Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c7b78f0 by security tracker role at 2026-03-19T08:14:26+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to
incorrect v ...)
TODO: check
CVE-2026-4120 (The Info Cards \u2013 Add Text and Media in Card Layouts plugin
for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4068 (The Add Custom Fields to Media plugin for WordPress is
vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4006 (The Simple Draft List plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3475 (The Instant Popup Builder plugin for WordPress is vulnerable to
Unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3181
REJECTED
CVE-2026-33163 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -61,89 +61,89 @@ CVE-2026-32321 (ClipBucket v5 is an open source video
sharing platform. An authe
CVE-2026-32255 (Kan is an open-source project management tool. In versions
0.5.4 and b ...)
TODO: check
CVE-2026-32000 (OpenClaw versions prior to 2026.2.19 contain a command
injection vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31999 (OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows
contain a cur ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31998 (OpenClaw versions 2026.2.22 and 2026.2.23 contain an
authorization byp ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31997 (OpenClaw versions prior to 2026.3.1 fail to pin executable
identity fo ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31996 (OpenClaw versions prior to 2026.2.19 tools.exec.safeBins
contains an i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31995 (OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a
command injec ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31994 (OpenClaw versions prior to 2026.2.19 contain a local command
injection ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31993 (OpenClaw versions prior to 2026.2.22 contain an allowlist
parsing mism ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31992 (OpenClaw versions prior to 2026.2.23 contain an allowlist
bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31991 (OpenClaw versions prior to 2026.2.26 contain an authorization
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31990 (OpenClaw versions prior to 2026.3.2 contain a vulnerability in
the sta ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31989 (OpenClaw versions prior to 2026.3.1 contain a server-side
request forg ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-2571 (The Download Manager plugin for WordPress is vulnerable to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29608 (OpenClaw 2026.3.1 contains an approval integrity vulnerability
in syst ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-29607 (OpenClaw versions prior to 2026.2.22 contain an authorization
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-28461 (OpenClaw versions prior to 2026.3.1 contain an unbounded
memory growth ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-28460 (OpenClaw versions prior to 2026.2.22 contain an allowlist
bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-28449 (OpenClaw versions prior to 2026.2.25 lack durable replay state
for Nex ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-28073 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-28070 (Missing Authorization vulnerability in Tips and Tricks HQ WP
eMember a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-28044 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27670 (OpenClaw versions prior to 2026.3.2 contain a race condition
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27566 (OpenClaw versions prior to 2026.2.22 contain an allowlist
bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27542 (Incorrect Privilege Assignment vulnerability in Rymera Web Co
Pty Ltd. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27540 (Unrestricted Upload of File with Dangerous Type vulnerability
in Rymer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27413 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27397 (Authorization Bypass Through User-Controlled Key vulnerability
in Real ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27096 (Deserialization of Untrusted Data vulnerability in
BuddhaThemes ColorF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27093 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27091 (Missing Authorization vulnerability in UiPress UiPress lite
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25873 (OmniGen2-RL contains an unauthenticated remote code execution
vulnerab ...)
TODO: check
CVE-2026-25745 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-25471 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25312 (Missing Authorization vulnerability in EventPrime allows
Exploiting In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22176 (OpenClaw versions prior to 2026.2.19 contain a command
injection vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-1276 (IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1238 (The SlimStat Analytics plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-36051 (IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores
potential ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-15051 (IBM QRadar SIEM7.5.0 through 7.5.0 Update Package 14 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-15031 (A vulnerability in MLflow's pyfunc extraction process allows
for arbit ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2025-13995 (IBM QRadar SIEM7.5.0 through 7.5.0 Update Package 14 could
allow an at ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-42210 (A Stored cross-site scripting (XSS) vulnerability affects HCL
Unica Ma ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-31973 (SAMtools is a program for reading, manipulating and writing
bioinforma ...)
- samtools <unfixed>
NOTE:
https://github.com/samtools/samtools/security/advisories/GHSA-x86f-q6fj-cm43
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c7b78f01e4b0c72512ee6158bc4d2ae755e9a5b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c7b78f01e4b0c72512ee6158bc4d2ae755e9a5b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
