[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 28 08:14:12 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
06946bc2 by security tracker role at 2026-03-28T08:14:04+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,35 +17,35 @@ CVE-2026-4990 (A security vulnerability has been detected in chatwoot up to 4.11
CVE-2026-4988 (A security flaw has been discovered in Open5GS 2.7.6. This issue affec ...)
TODO: check
CVE-2026-4987 (The SureForms \u2013 Contact Form, Payment Form & Other Custom Form Bu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4985 (A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulner ...)
TODO: check
CVE-2026-4984 (The Twilio integration webhook handler accepts any POST request withou ...)
TODO: check
CVE-2026-4982 (A user with permission "update world" in any Venueless world is able t ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-4980 (A local file disclosure vulnerability in the XInclude processing compo ...)
TODO: check
CVE-2026-4976 (A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Thi ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-4975 (A vulnerability has been found in Tenda AC15 15.03.05.19. This affects ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4974 (A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4973 (A vulnerability was detected in SourceCodester Online Quiz System up t ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-4972 (A security vulnerability has been detected in code-projects Online Rev ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4971 (A weakness has been identified in SourceCodester Note Taking App up to ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-4970 (A security flaw has been discovered in code-projects Social Networking ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4969 (A vulnerability was identified in code-projects Social Networking Site ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4968 (A vulnerability was determined in SourceCodester Diary App 1.0. The af ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-4966 (A flaw has been found in itsourcecode Free Hotel Reservation System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-4965 (A vulnerability was detected in letta-ai letta 0.16.4. This issue affe ...)
TODO: check
CVE-2026-4964 (A security vulnerability has been detected in letta-ai letta 0.16.4. T ...)
@@ -55,9 +55,9 @@ CVE-2026-4963 (A weakness has been identified in huggingface smolagents 1.25.0.d
CVE-2026-4962 (A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affecte ...)
TODO: check
CVE-2026-4961 (A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4960 (A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is t ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4959 (A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the fu ...)
TODO: check
CVE-2026-4958 (A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects t ...)
@@ -73,31 +73,31 @@ CVE-2026-4954 (A security vulnerability has been detected in mingSoft MCMS up to
CVE-2026-4953 (A weakness has been identified in mingSoft MCMS up to 5.5.0. This issu ...)
TODO: check
CVE-2026-4933 (Incorrect Authorization vulnerability in Drupal Unpublished Node Permi ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-4910 (A security vulnerability has been detected in Shenzhen Ruiming Technol ...)
TODO: check
CVE-2026-4909 (A weakness has been identified in code-projects Exam Form Submission 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4908 (A security flaw has been discovered in code-projects Simple Laundry Sy ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4907 (A vulnerability was identified in Page-Replica Page Replica up to e4a7 ...)
TODO: check
CVE-2026-4906 (A vulnerability was determined in Tenda AC5 15.03.06.47. The affected ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4905 (A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the fu ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4904 (A vulnerability has been found in Tenda AC5 15.03.06.47. This issue af ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4903 (A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability aff ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4902 (A vulnerability was detected in Tenda AC5 15.03.06.47. This affects th ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-4900 (A weakness has been identified in code-projects Online Food Ordering S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4899 (A security flaw has been discovered in code-projects Online Food Order ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4898 (A vulnerability was identified in code-projects Online Food Ordering S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-4622 (OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series ...)
TODO: check
CVE-2026-4621 (Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series ...)
@@ -107,39 +107,39 @@ CVE-2026-4620 (OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm S
CVE-2026-4619 (Path Traversal vulnerability in NEC Platforms, Ltd. Aterm Series allow ...)
TODO: check
CVE-2026-4393 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Lo ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-4346 (The vulnerability affecting TL-WR850N v3 allows cleartext storage of a ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-4340
REJECTED
CVE-2026-4309 (Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Serie ...)
TODO: check
CVE-2026-4248 (The Ultimate Member plugin for WordPress is vulnerable to Sensitive In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3622 (The vulnerability exists in the UPnP component of TL-WR841N v14, where ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-3573 (Incorrect Authorization vulnerability in Drupal AI (Artificial Intelli ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3532 (Improper Handling of Case Sensitivity vulnerability in Drupal OpenID C ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3531 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3530 (Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Conn ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3529 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3528 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3527 (Missing Authentication for Critical Function vulnerability in Drupal A ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3526 (Incorrect Authorization vulnerability in Drupal File Access Fix (depre ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3525 (Incorrect Authorization vulnerability in Drupal File Access Fix (depre ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-3457 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2026-3098 (The Smart Slider 3 plugin for WordPress is vulnerable to Arbitrary Fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-34475 (Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in ...)
TODO: check
CVE-2026-34411 (Appsmith versions prior to 1.98 expose sensitive instance management A ...)
@@ -191,7 +191,7 @@ CVE-2026-33993 (Locutus brings stdlibs of other programming languages to JavaScr
CVE-2026-33992 (pyLoad is a free and open-source download manager written in Python. P ...)
TODO: check
CVE-2026-33991 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-33989 (Mobile Next is an MCP server for mobile development and automation. Pr ...)
