Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3465b152 by security tracker role at 2026-05-12T19:25:35+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2026-8430 (SPIP versions prior to 4.4.14 contain a remote
code execution vul
CVE-2026-8429 (SPIP versions prior to 4.4.14 contain a remote code execution
vulnerab ...)
TODO: check
CVE-2026-8407 (Missing authorization in the PAM module in Devolutions Server
allows a ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-8401 (Sandbox escape in the Profile Backup component. This
vulnerability was ...)
TODO: check
CVE-2026-8391 (Other issue in the JavaScript Engine component. This
vulnerability was ...)
@@ -27,127 +27,127 @@ CVE-2026-8161 ([email protected] and lower versions are
vulnerable to denial of s
CVE-2026-8159 ([email protected] and lower versions are vulnerable to denial of
servic ...)
TODO: check
CVE-2026-8111 (SQL injection in the web consoleof Ivanti Endpoint
Managerbefore versi ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-8110 (Incorrect permissions assignment inthe agent ofIvanti Endpoint
Manager ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-8109 (An exposed dangerous methodonthe Core Server ofIvanti Endpoint
Manager ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-8072 (Insecure generation of credentials in the local SAT (Technical
Support ...)
TODO: check
CVE-2026-8051 (OS command injection in Ivanti Virtual Traffic Manager before
version ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-8043 (External control of a file name in Ivanti Xtraction before
version 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-7661 (The Bootstrap Shortcode plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7659 (The Advanced Social Media Icons plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7626 (The Slek Gateway for WooCommerce plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7616 (The Zawgyi Embed plugin for WordPress is vulnerable to
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7562 (The WP-Redirection plugin for WordPress is vulnerable to
Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7561 (The Tm \u2013 WordPress Redirection plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7464 (The WP Google Maps Integration plugin for WordPress is
vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7437 (The AzonPost plugin for WordPress is vulnerable to Reflected
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7432 (A race condition in Ivanti Secure Access Client before 22.8R6
allows a ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-7431 (An incorrect permission assignment for critical resource of
Ivanti Sec ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-7428 (Prior to 2025-11-03,well-intended users of Terraform or REST
API for G ...)
TODO: check
CVE-2026-7050 (The Forms Rb plugin for WordPress is vulnerable to
authorization bypas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6932 (The Woo Commerce Minimum Weight plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6913 (The Shortcodely plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6866 (CWE-1188 Initialization of a Resource with an Insecure Default
vulnera ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-6865 (CWE-22: Improper Limitation of a Pathname to a Restricted
Directory (\ ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-6813 (The Continually plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6808 (The Pricing Tables for WP plugin for WordPress is vulnerable to
Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6800 (The FastBots plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6710 (The Skysa Text Ticker App plugin for WordPress is vulnerable to
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6709 (The Coinbase Commerce for Contact Form 7 plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6708 (The HEL Online Classroom: AI-powered Online Classrooms plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6690 (The LifePress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6663 (The GWD Connect plugin for WordPress is vulnerable to missing
authoriz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6402 (webpack-dev-server versions up to and including 5.2.3 are
vulnerable t ...)
TODO: check
CVE-2026-6256 (The Credits Shortcode plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6247 (The scratchblocks for WP plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6237 (The Quick Table plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6001 (Authorization bypass through User-Controlled key vulnerability
in ABIS ...)
TODO: check
CVE-2026-5715 (The Voyage Plus plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5693 (The Smart Appointment & Booking plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5340 (The Fancy Image Show plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5146 (Improper access control in the notification management
endpoints in De ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-5061 (The consul-template library before version 0.42.0 is vulnerable
to a s ...)
TODO: check
CVE-2026-5029 (A remote code execution vulnerability exists inCode Runner MCP
Server ...)
TODO: check
CVE-2026-5028 (The Eight Day Week Print Workflow plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4920 (The Next Date plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4859 (The SP Blog Designer plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4827 (CWE\u2011331 Insufficient Entropy vulnerability exists that
could lead ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-4663 (The iPOSpays Gateways WC plugin for WordPress is vulnerable to
Missing ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4301 (The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-45218 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45215 (Insertion of Sensitive Information Into Sent Data
vulnerability in Saa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45214 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45213 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45212 (Missing Authorization vulnerability in Gabe Livan Asset
CleanUp: Page ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45211 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45210 (Missing Authorization vulnerability in Broadstreet Broadstreet
Ads bro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-45091 (sealed-env is a cross-stack, zero-trust secret management
library for ...)
