[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 21 08:14:14 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a9fdffe1 by security tracker role at 2026-05-21T07:14:08+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2026-9137 (The CSP report endpoint intended to limit logged CSP reports to 1
 CVE-2026-9136 (A vulnerability was identified in the ShadowAttribute proposal creatio ...)
 	TODO: check
 CVE-2026-9133 (Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws ...)
-	TODO: check
+	NOT-FOR-US: Amazon
 CVE-2026-9129 (A path traversal vulnerability exists in the Altium Enterprise Server  ...)
 	TODO: check
 CVE-2026-9126 (Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allo ...)
@@ -53,7 +53,7 @@ CVE-2026-9110 (Inappropriate implementation in UI in Google Chrome on Windows pr
 CVE-2026-9102 (A path traversal vulnerability exists in the Altium Enterprise Server  ...)
 	TODO: check
 CVE-2026-9082 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2026-8632 (A potential security vulnerability has been identified in the HP Linux ...)
 	TODO: check
 CVE-2026-8631 (A potential security vulnerability has been identified in the HP Linux ...)
@@ -61,9 +61,9 @@ CVE-2026-8631 (A potential security vulnerability has been identified in the HP
 CVE-2026-8399
 	REJECTED
 CVE-2026-6279 (The Avada Builder (fusion-builder) plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4811 (The WPB Floating Menu & Categories for WordPress \u2013 Sticky Side Me ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-48172 (LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalat ...)
 	TODO: check
 CVE-2026-47782 (Android App "RoboForm Password Manager" provided by Siber Systems, Inc ...)
@@ -71,7 +71,7 @@ CVE-2026-47782 (Android App "RoboForm Password Manager" provided by Siber System
 CVE-2026-47099 (TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vuln ...)
 	TODO: check
 CVE-2026-45444 (Unrestricted Upload of File with Dangerous Type vulnerability in WP Sw ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-40165 (authentik is an open-source identity provider. Versions 2025.12.4 and  ...)
 	TODO: check
 CVE-2026-40102 (Plane is an open-source project management tool. In versions 1.3.0 and ...)
@@ -113,29 +113,29 @@ CVE-2026-35008 (Open ISES Tickets before 3.44.2 contains a reflected cross-site
 CVE-2026-35007 (Open ISES Tickets before 3.44.2 contains a reflected cross-site script ...)
 	TODO: check
 CVE-2026-33137 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2026-2813 (ArcGIS Server contains an input validation weakness in the login redir ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2026-2812 (ArcGIS Server contains an improper authentication vulnerability in an  ...)
-	TODO: check
+	NOT-FOR-US: Esri
 CVE-2026-2734 (In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST  ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2026-26028 (CryptPad is an end-to-end encrypted collaborative office suite. In ver ...)
 	TODO: check
 CVE-2026-24218 (NVIDIA DGX OS contains a vulnerability in the factory provisioning pro ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2026-24217 (NVIDIA BioNeMo Core for Linux contains a vulnerability where a user co ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2026-24216 (NVIDIA BioNemo for Linux contains a vulnerability where a user could c ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA
 CVE-2026-24188 (NVIDIA TensorRT contains a vulnerability where an attacker could cause ...)
 	TODO: check
 CVE-2026-23734 (XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2026-1881 (The Broadstreet plugin for WordPress is vulnerable to Insecure Direct  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-1543 (The Avada (Fusion) Builder plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-XXXX [ROHC protocol dissector crash]
 	- wireshark 4.6.6-1
 	[trixie] - wireshark <postponed> (Minor issue, fix along with future update)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9fdffe13d01278a604144329826fcfb6c7a09f8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9fdffe13d01278a604144329826fcfb6c7a09f8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260521/cdc5a7bb/attachment.htm>

More information about the debian-security-tracker-commits mailing list