[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Fri, 09 Jan 2026 00:14:09 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ad50e21e by security tracker role at 2026-01-09T08:13:53+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,37 +25,37 @@ CVE-2026-22588 (Spree is an open source e-commerce solution 
built with Ruby on R
 CVE-2026-21409 (Improper authorization vulnerability exists in RICOH 
Streamline NX 3.5 ...)
        TODO: check
 CVE-2026-20976 (Improper input validation in Galaxy Store prior to version 
4.6.02 allo ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-20975 (Improper handling of insufficient permission in Samsung Cloud 
prior to ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-20974 (Improper input validation in data related to network 
restrictions prio ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-20973 (Out-of-bounds read in libimagecodec.quram.so prior to SMR 
Jan-2026 Rel ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-20972 (Improper Export of Android Application Components in UwbTest 
prior to  ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-20971 (Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 
allows  ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-20970 (Improper access control in SLocation prior to SMR Jan-2026 
Release 1 a ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-20969 (Improper input validation in SecSettings prior to SMR Jan-2026 
Release ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-20968 (Use after free in DualDAR prior to SMR Jan-2026 Release 1 
allows local ...)
-       TODO: check
+       NOT-FOR-US: Samsung Mobile
 CVE-2026-0733 (A vulnerability was determined in PHPGurukul Online Course 
Registratio ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul
 CVE-2026-0732 (A vulnerability was found in D-Link DI-8200G 17.12.20A1. This 
affects  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-0731 (A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. 
The impac ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-0730 (A flaw has been found in PHPGurukul Staff Leave Management 
System 1.0. ...)
-       TODO: check
+       NOT-FOR-US: PHPGurukul
 CVE-2026-0729 (A vulnerability was detected in code-projects Intern Membership 
Manage ...)
-       TODO: check
+       NOT-FOR-US: code-projects
 CVE-2026-0728 (A security vulnerability has been detected in code-projects 
Intern Mem ...)
-       TODO: check
+       NOT-FOR-US: code-projects
 CVE-2026-0563 (The WP Google Street View (with 360\xb0 virtual tour) & Google 
maps +  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-70974 (Fastjson before 1.2.48 mishandles autoType because, when an 
@type key  ...)
        TODO: check
 CVE-2025-68719 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle 
configurati ...)
@@ -67,55 +67,55 @@ CVE-2025-68717 (KAYSUS KS-WR3600 routers with firmware 
1.0.5.9.1 allow authentic
 CVE-2025-68716 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the 
SSH servic ...)
        TODO: check
 CVE-2025-66315 (There is a configuration defect vulnerability in the version 
server of ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2025-15464 (Exported Activity allows external applications to gain 
application con ...)
        TODO: check
 CVE-2025-15057 (The SlimStat Analytics plugin for WordPress is vulnerable to 
Stored Cr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-15055 (The SlimStat Analytics plugin for WordPress is vulnerable to 
Stored Cr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-15019 (The BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with 
Yoast S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14980 (The BetterDocs plugin for WordPress is vulnerable to Sensitive 
Informa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14937 (The Frontend Admin by DynamiApps plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14893 (The IndieWeb plugin for WordPress is vulnerable to Stored 
Cross-Site S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14886 (The Japanized for WooCommerce plugin for WordPress is 
vulnerable to un ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14803 (The NEX-Forms  WordPress plugin before 9.1.8 does not sanitise 
and esc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14782 (The Forminator Forms \u2013 Contact Form, Payment Form & 
Custom Form B ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14741 (The Frontend Admin by DynamiApps plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14736 (The Frontend Admin by DynamiApps plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14720 (The Booking for Appointments and Events Calendar \u2013 Amelia 
plugin  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14718 (The Schedule Post Changes With PublishPress Future plugin for 
WordPres ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14657 (The Eventin \u2013 Event Manager, Events Calendar, Event 
Tickets and R ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14574 (The weDocs plugin for WordPress is vulnerable to Sensitive 
Information ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14505 (The ECDSA implementation of the Elliptic package generates 
incorrect s ...)
        TODO: check
 CVE-2025-14436 (The Brevo for WooCommerce plugin for WordPress is vulnerable 
to Stored ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-14146 (The Booking Calendar plugin for WordPress is vulnerable to 
Sensitive I ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13935 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13934 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13753 (The WP Table Builder \u2013 Drag & Drop Table Builder plugin 
for WordP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13749 (The Clearfy Cache \u2013 WordPress optimization plugin, Minify 
HTML, C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13628 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-0716
        - libsoup3 <unfixed>
        - libsoup2.4 <removed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad50e21e0267bea42bbd6f3204f15a0024d05190

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad50e21e0267bea42bbd6f3204f15a0024d05190
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to