[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Tue, 05 May 2026 12:15:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
5198cfac by security tracker role at 2026-05-05T19:14:43+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2026-7865 (A hidden console command is vulnerable to command injection 
flaw when  ...)
-       TODO: check
+       NOT-FOR-US: Crestron
 CVE-2026-7855 (A vulnerability was detected in D-Link DI-8100 16.07.26A1. 
Affected by ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-7854 (A security vulnerability has been detected in D-Link DI-8100 
16.07.26A ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-7853 (A weakness has been identified in D-Link DI-8100 16.07.26A1. 
Affected  ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-7851 (A vulnerability was identified in D-Link DI-8100 16.07.26A1. 
This affe ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-7847 (A vulnerability was found in chatchat-space Langchain-Chatchat 
up to 0 ...)
        TODO: check
 CVE-2026-7846 (A vulnerability has been found in chatchat-space 
Langchain-Chatchat up ...)
@@ -33,71 +33,71 @@ CVE-2026-6918 (In Eclipse Open9J versions 0.21 to 0.58, a 
pre-authentication rem
 CVE-2026-6322 (fast-uri normalize() decoded percent-encoded authority 
delimiters insi ...)
        TODO: check
 CVE-2026-6262 (The Betheme theme for WordPress is vulnerable to Arbitrary File 
Deleti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6261 (The Betheme theme for WordPress is vulnerable to Arbitrary File 
Upload ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4304 (The WeePie Cookie Allow plugin for WordPress is vulnerable to 
SQL Inje ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-43574 (OpenClaw before 2026.4.12 contains an improper authorization 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43573 (OpenClaw before 2026.4.10 contains a server-side request 
forgery polic ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43572 (OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing 
authori ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43571 (OpenClaw before 2026.4.10 contains a plugin trust bypass 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43570 (OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink 
traversa ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43569 (OpenClaw before 2026.4.9 contains an authentication bypass 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43568 (OpenClaw versions 2026.4.5 before 2026.4.10 contain a 
privilege escala ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43567 (OpenClaw before 2026.4.10 contains a path traversal 
vulnerability in t ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43566 (OpenClaw versions 2026.4.7 before 2026.4.14 contain a 
privilege escala ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43535 (OpenClaw before 2026.4.14 contains an authorization context 
reuse vuln ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43534 (OpenClaw before 2026.4.10 contains an input validation 
vulnerability t ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43533 (OpenClaw before 2026.4.10 contains an arbitrary file read 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43532 (OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize 
Discord  ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43531 (OpenClaw before 2026.4.9 contains an environment variable 
injection vu ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43530 (OpenClaw versions 2026.2.23 before 2026.4.12 contain a 
weakened exec a ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43529 (OpenClaw before 2026.4.10 contains a time-of-check-time-of-use 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43528 (OpenClaw before 2026.4.14 contains a redaction bypass 
vulnerability th ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43527 (OpenClaw before 2026.4.14 contains a server-side request 
forgery vulne ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43526 (OpenClaw before 2026.4.12 contains a server-side request 
forgery vulne ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-43002 (An issue was discovered in OpenStack Horizon 25.6 and 25.7 
before 25.7 ...)
        TODO: check
 CVE-2026-42997 (An issue was discovered in idrac in OpenStack Ironic before 
35.0.1. Du ...)
        TODO: check
 CVE-2026-42439 (OpenClaw before 2026.4.10 contains a server-side request 
forgery polic ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-42438 (OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender 
policy by ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-42437 (OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial 
of servic ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-42436 (OpenClaw before 2026.4.14 contains an improper access control 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-42435 (OpenClaw versions from 2026.2.22 before 2026.4.12 contain an 
insuffici ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-42434 (OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox 
escape v ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-42433 (OpenClaw before 2026.4.10 contains an authorization bypass 
vulnerabili ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-3601 (The User Registration & Membership plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3359 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop 
Contact For ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-39103 (Buffer Overflow vulnerability in GPAC before commit 
v391dc7f4d234988ea ...)
        TODO: check
 CVE-2026-38432 (ERPNext v15.103.1 and before is vulnerable to Cross Site 
Scripting (XS ...)
@@ -161,7 +161,7 @@ CVE-2023-54349 (AmazCart CMS 3.4 contains a reflected 
cross-site scripting vulne
 CVE-2023-54348 (ERPGo SaaS 3.9 contains a CSV injection vulnerability that 
allows auth ...)
        TODO: check
 CVE-2023-54347 (OpenEMR 7.0.1 contains an authentication brute force 
vulnerability tha ...)
-       TODO: check
+       NOT-FOR-US: OpenEMR
 CVE-2023-54346 (WordPress Plugin Backup Migration 1.2.8 contains an 
information disclo ...)
        TODO: check
 CVE-2023-54345 (Frappe Framework ERPNext 13.4.0 contains a sandbox escape 
vulnerabilit ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5198cfac51265a9e0cec981599823e434bb0daa9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5198cfac51265a9e0cec981599823e434bb0daa9
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to