[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Fri, 22 May 2026 00:13:44 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
89d5af11 by security tracker role at 2026-05-22T07:13:28+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2026-9264 (A cross-site scripting (XSS) vulnerability in SketchUp 2026's 
Dynamic  ...)
        TODO: check
 CVE-2026-9104 (The Draft List plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9054 (An attacker sending tcp, il, rudp, rudp, or gre packets with a 
length  ...)
        TODO: check
 CVE-2026-9053 (Mothra would respect a default value given by a website for 
HTML file  ...)
        TODO: check
 CVE-2026-9018 (The Easy Elements for Elementor \u2013 Addons & Website 
Templates plug ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8435 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
        TODO: check
 CVE-2026-8434 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request 
Forger ...)
@@ -91,27 +91,27 @@ CVE-2026-7881 (Concrete CMS 9.5.0 and below is subject 
toInsecure Direct Object
 CVE-2026-7879 (In Concrete CMS 9.5.0 and below, the submit_password() method 
in concr ...)
        TODO: check
 CVE-2026-7509 (The KIA Subtitle plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7249 (The Location Weather plugin for WordPress is vulnerable to 
unauthorize ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6960 (The BookingPress Pro plugin for WordPress is vulnerable to 
arbitrary f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6864 (The CBX 5 Star Rating & Review plugin for WordPress is 
vulnerable to R ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6826 (Concrete CMS 9.5.0 and below is vulnerable tounauthenticated 
file usag ...)
        TODO: check
 CVE-2026-5297
        REJECTED
 CVE-2026-4929 (Simple Hierarchical Select (SHS) for Drupal 7 contains 
cross-site scri ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-4843 (The GSheet For Woo Importer plugin for WordPress is vulnerable 
to unau ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4834 (The WP ERP Pro plugin for WordPress is vulnerable to SQL 
Injection via ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4093 (In the Drupal 7 Term Reference Tree module, two stored XSS 
vectors exi ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-4070 (The Alfie \u2013 Feed Plugin plugin for WordPress is vulnerable 
to Cro ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-47114 (IINA before 1.4.3 contains a user-assisted command execution 
vulnerabi ...)
        TODO: check
 CVE-2026-47102 (LiteLLM prior to 1.83.10 allows a user to modify their own 
user_role v ...)
@@ -125,11 +125,11 @@ CVE-2026-46597 (An incorrectly placed cast from bytes to 
int allowed for server-
 CVE-2026-46595 (Previously, CVE-2024-45337 fixed an authorization bypass for 
misused s ...)
        TODO: check
 CVE-2026-44409 (There is an an information disclosure vulnerability in ZTE 
MU5250. Due ...)
-       TODO: check
+       NOT-FOR-US: ZTE
 CVE-2026-42508 (Previously, a revoked 'SignatureKey' belonging to a CA was not 
correct ...)
        TODO: check
 CVE-2026-3481 (The WP Blockade plugin for WordPress is vulnerable to Reflected 
Cross- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-39835 (SSH servers which use CertChecker as a public key callback 
without set ...)
        TODO: check
 CVE-2026-39834 (When writing data larger than 4GB in a single Write call on an 
SSH cha ...)
@@ -159,7 +159,7 @@ CVE-2026-34908 (A malicious actor with access to the 
network could exploit an Im
 CVE-2026-33000 (A malicious actor with access to the network and high 
privileges could ...)
        TODO: check
 CVE-2026-2518 (The FastX theme for WordPress is vulnerable to unauthorized 
limited pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-22678 (Webmin before 2.641 contains a stored cross-site scripting 
vulnerabili ...)
        TODO: check
 CVE-2026-5091 (Catalyst::Plugin::Authentication versions through 0.10024 for 
Perl  is ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d5af1157993fed7495d3120a1a751ca9608ade

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d5af1157993fed7495d3120a1a751ca9608ade
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to