Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bfe5dbb9 by security tracker role at 2026-05-05T07:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2026-7824 (An issue was discovered in the PaperCut Hive Ricoh embedded
applicatio ...)
TODO: check
CVE-2026-7823 (A security flaw has been discovered in Totolink A8000RU
7.1cu.643_b202 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7822 (A vulnerability was identified in itsourcecode Courier
Management Syst ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-7812 (A vulnerability was found in 54yyyu code-mcp up to
4cfc4643541a110c906 ...)
TODO: check
CVE-2026-7811 (A vulnerability has been found in 54yyyu code-mcp up to
4cfc4643541a11 ...)
@@ -11,7 +11,7 @@ CVE-2026-7811 (A vulnerability has been found in 54yyyu
code-mcp up to 4cfc46435
CVE-2026-7810 (A flaw has been found in UsamaK98 python-notebook-mcp up to
a05a232815 ...)
TODO: check
CVE-2026-7791 (Improper privilege management in the log rotation mechanism of
the Sky ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-7788 (A security flaw has been discovered in Axle-Bucamp
MCP-Docusaurus up t ...)
TODO: check
CVE-2026-7785 (A security flaw has been discovered in A-G-U-P-T-A
wireshark-mcp edaf6 ...)
@@ -33,15 +33,15 @@ CVE-2026-7776 (Boundary Community Edition and Boundary
Enterprise (\u201cBoundar
CVE-2026-7768 (@fastify/accepts-serializer cached serializer-selection results
keyed ...)
TODO: check
CVE-2026-7750 (A vulnerability was detected in Totolink N300RH
3.2.4-B20220812. This ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7749 (A security vulnerability has been detected in Totolink N300RH
3.2.4-B2 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7748 (A weakness has been identified in Totolink N300RH
3.2.4-B20220812. Aff ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7747 (A security flaw has been discovered in Totolink N300RH
3.2.4-B20220812 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7746 (A vulnerability was identified in SourceCodester Web-based
Pharmacy Pr ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7745 (A vulnerability was determined in CodeAstro Online Classroom
1.0. This ...)
TODO: check
CVE-2026-7744 (A vulnerability was found in CodeAstro Online Classroom 1.0.
This affe ...)
@@ -55,15 +55,15 @@ CVE-2026-7741 (A vulnerability was detected in CodeAstro
Online Classroom 1.0. I
CVE-2026-7482 (Ollama before 0.17.1 contains a heap out-of-bounds read
vulnerability ...)
TODO: check
CVE-2026-6704 (The Blog Settings plugin for WordPress is vulnerable to
Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6702 (The Publish 2 Ping.fm plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6701 (The addfreespace plugin for WordPress is vulnerable to
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6700 (The DX Sources plugin for WordPress is vulnerable to Cross-Site
Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6696 (The Zingaya Click-to-Call plugin for WordPress is vulnerable to
Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6501 (Improper restriction of XML external entity reference
vulnerability in ...)
TODO: check
CVE-2026-6500 (Plaintext storage of a password vulnerability in ILM
Informatique Open ...)
@@ -77,37 +77,37 @@ CVE-2026-6321 (fast-uri decoded percent-encoded path
separators and dot segments
CVE-2026-6266 (A flaw was found in the AAP gateway. The user auto-link
strategy, intr ...)
TODO: check
CVE-2026-6255 (The Simple Owl Shortcodes plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6180 (A race condition exists in PaperCut MF when processing
badge-swipe dat ...)
TODO: check
CVE-2026-5957 (The EmailKit plugin for WordPress is vulnerable to Arbitrary
File Read ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5722 (The MoreConvert Pro plugin for WordPress is vulnerable to
Authenticati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5505 (The WP-Clippy plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5294 (The Geeky Bot plugin for WordPress is vulnerable to Missing
Authorizat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5247 (The Schedule Post Changes With PublishPress Future plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5192 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5159 (The Royal Addons for Elementor plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5100 (The AWP Classifieds plugin for WordPress is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4928
REJECTED
CVE-2026-4803 (The Royal Elementor Addons plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4730 (The Charts Ninja: Create Beautiful Graphs & Charts and Easily
Add Them ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4665 (The WP Carousel Free plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4409 (The Subscribe To Comments Reloaded plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4362 (The ElementsKit Elementor Addons plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-44029 (An issue was discovered in Nix before 2.34.7. Writing to
arbitrary fil ...)
TODO: check
CVE-2026-44028 (An issue was discovered in Nix before 2.34.7 and Lix before
2.95.2. Un ...)
@@ -127,15 +127,15 @@ CVE-2026-42796 (Arelle before 2.39.10 contains an
unauthenticated remote code ex
CVE-2026-42440 (OOM Denial of Service via Unbounded Array Allocation in Apache
OpenNLP ...)
TODO: check
CVE-2026-42376 (D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL)
contains a har ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-42375 (D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a
hardcode ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-42374 (D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a
hardcode ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-42373 (D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL)
contains a har ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-42372 (D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL)
contains a har ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-42238 (Nginx UI is a web user interface for the Nginx web server.
