Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4af48bc9 by security tracker role at 2026-05-27T19:14:50+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,79 +1,79 @@
CVE-2026-9712 (When creating an export through the pretix API, API clients are
retur ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-9704 (A flaw was found in Keycloak. An authenticated user with low
privilege ...)
TODO: check
CVE-2026-9689 (A flaw was found in Keycloak, an open-source identity and
access manag ...)
TODO: check
CVE-2026-9674 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Multijob ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-9617 (PostgreSQL Anonymizer contains a vulnerability that allows a
user to g ...)
TODO: check
CVE-2026-9035 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix
Pack 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8942 (The MetaMagic SEO Plugin plugin for WordPress is vulnerable to
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8906 (The WP Promoter plugin for WordPress is vulnerable to
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8832 (The WPCode - Insert Headers and Footers + Custom Code Snippets
- WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8716 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-8405 (IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on
feature of G ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8180 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix
Pack 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8179 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix
Pack 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8175 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix
Pack 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8143 (The HBook plugin for WordPress is vulnerable to Stored
Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8054 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2026-8042 (The Github Shortcode plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7876 (IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7618 (The Env\xedaloSimple: Email Marketing y Newsletters plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7528 (IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of
service d ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7524 (IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code
execution ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7365 (IBM Operations Analytics - Log Analysis and IBM SmartCloud
Analytics - ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7254 (IBM OPENBMC FW1110.00 through FW1110.11is vulnerable to denial
of serv ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-6957 (Mattermost Plugins versions <=1.1.5 fail to sanitize filenames
receive ...)
TODO: check
CVE-2026-6938 (IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization
bypass wh ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-6936 (IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a
denial-of-service attac ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-6713 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-6169 (The affiliate-toolkit plugin for WordPress is vulnerable to
remote cod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6053 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-6052 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-6051 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-5516 (IBM WebSphere Application Server - Liberty 22.0.0.11 through
26.0.0.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-5515 (IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores
potentiall ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-5509 (An authenticated command injection vulnerability exists in the
Archer ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-5296 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
TODO: check
CVE-2026-5065 (IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains
hard-coded ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-4868 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
TODO: check
CVE-2026-4410 (IBM WebSphere Application Server - Liberty 19.0.0.7 through
26.0.0.5 a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-4392 (A vulnerability was detected in TeamSpeak 3 Server up to
3.13.7. This ...)
TODO: check
CVE-2026-4391 (A security vulnerability has been detected in TeamSpeak 3
Server up to ...)
@@ -85,63 +85,63 @@ CVE-2026-49103 (Webmin before 2.640 does not safely
construct a filename for sav
CVE-2026-49102 (Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG
documen ...)
TODO: check
CVE-2026-49059 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49054 (Missing Authorization vulnerability in Mamunur Rashid The Post
Grid al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49053 (Missing Authorization vulnerability in Wpmet ElementsKit
Elementor add ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49052 (Missing Authorization vulnerability in Wpmet ElementsKit
Elementor add ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49051 (Missing Authorization vulnerability in Prasad Kirpekar WP Meta
and Dat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49047 (Missing Authorization vulnerability in DearHive DearFlip
allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49046 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49045 (Missing Authorization vulnerability in WP Media Adminimize
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49044 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49002 (Access control failure means that an application does not
effectively ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-49001 (Cross-site request forgery (CSRF) vulnerabilities allow
attackers to e ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-48973 (Missing Authorization vulnerability in Benbodhi SVG Support
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48972 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48971 (Missing Authorization vulnerability in WebToffee Product
Import Export ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48968 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48927 (Jenkins buildgraph-view Plugin 1.8 and earlier does not escape
the bui ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48926 (Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does
not per ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48925 (A cross-site request forgery (CSRF) vulnerability in Jenkins
GitHub In ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48924 (Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not
restrict the ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48923 (Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a
permiss ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48922 (Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and
earlier does ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48921 (Jenkins Pipeline: Groovy Libraries Plugin
797.v90ea_a_9b_e45a_0 and ea ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48920 (Jenkins Email Extension Plugin 1933.v45cec755423f and earlier
allows i ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48919 (Jenkins Active Directory Plugin 2.41 and earlier deserializes
data fro ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48918 (Jenkins Active Directory Plugin 2.41 and earlier follows LDAP
referral ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48917 (Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes
data fr ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48916 (Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP
referra ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48906 (The vulnerability in the Tassos Framework Plugin allows users
to delet ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48877 (Insertion of Sensitive Information Into Sent Data
vulnerability in Tom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48545 (Gradio before version 6.15.0 contains a cookie injection
vulnerability ...)