TODO: check
CVE-2026-44412 (A vulnerability has been identified in Solid Edge SE2026 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-44411 (A vulnerability has been identified in Solid Edge SE2026 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-44343 (WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2,
there ar ...)
TODO: check
CVE-2026-44279 (A improper export of android application components
vulnerability in F ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-44278 (A use of hard-coded cryptographic key vulnerability in
Fortinet FortiC ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-44277 (A improper access control vulnerability in Fortinet
FortiAuthenticator ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-44204 (Shelf is a platform for tracking physical assets. From 1.12 to
before ...)
TODO: check
CVE-2026-44196 (Pingvin Share X is a secure and easy self-hosted file sharing
platform ...)
@@ -179,7 +179,7 @@ CVE-2026-43938 (YetAnotherForum.NET (YAF.NET) is a C#
ASP.NET forum. Prior to 4.
CVE-2026-43937 (YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to
4.0.5, A ...)
TODO: check
CVE-2026-43930 (Parse Server is an open source backend that can be deployed to
any inf ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2026-43929 (ssrfcheck is a library that checks if a string contains a
potential SS ...)
TODO: check
CVE-2026-43916 (pam_authnft is a PAM session module binding nftables firewall
rules to ...)
@@ -197,33 +197,33 @@ CVE-2026-43513 (Improper Handling of Case Sensitivity
vulnerability in LockOutRe
CVE-2026-43512 (DEPRECATED: Authentication Bypass Issues vulnerability in
digest authe ...)
TODO: check
CVE-2026-42899 (Loop with unreachable exit condition ('infinite loop') in
ASP.NET Core ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42898 (Improper control of generation of code ('code injection') in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42896 (Integer overflow or wraparound in Windows DWM Core Library
allows an a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42893 (Improper neutralization of special elements used in a command
('comman ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42891 (User interface (ui) misrepresentation of critical information
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42838 (Improper neutralization of special elements in output used by
a downst ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42833 (Execution with unnecessary privileges in Microsoft Dynamics
365 (on-pr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42832 (Improper access control in Microsoft Office allows an
unauthorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42831 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42830 (Untrusted search path in Azure Monitor Agent allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42825 (Use after free in Windows Telephony Service allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42823 (Improper access control in Azure Logic Apps allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42742 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42741 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42541 (Kubewarden is a policy engine for Kubernetes. Prior to , An
attacker w ...)
TODO: check
CVE-2026-42498 (Exposure of HTTP Authentication Header to unexpected hosts
during WebS ...)
@@ -251,21 +251,21 @@ CVE-2026-42006 (An attacker can cause uncontrolled memory
usage with excessive b
CVE-2026-41895 (changedetection.io is a free open source web page change
detection too ...)
TODO: check
CVE-2026-41713 (A malicious user could craft input that is stored in
conversation memo ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-41712 (Spring AI's chat memory component contained a problematic
default that ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-41614 (Improper access control in M365 Copilot for Desktop allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41613 (Session fixation in Visual Studio Code allows an unauthorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41612 (Relative path traversal in Visual Studio Code allows an
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41611 (Improper neutralization of script-related html tags in a web
page (bas ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41610 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41551 (A vulnerability has been identified in ROS# (All versions <
V2.2.2). A ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-41513 (Horilla is an HR and CRM software. In 1.5.0, the notification
endpoint ...)
TODO: check
CVE-2026-41293 (Improper Input Validation vulnerability in Apache Tomcat.
This issue ...)