Prior to ve ...)
TODO: check
CVE-2026-42237 (n8n is an open source workflow automation platform. Prior to
versions ...)
@@ -179,7 +179,7 @@ CVE-2026-42146 (CImg Library is a C++ library for image
processing. Prior to com
CVE-2026-42144 (CImg Library is a C++ library for image processing. Prior to
commit 4c ...)
TODO: check
CVE-2026-42140 (PlantUML Macro is a macro for rendering UML diagrams from
simple textu ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2026-42138 (Dify is an open-source LLM app development platform. Prior to
version ...)
TODO: check
CVE-2026-42092 (titra is an open source time tracking project. In version
0.99.52, the ...)
@@ -235,15 +235,15 @@ CVE-2026-41571 (Note Mark is an open-source note-taking
application. In version
CVE-2026-41471 (Easy PayPal Events & Tickets plugin for WordPress versions 1.3
and ear ...)
TODO: check
CVE-2026-40797 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40682 (XML External Entity (XXE) via Unsanitized Dictionary Parsing
in Apache ...)
TODO: check
CVE-2026-40563 (Description: Improper Control of Generation of Code ('Code
Injection') ...)
TODO: check
CVE-2026-3456 (The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot
and Le ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3454 (The GenerateBlocks plugin for WordPress is vulnerable to
Insecure Dire ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3120 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
TODO: check
CVE-2026-38751 (OpenSTAManager version 2.10 and earlier contains an arbitrary
file upl ...)
@@ -279,13 +279,13 @@ CVE-2026-32834 (Easy PayPal Events & Tickets plugin for
WordPress version 1.3 an
CVE-2026-31205 (Cross Site Scripting vulnerability in Pluck CMS before
v.4.7.21dev all ...)
TODO: check
CVE-2026-2948 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons &
Ecosystem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2868 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons &
Ecosystem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2828
REJECTED
CVE-2026-2729 (The Forminator plugin for WordPress is vulnerable to
authorization byp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29514 (NetBox versions 4.3.5 through 4.5.4 contain a remote code
execution vu ...)
TODO: check
CVE-2026-29169 (A NULL pointer dereference in mod_dav_lock in Apache HTTP
Server 2.4.6 ...)
@@ -299,9 +299,9 @@ CVE-2026-26332 (vm2 is an open source vm/sandbox for
Node.js. Prior to version 3
CVE-2026-25863 (Conditional Fields for Contact Form 7 WordPress plugin through
version ...)
TODO: check
CVE-2026-25293 (Buffer overflow due to incorrect authorization in PLC FW)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-25266 (Memory corruption while processing IOCTL command when device
is in pow ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24781 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.0, ...)
TODO: check
CVE-2026-24120 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.10.5, ...)
@@ -309,15 +309,15 @@ CVE-2026-24120 (vm2 is an open source vm/sandbox for
Node.js. Prior to version 3
CVE-2026-24118 (vm2 is an open source vm/sandbox for Node.js. Prior to version
3.11.0, ...)
TODO: check
CVE-2026-24082 (Memory Corruption when copying data from a freed source while
executin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24072 (An escalation of privilege bug in various modules in Apache
HTTP 2.4.6 ...)
TODO: check
CVE-2026-23918 (Double Free and possible RCE vulnerability in Apache HTTP
Server with ...)
TODO: check
CVE-2026-1921 (The Loco Translate plugin for WordPress is vulnerable to Path
Traversa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0073 (In adbd_tls_verify_cert of auth.cpp, there is a possible bypass
of wir ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-70072 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a
denial ...)
TODO: check
CVE-2025-70071 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a
denial ...)
@@ -327,23 +327,23 @@ CVE-2025-67796 (IKUS Rdiffweb before 2.10.5 has an
improper authorization flaw t
CVE-2025-58074 (A privilege escalation vulnerability exists during the
installation of ...)
TODO: check
CVE-2025-47408 (Memory corruption when another driver calls an IOCTL with
invalid inpu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47407 (Memory corruption while creating a process on the digital
signal proce ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47406 (Information Disclosure while processing IOCTL handler
callbacks withou ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47405 (Memory corruption when processing camera sensor input/output
control c ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47404 (Memory corruption when dynamically changing the size of a
previously a ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47403 (Transient DOS when processing a malformed Fast Transition
response fra ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47401 (Transient DOS when processing target power rate tables during
channel ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-14320 (Improper neutralization of input during web page generation
('cross-si ...)
TODO: check
CVE-2025-13618 (The Mentoring plugin for WordPress is vulnerable to privilege
escalati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13605 (3onedata modbus gateway device modelGW1101-1D(RS-485)-TB-P
(hardware v ...)
TODO: check
CVE-2026-43870
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfe5dbb98fb910dd069152c9a0843c191d3e69ec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfe5dbb98fb910dd069152c9a0843c191d3e69ec
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
