[Git][security-tracker-team/security-tracker][master] Process some NFUs

Sun May 17 08:11:13 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c768a35e by Salvatore Bonaccorso at 2026-05-17T09:10:47+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2025-4202 (The Multicollab: Content Team Collaboration and Editorial Workflow plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-47981 (Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sli ...)
-	TODO: check
+	NOT-FOR-US: Quick.CMS
 CVE-2021-47980 (Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allo ...)
-	TODO: check
+	NOT-FOR-US: Fuel CMS
 CVE-2021-47979 (WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-47978 (ProcessMaker 3.5.4 contains a local file inclusion vulnerability that  ...)
 	TODO: check
 CVE-2021-47977 (WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-47976 (TextPattern CMS 4.9.0-dev contains a remote code execution vulnerabili ...)
 	TODO: check
 CVE-2021-47975 (WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-47974 (VX Search 13.5.28 contains an unquoted service path vulnerability in b ...)
 	TODO: check
 CVE-2021-47973 (Sticky Notes Widget 3.0.6 contains a denial of service vulnerability t ...)
@@ -401,15 +401,15 @@ CVE-2026-41553 (PDF Export Module used inDHTMLX'sproducts Gantt and Scheduler is
 CVE-2026-41552 (PDF Export Module used in DHTMLX's products Gantt and Scheduler is vul ...)
 	NOT-FOR-US: DHTMLX
 CVE-2026-41258 (OpenMRS is an open source electronic medical record system platform. F ...)
-	TODO: check
+	NOT-FOR-US: OpenMRS
 CVE-2026-41181 (Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44,  ...)
 	TODO: check
 CVE-2026-39054 (Oinone Pamirs 7.0.0 contains a command injection vulnerability in Comm ...)
-	TODO: check
+	NOT-FOR-US: Oinone Pamirs
 CVE-2026-39053 (Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its ...)
-	TODO: check
+	NOT-FOR-US: Oinone Pamirs
 CVE-2026-39052 (Oinone Pamirs 7.0.0 contains a code execution vulnerability via Script ...)
-	TODO: check
+	NOT-FOR-US: Oinone Pamirs
 CVE-2026-38728 (An issue in Nodemailer smtp_server before v.3.18.3 allows a remote att ...)
 	TODO: check
 CVE-2026-35194 (Code injection in SQL code generation in Apache Flink 1.15.0 through 1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c768a35e55a2c75674504e1b80be6286a9e4b14c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c768a35e55a2c75674504e1b80be6286a9e4b14c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260517/6b0c6c51/attachment.htm>
