[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 26 20:18:04 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e255969 by security tracker role at 2026-03-26T20:17:55+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,17 +7,17 @@ CVE-2026-4897 (A flaw was found in polkit. A local user can exploit this by prov
 CVE-2026-4887 (A flaw was found in GIMP. This issue is a heap buffer over-read in GIM ...)
 	TODO: check
 CVE-2026-4877 (A security flaw has been discovered in itsourcecode Payroll Management ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-4876 (A vulnerability was identified in itsourcecode Free Hotel Reservation  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-4875 (A vulnerability was determined in itsourcecode Free Hotel Reservation  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-4867 (Impact:  A bad regular expression is generated any time you have three ...)
 	TODO: check
 CVE-2026-4862 (A security vulnerability has been detected in UTT HiPER 1250GW up to 3 ...)
 	TODO: check
 CVE-2026-4861 (A weakness has been identified in Wavlink WL-NU516U1 260227. This vuln ...)
-	TODO: check
+	NOT-FOR-US: Wavlink
 CVE-2026-4860 (A security flaw has been discovered in 648540858 wvp-GB28181-pro up to ...)
 	TODO: check
 CVE-2026-4809 (plank/laravel-mediable through version 6.4.0 can allow upload of a dan ...)
@@ -131,7 +131,7 @@ CVE-2026-33009 (EVerest is an EV charging software stack. Versions prior to 2026
 CVE-2026-32857 (Firecrawl version 2.8.0 and prior contain a server-side request forger ...)
 	TODO: check
 CVE-2026-32846 (OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path t ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-32287 (Boolean XPath expressions that evaluate to true can cause an infinite  ...)
 	TODO: check
 CVE-2026-32286 (The DataRow.Decode function fails to properly validate field lengths.  ...)
@@ -149,11 +149,11 @@ CVE-2026-30457 (An issue in the /parser/dwoo component of Daylight Studio FuelCM
 CVE-2026-30162 (Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted lin ...)
 	TODO: check
 CVE-2026-2511 (The JS Help Desk \u2013 AI-Powered Support & Ticketing System plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2389 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2231 (The Fluent Booking plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-29976 (Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee ...)
 	TODO: check
 CVE-2026-29969 (A cross-site scripting (XSS) vulnerability in the wff_cols_pref.css.as ...)
@@ -171,9 +171,9 @@ CVE-2026-29044 (EVerest is an EV charging software stack. Prior to version 2026.
 CVE-2026-28503 (Tandoor Recipes is an application for managing recipes, planning meals ...)
 	TODO: check
 CVE-2026-28298 (SolarWinds Observability Self-Hosted was found to be affected by a sto ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2026-28297 (SolarWinds Observability Self-Hosted was found to be affected by a sto ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2026-27828 (EVerest is an EV charging software stack. Prior to version 2026.02.0,  ...)
 	TODO: check
 CVE-2026-27816 (EVerest is an EV charging software stack. Prior to versions to 2026.02 ...)
@@ -185,9 +185,9 @@ CVE-2026-27814 (EVerest is an EV charging software stack. Versions prior to 2026
 CVE-2026-27813 (EVerest is an EV charging software stack. Versions prior to 2026.02.0  ...)
 	TODO: check
 CVE-2026-27664 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-27663 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-26213 (thingino-firmware versions up to the firmware-2026-03-16 release conta ...)
 	TODO: check
 CVE-2026-26074 (EVerest is an EV charging software stack. Versions prior to 2026.02.0  ...)
@@ -213,41 +213,41 @@ CVE-2026-22593 (EVerest is an EV charging software stack. Prior to version 2026.
 CVE-2026-1961 (A flaw was found in Foreman. A remote attacker could exploit a command ...)
 	TODO: check
 CVE-2026-1032 (The Conditional Menus plugin for WordPress is vulnerable to Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-55277 (HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55276 (HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55275 (HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55274 (HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulne ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55273 (HCL Aftermarket DPC is affected by Cross Domain Script Include vulnera ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55272 (HCL Aftermarket DPC is affected by Banner Disclosure vulnerability whe ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55271 (HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55270 (HCL Aftermarket DPC is affected by Improper Input Validation which all ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55269 (HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55268 (HCL Aftermarket DPC is affected by Spamming Vulnerability which can al ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55267 (HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55266 (HCL Aftermarket DPC is affected by Session Fixation which allows attac ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55265 (HCL Aftermarket DPC is affected by File Discovery which allows attacke ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55264 (HCL Aftermarket DPC is affected by Failure to Invalidate Session on Pa ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55263 (HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allo ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55262 (HCL Aftermarket DPC is affected by SQL Injection which allows attacker ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-55261 (HCL Aftermarket DPC is affected by Missing Functional Level Access Con ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-41368 (Problem in the Small HTTP Server v3.06.36 service. An authenticated pa ...)
 	TODO: check
 CVE-2025-41359 (Vulnerability related to an unquoted service path in Small HTTP Server ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e255969102d0eaa4836ff102b076f228ebfbefb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e255969102d0eaa4836ff102b076f228ebfbefb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260326/e254f249/attachment.htm>

More information about the debian-security-tracker-commits mailing list