TODO: check
CVE-2026-33981 (changedetection.io is a free open source web page change detection too ...)
@@ -429,7 +429,7 @@ CVE-2026-32669 (Code injection vulnerability exists in BUFFALO Wi-Fi router prod
CVE-2026-32241 (Flannel is a network fabric for containers, designed for Kubernetes. T ...)
TODO: check
CVE-2026-32187 (Microsoft Edge (Chromium-based) Defense in Depth Vulnerability)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-31951 (LibreChat is a ChatGPT clone with additional features. In versions 0.8 ...)
TODO: check
CVE-2026-31950 (LibreChat is a ChatGPT clone with additional features. In versions 0.8 ...)
@@ -443,35 +443,35 @@ CVE-2026-30689 (A blog.admin v.8.0 and before system's getinfobytoken API interf
CVE-2026-30637 (Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounC ...)
TODO: check
CVE-2026-30576 (A Business Logic vulnerability exists in SourceCodester Pharmacy Produ ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30575 (A Business Logic vulnerability exists in SourceCodester Pharmacy Produ ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30574 (A Business Logic vulnerability exists in SourceCodester Pharmacy Produ ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30571 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30570 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30569 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30568 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30567 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceC ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30534 (A SQL Injection vulnerability exists in SourceCodester Online Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30533 (A SQL Injection vulnerability exists in SourceCodester Online Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30532 (A SQL Injection vulnerability exists in SourceCodester Online Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30531 (A SQL Injection vulnerability exists in SourceCodester Online Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30530 (A SQL Injection vulnerability exists in SourceCodester Online Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30529 (A SQL Injection vulnerability exists in SourceCodester Online Food Ord ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30527 (A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCode ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-30407
REJECTED
CVE-2026-30304 (In its design for automatic terminal command execution, AI Code offers ...)
@@ -511,7 +511,7 @@ CVE-2026-27876 (A chained attack via SQL Expressions and a Grafana Enterprise pl
CVE-2026-27650 (OS Command Injection vulnerability exists in BUFFALO Wi-Fi router prod ...)
TODO: check
CVE-2026-27309 (Substance3D - Stager versions 3.1.7 and earlier are affected by a Use ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-26061 (Fleet is open source device management software. Prior to 4.81.0, Flee ...)
TODO: check
CVE-2026-26060 (Fleet is open source device management software. Prior to 4.81.0, a vu ...)
@@ -525,21 +525,21 @@ CVE-2026-25099 (Bludit\u2019s API plugin allows an authenticated attacker with a
CVE-2026-23399 (In the Linux kernel, the following vulnerability has been resolved: n ...)
TODO: check
CVE-2026-22744 (InRedisFilterExpressionConverterofspring-ai-redis-store, when a user-c ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-22743 (Spring AI'sspring-ai-neo4j-storecontains a Cypher injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-22742 (Spring AI's spring-ai-bedrock-conversecontains a Server-Side Request F ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-22738 (In Spring AI, a SpEL injection vulnerability exists inSimpleVectorStor ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-1679 (The eswifi socket offload driver copies user-provided payloads into a ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-1496 (Vulnerable versions of Coverity Connect lack an error handler in the a ...)
- TODO: check
+ NOT-FOR-US: Black Duck
CVE-2026-1307 (The Ninja Forms - The Contact Form Builder That Grows With You plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0748 (In the Drupal 7 Internationalization (i18n) module, the i18n_node subm ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-69988 (BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Cont ...)
TODO: check
CVE-2025-69986 (A buffer overflow vulnerability exists in the ONVIF GetStreamUri funct ...)
@@ -555,25 +555,25 @@ CVE-2025-15615 (Wazuh Manager authd service in wazuh-manager packages through ve
CVE-2025-15612 (Wazuh provisioning scripts and Dockerfiles contain an insecure transpo ...)
TODO: check
CVE-2025-15445 (The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15381 (In the latest version of mlflow/mlflow, when the `basic-auth` app is e ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2025-13478 (Cache misconfiguration vulnerability in OpenText Identity Manager on W ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-12886 (The Oxygen Theme theme for WordPress is vulnerable to Server-Side Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-14028 (Use after free vulnerability in Softing smartLink HW-DP or smartLink H ...)
- TODO: check
+ NOT-FOR-US: Softing
CVE-2024-11604 (Insertion of Sensitive Information into Log File vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2023-7340 (Wazuh authd contains a heap-buffer overflow vulnerability that allows ...)
TODO: check
CVE-2023-7339 (Stack-based buffer overflow vulnerability in Softing Industrial Automa ...)
- TODO: check
+ NOT-FOR-US: Softing
CVE-2019-25652 (UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11 ...)
TODO: check
CVE-2019-25651 (Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti
CVE-2026-33375 (The Grafana MSSQL data source plugin contains a logic flaw that allows ...)
NOT-FOR-US: Grafana MMSQL Data Source Plugin
CVE-2026-28377 (A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06946bc29e6c36be387feacbb438298b3a115670
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06946bc29e6c36be387feacbb438298b3a115670
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/cf9d2ca5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list