Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
94b36bb7 by security tracker role at 2026-02-26T08:14:50+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,19 +5,19 @@ CVE-2026-3200 (A vulnerability was identified in z-9527 admin
1.0/2.0. The affec
CVE-2026-3172 (Buffer overflow in parallel HNSW index build in pgvector 0.6.0
through ...)
TODO: check
CVE-2026-2694 (The The Events Calendar plugin for WordPress is vulnerable to
unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2506 (The EM Cost Calculator plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2499 (The Custom Logo plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2498 (The WP Social Meta plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2489 (The TP2WP Importer plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2356 (The User Registration & Membership \u2013 Custom Registration
Form, Lo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2029 (The Livemesh Addons for Beaver Builder plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-27976 (Zed, a code editor, has an extension installer allows tar/gzip
downloa ...)
TODO: check
CVE-2026-27975 (Ajenti is a Linux and BSD modular server admin panel. Prior to
version ...)
@@ -59,7 +59,7 @@ CVE-2026-27946 (ZITADEL is an open source identity management
platform. Prior to
CVE-2026-27945 (ZITADEL is an open source identity management platform.
Zitadel Action ...)
TODO: check
CVE-2026-27943 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-27942 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
TODO: check
CVE-2026-27941 (OpenLIT is an open source platform for AI engineering. Prior
to versio ...)
@@ -187,7 +187,7 @@ CVE-2026-22728 (Bitnami Sealed Secretsis vulnerable to a
scope-widening attack d
CVE-2026-22721 (VMware Aria Operations contains a privilege escalation
vulnerability. ...)
TODO: check
CVE-2026-1779 (The User Registration & Membership plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1698 (A HTTP Host header attack vulnerability affects WebClient and
the WebS ...)
TODO: check
CVE-2026-1697 (The Secure and SameSite attribute are missing in the
GraphicalData web ...)
@@ -203,11 +203,11 @@ CVE-2026-1693 (The OAuth grant type Resource Owner
Password Credentials (ROPC) f
CVE-2026-1692 (A missing origin validation in WebSockets vulnerability affects
the Gr ...)
TODO: check
CVE-2026-1557 (The WP Responsive Images plugin for WordPress is vulnerable to
Path Tr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1311 (The Worry Proof Backup plugin for WordPress is vulnerable to
Path Trav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0542 (ServiceNow has addressed a remote code execution vulnerability
that wa ...)
- TODO: check
+ NOT-FOR-US: ServiceNow
CVE-2026-3190
- keycloak <itp> (bug #1088287)
CVE-2026-3184 [Access control bypass due to improper hostname canonicalization]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94b36bb761d82d8dd870c5b83e15f333f272758e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94b36bb761d82d8dd870c5b83e15f333f272758e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
