Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac64c921 by security tracker role at 2026-01-08T20:14:01+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
CVE-2026-22587 (Ideagen DevonWay contains a stored cross site scripting
vulnerability. ...)
TODO: check
CVE-2026-22522 (Missing Authorization vulnerability in Munir Kamal Block
Slider allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22521 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22519 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22518 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22517 (Missing Authorization vulnerability in Passionate Brains
GA4WP: Google ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22492 (Missing Authorization vulnerability in Nawawi Jamili Docket
Cache allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22490 (Missing Authorization vulnerability in niklaslindemann Bulk
Landing Pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22489 (Authorization Bypass Through User-Controlled Key vulnerability
in Wpte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22488 (Missing Authorization vulnerability in IdeaBox Creations
Dashboard Wel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22487 (Missing Authorization vulnerability in baqend Speed Kit allows
Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22486 (Missing Authorization vulnerability in Hakob Re Gallery &
Responsive P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22257 (Salvo is a Rust web backend framework. Prior to version
0.88.1, the fu ...)
TODO: check
CVE-2026-22256 (Salvo is a Rust web backend framework. Prior to version
0.88.1, the fu ...)
@@ -61,7 +61,7 @@ CVE-2026-22041 (Logging Redactor is a Python library designed
to redact sensitiv
CVE-2026-22034 (Snuffleupagus is a module that raises the cost of attacks
against webs ...)
TODO: check
CVE-2026-22032 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2026-22028 (Preact, a lightweight web development framework, JSON
serialization pr ...)
TODO: check
CVE-2026-21896 (Kirby is an open-source content management system. From
versions 5.0.0 ...)
@@ -93,17 +93,17 @@ CVE-2026-21639 (A malicious actor in Wi-Fi range of the
affected product could l
CVE-2026-21638 (A malicious actor in Wi-Fi range of the affected product could
leverag ...)
TODO: check
CVE-2026-0747 (Exposure of sensitive information in the TeamViewer entry
dashboard co ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-0719 (A flaw was found in libsoup's NTLM (NT LAN Manager)
authentication mod ...)
TODO: check
CVE-2026-0701 (A vulnerability was identified in code-projects Intern
Membership Mana ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0676 (Missing Authorization vulnerability in G5Theme Zorka zorka
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-0675 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-0674 (Missing Authorization vulnerability in Campaign Monitor
Campaign Monit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-0671 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-8307 (Asseco InfoMedica is a comprehensive solution used to manage
both admi ...)
@@ -111,31 +111,31 @@ CVE-2025-8307 (Asseco InfoMedica is a comprehensive
solution used to manage both
CVE-2025-8306 (Asseco InfoMedica is a comprehensive solution used to manage
both admi ...)
TODO: check
CVE-2025-69260 (A message out-of-bounds read vulnerability in Trend Micro Apex
Central ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-69259 (A message unchecked NULL return value vulnerability in Trend
Micro Ape ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-69258 (A LoadLibraryEX vulnerability in Trend Micro Apex Central
could allow ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-69169 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68892 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68891 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68890 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68889 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68887 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68875 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68874 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68873 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68867 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68715 (An issue was discovered in Panda Wireless PWRU0 devices with
firmware ...)
TODO: check
CVE-2025-68158 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
@@ -143,55 +143,55 @@ CVE-2025-68158 (Authlib is a Python library which builds
OAuth and OpenID Connec
CVE-2025-68151 (CoreDNS is a DNS server that chains plugins. Prior to version
1.14.0, ...)
TODO: check
CVE-2025-67937 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67936 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67935 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67934 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67933 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67932 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67931 (Insertion of Sensitive Information Into Sent Data
vulnerability in AIT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67930 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67928 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67927 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67926 (Missing Authorization vulnerability in Shahjahan Jewel Fluent
Support ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67925 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67924 (Unrestricted Upload of File with Dangerous Type vulnerability
in zozot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67922 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67921 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67920 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67919 (Authorization Bypass Through User-Controlled Key vulnerability
in Woff ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67918 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67917 (Missing Authorization vulnerability in shinetheme Traveler
traveler al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67916 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67915 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67914 (Path Traversal: '.../...//' vulnerability in beeteam368 VidMov
vidmov ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67913 (Missing Authorization vulnerability in Aruba.it Dev Aruba
HiSpeed Cach ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67911 (Deserialization of Untrusted Data vulnerability in Tribulant
Software ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67910 (Unrestricted Upload of File with Dangerous Type vulnerability
in conte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67825 (An issue was discovered in Nitro PDF Pro for Windows before
14.42.0.34 ...)
TODO: check
CVE-2025-67325 (Unrestricted file upload in the hotel review feature in
QloApps versio ...)
@@ -209,11 +209,11 @@ CVE-2025-66913 (JimuReport thru version 2.1.3 is
vulnerable to remote code execu
CVE-2025-66001 (NeuVector supports login authentication through OpenID
Connect. Howeve ...)
TODO: check
CVE-2025-65731 (An issue was discovered in D-Link Router DIR-605L (Hardware
version F1 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-65518 (Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable
to a Deni ...)
TODO: check
CVE-2025-63611 (Cross-Site Scripting in phpgurukul Hostel Management System
v2.1 user- ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-62877 (Projects using the SUSE Virtualization (Harvester) environment
mayexpo ...)
TODO: check
CVE-2025-61550 (Cross-Site Scripting (XSS) is present on the
ctl00_Content01_fieldValu ...)
@@ -245,53 +245,53 @@ CVE-2025-50334 (An issue in Technitium DNS Server v.13.5
allows a remote attacke
CVE-2025-4596 (Asseco ADMX system is used for processing medical records. It
allows l ...)
TODO: check
CVE-2025-27004 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27002 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23993 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23504 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22728 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22726 (Server-Side Request Forgery (SSRF) vulnerability in _nK nK
Themes Help ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22725 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22715 (Missing Authorization vulnerability in loopus WP Attractive
Donations ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22713 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22712 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22708 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22707 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22509 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14984 (The Gutenverse Form plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14431 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14430 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14429 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14360 (Missing Authorization vulnerability in Kaira Blockons blockons
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14359 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14358 (Missing Authorization vulnerability in sizam REHub Framework
rehub-fra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-13504 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-12551 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-12550 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-12549 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22581
REJECTED
CVE-2026-22580
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac64c921313df4a718f336216761ddd178f4a452
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac64c921313df4a718f336216761ddd178f4a452
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
