Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54ac944e by security tracker role at 2026-05-27T07:14:05+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,21 +13,21 @@ CVE-2026-9609 (A vulnerability was identified in QianFox
FoxCMS up to 1.2.6. Thi
CVE-2026-9608 (A vulnerability was determined in QianFox FoxCMS up to 1.2.6.
The impa ...)
TODO: check
CVE-2026-9607 (A vulnerability was found in itsourcecode Courier Management
System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-9606 (A vulnerability has been found in itsourcecode Courier
Management Syst ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-9605 (A flaw has been found in GNU libredwg up to 0.13.4.8160. This
issue af ...)
TODO: check
CVE-2026-9604 (A vulnerability was detected in JeecgBoot up to 3.9.1. This
vulnerabil ...)
TODO: check
CVE-2026-9603 (A security vulnerability has been detected in SourceCodester
eDoc Doct ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-9584 (A security vulnerability has been detected in code-projects
Project Ma ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-9583 (A weakness has been identified in SourceCodester CET Automated
Grading ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-9582 (A security flaw has been discovered in SourceCodester CET
Automated Gr ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-9581 (A vulnerability was identified in JeecgBoot up to 3.9.1. The
impacted ...)
TODO: check
CVE-2026-9580 (A vulnerability was determined in JeecgBoot up to 3.9.1. The
affected ...)
@@ -35,133 +35,133 @@ CVE-2026-9580 (A vulnerability was determined in
JeecgBoot up to 3.9.1. The affe
CVE-2026-9579 (A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is
the fu ...)
TODO: check
CVE-2026-9575 (A vulnerability has been found in itsourcecode Student
Transcript Proc ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-9574 (A flaw has been found in itsourcecode Student Transcript
Processing Sy ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-9573 (A vulnerability was detected in itsourcecode Student Transcript
Proces ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-9312 (A server-side request forgery (SSRF) vulnerability was
identified in G ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-9236 (The CM Ad Changer \u2013 A simple tool to control and optimize
your si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9207 (Tanium addressed an unauthorized code execution vulnerability
in Conne ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2026-9200 (The Query Shortcode plugin for WordPress is vulnerable to Local
File I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9156 (Tanium addressed a denial of service vulnerability in Tanium
Server.)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2026-9022 (The Splide Carousel Block plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9014 (The WP Promoter plugin for WordPress is vulnerable to
unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8994 (The Login with NEAR plugin for WordPress is vulnerable to
Authenticati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8943 (The GoStats for WordPress plugin for WordPress is vulnerable to
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8941 (The CDN Linker lite plugin for WordPress is vulnerable to
Cross-Site R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8939 (The Search Simple Fields plugin for WordPress is vulnerable to
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8938 (The auto making JSON-LD plugin for WordPress is vulnerable to
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8911 (The WP AutoBuzz plugin for WordPress is vulnerable to
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8903 (The Two-factor authentication (formerly IP Vault) plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8899 (The Auto Thumbnail plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8898 (The Events In City plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8897 (The Shortcode Buddy plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8894 (The iWR Tooltip plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8891 (The BitForm plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8887 (The Listen Shortcode plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8886 (The hk_shortcode plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8884 (The Instant-Quote.co Quotation Page plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8877 (The Responsive Video Embedder plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8875 (The Easy Prism Syntax Highlighter plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8873 (The Content Slideshow plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8872 (The Animate Your Content plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8871 (The Formidable Kinetic plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8870 (The Team Master \u2013 A Modern WordPress Team Showcase plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8869 (The Mutual Funds Data plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8868 (The Single Mailchimp plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8867 (The Post Category Gallery plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8866 (The jQuery googleslides plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8847 (The Dideo plugin for WordPress is vulnerable to Stored
Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8846 (The Tuxquote plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8845 (The Islamic Database plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8844 (The Responsive Check plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8842 (The Google+ Link Name plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8837 (The WP Iframe Geo Style for Amazon affiliates plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8787 (The Firebase Support & Chat Management plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8760 (The Login with OTP plugin for WordPress is vulnerable to
authenticatio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8708 (The Genzel breadcrumbs plugin for WordPress is vulnerable to
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8707 (The NS Product icon badge plugin for WordPress is vulnerable to
Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8703 (The Endless Scroll plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8702 (The GBI To Print plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8701 (The GNTT Post Title Ticker plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8698 (The Cryptocurrency Prijsvergelijking Widget plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8680
REJECTED
CVE-2026-8676 (An attacker is able to downgrade the security of a Bluetooth LE
connec ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-8606 (A Server-Side Request Forgery (SSRF) vulnerability was
identified in G ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-8453
REJECTED
CVE-2026-8048 (The My Email Shortcode plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8040 (The faq shortocde plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7614 (The Old Posts Highlighter plugin for WordPress is vulnerable to
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7493 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6565 (The Style Kits \u2013 Advanced Theme Styles for Elementor,
Elementor K ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6287 (The ShopLentor - WooCommerce Builder for Elementor & Gutenberg
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6268 (The EventPress WordPress theme before 22.2 does not sanitize or
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49017 (In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware
enters a ...)
TODO: check
CVE-2026-49014 (In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the
netCDF ...)
TODO: check
CVE-2026-49000 (An insecure password scheme refers to vulnerabilities arising
from imp ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-48999 (Attackers carefully craft malicious scripts, such as
JavaScript, and i ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-48593 (Uncontrolled Resource Consumption vulnerability in oban-bg
oban_web (' ...)
TODO: check
CVE-2026-48592 (Missing Authorization vulnerability in oban-bg oban_web
('Elixir.Oban. ...)
@@ -247,19 +247,19 @@ CVE-2026-42335 (MaxKB is an open-source AI assistant for
enterprise. Prior to 2.
CVE-2026-36239 (PbootCMS v.3.2.11 contains a code injection vulnerability in
its site ...)
TODO: check
CVE-2026-2255 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2026-2254 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2026-2253 (Hitachi Vantara Pentaho Data Integration & Analytics versions
before 1 ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2026-27331 (Missing Authorization vulnerability in Magepeople inc.
WpTravelly allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25444 (Missing Authorization vulnerability in Magepeople inc.
WpBookingly all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25426 (Missing Authorization vulnerability in Magepeople inc. Taxi
Booking Ma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24520 (Missing Authorization vulnerability in bPlugins Tiktok Feed
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68711 (AppLockZ App Lock and Fingerprint Lock
(applock.passwordfingerprint.ap ...)
TODO: check
CVE-2025-68710 (Easyelife App lock (aka Fingerprint,Applock or
locker.app.safe.applock ...)
@@ -269,23 +269,23 @@ CVE-2025-68709 (SailingLab AppLock (aka
com.alpha.applock) 4.3.8 for Android all
CVE-2025-68708 (SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android
allows a ...)
TODO: check
CVE-2025-46307 (A logic issue was addressed with improved restrictions. This
issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46284 (A race condition was addressed with additional validation.
This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46280 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43451 (A permissions issue was addressed by removing the vulnerable
code. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43306 (A logic issue was addressed with improved checks. This issue
is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43290 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43289 (A logic issue was addressed with improved validation. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-14481 (The Yoast SEO plugin for WordPress is vulnerable to Insecure
Direct Ob ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14361 (Missing Authorization vulnerability in AA-Team Woocommerce
Envato Affi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-46644 [insecure equivalence in symfony/polyfill-intl-idn for
ASCII-only xn-- labels]
- php-symfony-polyfill <unfixed>
[bookworm] - php-symfony-polyfill <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ac944e53696e0676064be9b01ec6cf5d6da984
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ac944e53696e0676064be9b01ec6cf5d6da984
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