@@ -273,115 +273,115 @@ CVE-2026-41293 (Improper Input Validation vulnerability
in Apache Tomcat. This
CVE-2026-41284 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
TODO: check
CVE-2026-41125 (A vulnerability has been identified in blueplanet 100 NX3 M8
(All vers ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-41109 (Improper neutralization of special elements in output used by
a downst ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41107 (External control of file name or path in Microsoft Edge
(Chromium-base ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41103 (Incorrect implementation of authentication algorithm in
Microsoft SSO ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41102 (Improper access control in Microsoft Office PowerPoint allows
an autho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41101 (Improper access control in Microsoft Office Word allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41100 (Improper access control in M365 Copilot allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41097 (Reliance on a component that is not updateable in Windows
Secure Boot ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41096 (Heap-based buffer overflow in Microsoft Windows DNS allows an
unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41095 (Use after free in Data Deduplication allows an authorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41094 (Improper control of generation of code ('code injection') in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41089 (Stack-based buffer overflow in Windows Netlogon allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41088 (External control of file name or path in Windows Ancillary
Function Dr ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41086 (Improper access control in Windows Admin Center allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40638 (Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0,
contains an e ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-40421 (External control of file name or path in Microsoft Office Word
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40420 (Improper access control in Microsoft Office Click-To-Run
allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40419 (Use after free in Microsoft Office allows an authorized
attacker to el ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40418 (Use after free in Microsoft Office Click-To-Run allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40417 (Weak authentication in Dynamics Business Central allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40416 (User interface (ui) misrepresentation of critical information
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40415 (Use after free in Windows TCP/IP allows an unauthorized
attacker to ex ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40414 (Null pointer dereference in Windows TCP/IP allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40413 (Null pointer dereference in Windows TCP/IP allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40410 (Use after free in Windows SMB Client allows an authorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40408 (Use after free in Windows Kernel-Mode Drivers allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40407 (Heap-based buffer overflow in Windows Common Log File System
Driver al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40406 (Use after free in Windows TCP/IP allows an unauthorized
attacker to di ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40405 (Null pointer dereference in Windows TCP/IP allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40403 (Heap-based buffer overflow in Windows Win32K - GRFX allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40402 (Use after free in Windows Hyper-V allows an unauthorized
attacker to e ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40401 (Null pointer dereference in Windows TCP/IP allows an
unauthorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40399 (Stack-based buffer overflow in Windows TCP/IP allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40398 (Heap-based buffer overflow in Windows Remote Desktop allows an
authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40397 (Integer underflow (wrap or wraparound) in Windows Common Log
File Syst ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40382 (Use after free in Windows Telephony Service allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40381 (Improper access control in Azure Connected Machine Agent
allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40380 (Heap-based buffer overflow in Volume Manager Extension Driver
allows a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40379 (Exposure of sensitive information to an unauthorized actor in
Azure En ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40377 (Heap-based buffer overflow in Windows Cryptographic Services
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40374 (Exposure of sensitive information to an unauthorized actor in
Power Au ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40370 (External control of file name or path in SQL Server allows an
authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40369 (Untrusted pointer dereference in Windows Kernel allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40368 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40367 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40366 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40365 (Insufficient granularity of access control in Microsoft Office
SharePo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40364 (Access of resource using incompatible type ('type confusion')
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40363 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40362 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40361 (Use after free in Microsoft Office Word allows an unauthorized
attacke ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40360 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40359 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40358 (Use after free in Microsoft Office allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40357 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-40300 (Zulip is an open-source team collaboration tool. Prior to
12.0, With m ...)
TODO: check
CVE-2026-40020 (Attacker can use the IMAP SETACL command to inject the anyone
permissi ...)
@@ -389,175 +389,175 @@ CVE-2026-40020 (Attacker can use the IMAP SETACL
command to inject the anyone pe
CVE-2026-40016 (Attacker can upload a malicious Sieve script over ManageSieve
service ...)
TODO: check
CVE-2026-3604 (The WP SEO Structured Data Schema plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-39432 (Missing Authorization vulnerability in Arraytics Timetics
allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-35440 (Files or directories accessible to external parties in
Microsoft Offic ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35439 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35438 (Missing authorization in Windows Admin Center allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35436 (Insufficient granularity of access control in Microsoft Office
Click-T ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35433 (Improper input validation in .NET allows an unauthorized
attacker to e ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35429 (User interface (ui) misrepresentation of critical information
in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35424 (Missing release of memory after effective lifetime in Windows
Internet ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35423 (Out-of-bounds read in Telnet Client allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35422 (Authentication bypass using an alternate path or channel in
Windows TC ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35421 (Heap-based buffer overflow in Windows GDI allows an
unauthorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35420 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35419 (Out-of-bounds read in Windows DWM Core Library allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35418 (Use after free in Windows Cloud Files Mini Filter Driver
allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35417 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35416 (Use after free in Windows Ancillary Function Driver for
WinSock allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35415 (Integer overflow or wraparound in Windows Storage Spaces
Controller al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35227 (An unauthenticated remote attacker may exhaust all available
TCP conne ...)
