Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7322e774 by security tracker role at 2026-05-14T07:13:50+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,13 +11,13 @@ CVE-2026-8328 (The ftpcp() function in Lib/ftplib.py was
not updated when CVE-2
CVE-2026-8280 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-8181 (The Burst Statistics \u2013 Privacy-Friendly WordPress
Analytics (Goog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8144 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-7648 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell
Online ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7525 (The My Calendar \u2013 Accessible Event Manager plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7481 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
TODO: check
CVE-2026-7471 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
@@ -27,55 +27,55 @@ CVE-2026-7377 (GitLab has remediated an issue in GitLab EE
affecting all version
CVE-2026-6883 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
TODO: check
CVE-2026-6670 (The Media Sync plugin for WordPress is vulnerable to Path
Traversal in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6510 (The InfusedWoo Pro plugin for WordPress is vulnerable to
privilege esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6506 (The InfusedWoo Pro plugin for WordPress is vulnerable to
privilege esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6417 (The GLS Shipping for WooCommerce plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6335 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-6282 (A potential improper file path validation vulnerability was
reported i ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-6281 (A potential vulnerability was reported in some Lenovo Personal
Cloud S ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-6271 (The Career Section plugin for WordPress is vulnerable to
Arbitrary Fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6252 (The Meta Field Block plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6225 (The Taskbuilder \u2013 Project Management & Task Management
Tool With ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6177 (The Custom Twitter Feeds plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6073 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
TODO: check
CVE-2026-6063 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
TODO: check
CVE-2026-5486 (The Unlimited Elements for Elementor plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5396 (The Fluent Forms plugin for WordPress is vulnerable to
Authorization B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5395 (The Fluent Forms \u2013 Customizable Contact Forms, Survey,
Quiz, & Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5365 (The LatePoint plugin for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5361 (The Envira Gallery Lite plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5243 (The The Plus Addons for Elementor \u2013 Addons for Elementor,
Page Te ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5193 (The Essential Addons for Elementor \u2013 Popular Elementor
Templates ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4798 (The Avada Builder plugin for WordPress is vulnerable to
time-based SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4782 (The Avada Builder plugin for WordPress is vulnerable to
Arbitrary File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4609 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4608 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4607 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4527 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-4524 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
@@ -101,7 +101,7 @@ CVE-2026-45228 (Quark Drive before 0.8.5 contains a stored
cross-site scripting
CVE-2026-45158 (OPNsense is a FreeBSD based firewall and routing platform.
Prior to 26 ...)
TODO: check
CVE-2026-45109 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-45055 (CubeCart is an ecommerce software solution. Prior to 6.7.2,
CubeCart 6 ...)
TODO: check
CVE-2026-45054 (CubeCart is an ecommerce software solution. Prior to 6.7.0,
the admin ...)
@@ -119,27 +119,27 @@ CVE-2026-44665 (fast-xml-builder builds XML from JSON.
Prior to 1.1.7, when an i
CVE-2026-44664 (fast-xml-builder builds XML from JSON. In 1.1.5, the fix for
CVE-2026- ...)
TODO: check
CVE-2026-44582 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44581 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44580 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44579 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44578 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44577 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44576 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44575 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44574 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44573 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44572 (Next.js is a React framework for building full-stack web
applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44479 (Vercel\u2019s AI Cloud is a unified platform for building
modern appli ...)
TODO: check
CVE-2026-44478 (hoppscotch is an open source API development ecosystem. The
fix for CV ...)
@@ -277,15 +277,15 @@ CVE-2026-42948 (Stored cross-site scripting vulnerability
exists in ELECOM wirel
CVE-2026-42937 (Incorrect permission assignment vulnerabilities exist in
BIG-IP and BI ...)
TODO: check
CVE-2026-42930 (When running in Appliance mode, an authenticated attacker
assigned the ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42924 (An authenticated attacker with the Resource Administrator or
Administr ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42920 (When a Client SSL profile is configured with Allow Dynamic
Record Sizi ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42919 (A vulnerability exists in BIG-IP systems that may allow an
authenticat ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42781 (When embedded Packet Velocity Acceleration (ePVA) acceleration
is conf ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42780 (A directory traversal vulnerability exists in BIG-IP SSL
Orchestrator ...)
