[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 26 08:50:13 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
30c95a12 by Salvatore Bonaccorso at 2026-03-26T09:49:40+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2026-4874 (A flaw was found in Keycloak. An authenticated attacker can perform Se ...)
TODO: check
CVE-2026-4850 (A security flaw has been discovered in code-projects Simple Laundry Sy ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4849 (A vulnerability was identified in code-projects Simple Laundry System ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4848 (A vulnerability was determined in dameng100 muucmf 1.9.5.20260309. Thi ...)
TODO: check
CVE-2026-4847 (A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impa ...)
@@ -13,21 +13,21 @@ CVE-2026-4846 (A vulnerability has been found in dameng100 muucmf 1.9.5.20260309
CVE-2026-4845 (A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is ...)
TODO: check
CVE-2026-4844 (A vulnerability was detected in code-projects Online Food Ordering Sys ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4842 (A security vulnerability has been detected in itsourcecode Online Enro ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4841 (A weakness has been identified in code-projects Online Food Ordering S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4840 (A security flaw has been discovered in Netcore Power 15AX up to 3.0.0. ...)
TODO: check
CVE-2026-4839 (A vulnerability has been found in SourceCodester Food Ordering System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-4838 (A flaw has been found in SourceCodester Malawi Online Market 1.0. The ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-4836 (A vulnerability was detected in code-projects Accounting System 1.0. T ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4835 (A security vulnerability has been detected in code-projects Accounting ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4833 (A weakness has been identified in Orc discount up to 3.0.1.2. This iss ...)
TODO: check
CVE-2026-4831 (A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted ...)
@@ -35,9 +35,9 @@ CVE-2026-4831 (A security flaw has been discovered in kalcaddle kodbox 1.64. Imp
CVE-2026-4830 (A vulnerability was identified in kalcaddle kodbox 1.64. This issue af ...)
TODO: check
CVE-2026-4826 (A vulnerability was determined in SourceCodester Sales and Inventory S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-4825 (A vulnerability was found in SourceCodester Sales and Inventory System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-4824 (A vulnerability has been found in Enter Software Iperius Backup up to ...)
TODO: check
CVE-2026-4823 (A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Af ...)
@@ -45,69 +45,69 @@ CVE-2026-4823 (A flaw has been found in Enter Software Iperius Backup up to 8.7.
CVE-2026-4822 (A vulnerability was detected in Enter Software Iperius Backup bis 8.7. ...)
TODO: check
CVE-2026-4758 (The WP Job Portal plugin for WordPress is vulnerable to arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4747 (Each RPCSEC_GSS data packet is validated by a routine which checks a s ...)
TODO: check
CVE-2026-4652 (On a system exposing an NVMe/TCP target, a remote client can trigger a ...)
TODO: check
CVE-2026-4484 (The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4389 (The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4335 (The ShortPixel Image Optimizer plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4331 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4329 (The Blackhole for Bad Bots plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4281 (The FormLift for Infusionsoft Web Forms plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4278 (The Simple Download Counter plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4247 (When a challenge ACK is to be sent tcp_respond() constructs and sends ...)
TODO: check
CVE-2026-4075 (The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3328 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-34056 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-34055 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-34053 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-34051 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33942 (Saloon is a PHP library that gives users tools to build API integratio ...)
TODO: check
CVE-2026-33934 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33933 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33932 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33931 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33918 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33917 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33915 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33914 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33913 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33912 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33911 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33910 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33909 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33348 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-33287 (LiquidJS is a Shopify / GitHub Pages compatible template engine in pur ...)
TODO: check
CVE-2026-33285 (LiquidJS is a Shopify / GitHub Pages compatible template engine in pur ...)
@@ -129,7 +129,7 @@ CVE-2026-33182 (Saloon is a PHP library that gives users tools to build API inte
CVE-2026-32680 (The installer of RATOC RAID Monitoring Manager for Windows allows to c ...)
TODO: check
CVE-2026-32120 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-30976 (Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4. ...)
TODO: check
CVE-2026-30975 (Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0 ...)
@@ -137,73 +137,73 @@ CVE-2026-30975 (Sonarr is a PVR for Usenet and BitTorrent users. Versions prior
CVE-2026-30892 (crun is an open source OCI Container Runtime fully written in C. In ve ...)
TODO: check
CVE-2026-2931 (The Amelia Booking plugin for WordPress is vulnerable to Insecure Dire ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2485 (IBM Infosphere Information Server11.7.0.0 through11.7.1.6 is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-2484 (IBM InfoSphere Information Server11.7.0.0 through11.7.1.6is affected b ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-2483 (IBM InfoSphere Information Server11.7.0.0 through11.7.1.6is vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-29187 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-28760 (The installer of RATOC RAID Monitoring Manager for Windows searches th ...)
TODO: check
CVE-2026-1986 (The FloristPress for Woo \u2013 Customize your eCommerce store for you ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1890 (The LeadConnector WordPress plugin before 3.0.22 does not have authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1561 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 I ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1430 (The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1262 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affecte ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1206 (The Elementor Website Builder plugin for WordPress is vulnerable to In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1015 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1014 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-64648 (IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that coul ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-64647 (IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-64646 (IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sens ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36440 (IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sen ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36438 (IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perfo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36422 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSp ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36258 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product st ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36187 (IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-2535
REJECTED
CVE-2025-15488 (The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15433 (The Shared Files WordPress plugin before 1.7.58 allows users with a r ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15101 (A Cross-Site Request Forgery (CSRF) vulnerability has been identified ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-14974 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14917 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 I ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14915 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 I ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14912 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14810 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not i ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14808 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14807 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-14684 (IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-33952 [DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks]
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30c95a126c2fa7ff002a71d58e5d89ba7ff2d000
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30c95a126c2fa7ff002a71d58e5d89ba7ff2d000
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260326/a8e6e653/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list