- TODO: check
+ NOT-FOR-US: CODESYS
CVE-2026-35071 (Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0,
contains an i ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-34687 (Illustrator versions 29.8.6, 30.3 and earlier are affected by
a Heap-b ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34684 (Substance3D - Designer versions 15.1.0 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34683 (Substance3D - Designer versions 15.1.0 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34682 (Substance3D - Designer versions 15.1.0 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34681 (Substance3D - Designer versions 15.1.0 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34676 (Substance3D - Painter versions 12.0.2 and earlier are affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34675 (Substance3D - Painter versions 12.0.2 and earlier are affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34664 (Substance3D - Designer versions 15.1.0 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34663 (Illustrator versions 29.8.6, 30.3 and earlier are affected by
an out-o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34662 (Illustrator versions 29.8.6, 30.3 and earlier are affected by
a NULL P ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34661 (Illustrator versions 29.8.6, 30.3 and earlier are affected by
an out-o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34660 (Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are
affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34659 (Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are
affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34644 (After Effects versions 26.0, 25.6.4 and earlier are affected
by an Int ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34643 (After Effects versions 26.0, 25.6.4 and earlier are affected
by an out ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34642 (After Effects versions 26.0, 25.6.4 and earlier are affected
by a Heap ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34640 (Media Encoder versions 26.0.2, 25.6.4 and earlier are affected
by an I ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34639 (Media Encoder versions 26.0.2, 25.6.4 and earlier are affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34638 (Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected
by a Use ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34637 (Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34636 (Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34351 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34350 (Null pointer dereference in Windows Storport Miniport Driver
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34347 (Use after free in Windows Win32K - GRFX allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34345 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34344 (Access of resource using incompatible type ('type confusion')
in Windo ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34343 (Heap-based buffer overflow in Windows Application Identity
(AppID) Sub ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34342 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34341 (Double free in Windows Link-Layer Discovery Protocol (LLDP)
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34340 (Use after free in Windows Projected File System allows an
authorized a ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34339 (Null pointer dereference in Windows LDAP - Lightweight
Directory Acces ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34338 (Use after free in Windows Telephony Service allows an
authorized attac ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34337 (Use after free in Windows Cloud Files Mini Filter Driver
allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34336 (Buffer over-read in Windows DWM Core Library allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34334 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34333 (Use after free in Windows Win32K - GRFX allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34332 (Use after free in Windows Kernel-Mode Drivers allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34331 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34330 (Integer overflow or wraparound in Windows Win32K - GRFX allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34329 (Heap-based buffer overflow in Windows Message Queuing allows
an unauth ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-34187 (Improper Neutralization of Special Elements used in an SQL
Command vul ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2026-33893 (A vulnerability has been identified in Teamcenter V2312 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-33862 (A vulnerability has been identified in Teamcenter V2312 (All
versions ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-33841 (Heap-based buffer overflow in Windows Kernel allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33840 (Use after free in Windows Win32K - ICOMP allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33839 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33838 (Double free in Windows Message Queuing allows an authorized
attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33837 (Heap-based buffer overflow in Windows TCP/IP allows an
authorized atta ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33835 (Use after free in Windows Cloud Files Mini Filter Driver
allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33834 (Improper access control in Windows Event Logging Service
allows an aut ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33833 (Improper neutralization of special elements in output used by
a downst ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33821 (Improper privilege management in Microsoft Dynamics 365
Customer Insig ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33603 (Attacker can use a specially crafted base64 exchange between
Dovecot a ...)
TODO: check
CVE-2026-33117 (Improper authentication in Azure SDK allows an unauthorized
attacker t ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33112 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33110 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32687 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2026-32684 (The application does not impose strict enough restrictions on
director ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2026-32209 (Improper access control in Windows Filtering Platform (WFP)
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32204 (External control of file name or path in Azure Monitor Agent
allows an ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32185 (Files or directories accessible to external parties in
Microsoft Teams ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32177 (Heap-based buffer overflow in .NET allows an unauthorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32175 (A tampering vulnerability exists when .NET Core improperly
handles spe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32170 (Double free in Windows Rich Text Edit Control allows an
authorized att ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32161 (Concurrent execution using shared resource with improper
synchronizati ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-31245 (The mem0 1.0.0 server lacks authentication and authorization
controls ...)
TODO: check
CVE-2026-31244 (The mem0 1.0.0 server lacks authentication and authorization
controls ...)
@@ -621,55 +621,55 @@ CVE-2026-31215 (The nexent v1.7.5.2 backend service
contains an unauthorized arb
CVE-2026-31214 (The torch-checkpoint-shrink.py script in the ml-engineering
project in ...)
