Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0012af9 by security tracker role at 2026-01-28T20:13:15+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-24685 (OpenProject is an open-source, web-based
project management soft
CVE-2026-22243 (EGroupware is a Web based groupware server written in PHP. A
SQL Injec ...)
TODO: check
CVE-2026-21865 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-1539 (A flaw was found in the libsoup HTTP library that can cause
proxy auth ...)
TODO: check
CVE-2026-1536 (A flaw was found in libsoup. An attacker who can control the
input for ...)
@@ -19,41 +19,41 @@ CVE-2026-1521 (A security flaw has been discovered in
Open5GS up to 2.7.6. This
CVE-2026-1520 (A vulnerability was identified in rethinkdb up to 2.4.3.
Affected by t ...)
TODO: check
CVE-2026-1400 (The AI Engine \u2013 The Chatbot and AI Framework for WordPress
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1399 (The WP Google Ad Manager Plugin plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1398 (The Change WP URL plugin for WordPress is vulnerable to
Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1391 (The Vzaar Media Management plugin for WordPress is vulnerable
to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1381 (The Order Minimum/Maximum Amount Limits for WooCommerce plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1380 (The Bitcoin Donate Button plugin for WordPress is vulnerable to
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1377 (The imwptip plugin for WordPress is vulnerable to Cross-Site
Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1280 (The Frontend File Manager Plugin for WordPress is vulnerable to
unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1237 (Vulnerable cross-model authorization in juju. If a charm's
cross-model ...)
TODO: check
CVE-2026-1060 (The WP Adminify plugin for WordPress is vulnerable to Sensitive
Inform ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1056 (The Snow Monkey Forms plugin for WordPress is vulnerable to
arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1053 (The Ivory Search \u2013 WordPress Search Plugin plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0844 (The Simple User Registration plugin for WordPress is vulnerable
to pri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0750 (Improper Verification of Cryptographic Signature vulnerability
in Drup ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-0749 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-0702 (The VidShop \u2013 Shoppable Videos for WooCommerce plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0483 (Stored Cross-Site Scripting (XSS) vulnerability in the PDF file
upload ...)
TODO: check
CVE-2025-7740 (Default credentials vulnerability exists in SuprOS product. If
exploit ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2025-71002 (A floating-point exception (FPE) in the flow.column_stack
component of ...)
TODO: check
CVE-2025-71001 (A segmentation violation in the flow.column_stack component of
OneFlow ...)
@@ -71,27 +71,27 @@ CVE-2025-69601 (A directory traversal (Zip Slip)
vulnerability exists in the \u2
CVE-2025-69517 (An issue in Amidaware Inc Tactical RMM v1.3.1 and before
allows a remo ...)
TODO: check
CVE-2025-69289 (Discourse is an open source discussion platform. A privilege
escalatio ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-69218 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68934 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68933 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68666 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68662 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68660 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68659 (Discourse is an open source discussion platform. Versions
prior to 3.5 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68479 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-67723 (Discourse is an open source discussion platform. Versions
prior to 3.5 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-66488 (Discourse is an open source discussion platform. A
vulnerability prese ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-65891 (A GPU device-ID validation flaw in OneFlow v0.9.0 allows
attackers to ...)
TODO: check
CVE-2025-65890 (A device-ID validation flaw in OneFlow v0.9.0 allows attackers
to caus ...)
@@ -141,11 +141,11 @@ CVE-2025-57792 (Explorance Blue versions prior to 8.14.9
contain a SQL injection
CVE-2025-57283 (The Node.js package browserstack-local 1.5.8 contains a
command inject ...)
TODO: check
CVE-2025-46691 (Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01,
contain ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2025-46316 (An out-of-bounds read was addressed with improved input
validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46306 (The issue was addressed with improved bounds checks. This
issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-41351 (Vulnerability that allows a Padding Oracle Attack to be
performed on t ...)
TODO: check
CVE-2025-33237 (NVIDIA HD Audio Driver for Windows contains a vulnerability
where an a ...)
@@ -159,47 +159,47 @@ CVE-2025-33218 (NVIDIA GPU Display Driver for Windows
contains a vulnerability i
CVE-2025-33217 (NVIDIA Display Driver for Windows contains a vulnerability
where an at ...)
TODO: check
CVE-2025-26386 (Johnson Controls iSTAR Configuration Utility (ICU)
hasStack-based Buff ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2025-15511 (The Rupantorpay plugin for WordPress is vulnerable to
unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14865 (The Passster \u2013 Password Protect Pages and Content plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14795 (The Stop Spammers Classic plugin for WordPress is vulnerable
to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14616 (The Recooty \u2013 Job Widget (Old Dashboard) plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14472 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Acquia Conte ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-14386 (The Search Atlas SEO \u2013 Premier SEO Plugin for One-Click
WP Publis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14283 (The BlockArt Blocks \u2013 Gutenberg Blocks, Page Builder
Blocks ,Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14063 (The SEO Links Interlinking plugin for WordPress is vulnerable
to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13986 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13985 (Incorrect Authorization vulnerability in Drupal Entity Share
allows Fo ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13984 (Permissive Cross-domain Security Policy with Untrusted Domains
vulnera ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13983 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13982 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Login Time R ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13981 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13980 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13979 (Privilege Defined With Unsafe Actions vulnerability in Drupal
Mini sit ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13919 (Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9
Patch 2, ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2025-13918 (Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9
Patch 2, ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2025-13917 (WSS Agent, prior to 9.8.5, may be susceptible to a Elevation
of Privil ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2023-37525 (A sensitive information disclosure in HCL BigFix Compliance
allows a r ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-36993 (LimeSurvey 4.3.10 contains a stored cross-site scripting
vulnerability ...)
TODO: check
CVE-2020-36992 (Nord VPN 6.31.13.0 contains an unquoted service path
vulnerability in ...)
@@ -239,7 +239,7 @@ CVE-2020-36965 (docPrint Pro 8.0 contains a local buffer
overflow vulnerability
CVE-2020-36964 (YATinyWinFTP contains a denial of service vulnerability that
allows at ...)
TODO: check
CVE-2020-36963 (Intelbras Router RF 301K firmware version 1.1.2 contains an
authentica ...)
- TODO: check
+ NOT-FOR-US: Intelbras
CVE-2020-36962 (Tendenci 12.3.1 contains a CSV formula injection vulnerability
in the ...)
TODO: check
CVE-2020-36961 (10-Strike Network Inventory Explorer 8.65 contains a buffer
overflow v ...)
@@ -327015,9 +327015,9 @@ CVE-2022-40622 (The WAVLINK Quantum D4G (WN531G3)
running firmware version M31G3
CVE-2022-40621 (Because the WAVLINK Quantum D4G (WN531G3) running firmware
version M31 ...)
NOT-FOR-US: WAVLINK
CVE-2022-40620 (FunJSQ, a third-party module integrated on some NETGEAR
routers and Or ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-40619 (FunJSQ, a third-party module integrated on some NETGEAR
routers and Or ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2022-40618
RESERVED
CVE-2022-40617 (strongSwan before 5.9.8 allows remote attackers to cause a
denial of s ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0012af90ff6830f9a7aea8e9d8e68e0a4beb289
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0012af90ff6830f9a7aea8e9d8e68e0a4beb289
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
