[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 15 08:13:52 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2772f499 by security tracker role at 2026-05-15T07:13:46+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,17 +7,17 @@ CVE-2026-8629 (Crabbox prior to v0.12.0 contains a privilege escalation vulnerab
 CVE-2026-8612 (WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cache ...)
 	TODO: check
 CVE-2026-8597 (Missing integrity verification in the Triton inference handler in Amaz ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-8596 (Cleartext storage of sensitive information in the ModelBuilder/Serve c ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-7373 (Rapid7 Metasploit Pro is vulnerable to a local privilege escalation at ...)
 	TODO: check
 CVE-2026-6811 (Stack exhaustion vulnerability in the MongoDB PHP driver can cause app ...)
 	TODO: check
 CVE-2026-6646 (The The7 theme for WordPress is vulnerable to Stored Cross-Site Script ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4094 (The FOX \u2013 Currency Switcher Professional for WooCommerce plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-46356 (Fleet is open source device management software. Prior to version 4.80 ...)
 	TODO: check
 CVE-2026-45781 (The MCP Registry provides MCP clients with a list of MCP servers, like ...)
@@ -87,9 +87,9 @@ CVE-2026-42327 (rust-openssl provides OpenSSL bindings for the Rust programming
 CVE-2026-41702 (VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerabil ...)
 	TODO: check
 CVE-2026-3290 (Timing limitations of the HRNG in RS9116 when power save mode is enabl ...)
-	TODO: check
+	NOT-FOR-US: Silicon Labs
 CVE-2026-2652 (A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows una ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2026-28761 (Cross-site request forgery vulnerability exists in Musetheque V4 Infor ...)
 	TODO: check
 CVE-2026-26191 (Fleet is open source device management software. Prior to version 4.81 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2772f4991991f14a47516b668c7ff55fbaa17160

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2772f4991991f14a47516b668c7ff55fbaa17160
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260515/c62e12e9/attachment.htm>

More information about the debian-security-tracker-commits mailing list