[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 14 20:14:27 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cacb730e by security tracker role at 2026-05-14T19:14:20+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,19 +9,19 @@ CVE-2026-7805
 CVE-2026-6923 (A side-channel attack, which requires a physical presence to the TPM,  ...)
 	TODO: check
 CVE-2026-6514 (The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary Fil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6512 (The InfusedWoo Pro plugin for WordPress is vulnerable to authorization ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6504 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6332 (CWE-312: Cleartext Storage of Sensitive Information vulnerability exis ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2026-6206 (The MW WP Form plugin for WordPress is vulnerable to Information Expos ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6174 (The CC Child Pages plugin for WordPress is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6145 (The User Registration & Membership plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6008 (Authorization bypass through User-Controlled key vulnerability in Im P ...)
 	TODO: check
 CVE-2026-5798 (Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versi ...)
@@ -29,11 +29,11 @@ CVE-2026-5798 (Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier
 CVE-2026-5790 (Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and earlier, l ...)
 	TODO: check
 CVE-2026-4031 (The Database Backup for WordPress plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4030 (The Database Backup for WordPress plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4029 (The Database Backup for WordPress plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-46470 (An issue was discovered in GStreamer gst-plugins-good before 1.28.2. W ...)
 	TODO: check
 CVE-2026-46469 (An issue was discovered in GStreamer gst-plugins-good before 1.28.2. W ...)
@@ -113,7 +113,7 @@ CVE-2026-44216 (Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43
 CVE-2026-43644 (podinfo through 6.11.2 contains a reflected cross-site scripting vulne ...)
 	TODO: check
 CVE-2026-42897 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42881 (STIGQter is an open-source reimplementation of DISA's STIG Viewer. Fro ...)
 	TODO: check
 CVE-2026-42598 (Pode is a Cross-Platform PowerShell web framework for creating REST AP ...)
@@ -165,7 +165,7 @@ CVE-2026-41932 (Vvveb before 1.0.8.3 contains a stored cross-site scripting vuln
 CVE-2026-41888 (Distribution is a toolkit to pack, ship, store, and deliver container  ...)
 	TODO: check
 CVE-2026-41615 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41315 (mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver- ...)
 	TODO: check
 CVE-2026-40893 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
@@ -177,7 +177,7 @@ CVE-2026-2347 (Authorization bypass through User-Controlled key vulnerability in
 CVE-2026-27886 (Strapi is an open source headless content management system. Strapi ve ...)
 	TODO: check
 CVE-2026-27680 (Due to improper input handling under certain conditions, SAP NetWeaver ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-24712 (Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, ...)
 	TODO: check
 CVE-2026-24711 (Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 ha ...)
@@ -195,13 +195,13 @@ CVE-2026-22599 (Strapi is an open source headless content management system. In
 CVE-2026-21730 (Verba is affected by a Stored Cross-Site Scripting (XSS) vulnerability ...)
 	TODO: check
 CVE-2026-20224 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, former ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20210 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, former ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20209 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, former ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20182 (May 2026: This security advisory provides the details and fix informat ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-1630 (WEBCON BPS is vulnerable to Reflected XSS via one of parameters used b ...)
 	TODO: check
 CVE-2025-69443 (Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML page, w ...)
@@ -219,23 +219,23 @@ CVE-2025-62625 (Improper privilege management in the KVM key download component
 CVE-2025-62619 (Missing authentication in the KVM key download endpoint could allow an ...)
 	TODO: check
 CVE-2025-62317 (HCL AION is affected by a vulnerability where sensitive information ma ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-62316 (HCL AION is affected by a vulnerability where certain security-related ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-62313 (HCL AION is affected by a vulnerability where adequate protections aga ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-62312 (HCL AION is affected by a vulnerability where basic authorization toke ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-62311 (HCL AION is affected by a vulnerability where backend service details  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-62310 (HCL AION is affected by a vulnerability where encryption is not enforc ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-62309 (HCL AION is affected by a vulnerability where auto-complete functional ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-62308 (HCL AION is affected by a vulnerability where sensitive backend infras ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-62305 (HCL AION is affected by a vulnerability where certain operations may t ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2025-15025 (Authorization bypass through User-Controlled key vulnerability in Yord ...)
 	TODO: check
 CVE-2025-15024 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cacb730e3fb201709b5a07c4d6ca4e08557cf979

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cacb730e3fb201709b5a07c4d6ca4e08557cf979
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/486a7714/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list