TODO: check
CVE-2026-42602 (azureauthextension is the Azure Authenticator Extension. From
0.124.0 ...)
@@ -331,7 +331,7 @@ CVE-2026-42463 (SQLBot is an intelligent Text-to-SQL system
based on large langu
CVE-2026-42409 (When an HTTP/2 profile and an iRule containing the
HTTP::redirector HT ...)
TODO: check
CVE-2026-42408 (When BIG-IP DNS is provisioned, a vulnerability exists in an
undisclos ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42406 (A vulnerability exists in BIG-IP and BIG-IQ systems where a
highly pri ...)
TODO: check
CVE-2026-42290 (protobufjs-cli is the command line add-on for protobuf.js.
Prior to 1. ...)
@@ -339,11 +339,11 @@ CVE-2026-42290 (protobufjs-cli is the command line add-on
for protobuf.js. Prior
CVE-2026-42266 (jupyterlab is an extensible environment for interactive and
reproducib ...)
TODO: check
CVE-2026-42063 (A vulnerability exists in iControl SOAP where an authenticated
attacke ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42062 (ELECOM wireless LAN access point devices contain an OS command
injecti ...)
TODO: check
CVE-2026-42058 (An authenticated attacker's undisclosed requests to BIG-IP
iControl RE ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42032 (CKAN is an open-source DMS (data management system) for
powering data ...)
TODO: check
CVE-2026-42031 (CKAN is an open-source DMS (data management system) for
powering data ...)
@@ -357,7 +357,7 @@ CVE-2026-41956 (When a classification profile is configured
on a UDP virtual ser
CVE-2026-41954 (Sensitive information disclosure vulnerability exists in the
undisclos ...)
TODO: check
CVE-2026-41953 (A vulnerability exists in BIG-IP systems where a highly
privileged, au ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41410
REJECTED
CVE-2026-41281 (Android App
"\u3042\u3093\u3057\u3093\u30d5\u30a3\u30eb\u30bf\u30fc fo ...)
@@ -365,15 +365,15 @@ CVE-2026-41281 (Android App
"\u3042\u3093\u3057\u3093\u30d5\u30a3\u30eb\u30bf\u3
CVE-2026-41255 (CKAN is an open-source DMS (data management system) for
powering data ...)
TODO: check
CVE-2026-41227 (On an HTTP/2 virtual server with Layer 7 DoS Protection
configured, un ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41225 (A vulnerability exists in iControl REST where a highly
privileged, aut ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41219 (An improper sanitization vulnerability exists in the BIG-IP
QKView uti ...)
TODO: check
CVE-2026-41218 (When BIG-IP PEM iRules are configured on a virtual server
(iRules usin ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41217 (A vulnerability exists in an undisclosed BIG-IP TMOS Shell
(tmsh) comm ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41132 (CKAN is an open-source DMS (data management system) for
powering data ...)
TODO: check
CVE-2026-41051 (csync2 uses insecure temporary directories when compiled with
C99 or l ...)
@@ -381,13 +381,13 @@ CVE-2026-41051 (csync2 uses insecure temporary
directories when compiled with C9
CVE-2026-41050 (Fleet's Helm deployer did not fully apply ServiceAccount
impersonation ...)
TODO: check
CVE-2026-40703 (A cross-site request forgery (CSRF) vulnerability exists in
the dashbo ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40699 (A vulnerability exists in the undisclosed pages in the
Configuration u ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40698 (A vulnerability exists in BIG-IP and BIG-IQ systems where a
highly pri ...)
TODO: check
CVE-2026-40631 (An authenticated attacker with the Resource Administrator or
Administr ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40629 (When SSL profiles are configured on a virtual server,
undisclosed traf ...)
TODO: check
CVE-2026-40621 (ELECOM wireless LAN access point devices do not require
authentication ...)
@@ -395,35 +395,35 @@ CVE-2026-40621 (ELECOM wireless LAN access point devices
do not require authenti
CVE-2026-40618 (When an SSL profile is configured on a virtual server on
BIG-IP Virtua ...)
