[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Tue, 24 Mar 2026 01:14:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b5bb466f by security tracker role at 2026-03-24T08:14:16+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,65 +47,65 @@ CVE-2026-4731 (Integer Overflow or Wraparound vulnerability 
in artraweditor ART
 CVE-2026-4681 (A critical remote code execution (RCE) vulnerability has been 
reported ...)
        TODO: check
 CVE-2026-4662 (The JetEngine plugin for WordPress is vulnerable to SQL 
Injection via  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4640 (Vitals ESP developed by Galaxy Software Services has a Missing 
Authent ...)
        TODO: check
 CVE-2026-4639 (Vitals ESP developed by Galaxy Software Services has a 
Incorrect Autho ...)
        TODO: check
 CVE-2026-4632 (A weakness has been identified in itsourcecode Online 
Enrollment Syste ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-4627 (A vulnerability was found in D-Link DIR-825 and DIR-825R 
1.0.5/4.5.1.  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-4626 (A vulnerability has been found in projectworlds Lawyer 
Management Syst ...)
-       TODO: check
+       NOT-FOR-US: Project Worlds
 CVE-2026-4625 (A flaw has been found in SourceCodester Online Admission System 
1.0. T ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2026-4624 (A vulnerability was detected in SourceCodester Online Library 
Manageme ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2026-4623 (A security vulnerability has been detected in DefaultFuction 
Jeson-Cus ...)
        TODO: check
 CVE-2026-4617 (A weakness has been identified in SourceCodester Patients 
Waiting Area ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2026-4616 (A security flaw has been discovered in bolo-blog \uae4c\uc9c0 
2.6.4. T ...)
        TODO: check
 CVE-2026-4615 (A vulnerability was identified in SourceCodester Online 
Catering Reser ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2026-4614 (A vulnerability was determined in itsourcecode sanitize or 
validate th ...)
        TODO: check
 CVE-2026-4613 (A vulnerability was found in SourceCodester E-Commerce Site 
1.0. This  ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2026-4612 (A vulnerability has been found in itsourcecode Free Hotel 
Reservation  ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-4611 (A flaw has been found in TOTOLINK X6000R 
9.4.0cu.1360_B20241207/9.4.0c ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-4597 (A security flaw has been discovered in 648540858 
wvp-GB28181-pro up to ...)
        TODO: check
 CVE-2026-4368 (Race Condition inNetScaler ADC and NetScaler Gateway when 
appliance is ...)
        TODO: check
 CVE-2026-4306 (The WP Job Portal plugin for WordPress is vulnerable to SQL 
Injection  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4283 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to 
unauth ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4066 (The Smart Custom Fields plugin for WordPress is vulnerable to 
unauthor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4056 (The User Registration & Membership plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4021 (The Contest Gallery plugin for WordPress is vulnerable to an 
authentic ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4001 (The Woocommerce Custom Product Addons Pro plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3533 (The Jupiter X Core plugin for WordPress is vulnerable to 
limited file  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3509 (An unauthenticated remote attacker may be able to control the 
format s ...)
-       TODO: check
+       NOT-FOR-US: CODESYS
 CVE-2026-3260 (A flaw was found in Undertow. A remote attacker could exploit 
this vul ...)
        TODO: check
 CVE-2026-3225 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress 
is vul ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3138 (The Product Filter for WooCommerce by WBW plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3079 (The LearnDash LMS plugin for WordPress is vulnerable to blind 
time-bas ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3055 (Insufficient input validation inNetScaler ADC and NetScaler 
Gateway wh ...)
        TODO: check
 CVE-2026-33856 (Missing Release of Memory after Effective Lifetime 
vulnerability in Mo ...)
@@ -177,7 +177,7 @@ CVE-2026-33167 (Action Pack is a Rubygem for building web 
applications on the Ra
 CVE-2026-33046 (Indico is an event management system that uses 
Flask-Multipass, a mult ...)
        TODO: check
 CVE-2026-32913 (OpenClaw before 2026.3.7 contains an improper header 
validation vulner ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-32912
        REJECTED
 CVE-2026-32911
@@ -221,7 +221,7 @@ CVE-2026-32047
 CVE-2026-32012
        REJECTED
 CVE-2026-2412 (The Quiz and Survey Master (QSM) plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-29111 (systemd, a system and service manager, (as PID 1) hits an 
assert and f ...)
        TODO: check
 CVE-2026-28483
@@ -229,9 +229,9 @@ CVE-2026-28483
 CVE-2026-28455
        REJECTED
 CVE-2026-27646 (OpenClaw versions prior to 2026.3.7 contain a sandbox escape 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-27183 (OpenClaw versions prior to 2026.3.7 contain a shell approval 
gating by ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-23882 (Blinko is an AI-powered card note-taking project. Prior to 
version 1.8 ...)
        TODO: check
 CVE-2026-23488 (Blinko is an AI-powered card note-taking project. Prior to 
version 1.8 ...)
@@ -265,7 +265,7 @@ CVE-2025-60947 (Census CSWeb 8.0.1 allows arbitrary file 
upload. A remote, authe
 CVE-2025-60946 (Census CSWeb 8.0.1 allows arbitrary file path input. A remote, 
authent ...)
        TODO: check
 CVE-2025-41660 (A low-privileged remote attacker may be able to replace the 
boot appli ...)
-       TODO: check
+       NOT-FOR-US: CODESYS
 CVE-2026-4680 (Use after free in FedCM in Google Chrome prior to 
146.0.7680.165 allow ...)
        - chromium 146.0.7680.164-1
        [bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5bb466fda648a8868225d0fff230b7937d7a527

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b5bb466fda648a8868225d0fff230b7937d7a527
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to