[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 18 08:15:01 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d26eb727 by security tracker role at 2026-03-18T08:14:53+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2026-4366 (A flaw was identified in Keycloak, an identity and access management s ...)
TODO: check
CVE-2026-4356 (A flaw has been found in itsourcecode University Management System 1.0 ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4355 (A vulnerability was detected in Portabilis i-Educar 2.11. This impacts ...)
- TODO: check
+ NOT-FOR-US: Portabilis
CVE-2026-4354 (A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01 ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-4349 (A vulnerability was determined in Duende IdentityServer 4. The affecte ...)
TODO: check
CVE-2026-4268 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3856 (IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could all ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3512 (The Writeprint Stylometry plugin for WordPress is vulnerable to Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-33189
REJECTED
CVE-2026-33188
@@ -61,11 +61,11 @@ CVE-2026-30922 (pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, th
CVE-2026-30884 (mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynami ...)
TODO: check
CVE-2026-2809 (Netskope was notified about a potential gap in its Endpoint DLP Module ...)
- TODO: check
+ NOT-FOR-US: Netskope
CVE-2026-29112 (DiceBear is an avatar library for designers and developers. Prior to v ...)
TODO: check
CVE-2026-29057 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-29056 (Kanboard is project management software focused on Kanban methodology. ...)
TODO: check
CVE-2026-28674 (xiaoheiFS is a self-hosted financial and operational system for cloud ...)
@@ -77,13 +77,13 @@ CVE-2026-28500 (Open Neural Network Exchange (ONNX) is an open standard for mach
CVE-2026-28499 (LeafKit is a templating language with Swift-inspired syntax. Prior to ...)
TODO: check
CVE-2026-27980 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-27979 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-27978 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-27977 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-27895 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
TODO: check
CVE-2026-27894 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...)
@@ -91,13 +91,13 @@ CVE-2026-27894 (LDAP Account Manager (LAM) is a webfrontend for managing entries
CVE-2026-27811 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
TODO: check
CVE-2026-27545 (OpenClaw versions prior to 2026.2.26 contain an approval bypass vulner ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27524 (OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27523 (OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27522 (OpenClaw versions prior to 2026.2.24 contain a local media root bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27459 (pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in ...)
TODO: check
CVE-2026-27448 (pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in ...)
@@ -131,51 +131,51 @@ CVE-2026-22317 (A command injection vulnerability in the device\u2019s Root CA c
CVE-2026-22316 (A remote attacker with user privileges for the webUI can use the setti ...)
TODO: check
CVE-2026-22217 (OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary cod ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22181 (OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22180 (OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22179 (OpenClaw versions prior to 2026.2.22 in macOS node-host system.run con ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22178 (OpenClaw versions prior to 2026.2.19 construct RegExp objects directly ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22177 (OpenClaw versions prior to 2026.2.21 fail to filter dangerous process- ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22175 (OpenClaw versions prior to 2026.2.23 contain an exec approval bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22174 (OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22171 (OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22170 (OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plu ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22169 (OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-22168 (OpenClaw versions prior to 2026.2.21 contain an approval-integrity mis ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-21994 (Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Vis ...)
TODO: check
CVE-2026-20643 (A cross-origin issue in the Navigation API was addressed with improved ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-1926 (The Subscriptions for WooCommerce plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1780 (The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1376 (IBM i 7.6 could allow a remote attacker to cause a denial of service u ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1267 (IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unaut ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1264 (IBM Sterling B2B Integratorand IBM Sterling File Gateway6.1.0.0 throug ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-31703 (A vulnerability found in Dahua NVR/XVR device. A third-party malicious ...)
- TODO: check
+ NOT-FOR-US: Dahua
CVE-2025-15363 (The Get Use APIs WordPress plugin before 2.0.10 executes imported JSO ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14806 (IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attac ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14031 (IBM Sterling B2B Integrator andand IBM Sterling File Gateway6.1.0.0 th ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3312
- pagure <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443259
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d26eb7278c8e55692aa6e785561937d0a171c133
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d26eb7278c8e55692aa6e785561937d0a171c133
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260318/7b7888fa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list