[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Fri May 1 20:14:38 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb7ecb07 by security tracker role at 2026-05-01T19:14:33+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,7 +27,7 @@ CVE-2026-7579 (A security vulnerability has been detected in AstrBotDevs AstrBot
 CVE-2026-7578 (A weakness has been identified in MacCMS Pro up to 2022.1.3. This vuln ...)
 	TODO: check
 CVE-2026-7567 (The Temporary Login plugin for WordPress is vulnerable to Authenticati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-43507 (An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13. ...)
 	TODO: check
 CVE-2026-43506 (An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13. ...)
@@ -89,11 +89,11 @@ CVE-2026-42402 (Apache Neethi is vulnerable to a Denial of Service attack throug
 CVE-2026-40201 (@diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows store ...)
 	TODO: check
 CVE-2026-3772 (The WP Editor plugin for WordPress is vulnerable to Cross-Site Request ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3143 (The Total Upkeep \u2013 WordPress Backup Plugin plus Restore & Migrate ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-3140 (The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-37554 (An issue was discovered in Vanetza V2X v26.02 allowing remote unauthor ...)
 	TODO: check
 CVE-2026-37552 (Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2. ...)
@@ -143,11 +143,11 @@ CVE-2026-23866 (Incomplete validation of AI rich response messages for Instagram
 CVE-2026-23863 (An attachment spoofing issue in WhatsApp for Windows prior to v2.3000. ...)
 	TODO: check
 CVE-2026-22167 (Software installed and run as a non-privileged user may conduct improp ...)
-	TODO: check
+	NOT-FOR-US: Imagination Technologies
 CVE-2026-22166 (A web page that contains unusual WebGPU content loaded into the GPU GL ...)
-	TODO: check
+	NOT-FOR-US: Imagination Technologies
 CVE-2026-22165 (A web page that contains unusual WebGPU content loaded into the GPU GL ...)
-	TODO: check
+	NOT-FOR-US: Imagination Technologies
 CVE-2026-21996 (An unprivileged attacker can reliably trigger a crash of the dtrace pr ...)
 	TODO: check
 CVE-2025-69606 (Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb7ecb0739d03d62422de41cc989a442bdfcc333

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb7ecb0739d03d62422de41cc989a442bdfcc333
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260501/56f7c236/attachment.htm>
