[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 19 20:13:08 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
386ad0d6 by security tracker role at 2026-03-19T20:12:58+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2026-4426 (A flaw was found in libarchive. An Undefined Behavior vulnerabili
 CVE-2026-4424 (A flaw was found in libarchive. This heap out-of-bounds read vulnerabi ...)
 	TODO: check
 CVE-2026-3658 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3580 (In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_ ...)
 	TODO: check
 CVE-2026-3579 (wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time soft ...)
@@ -31,13 +31,13 @@ CVE-2026-32865 (OPEXUS eComplaint and eCASE before version 10.1.0.0 include the
 CVE-2026-32843 (Location Aware Sensor System by Linkit ONE, up to commit f06bd20 (2023 ...)
 	TODO: check
 CVE-2026-32238 (OpenEMR is a free and open source electronic health records and medica ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2026-32119 (OpenEMR is a free and open source electronic health records and medica ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2026-30711 (Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL ...)
 	TODO: check
 CVE-2026-30694 (An issue in DedeCMS v.5.7.118 and before allows a remote attacker to e ...)
-	TODO: check
+	NOT-FOR-US: DedeCMS
 CVE-2026-30404 (The backend database management connection test feature in wgcloud v3. ...)
 	TODO: check
 CVE-2026-30403 (There is an arbitrary file read vulnerability in the test connection f ...)
@@ -49,15 +49,15 @@ CVE-2026-2646 (A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_
 CVE-2026-2645 (In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 serv ...)
 	TODO: check
 CVE-2026-27070 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27068 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27067 (Unrestricted Upload of File with Dangerous Type vulnerability in Syari ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27065 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27043 (Unrestricted Upload of File with Dangerous Type vulnerability in Theme ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-26940 (Improper Validation of Specified Quantity in Input (CWE-1284) in the T ...)
 	TODO: check
 CVE-2026-26939 (Missing Authorization (CWE-862) in Kibana\u2019s server-side Detection ...)
@@ -67,25 +67,25 @@ CVE-2026-26933 (Improper Validation of Array Index (CWE-129) in multiple protoco
 CVE-2026-26931 (Memory Allocation with Excessive Size Value (CWE-789) in the Prometheu ...)
 	TODO: check
 CVE-2026-25928 (OpenEMR is a free and open source electronic health records and medica ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2026-25744 (OpenEMR is a free and open source electronic health records and medica ...)
-	TODO: check
+	NOT-FOR-US: OpenEMR
 CVE-2026-25667 (ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0  ...)
 	TODO: check
 CVE-2026-25445 (Deserialization of Untrusted Data vulnerability in Membership Software ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25443 (Missing Authorization vulnerability in Dotstore Fraud Prevention For W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25438 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-22558 (An Authenticated NoSQL Injection vulnerability found in UniFi Network  ...)
 	TODO: check
 CVE-2026-22557 (A malicious actor with access to the network could exploit a Path Trav ...)
 	TODO: check
 CVE-2026-21788 (HCL Connections is vulnerable to a cross-site scripting attack where a ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2026-1005 (Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacke ...)
 	TODO: check
 CVE-2026-0819 (A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 Signed ...)
@@ -101,9 +101,9 @@ CVE-2025-71257 (BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 conta
 CVE-2025-69720 (ncurses v6.5 and v6.4 are vulnerable to Buffer Overflow in progs/infoc ...)
 	TODO: check
 CVE-2025-68836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67618 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67115 (A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Ser ...)
 	TODO: check
 CVE-2025-67114 (Use of a deterministic credential generation algorithm in /ftl/bin/cal ...)
@@ -113,17 +113,17 @@ CVE-2025-67113 (OS command injection in the CWMP client (/ftl/bin/cwmp) of Small
 CVE-2025-67112 (Use of a hard-coded AES-256-CBC key in the configuration backup/restor ...)
 	TODO: check
 CVE-2025-62043 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-60237 (Deserialization of Untrusted Data vulnerability in Themeton Finag allo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-60233 (Deserialization of Untrusted Data vulnerability in Themeton Zuut allow ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-53222 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-50001 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32223 (Authorization Bypass Through User-Controlled Key vulnerability in Them ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-14716 (Improper Authentication vulnerability in Secomea GateManager (webserve ...)
 	TODO: check
 CVE-2026-4342



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/386ad0d6738fae6f58f7684f659e4d0966d780a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/386ad0d6738fae6f58f7684f659e4d0966d780a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260319/f1065825/attachment.htm>

More information about the debian-security-tracker-commits mailing list