Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1fc4955e by security tracker role at 2026-02-03T20:13:57+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,93 +47,93 @@ CVE-2026-25234 (PEAR is a framework and distribution system
for reusable PHP com
CVE-2026-25233 (PEAR is a framework and distribution system for reusable PHP
component ...)
TODO: check
CVE-2026-25036 (Missing Authorization vulnerability in WP Chill Passster
content-prote ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25028 (Missing Authorization vulnerability in Element Invader
ElementInvader ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25027 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25024 (Cross-Site Request Forgery (CSRF) vulnerability in Blair
Williams Thir ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25023 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25022 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25021 (Missing Authorization vulnerability in Mizan Themes Mizan Demo
Importe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25020 (Missing Authorization vulnerability in WP connect WP Sync for
Notion w ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25019 (Missing Authorization vulnerability in Vito Peleg Atarim
atarim-visual ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25016 (Missing Authorization vulnerability in Nelio Software Nelio
Popups nel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25015 (Cross-Site Request Forgery (CSRF) vulnerability in Stiofan
UsersWP use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25014 (Cross-Site Request Forgery (CSRF) vulnerability in themelooks
Enter Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25012 (Missing Authorization vulnerability in gfazioli WP Bannerize
Pro wp-ba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25011 (Missing Authorization vulnerability in Northern Beaches
Websites WP Cu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25010 (Missing Authorization vulnerability in ILLID Share This Image
share-th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24998 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24997 (Missing Authorization vulnerability in Wired Impact Wired
Impact Volun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24996 (Missing Authorization vulnerability in wpelemento WPElemento
Importer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24995 (Missing Authorization vulnerability in Iulia Cazan Latest Post
Shortco ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24994 (Missing Authorization vulnerability in sunshinephotocart
Sunshine Phot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24992 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24991 (Authorization Bypass Through User-Controlled Key vulnerability
in HT P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24990 (Missing Authorization vulnerability in Fahad Mahmood WP Docs
wp-docs a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24988 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.insider
Simple M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24985 (Missing Authorization vulnerability in approveme WP Forms
Signature Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24984 (Missing Authorization vulnerability in Brecht Visual Link
Preview visu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24982 (Missing Authorization vulnerability in Brainstorm Force
Spectra ultima ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24967 (Missing Authorization vulnerability in ameliabooking Amelia
ameliabook ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24966 (Cross-Site Request Forgery (CSRF) vulnerability in Copyscape
Copyscape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24965 (Missing Authorization vulnerability in Wasiliy Strecker /
ContestGalle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24962 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm
Force Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24961 (Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods
Grand B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24958 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24957 (Missing Authorization vulnerability in WP Chill Strong
Testimonials st ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24954 (Deserialization of Untrusted Data vulnerability in
magepeopleteam WpEv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24952 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24951 (Missing Authorization vulnerability in Saad Iqbal myCred
mycred allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24947 (Missing Authorization vulnerability in LA-Studio LA-Studio
Element Kit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24945 (Missing Authorization vulnerability in Themefic Ultimate
Addons for Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24942 (Cross-Site Request Forgery (CSRF) vulnerability in
magepeopleteam WpEv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24940 (Missing Authorization vulnerability in Themefic Travelfic
Toolkit trav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24939 (Missing Authorization vulnerability in WP Chill Modula Image
Gallery m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24938 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24774 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
TODO: check
CVE-2026-24773 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
@@ -163,23 +163,23 @@ CVE-2026-24665 (The Open eClass platform (formerly known
as GUnet eClass) is a c
CVE-2026-24664 (The Open eClass platform (formerly known as GUnet eClass) is a
complet ...)
TODO: check
CVE-2026-24441 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior
expose a ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-24434 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior
does not ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-24427 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior
expose s ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-24426 (Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior
containa ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-24149 (NVIDIA Megatron-LM for all platforms contains a vulnerability
in a scr ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-23795 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-23794 (Reflected XSS in Apache Syncope's Enduser Login page. An
attacker that ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-22228 (An authenticated user with high privileges may trigger a
denial\u2011o ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-22220 (A lack of proper input validation in the HTTP processing path
in TP-Li ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2026-21862 (RustFS is a distributed object storage system built in Rust.
Prior to ...)
TODO: check
CVE-2026-1846
@@ -257,13 +257,13 @@ CVE-2025-67849 (A flaw was found in Moodle. This
cross-site scripting (XSS) vuln
CVE-2025-67848 (A flaw was found in Moodle. This authentication bypass
vulnerability a ...)
TODO: check
CVE-2025-67189 (A buffer overflow vulnerability exists in the setParentalRules
interfa ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-67188 (A buffer overflow vulnerability exists in TOTOLINK A950RG
V4.1.2cu.520 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-67187 (A stack-based buffer overflow vulnerability was identified in
TOTOLINK ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-67186 (TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer
overflow vul ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-66374 (CyberArk Endpoint Privilege Manager Agent through 25.10.0
allows a loc ...)
TODO: check
CVE-2025-65924 (ERPNext thru 15.88.1 does not sanitize or remove certain HTML
tags spe ...)
@@ -279,17 +279,17 @@ CVE-2025-63624 (SQL Injection vulnerability in Shandong
Kede Electronics Co., Lt
CVE-2025-63372 (Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable
to Direc ...)
TODO: check
CVE-2025-62673 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-62501 (SSH Hostkey misconfiguration vulnerability in TP-Link Archer
AX53 v1.0 ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-62405 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-62404 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-61983 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-61944 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-61506 (An issue was discovered in MediaCrush thru 1.0.1 allowing
remote unaut ...)
TODO: check
CVE-2025-60865 (Insecure Permissions vulnerability in avanquest Driver Updater
v.9.1.5 ...)
@@ -299,13 +299,13 @@ CVE-2025-5319 (Improper Neutralization of Special
Elements used in an SQL Comman
CVE-2025-59902 (HTML injection vulnerability in NICE Chat. This vulnerability
allows a ...)
TODO: check
CVE-2025-59487 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-59482 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-59439 (An issue was discovered in Samsung Modem Exynos through
2025-08-29. In ...)
TODO: check
CVE-2025-58455 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-58348 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
TODO: check
CVE-2025-58347 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
@@ -325,23 +325,23 @@ CVE-2025-58341 (An issue was discovered in the Wi-Fi
driver in Samsung Mobile Pr
CVE-2025-58340 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
TODO: check
CVE-2025-58077 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-57529 (YouDataSum CPAS Audit Management System <=v4.9 is vulnerable
to SQL In ...)
TODO: check
CVE-2025-52633 (HCL AION is affected by a Permanent Cookie Containing
Sensitive Sessio ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52631 (HCL AION is affected by a Missing or Insecure HTTP
Strict-Transport-Se ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52629 (HCL AION is susceptible to Missing Content-Security-Policy.
An The ab ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52628 (HCL AION is affected by a Cookie with Insecure, Improper, or
Missing S ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52627 (Root File System Not Mounted as Read-Only configuration
vulnerability. ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52626 (A Potential Command Injection vulnerability in HCL AION. An
This can ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52623 (HCL AION is affected by an Autocomplete HTML Attribute Not
Disabled fo ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-46651 (Tiny File Manager through 2.6 contains a server-side request
forgery ( ...)
TODO: check
CVE-2025-41065 (Stored Cross-Site Scripting (XSS) vulnerability type in LUNA
software ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fc4955eeb67402278fabf9a96268916acbe015d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1fc4955eeb67402278fabf9a96268916acbe015d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