TODO: check
CVE-2026-40462 (Incorrect permission assignment vulnerabilities exist in
iControl REST ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40435 (When configured, IP-based access restrictions for httpddo not
cover al ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40423 (When a SIP profile is configured on a virtual server,
undisclosed traf ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40328
REJECTED
CVE-2026-40327
REJECTED
CVE-2026-40067 (When a BIG-IP APM access policy is configured on a virtual
server, und ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40061 (When BIG-IP DNS is provisioned, a vulnerability exists in an
undisclos ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40060 (When a BIG-IP Advanced WAF or ASM security policy is
configured on a v ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-3892 (The Motors \u2013 Car Dealership & Classified Listings Plugin
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3829 (The WP Encryption \u2013 One Click Free SSL Certificate & SSL /
HTTPS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3718 (The ManageWP Worker plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3694 (The Bold Page Builder plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3607 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-3426 (The RTMKit Addons for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3425 (The RTMKit Addons for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3160 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-3074 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
@@ -431,17 +431,17 @@ CVE-2026-3074 (GitLab has remediated an issue in GitLab
CE/EE affecting all vers
CVE-2026-3073 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-3004 (The Snow Monkey Blocks plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-39806 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
TODO: check
CVE-2026-39803 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
TODO: check
CVE-2026-39459 (A vulnerability exists in iControl REST and the TMOS Shell
(tmsh) wher ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-39458 (When a BIG-IP DNS profile enabled with DNS cache is configured
on a vi ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-39455 (When the BIG-IP Configuration utility is configured to use
Lightweight ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-39428 (CubeCart is an ecommerce software solution. Prior to 6.6.0, a
Stored C ...)
TODO: check
CVE-2026-39358 (CubeCart is an ecommerce software solution. Prior to 6.6.0,
Authentica ...)
@@ -461,11 +461,11 @@ CVE-2026-36738 (U-SPEED AC1200 Gigabit Wi-Fi Router
(Model: T18-21K) V1.0 is vul
CVE-2026-35506 (ELECOM wireless LAN access point devices contain an OS command
injecti ...)
TODO: check
CVE-2026-35062 (An authenticated iControl SOAP user may be able to obtain
information ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-34176 (When running in Appliance mode, an authenticated remote
command inject ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-34019 (When Bidirectional Forwarding Detection (BFD) is configured in
Static ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-33585 (Improper management of the idle timeout parameterin the
Keycloak inter ...)
TODO: check
CVE-2026-33584 (Exposed Keycloak management service in the Arqit Symmetric
Key Agreem ...)
@@ -489,29 +489,29 @@ CVE-2026-32992 (SSL verification is disabled in the DNS
Cluster system. This cou
CVE-2026-32991 (Improper authorization checks of team members privileges allow
a team ...)
TODO: check
CVE-2026-32673 (A vulnerability exists in BIG-IP scripted monitors that may
allow an a ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-32643 (A vulnerability exists in BIG-IP and BIG-IQ systems where a
highly pri ...)
TODO: check
CVE-2026-31156 (A path injection vulnerability exists in OpenPLC v3
(2c82b0e79c53f8c1f ...)
TODO: check
CVE-2026-30906 (Untrusted search path in the installer for Zoom Rooms for
Windows befo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-30905 (External Control of File Name or Path in the Zoom Workplace
VDI Plugin ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-30904 (Protection Mechanism Failure in Zoom Workplace for iOS before
version ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-2900 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
TODO: check
CVE-2026-2695 (A command injection vulnerability was discoveredin TeamViewer
DEX Plat ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2026-2515 (The Hostinger Reach \u2013 AI-Powered Email Marketing for
WordPress pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29206 (Insufficient sanitization of SQL queries in the `sqloptimizer`
utility ...)
TODO: check
CVE-2026-29205 (Incorrect privileges management and insufficient path
filtering allow ...)
TODO: check
CVE-2026-28758 (When BIG-IP DNS is provisioned, a vulnerability exists in the
gtm_adda ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-28383 (A request to the Grafana plugin resources endpoint can cause
unbounded ...)
