +87,17 @@ CVE-2026-28281 (InstantCMS is a free and open source content management system.
CVE-2026-28267 (Multiple i-\u30d5\u30a3\u30eb\u30bf\u30fc products are configured with ...)
TODO: check
CVE-2026-27689 (Due to an uncontrolled resource consumption (Denial of Service) vulner ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-27688 (Due to a missing authorization check in SAP NetWeaver Application Serv ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-27687 (Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-27686 (Due to a Missing Authorization Check in SAP Business Warehouse (Servic ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-27685 (SAP NetWeaver Enterprise Portal Administration is vulnerable if a priv ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-27684 (SAP NetWeaver Feedback Notifications Service contains a SQL injection ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-26982 (Ghostty is a cross-platform terminal emulator. Ghostty allows control ...)
TODO: check
CVE-2026-25960 (vLLM is an inference and serving engine for large language models (LLM ...)
@@ -107,43 +107,43 @@ CVE-2026-25737 (Budibase is a low code platform for creating internal tools, wor
CVE-2026-25045 (Budibase is a low code platform for creating internal tools, workflows ...)
TODO: check
CVE-2026-24317 (SAP GUI for Windows allows DLL files to be loaded from arbitrary direc ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24316 (SAP NetWeaver Application Server for ABAP provides an ABAP Report for ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24313 (SAP Solution Tools Plug-In (ST-PI) contains a function module that doe ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24311 (The SAP Customer Checkout application exhibits certain design characte ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24310 (Due to missing authorization check in SAP NetWeaver Application Server ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24309 (Due to missing authorization check in SAP NetWeaver Application Server ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-1920 (The Booking Calendar for Appointments and Service Businesses \u2013 Bo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1919 (The Booking Calendar for Appointments and Service Businesses \u2013 Bo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1776 (Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, ...)
TODO: check
CVE-2026-1508 (The Court Reservation WordPress plugin before 1.10.9 does not have CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0953 (The Tutor LMS Pro plugin for WordPress is vulnerable to authentication ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0489 (Due to insufficient validation of user-controlled input in the URLs qu ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-70973 (ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assi ...)
TODO: check
CVE-2025-70028 (An issue pertaining to CWE-22: Improper Limitation of a Pathname to a ...)
TODO: check
CVE-2025-36173 (Affected Product(s)Version(s)InfoSphere Data Architect9.2.1)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36105 (IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-2399 (Improper Validation of Specified Index, Position, or Offset in Input v ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2025-15603 (A security vulnerability has been detected in open-webui up to 0.6.16. ...)
TODO: check
CVE-2025-11158 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2026-3288 (A security issue was discovered in ingress-nginx where the `nginx.ingr ...)
NOT-FOR-US: Kubernetes ingress-nginx
CVE-2026-3819 (A vulnerability has been found in SourceCodester Resort Reservation Sy ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43937cdd3f6787d5c252a9de8d47036ac165255f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43937cdd3f6787d5c252a9de8d47036ac165255f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260310/8f63b60e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list