[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 27 Feb 2026 12:49:30 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f1bd67ac by Salvatore Bonaccorso at 2026-02-27T21:46:32+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,7 +23,7 @@ CVE-2026-2362 (The WP Accessibility plugin for WordPress is 
vulnerable to Stored
 CVE-2026-2359 (Multer is a node.js middleware for handling 
`multipart/form-data`. A v ...)
        NOT-FOR-US: Node multer
 CVE-2026-2293 (A NestJS application using @nestjs/platform-fastify can allow 
bypass o ...)
-       TODO: check
+       NOT-FOR-US: NestJS nest
 CVE-2026-2252 (An XML External Entity (XXE) vulnerability allows malicious 
user to pe ...)
        NOT-FOR-US: Xerox
 CVE-2026-2251 (Improper limitation of a pathname to a restricted directory 
(Path Trav ...)
@@ -129,35 +129,35 @@ CVE-2026-1305 (The Japanized for WooCommerce plugin for 
WordPress is vulnerable
 CVE-2025-69437 (PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. 
Uploade ...)
        NOT-FOR-US: PublicCMS
 CVE-2025-15498 (Pro3W CMS if vulnerable toSQL injection attacks.Improper 
neutralizatio ...)
-       TODO: check
+       NOT-FOR-US: Pro3W CMS
 CVE-2025-14142 (The Electric Enquiries plugin for WordPress is vulnerable to 
Stored Cr ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-11950 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: KNOWHY Advanced Technology rading Ltd. Co. EduAsist
 CVE-2025-11252 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Signum Technology Promotion and Training Inc. Windesk.Fm
 CVE-2025-11251 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Dayneks Software Industry and Trade Inc. E-Commerce Platform
 CVE-2024-10938 (The OVRI Payment plugin for WordPress contains malicious 
.htaccess fil ...)
        NOT-FOR-US: WordPress plugin
 CVE-2019-25497 (osCommerce 2.3.4.1 contains a SQL injection vulnerability that 
allows  ...)
-       TODO: check
+       NOT-FOR-US: osCommerce
 CVE-2019-25496 (osCommerce 2.3.4.1 contains a SQL injection vulnerability that 
allows  ...)
-       TODO: check
+       NOT-FOR-US: osCommerce
 CVE-2019-25495 (osCommerce 2.3.4.1 contains a SQL injection vulnerability that 
allows  ...)
-       TODO: check
+       NOT-FOR-US: osCommerce
 CVE-2019-25494 (Homey BNB V4 contains an SQL injection vulnerability in the 
administra ...)
-       TODO: check
+       NOT-FOR-US: Homey BNB
 CVE-2019-25493 (Homey BNB V4 contains an SQL injection vulnerability that 
allows unaut ...)
-       TODO: check
+       NOT-FOR-US: Homey BNB
 CVE-2019-25492 (Homey BNB V4 contains an SQL injection vulnerability that 
allows unaut ...)
-       TODO: check
+       NOT-FOR-US: Homey BNB
 CVE-2019-25491 (Homey BNB V4 contains an SQL injection vulnerability that 
allows unaut ...)
-       TODO: check
+       NOT-FOR-US: Homey BNB
 CVE-2019-25490 (Homey BNB V4 contains a SQL injection vulnerability that 
allows unauth ...)
-       TODO: check
+       NOT-FOR-US: Homey BNB
 CVE-2019-25489 (Homey BNB V4 contains a SQL injection vulnerability that 
allows unauth ...)
-       TODO: check
+       NOT-FOR-US: Homey BNB
 CVE-2026-3302 (A weakness has been identified in SourceCodester Doctor 
Appointment Sy ...)
        NOT-FOR-US: SourceCodester
 CVE-2026-3301 (A security flaw has been discovered in Totolink N300RH 
6.1c.1353_B2019 ...)
@@ -417,9 +417,9 @@ CVE-2026-1558 (The WP Recipe Maker plugin for WordPress is 
vulnerable to an Inse
 CVE-2026-1442 (Since the encryption algorithm used to protect firmware updates 
is its ...)
        NOT-FOR-US: Unitree
 CVE-2025-15567 (Insufficient protection mechanisms in the Health Module may 
lead to pa ...)
-       TODO: check
+       NOT-FOR-US: Vivo
 CVE-2025-15509 (TheSmartRemote module has insufficient restrictions on loading 
URLs, w ...)
-       TODO: check
+       NOT-FOR-US: Vivo
 CVE-2025-14149 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for 
WordPress ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-14040 (The Automotive Car Dealership Business WordPress Theme for 
WordPress i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1bd67ac5f7bdec6d0f0ded76b6ab86064a8babf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1bd67ac5f7bdec6d0f0ded76b6ab86064a8babf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to