[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
867d84f8 by Salvatore Bonaccorso at 2026-03-18T22:35:36+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-3278 (Improper neutralization of input during web page generation ('cro
 CVE-2026-3090 (The Post SMTP \u2013 Complete Email Deliverability and SMTP Solution w ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-33265 (In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the Li ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2026-33004 (Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API k ...)
 	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2026-33003 (Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys une ...)
@@ -71,19 +71,19 @@ CVE-2026-31963 (HTSlib is a library for reading and writing bioinformatics file
 CVE-2026-31962 (HTSlib is a library for reading and writing bioinformatics file format ...)
 	TODO: check
 CVE-2026-30704 (The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) exposes an  ...)
-	TODO: check
+	NOT-FOR-US: WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
 CVE-2026-30703 (A command injection vulnerability exists in the web management interfa ...)
-	TODO: check
+	NOT-FOR-US: WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
 CVE-2026-30702 (The WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02) implements  ...)
-	TODO: check
+	NOT-FOR-US: WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
 CVE-2026-30701 (The web interface of the WiFi Extender WDR201A (HW V2.1, FW LFMZX28040 ...)
-	TODO: check
+	NOT-FOR-US: WiFi Extender WDR201A (HW V2.1, FW LFMZX28040922V1.02)
 CVE-2026-30695 (A Cross-Site Scripting (XSS) vulnerability exists in the web-based con ...)
-	TODO: check
+	NOT-FOR-US: Zucchetti
 CVE-2026-30345 (A zip slip vulnerability in the Admin import functionality of CTFd v3. ...)
-	TODO: check
+	NOT-FOR-US: CTFd
 CVE-2026-30048 (A stored cross-site scripting (XSS) vulnerability exists in the NotCha ...)
-	TODO: check
+	NOT-FOR-US: NotChatbot WebChat widget
 CVE-2026-2992 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2991 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...)
@@ -93,11 +93,11 @@ CVE-2026-2559 (The Post SMTP plugin for WordPress is vulnerable to unauthorized
 CVE-2026-2512 (The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-29859 (An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attac ...)
-	TODO: check
+	NOT-FOR-US: aaPanel
 CVE-2026-29858 (A lack of path validation in aaPanel v7.57.0 allows attackers to execu ...)
-	TODO: check
+	NOT-FOR-US: aaPanel
 CVE-2026-29856 (An issue in the VirtualHost configuration handling/parser component of ...)
-	TODO: check
+	NOT-FOR-US: aaPanel
 CVE-2026-27135 (nghttp2 is an implementation of the Hypertext Transfer Protocol versio ...)
 	TODO: check
 CVE-2026-26948 (Dell Integrated Dell Remote Access Controller 9, 14G versions prior to ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/867d84f88710ff33243bceaac238a3a535cd4f21

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/867d84f88710ff33243bceaac238a3a535cd4f21
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260318/2d916ae2/attachment.htm>