Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e605ce4c by security tracker role at 2026-05-15T19:14:10+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
CVE-2026-8695 (radare2 6.1.5 contains a use-after-free vulnerability in the
gdbr_thre ...)
TODO: check
CVE-2026-8686 (Missing bounds validation in the MQTT v5.0 property parser in
coreMQTT ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-8425 (The Notify Odoo plugin for WordPress is vulnerable to
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8398 (A supply chain attack compromised the official installation
packages o ...)
TODO: check
CVE-2026-7563 (The Classified Listing \u2013 AI-Powered Classified ads &
Business Dir ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7182 (Diagram's export module is vulnerable to Path Traversal in src
attribu ...)
TODO: check
CVE-2026-7046 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin
for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6415 (The Advanced Custom Fields: Font Awesome plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6403 (The Quick Playground plugin for WordPress is vulnerable to Path
Traver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6228 (The Frontend Admin by DynamiApps plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5229 (The Form Notify plugin for WordPress is vulnerable to
Authentication B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4683 (The Smartcat Translator for WPML plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4054 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13,
11.4.x <= 1 ...)
TODO: check
CVE-2026-4053 (Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail
to enfo ...)
@@ -119,29 +119,29 @@ CVE-2026-42207 (Magento Long Term Support (LTS) is an
unofficial, community-driv
CVE-2026-42155 (Magento Long Term Support (LTS) is an unofficial,
community-driven pro ...)
TODO: check
CVE-2026-41971 (Permission control vulnerability in the security control
module.Impact ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41970 (Out-of-bounds write vulnerability in the distributed file
system modul ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41969 (Permission control vulnerability in the projection
module.Impact: Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41968 (Permission control vulnerability in the manufacturability
design modul ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41967 (Permission control vulnerability in the manufacturability
design modul ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41966 (Permission control vulnerability in the smart sensing
service.Impact: ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41965 (Use-After-Free (UAF) vulnerability in the web.Impact:
Successful explo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41964 (Permission control vulnerability in the web.Impact: Successful
exploit ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41963 (Stack overflow vulnerability in the media platform.Impact:
Successful ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41962 (Permission control vulnerability in the app management and
control mod ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41961 (Permission control vulnerability in contacts.Impact:
Successful exploi ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41960 (Permission control vulnerability in calls.Impact: Successful
exploitat ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41553 (PDF Export Module used inDHTMLX'sproducts Gantt and Scheduler
is vulne ...)
TODO: check
CVE-2026-41552 (PDF Export Module used in DHTMLX's products Gantt and
Scheduler is vul ...)
@@ -169,7 +169,7 @@ CVE-2026-23695 (Cockpit CMS through version 2.14.0, patched
in commit 72a83fc, c
CVE-2025-67437 (Medical Management System
a81df1ce700a9662cb136b27af47f4cbde64156b is ...)
TODO: check
CVE-2025-14972 (* Countermeasures for DPA within SYMCRYPTO engine on
SixG301xxx devic ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2021-47968 (Podcast Generator 3.1 contains a persistent cross-site
scripting vulne ...)
TODO: check
CVE-2021-47967 (PHP Timeclock 1.04 contains multiple cross-site scripting
vulnerabilit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e605ce4c7fa134b88786e6c04ff9434b4f5eb56c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e605ce4c7fa134b88786e6c04ff9434b4f5eb56c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
