[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 27 07:16:22 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
897d8965 by Salvatore Bonaccorso at 2026-03-27T08:15:59+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -74,7 +74,7 @@ CVE-2026-4263 (Vulnerability of incorrect authorization inHiJiffy Chatbot allows
 CVE-2026-4262 (Vulnerability of incorrect authorization inHiJiffy Chatbot allows an a ...)
 	NOT-FOR-US: HiJiffy Chatbot
 CVE-2026-3116 (Mattermost Plugins versions <=11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fai ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Plugins
 CVE-2026-3115 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-3114 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
@@ -84,7 +84,7 @@ CVE-2026-3113 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <=
 CVE-2026-3112 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-3109 (Mattermost Plugins versions <=11.4 10.11.11.0 fail to validate webhook ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Plugins
 CVE-2026-3108 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-34071 (Stirling-PDF is a locally hosted web application that allows you to pe ...)
@@ -132,7 +132,7 @@ CVE-2026-33495 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Co
 CVE-2026-33494 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control  ...)
 	NOT-FOR-US: ORY Oathkeeper
 CVE-2026-33491 (Zen C is a systems programming language that compiles to human-readabl ...)
-	TODO: check
+	NOT-FOR-US: Zen C
 CVE-2026-33490 (H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc ...)
 	NOT-FOR-US: H3
 CVE-2026-33487 (goxmlsig provides XML Digital Signatures implemented in Go. Prior to v ...)
@@ -194,13 +194,13 @@ CVE-2026-32285 (The Delete function fails to properly validate offsets when proc
 CVE-2026-32284 (The msgpack decoder fails to properly validate the input buffer length ...)
 	TODO: check
 CVE-2026-30463 (Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: Daylight Studio FuelCMS
 CVE-2026-30458 (An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltr ...)
-	TODO: check
+	NOT-FOR-US: Daylight Studio FuelCMS
 CVE-2026-30457 (An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5 ...)
-	TODO: check
+	NOT-FOR-US: Daylight Studio FuelCMS
 CVE-2026-30162 (Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted lin ...)
-	TODO: check
+	NOT-FOR-US: Timo
 CVE-2026-2511 (The JS Help Desk \u2013 AI-Powered Support & Ticketing System plugin f ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2389 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is  ...)
@@ -208,35 +208,35 @@ CVE-2026-2389 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPres
 CVE-2026-2231 (The Fluent Booking plugin for WordPress is vulnerable to Stored Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-29976 (Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee ...)
-	TODO: check
+	NOT-FOR-US: ZerBea hcxpcapngtool
 CVE-2026-29969 (A cross-site scripting (XSS) vulnerability in the wff_cols_pref.css.as ...)
-	TODO: check
+	NOT-FOR-US: staffwiki
 CVE-2026-29934 (A reflected cross-site scripting (XSS) vulnerability in the /admin/men ...)
-	TODO: check
+	NOT-FOR-US: Lightcms
 CVE-2026-29933 (A reflected cross-site scripting (XSS) vulnerability in the /index/log ...)
-	TODO: check
+	NOT-FOR-US: YZMCMS
 CVE-2026-29905 (Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' per ...)
-	TODO: check
+	NOT-FOR-US: Kirby CMS
 CVE-2026-29055 (Tandoor Recipes is an application for managing recipes, planning meals ...)
-	TODO: check
+	NOT-FOR-US: Tandoor Recipes
 CVE-2026-29044 (EVerest is an EV charging software stack. Prior to version 2026.02.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-28503 (Tandoor Recipes is an application for managing recipes, planning meals ...)
-	TODO: check
+	NOT-FOR-US: Tandoor Recipes
 CVE-2026-28298 (SolarWinds Observability Self-Hosted was found to be affected by a sto ...)
 	NOT-FOR-US: SolarWinds
 CVE-2026-28297 (SolarWinds Observability Self-Hosted was found to be affected by a sto ...)
 	NOT-FOR-US: SolarWinds
 CVE-2026-27828 (EVerest is an EV charging software stack. Prior to version 2026.02.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-27816 (EVerest is an EV charging software stack. Prior to versions to 2026.02 ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-27815 (EVerest is an EV charging software stack. Prior to versions to 2026.02 ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-27814 (EVerest is an EV charging software stack. Versions prior to 2026.02.0  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-27813 (EVerest is an EV charging software stack. Versions prior to 2026.02.0  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-27664 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
 	NOT-FOR-US: Siemens
 CVE-2026-27663 (A vulnerability has been identified in CPCI85 Central Processing/Commu ...)
@@ -244,25 +244,25 @@ CVE-2026-27663 (A vulnerability has been identified in CPCI85 Central Processing
 CVE-2026-26213 (thingino-firmware versions up to the firmware-2026-03-16 release conta ...)
 	TODO: check
 CVE-2026-26074 (EVerest is an EV charging software stack. Versions prior to 2026.02.0  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-26073 (EVerest is an EV charging software stack. Versions prior to 2026.02.0  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-26072 (EVerest is an EV charging software stack. Versions prior to 2026.02.0  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-26071 (EVerest is an EV charging software stack. Versions prior to 2026.02.0  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-26070 (EVerest is an EV charging software stack. Versions prior to 2026.02.0  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-26008 (EVerest is an EV charging software stack. Versions prior to 2026.02.0  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-24068 (The VSL privileged helper does utilize NSXPC for IPC. The implementati ...)
 	TODO: check
 CVE-2026-23995 (EVerest is an EV charging software stack. Prior to version 2026.02.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-22790 (EVerest is an EV charging software stack. Prior to version 2026.02.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-22593 (EVerest is an EV charging software stack. Prior to version 2026.02.0,  ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-1961 (A flaw was found in Foreman. A remote attacker could exploit a command ...)
 	TODO: check
 CVE-2026-1032 (The Conditional Menus plugin for WordPress is vulnerable to Cross-Site ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897d8965f9bc9fdd79bf2d0c40e07335839c15eb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/897d8965f9bc9fdd79bf2d0c40e07335839c15eb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/73d73db7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list