Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cacb730e by security tracker role at 2026-05-14T19:14:20+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,19 +9,19 @@ CVE-2026-7805
CVE-2026-6923 (A side-channel attack, which requires a physical presence to
the TPM, ...)
TODO: check
CVE-2026-6514 (The InfusedWoo Pro plugin for WordPress is vulnerable to
Arbitrary Fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6512 (The InfusedWoo Pro plugin for WordPress is vulnerable to
authorization ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6504 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6332 (CWE-312: Cleartext Storage of Sensitive Information
vulnerability exis ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-6206 (The MW WP Form plugin for WordPress is vulnerable to
Information Expos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6174 (The CC Child Pages plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6145 (The User Registration & Membership plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6008 (Authorization bypass through User-Controlled key vulnerability
in Im P ...)
TODO: check
CVE-2026-5798 (Unsafe object reference (IDOR) in Stel Order v3.25.1 and
earlier versi ...)
@@ -29,11 +29,11 @@ CVE-2026-5798 (Unsafe object reference (IDOR) in Stel Order
v3.25.1 and earlier
CVE-2026-5790 (Stored Cross-Site Scripting (XSS) in Stel Order v3.25.1 and
earlier, l ...)
TODO: check
CVE-2026-4031 (The Database Backup for WordPress plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4030 (The Database Backup for WordPress plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4029 (The Database Backup for WordPress plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-46470 (An issue was discovered in GStreamer gst-plugins-good before
1.28.2. W ...)
TODO: check
CVE-2026-46469 (An issue was discovered in GStreamer gst-plugins-good before
1.28.2. W ...)
@@ -113,7 +113,7 @@ CVE-2026-44216 (Wasmtime is a runtime for WebAssembly. From
30.0.0 to 36.0.8, 43
CVE-2026-43644 (podinfo through 6.11.2 contains a reflected cross-site
scripting vulne ...)
TODO: check
CVE-2026-42897 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-42881 (STIGQter is an open-source reimplementation of DISA's STIG
Viewer. Fro ...)
TODO: check
CVE-2026-42598 (Pode is a Cross-Platform PowerShell web framework for creating
REST AP ...)
@@ -165,7 +165,7 @@ CVE-2026-41932 (Vvveb before 1.0.8.3 contains a stored
cross-site scripting vuln
CVE-2026-41888 (Distribution is a toolkit to pack, ship, store, and deliver
container ...)
TODO: check
CVE-2026-41615 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41315 (mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4,
mdserver- ...)
TODO: check
CVE-2026-40893 (Gotenberg is a Docker-powered stateless API for PDF files.
Prior to 8. ...)
@@ -177,7 +177,7 @@ CVE-2026-2347 (Authorization bypass through User-Controlled
key vulnerability in
CVE-2026-27886 (Strapi is an open source headless content management system.
Strapi ve ...)
TODO: check
CVE-2026-27680 (Due to improper input handling under certain conditions, SAP
NetWeaver ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-24712 (Northern.tech CFEngine Enterprise and Community before 3.21.8,
3.24.3, ...)
TODO: check
CVE-2026-24711 (Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and
3.27.0 ha ...)
@@ -195,13 +195,13 @@ CVE-2026-22599 (Strapi is an open source headless content
management system. In
CVE-2026-21730 (Verba is affected by a Stored Cross-Site Scripting (XSS)
vulnerability ...)
TODO: check
CVE-2026-20224 (A vulnerability in the web UI of Cisco Catalyst SD-WAN
Manager, former ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20210 (A vulnerability in the web UI of Cisco Catalyst SD-WAN
Manager, former ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20209 (A vulnerability in the web UI of Cisco Catalyst SD-WAN
Manager, former ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20182 (May 2026: This security advisory provides the details and fix
informat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-1630 (WEBCON BPS is vulnerable to Reflected XSS via one of parameters
used b ...)
TODO: check
CVE-2025-69443 (Remote Code Execution in coleam00 Archon 0.1.0. A crafted HTML
page, w ...)
@@ -219,23 +219,23 @@ CVE-2025-62625 (Improper privilege management in the KVM
key download component
CVE-2025-62619 (Missing authentication in the KVM key download endpoint could
allow an ...)
TODO: check
CVE-2025-62317 (HCL AION is affected by a vulnerability where sensitive
information ma ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-62316 (HCL AION is affected by a vulnerability where certain
security-related ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-62313 (HCL AION is affected by a vulnerability where adequate
protections aga ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-62312 (HCL AION is affected by a vulnerability where basic
authorization toke ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-62311 (HCL AION is affected by a vulnerability where backend service
details ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-62310 (HCL AION is affected by a vulnerability where encryption is
not enforc ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-62309 (HCL AION is affected by a vulnerability where auto-complete
functional ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-62308 (HCL AION is affected by a vulnerability where sensitive
backend infras ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-62305 (HCL AION is affected by a vulnerability where certain
operations may t ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-15025 (Authorization bypass through User-Controlled key vulnerability
in Yord ...)
TODO: check
CVE-2025-15024 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cacb730e3fb201709b5a07c4d6ca4e08557cf979
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cacb730e3fb201709b5a07c4d6ca4e08557cf979
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