TODO: check
CVE-2026-30810 (Server-Side Request Forgery vulnerability allows Privilege
Escalation ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2026-30808 (Session Fixation vulnerability allows Session Hijacking via
crafted se ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2026-30807 (Cross-Site Request Forgery vulnerability allows an attacker to
perform ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2026-30805 (Insecure Default Initialization of Resource vulnerability
allows Authe ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2026-2993 (The AI Chatbot & Workflow Automation by AIWU plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2465 (Incorrect Authorization vulnerability in E-Kalite Software
Hardware En ...)
TODO: check
CVE-2026-2300 (The BJ Lazy Load plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29204 (Insufficient ownership checks in `clientarea.php` allow an
authenticat ...)
TODO: check
CVE-2026-27851 (When safe filter is used with variable expansion, all
following pipeli ...)
TODO: check
CVE-2026-27662 (Affected devices do not properly restrict access to the web
browser vi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-26083 (A missing authorization vulnerability in Fortinet FortiSandbox
5.0.0 t ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-25789 (Affected devices do not properly validate and sanitize
filenames on th ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25787 (Affected devices do not properly validate and sanitize
Technology Obje ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25786 (Affected devices do not properly validate and sanitize
PLC/station nam ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25690 (An improper neutralization of argument delimiters in a command
('argum ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-25431 (Missing Authorization vulnerability in WPMU DEV Hustle allows
Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25088 (An improper neutralization of special elements used in an sql
command ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-23823 (A vulnerability in the command line interface of Access Points
running ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-23822 (A vulnerability in the XML handling component of AOS-8 DHCP
services c ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-23821 (A vulnerability in the configuration processing logic of
Access Points ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-23820 (A vulnerability in the command line interface of Access Points
running ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-23819 (A vulnerability in the web-based management interface of
Access Points ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-22925 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-22924 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-21530 (Double free in Windows Rich Text Edit allows an authorized
attacker to ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-20914 (Null pointer dereference for some Intel(R) QAT software
drivers for Wi ...)
TODO: check
CVE-2026-20905 (Improper input validation for some Intel(R) QAT software
drivers for W ...)
@@ -707,39 +707,39 @@ CVE-2026-20717 (Improper input validation for some
Intel(R) QAT software drivers
CVE-2026-20714 (Out-of-bounds write for some Intel(R) QAT software drivers for
Windows ...)
TODO: check
CVE-2026-1934 (The Motors \u2013 Car Dealership & Classified Listings plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-70842 (A Stored Cross-Site Scripting (XSS) vulnerability was
discovered in th ...)
TODO: check
CVE-2025-6577 (Improper neutralization of special elements used in an SQL
command ('S ...)
TODO: check
CVE-2025-67604 (A use of potentially dangerous function vulnerability in
Fortinet Fort ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-65719 (An issue in Open Source Kubectl MCP Server v1.1.1 allows
attackers to ...)
TODO: check
CVE-2025-53870 (An improper neutralization of special elements used in an os
command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-53844 (A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0
through ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-53681 (An improper neutralization of special elements used in an SQL
Command ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-53680 (An improper neutralization of special elements used in an OS
command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46311 (An inconsistent user interface issue was addressed with
improved state ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43524 (An access issue was addressed with additional sandbox
restrictions. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-40949 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40948 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40947 (A vulnerability has been identified in RUGGEDCOM ROX MX5000
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40946 (A vulnerability has been identified in blueplanet 100 NX3 M8
(All vers ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40833 (The affected devices contain a null pointer dereference
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-36515 (Uncontrolled search path for some AI Playground software
before versio ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2025-36510 (Improper buffer restrictions for some Display Virtualization
for Windo ...)
TODO: check
CVE-2025-35991 (Improper initialization in the UEFI firmware for some Intel
platforms ...)
@@ -755,7 +755,7 @@ CVE-2025-27723 (Use after free for some Linux kernel driver
for the Intel(R) Eth
CVE-2025-12659 (The affected applications contains a memory corruption
vulnerability w ...)
TODO: check
CVE-2024-54017 (A vulnerability has been identified in SIPROTEC 5 6MD84
(CP300) (All v ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-54518
- xen <unfixed>
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3465b152dc631ea84438d8fe5defd9d9b084f464
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3465b152dc631ea84438d8fe5defd9d9b084f464
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
