[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 18 20:14:28 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b9b10b5 by security tracker role at 2026-03-18T20:14:15+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2026-4396 (Improper certificate validation in Devolutions Hub Reporting Service   ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-3479 (pkgutil.get_data() did not validate the resource argument as documente ...)
 	TODO: check
 CVE-2026-3278 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2026-3090 (The Post SMTP \u2013 Complete Email Deliverability and SMTP Solution w ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-33265 (In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the Li ...)
 	TODO: check
 CVE-2026-33004 (Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API k ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-33003 (Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys une ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-33002 (Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS  ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-33001 (Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely han ...)
-	TODO: check
+	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-32694 (In Juju from version 3.0.0 through 3.6.18, when a secret owner grants  ...)
 	TODO: check
 CVE-2026-32693 (In Juju from version 3.0.0 through 3.6.18, the authorization of the "s ...)
@@ -37,7 +37,7 @@ CVE-2026-32610 (Glances is an open-source system cross-platform monitoring tool.
 CVE-2026-32609 (Glances is an open-source system cross-platform monitoring tool. The G ...)
 	TODO: check
 CVE-2026-32565 (Missing Authorization vulnerability in WebberZone Contextual Related P ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-31971 (HTSlib is a library for reading and writing bioinformatics file format ...)
 	TODO: check
 CVE-2026-31970 (HTSlib is a library for reading and writing bioinformatics file format ...)
@@ -73,13 +73,13 @@ CVE-2026-30345 (A zip slip vulnerability in the Admin import functionality of CT
 CVE-2026-30048 (A stored cross-site scripting (XSS) vulnerability exists in the NotCha ...)
 	TODO: check
 CVE-2026-2992 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2991 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2559 (The Post SMTP plugin for WordPress is vulnerable to unauthorized modif ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2512 (The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-29859 (An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attac ...)
 	TODO: check
 CVE-2026-29858 (A lack of path validation in aaPanel v7.57.0 allows attackers to execu ...)
@@ -89,21 +89,21 @@ CVE-2026-29856 (An issue in the VirtualHost configuration handling/parser compon
 CVE-2026-27135 (nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...)
 	TODO: check
 CVE-2026-26948 (Dell Integrated Dell Remote Access Controller 9, 14G versions prior to ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-26945 (Dell Integrated Dell Remote Access Controller 9, 14G versions prior to ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-26740 (Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attack ...)
 	TODO: check
 CVE-2026-25449 (Deserialization of Untrusted Data vulnerability in Shinetheme Traveler ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24063 (When a plugin is installed using the Arturia Software Center (MacOS),  ...)
 	TODO: check
 CVE-2026-24062 (The "Privileged Helper" component of the Arturia Software Center (MacO ...)
 	TODO: check
 CVE-2026-1463 (The Photo Gallery, Sliders, Proofing and Themes \u2013 NextGEN Gallery ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1217 (The Yoast Duplicate Post plugin for WordPress is vulnerable to unautho ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-0866
 	REJECTED
 CVE-2025-67830 (Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b9b10b5603ea8c12453f862ded434a014fc8da9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b9b10b5603ea8c12453f862ded434a014fc8da9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260318/45cbad5f/attachment.htm>

More information about the debian-security-tracker-commits mailing list