[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 24 08:14:28 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b5bb466f by security tracker role at 2026-03-24T08:14:16+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,65 +47,65 @@ CVE-2026-4731 (Integer Overflow or Wraparound vulnerability in artraweditor ART
 CVE-2026-4681 (A critical remote code execution (RCE) vulnerability has been reported ...)
 	TODO: check
 CVE-2026-4662 (The JetEngine plugin for WordPress is vulnerable to SQL Injection via  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4640 (Vitals ESP developed by Galaxy Software Services has a Missing Authent ...)
 	TODO: check
 CVE-2026-4639 (Vitals ESP developed by Galaxy Software Services has a Incorrect Autho ...)
 	TODO: check
 CVE-2026-4632 (A weakness has been identified in itsourcecode Online Enrollment Syste ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-4627 (A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1.  ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-4626 (A vulnerability has been found in projectworlds Lawyer Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2026-4625 (A flaw has been found in SourceCodester Online Admission System 1.0. T ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-4624 (A vulnerability was detected in SourceCodester Online Library Manageme ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-4623 (A security vulnerability has been detected in DefaultFuction Jeson-Cus ...)
 	TODO: check
 CVE-2026-4617 (A weakness has been identified in SourceCodester Patients Waiting Area ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-4616 (A security flaw has been discovered in bolo-blog \uae4c\uc9c0 2.6.4. T ...)
 	TODO: check
 CVE-2026-4615 (A vulnerability was identified in SourceCodester Online Catering Reser ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-4614 (A vulnerability was determined in itsourcecode sanitize or validate th ...)
 	TODO: check
 CVE-2026-4613 (A vulnerability was found in SourceCodester E-Commerce Site 1.0. This  ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-4612 (A vulnerability has been found in itsourcecode Free Hotel Reservation  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-4611 (A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0c ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-4597 (A security flaw has been discovered in 648540858 wvp-GB28181-pro up to ...)
 	TODO: check
 CVE-2026-4368 (Race Condition inNetScaler ADC and NetScaler Gateway when appliance is ...)
 	TODO: check
 CVE-2026-4306 (The WP Job Portal plugin for WordPress is vulnerable to SQL Injection  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4283 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4066 (The Smart Custom Fields plugin for WordPress is vulnerable to unauthor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4056 (The User Registration & Membership plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4021 (The Contest Gallery plugin for WordPress is vulnerable to an authentic ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4001 (The Woocommerce Custom Product Addons Pro plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3533 (The Jupiter X Core plugin for WordPress is vulnerable to limited file  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3509 (An unauthenticated remote attacker may be able to control the format s ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2026-3260 (A flaw was found in Undertow. A remote attacker could exploit this vul ...)
 	TODO: check
 CVE-2026-3225 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3138 (The Product Filter for WooCommerce by WBW plugin for WordPress is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3079 (The LearnDash LMS plugin for WordPress is vulnerable to blind time-bas ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3055 (Insufficient input validation inNetScaler ADC and NetScaler Gateway wh ...)
 	TODO: check
 CVE-2026-33856 (Missing Release of Memory after Effective Lifetime vulnerability in Mo ...)
@@ -177,7 +177,7 @@ CVE-2026-33167 (Action Pack is a Rubygem for building web applications on the Ra
 CVE-2026-33046 (Indico is an event management system that uses Flask-Multipass, a mult ...)
 	TODO: check
 CVE-2026-32913 (OpenClaw before 2026.3.7 contains an improper header validation vulner ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-32912
 	REJECTED
 CVE-2026-32911
@@ -221,7 +221,7 @@ CVE-2026-32047
 CVE-2026-32012
 	REJECTED
 CVE-2026-2412 (The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-29111 (systemd, a system and service manager, (as PID 1) hits an assert and f ...)
 	TODO: check
 CVE-2026-28483
@@ -229,9 +229,9 @@ CVE-2026-28483
 CVE-2026-28455
 	REJECTED
 CVE-2026-27646 (OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-27183 (OpenClaw versions prior to 2026.3.7 contain a shell approval gating by ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-23882 (Blinko is an AI-powered card note-taking project. Prior to version 1.8 ...)
 	TODO: check
 CVE-2026-23488 (Blinko is an AI-powered card note-taking project. Prior to version 1.8 ...)
@@ -265,7 +265,7 @@ CVE-2025-60947 (Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authe
 CVE-2025-60946 (Census CSWeb 8.0.1 allows arbitrary file path input. A remote, authent ...)
 	TODO: check
 CVE-2025-41660 (A low-privileged remote attacker may be able to replace the boot appli ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2026-4680 (Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allow ...)
 	- chromium 146.0.7680.164-1
 	[bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5bb466fda648a8868225d0fff230b7937d7a527

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5bb466fda648a8868225d0fff230b7937d7a527
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260324/3859f202/attachment.htm>

More information about the debian-security-tracker-commits mailing list