[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Thu, 26 Feb 2026 12:14:42 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
17d141d5 by security tracker role at 2026-02-26T20:14:24+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,15 +15,15 @@ CVE-2026-28296 (A flaw was found in the FTP GVfs backend. A 
remote attacker coul
 CVE-2026-28295 (A flaw was found in the FTP GVfs backend. A malicious FTP 
server can e ...)
        TODO: check
 CVE-2026-28138 (Deserialization of Untrusted Data vulnerability in Stylemix 
uListing u ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-28136 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-28132 (Improper Neutralization of Script-Related HTML Tags in a Web 
Page (Bas ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-28131 (Insertion of Sensitive Information Into Sent Data 
vulnerability in WPV ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-28083 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27510 (Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used 
with the ...)
        TODO: check
 CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9 and 
V1.1.11 (EDU)  ...)
@@ -31,9 +31,9 @@ CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through 
V1.1.9 and V1.1.11
 CVE-2026-27141 (Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will 
cause a ...)
        TODO: check
 CVE-2026-26979 (Discourse is an open source discussion platform. Prior to 
versions 202 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-26973 (Discourse is an open source discussion platform. Versions 
prior to 202 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-26938 (Improper Neutralization of Special Elements Used in a Template 
Engine  ...)
        TODO: check
 CVE-2026-26937 (Uncontrolled Resource Consumption (CWE-400) in the Timelion 
component  ...)
@@ -49,17 +49,17 @@ CVE-2026-26932 (Improper Validation of Array Index 
(CWE-129) in the PostgreSQL p
 CVE-2026-26682 (An issue in fastCMS before v.0.1.6 allows a local attacker to 
execute  ...)
        TODO: check
 CVE-2026-26265 (Discourse is an open source discussion platform. Prior to 
versions 202 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-26228 (VideoLAN VLC for Android prior to version 3.7.0 contains a 
path traver ...)
        TODO: check
 CVE-2026-26227 (VideoLAN VLC for Android prior to version 3.7.0 contains an 
authentica ...)
        TODO: check
 CVE-2026-26207 (Discourse is an open source discussion platform. Prior to 
versions 202 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-26078 (Discourse is an open source discussion platform. Prior to 
versions 202 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-26077 (Discourse is an open source discussion platform. Prior to 
versions 202 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-23939 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        TODO: check
 CVE-2026-23750 (Golioth Pouch version 0.1.0, prior to commit 1b2219a1, 
contains a heap ...)
@@ -75,13 +75,13 @@ CVE-2026-22722 (A malicious actor with authenticated user 
privileges on a Window
 CVE-2026-22715 (VMWare Workstation and Fusion contain a logic flaw in the 
management o ...)
        TODO: check
 CVE-2026-1565 (The User Frontend: AI Powered Frontend Posting, User Directory, 
Profil ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-1241 (The Pelco, Inc. Sarix Professional 3 Series Cameras are 
vulnerable to  ...)
        TODO: check
 CVE-2026-1198 (SIMPLE.ERP is vulnerable to the SQL Injection in search 
functionality  ...)
        TODO: check
 CVE-2025-71057 (Improper session management in D-Link Wireless N 300 ADSL2+ 
Modem Rout ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2025-64999 (Improper neutralization of input in Checkmk versions 2.4.0 
before 2.4. ...)
        TODO: check
 CVE-2025-56605 (A reflected Cross-Site Scripting (XSS) vulnerability exists in 
the reg ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17d141d5f0ab40106b43888335101da59aeabd4d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17d141d5f0ab40106b43888335101da59aeabd4d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to