[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 11 20:13:56 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3a8fd03 by security tracker role at 2026-03-11T20:13:47+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,27 +9,27 @@ CVE-2026-3949 (A vulnerability was determined in strukturag libheif up to 1.21.2
CVE-2026-3946 (A vulnerability was detected in PHPEMS 11.0. The affected element is a ...)
TODO: check
CVE-2026-3944 (A vulnerability was determined in itsourcecode University Management S ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-3943 (A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This af ...)
TODO: check
CVE-2026-3906 (WordPress core is vulnerable to unauthorized access in versions 6.9 th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3848 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-3496 (The JetBooking plugin for WordPress is vulnerable to SQL Injection via ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3492 (The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3231 (The Checkout Field Editor (Checkout Manager) for WooCommerce plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3178 (The Name Directory plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3013 (Coppermine Photo Gallery in versions 1.6.09 through 1.6.27is vulnerabl ...)
TODO: check
CVE-2026-32234 (Parse Server is an open source backend that can be deployed to any inf ...)
TODO: check
CVE-2026-32229 (In JetBrains Hub before 2026.1 possible on sign-in account mismatch wi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-32098 (Parse Server is an open source backend that can be deployed to any inf ...)
TODO: check
CVE-2026-32097 (PingPong is a platform for using large language models (LLMs) for teac ...)
@@ -41,15 +41,15 @@ CVE-2026-32095 (Plunk is an open-source email platform built on top of AWS SES.
CVE-2026-32094 (Shescape is a simple shell escape library for JavaScript. Prior to 2.1 ...)
TODO: check
CVE-2026-32063 (OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command inj ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32062 (OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-ca ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32061 (OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32060 (OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32059 (OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins va ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31979 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
TODO: check
CVE-2026-31976 (xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 202 ...)
@@ -69,17 +69,17 @@ CVE-2026-31958 (Tornado is a Python web framework and asynchronous networking li
CVE-2026-31957 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
TODO: check
CVE-2026-31954 (Emlog is an open source website building system. In 2.6.6 and earlier, ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2026-31901 (Parse Server is an open source backend that can be deployed to any inf ...)
TODO: check
CVE-2026-31900 (Black is the uncompromising Python code formatter. Black provides a Gi ...)
TODO: check
CVE-2026-31896 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-31895 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-31894 (WeGIA is a web manager for charitable institutions. In 3.6.5, The patc ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-31892 (Argo Workflows is an open source container-native workflow engine for ...)
TODO: check
CVE-2026-31889 (Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, ...)
@@ -141,17 +141,17 @@ CVE-2026-31839 (Striae is a firearms examiner's comparison companion. A high-sev
CVE-2026-31813 (Supabase Auth is a JWT based API for managing users and issuing JWT to ...)
TODO: check
CVE-2026-30903 (External Control of File Name or Path in the Mail feature of Zoom Work ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-30902 (Improper Privilege Management in certain Zoom Clients for Windows may ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-30901 (Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Ki ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-30900 (Improper Check of minimum version in update functionality of certain Z ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-30868 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
TODO: check
CVE-2026-30741 (A remote code execution (RCE) vulnerability in OpenClaw Agent Platform ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-30239 (OpenProject is an open-source, web-based project management software. ...)
TODO: check
CVE-2026-30236 (OpenProject is an open-source, web-based project management software. ...)
@@ -175,41 +175,41 @@ CVE-2026-27703 (RIOT is an open-source microcontroller operating system, designe
CVE-2026-27478 (Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4. ...)
TODO: check
CVE-2026-24510 (Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, con ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-24509 (Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, con ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-24508 (Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, con ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-22248 (GLPI is an open-source asset and IT management software package that p ...)
TODO: check
CVE-2026-21888 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. ...)
TODO: check
CVE-2026-20166 (In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Clou ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20165 (In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20164 (In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20163 (In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20162 (In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20118 (A vulnerability in the handling of an Egress Packet Network Interface ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20117 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20116 (A vulnerability in the web-based management interface of Cisco F ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20074 (A vulnerability in the Intermediate System-to-Intermediate System (IS- ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20046 (A vulnerability in task group assignment for a specific CLI command in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20040 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-1993 (The ExactMetrics \u2013 Google Analytics Dashboard for WordPress plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1992 (The ExactMetrics \u2013 Google Analytics Dashboard for WordPress plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1732 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-1663 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -221,7 +221,7 @@ CVE-2026-1497 (Incorrect resolving of namespaces in composite databases in Neo4j
CVE-2026-1471 (Excessive caching of authentication context in Neo4j Enterprise editio ...)
TODO: check
CVE-2026-1454 (The Responsive Contact Form Builder & Lead Generation Plugin plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1230 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-1090 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -231,9 +231,9 @@ CVE-2026-1069 (GitLab has remediated an issue in GitLab CE/EE affecting all vers
CVE-2026-0602 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-0231 (An information disclosure vulnerability inPalo Alto Networks Cortex XD ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0230 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-70330 (Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handl ...)
TODO: check
CVE-2025-70082 (An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to exec ...)
@@ -269,7 +269,7 @@ CVE-2025-12704 (GitLab has remediated an issue in GitLab EE affecting all versio
CVE-2025-12697 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2025-12690 (Execution with unnecessary privileges in Forcepoint NGFW Engine allows ...)
- TODO: check
+ NOT-FOR-US: Forcepoint
CVE-2025-12576 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2025-12555 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -297,7 +297,7 @@ CVE-2019-25475 (SQL Server Password Changer 1.90 contains a buffer overflow vuln
CVE-2019-25474 (Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability t ...)
TODO: check
CVE-2019-25472 (IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated a ...)
- TODO: check
+ NOT-FOR-US: Intelbras
CVE-2019-25471 (FileThingie 2.5.7 contains an arbitrary file upload vulnerability that ...)
TODO: check
CVE-2019-25470 (eWON Firmware versions 12.2 to 13.0 contain an authentication bypass v ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3a8fd034370179318e02b20c6888b7451668869
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3a8fd034370179318e02b20c6888b7451668869
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260311/3e468886/attachment.htm>
More information about the debian-security-tracker-commits
mailing list