[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 23 20:15:05 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
504dc0ae by security tracker role at 2026-03-23T20:14:00+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,9 +7,9 @@ CVE-2026-4633 (A flaw was found in Keycloak. A remote attacker can exploit diffe
 CVE-2026-4628 (A flaw was found in Keycloak. An improper Access Control vulnerability ...)
 	TODO: check
 CVE-2026-4596 (A vulnerability was identified in projectworlds Lawyer Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2026-4595 (A vulnerability was determined in code-projects Exam Form Submission 1 ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-4594 (A vulnerability has been found in erupts erupt up to 1.13.3. Affected  ...)
 	TODO: check
 CVE-2026-4593 (A flaw has been found in erupts erupt bis 1.13.3. Affected by this vul ...)
@@ -37,9 +37,9 @@ CVE-2026-4583 (A vulnerability was detected in Shenzhen HCC Technology MPOS M6 P
 CVE-2026-4582 (A security vulnerability has been detected in Shenzhen HCC Technology  ...)
 	TODO: check
 CVE-2026-4581 (A weakness has been identified in code-projects Simple Laundry System  ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-4580 (A security flaw has been discovered in code-projects Simple Laundry Sy ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-4404 (Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and be ...)
 	TODO: check
 CVE-2026-3635 (Summary When trustProxy is configured with a restrictive trust functio ...)
@@ -123,11 +123,11 @@ CVE-2026-32968 (Due to the improper neutralisation of special elements used in a
 CVE-2026-32879 (New API is a large language mode (LLM) gateway and artificial intellig ...)
 	TODO: check
 CVE-2026-32852 (MailEnable versions prior to10.55 contain a reflected cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: MailEnable
 CVE-2026-32851 (MailEnable versions prior to10.55 contain a reflected cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: MailEnable
 CVE-2026-32850 (MailEnable versions prior to10.55 contain a reflected cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: MailEnable
 CVE-2026-32845 (cgltf version 1.15 and prior contain an integer overflow vulnerability ...)
 	TODO: check
 CVE-2026-31851 (Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does  ...)
@@ -151,7 +151,7 @@ CVE-2026-30007 (XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a craf
 CVE-2026-30006 (XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a craf ...)
 	TODO: check
 CVE-2026-2298 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
-	TODO: check
+	NOT-FOR-US: Salesforce
 CVE-2026-28809 (XML External Entity (XXE) vulnerability in esaml (and its forks) allow ...)
 	TODO: check
 CVE-2026-27131 (The Sprig Plugin for Craft CMS is a reactive Twig component framework  ...)
@@ -175,25 +175,25 @@ CVE-2025-41008 (SQL injection vulnerability in Sinturno. This vulnerability allo
 CVE-2025-41007 (SQL Injection in Cuantis. This vulnerability allows an attacker to ret ...)
 	TODO: check
 CVE-2025-15606 (A Denial-of-Service (DoS) vulnerability in the httpd component of TP-L ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2025-15605 (A hardcoded cryptographic key within the configuration mechanism on TP ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2025-15519 (Improper input handling in a modem-management administrative CLI comma ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2025-15518 (Improper input handling in a wireless-control administrative CLI comma ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2025-15517 (A missing authentication check in the HTTP server on TP-Link Archer NX ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2024-51226 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-51225 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-51224 (Multiple cross-site scripting (XSS) vulnerabilities in the component / ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-51223 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-51222 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2024-46879 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POS ...)
 	TODO: check
 CVE-2024-46878 (A Cross-Site Scripting (XSS) vulnerability exists in the page paramete ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/504dc0ae6e78a7cb325d0d0f133bfd6cfd2c623a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/504dc0ae6e78a7cb325d0d0f133bfd6cfd2c623a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260323/a048e6e9/attachment.htm>

More information about the debian-security-tracker-commits mailing list