TODO: check
CVE-2026-28380 (Any Editor could delete any snapshot, even if they have no
access to r ...)
@@ -523,15 +523,15 @@ CVE-2026-28376 (The Grafana Live push endpoint can be
exploited to cause unbound
CVE-2026-28374 (Editors could delete any annotation, even those they do not
have read ...)
TODO: check
CVE-2026-25705 (A vulnerability has been identified in [Rancher's
Extensions](https:// ...)
- TODO: check
+ NOT-FOR-US: SUSE
CVE-2026-25107 (ELECOM wireless LAN access point devices use a hard-coded
cryptographi ...)
TODO: check
CVE-2026-24464 (When running in Appliance mode, a directory traversal
vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-22677 (Hermes WebUI prior to 0.51.44 - Release T contains a path
traversal vu ...)
TODO: check
CVE-2026-21821 (The HCL BigFix SCM Reporting site contains an outdated and
unsupported ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-20916 (An authenticated iControl REST user with low privileges can
create or ...)
TODO: check
CVE-2026-1659 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
@@ -543,57 +543,57 @@ CVE-2026-1322 (GitLab has remediated an issue in GitLab
CE/EE affecting all vers
CVE-2026-1184 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
TODO: check
CVE-2026-0265 (An authentication bypass vulnerability in Palo Alto Networks
PAN-OS\xa ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0264 (A buffer overflow vulnerability in the DNS proxy and DNS Server
featur ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0263 (A buffer overflow vulnerability in the IKEv2 processing of Palo
Alto N ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0262 (Multiple denial of service vulnerabilities in Palo Alto
Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0261 (Multiple command injection vulnerabilities in Palo Alto
Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0259 (An arbitrary File Read and Delete Vulnerability in Palo Alto
Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0258 (A server-side request forgery (SSRF) vulnerability in the IKEv2
implem ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0257 (Authentication bypass vulnerabilities in the GlobalProtect
portal and ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0256 (A stored cross-site scripting (XSS) vulnerability in Palo Alto
Network ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0251 (Multiple local privilege escalation vulnerabilities in the Palo
Alto N ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0250 (A buffer overflow vulnerability exists in the Palo Alto
Networks Globa ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0249 (Multiple improper certificate validation vulnerabilities in the
Palo A ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0248 (An improper certificate validation vulnerability in the Prisma
Access ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0247 (Multiple authorization bypass vulnerabilities in the Endpoint
DLP comp ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0246 (A vulnerability with a privilege management mechanism in the
Palo Alto ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0245 (Multiple information disclosure vulnerabilities in Prisma
Access Agent ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0244 (An improper certificate validation vulnerability in the Palo
Alto Netw ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0243 (A denial of service (DoS) vulnerability in Palo Alto Networks
Prisma S ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0242 (A SQL injection vulnerability in Trust Protection Foundation
allows an ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0241 (Incorrect Authorization vulnerabilities in Trust Protection
Foundation ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0240 (An information disclosure vulnerability in Trust Protection
Foundation ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0239 (An information disclosure vulnerability in the Chronosphere
Chronocoll ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0238 (A vulnerability in Palo Alto Networks Broker VM allows an
authenticate ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0237 (An improper protection of alternate path vulnerability in Palo
Alto Ne ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0236 (A code injection vulnerability in Palo Alto Networks Prisma\xae
Browse ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0235 (A race condition vulnerability in Palo Alto Networks Prisma\xae
Browse ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-32425 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
TODO: check
CVE-2025-29338 (NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from
v17.92.1.p149.43 To ...)
@@ -611,13 +611,13 @@ CVE-2025-27851 (The locally served web site on the Garmin
WDU (v1 1.4.6 and v2 5
CVE-2025-27850 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2
5.0) al ...)
TODO: check
CVE-2025-15345 (The MapGeo \u2013 Interactive Geo Maps plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14870 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2025-14869 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2025-14767 (The WPC Badge Management for WooCommerce plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13874 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2025-12669 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7322e774cc209fb2200ffa782a22798658f77faf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7322e774cc209fb2200ffa782a22798658f77faf
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
