Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f29f9502 by Salvatore Bonaccorso at 2026-05-22T09:38:00+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -63,33 +63,33 @@ CVE-2026-8237 (Concrete CMS 9.5.0 and below is vulnerable
to IDOR.The `/ccm/fron
CVE-2026-8236 (Concrete CMS 9.5.0 and below is vulnerable to IDOR combined
with a mis ...)
NOT-FOR-US: Concrete CMS
CVE-2026-8205 (Concrete CMS 9.5.0 and below is vulnerable to authorization
bypass in ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8204 (Concrete CMS 9.5.0 and below is vulnerable to authorization
Bypass in ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8203 (Concrete CMS 9.5.0 and below has Stored XSS on the height
parameter.Th ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8197 (Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via
OAuth int ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8140 (Concrete CMS 9.5.0 and below does not validate a CSRF token
before pro ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8139 (Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via
external- ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8135 (Concrete CMS 9.5.0 and below is vulnerable to Remote Code
Execution d ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8134 (Concrete CMS 9.5.0 and below fails to sanitize path traversal
sequence ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7890 (In Concrete CMS 9.5.0 and below, the RSS Displayer block
accepts a fee ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7887 (For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code
Handler ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7886 (Concrete CMS 9.5.0 and below is vulnerable toIDOR in
AddMessage/Update ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7882 (Concrete CMS 9.5.0 and below is vulnerable to unauthorized
file delet ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7881 (Concrete CMS 9.5.0 and below is subject toInsecure Direct
Object Refer ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7879 (In Concrete CMS 9.5.0 and below, the submit_password() method
in concr ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7509 (The KIA Subtitle plugin for WordPress is vulnerable to Stored
Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2026-7249 (The Location Weather plugin for WordPress is vulnerable to
unauthorize ...)
@@ -99,7 +99,7 @@ CVE-2026-6960 (The BookingPress Pro plugin for WordPress is
vulnerable to arbitr
CVE-2026-6864 (The CBX 5 Star Rating & Review plugin for WordPress is
vulnerable to R ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6826 (Concrete CMS 9.5.0 and below is vulnerable tounauthenticated
file usag ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-5297
REJECTED
CVE-2026-4929 (Simple Hierarchical Select (SHS) for Drupal 7 contains
cross-site scri ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f29f950211b896669dc60d01b05f390ec454224e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f29f950211b896669dc60d01b05f390ec454224e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