TODO: check
CVE-2026-48544 (Taipy 4.1.1, fixed in commit 129fd40, contains a path
traversal vulner ...)
@@ -197,7 +197,7 @@ CVE-2026-45570 (go-git is an extensible git implementation
library written in pu
CVE-2026-45548 (Budibase is an open-source low-code platform. Prior to 3.34.8,
the pro ...)
TODO: check
CVE-2026-45335 (WeGIA is a web manager for charitable institutions. Prior to
3.7.3, an ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-45090 (Dalfox is a powerful open-source XSS scanner and utility
focused on au ...)
TODO: check
CVE-2026-45089 (Dalfox is a powerful open-source XSS scanner and utility
focused on au ...)
@@ -215,7 +215,7 @@ CVE-2026-45047 (bird-lg-go is a BIRD looking glass in Go.
Prior to 1.4.5, the ap
CVE-2026-45046 (Gryph provides a security layer for AI coding agents. Prior to
0.7.0, ...)
TODO: check
CVE-2026-45027 (WeGIA is a web manager for charitable institutions. In
versions prior ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-45022 (go-git is an extensible git implementation library written in
pure Go. ...)
TODO: check
CVE-2026-44988 (LibVNCClient is a library for easy implementation of a VNC
client. In ...)
@@ -293,73 +293,73 @@ CVE-2026-42790 (Improper Certificate Validation
vulnerability in Erlang OTP publ
CVE-2026-42789 (Improper Following of a Certificate's Chain of Trust
vulnerability in ...)
TODO: check
CVE-2026-42762 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42761 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42760 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42759 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42758 (Incorrect Privilege Assignment vulnerability in Saleswonder
Team: Tobi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42757 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42756 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42755 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42754 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42753 (Missing Authorization vulnerability in WC Lovers WCFM
Membership wc-mu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42751 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42750 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42749 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42748 (Unrestricted Upload of File with Dangerous Type vulnerability
in WPify ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42747 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42746 (Insertion of Sensitive Information Into Sent Data
vulnerability in ZAY ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42745 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42744 (Improper Validation of Specified Quantity in Input
vulnerability in Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42740 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42739 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42738 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42737 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42736 (Authorization Bypass Through User-Controlled Key vulnerability
in word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42735 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42734 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42733 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42732 (Improper Validation of Specified Quantity in Input
vulnerability in Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42731 (Incorrect Privilege Assignment vulnerability in miniOrange
miniorange ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42730 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42729 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42728 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42727 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42726 (Missing Authorization vulnerability in Strategy11 Team AWP
Classifieds ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42725 (Authorization Bypass Through User-Controlled Key vulnerability
in WP W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42553 (Cinny is a Matrix client. Prior to 4.10.3, A remote
authenticated atta ...)
TODO: check
CVE-2026-42459 (free5GC is an open-source implementation of the 5G core
network. Prior ...)
@@ -465,27 +465,27 @@ CVE-2026-40811 (An unauthenticated remote attacker can
exploit an unauthenticate
CVE-2026-40810 (An unauthenticated remote attacker can exploit an
unauthenticated SQL ...)
TODO: check
CVE-2026-3897 (The Livemesh Addons for Beaver Builder plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3896 (The Livemesh SiteOrigin Widgets plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3895 (The WPBakery Page Builder Addons by Livemesh plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3676 (IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced
Private ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3623 (IBM Netezza Performance Server Replication Services 3.0.2.0
through 3. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3375 (The LiteSpeed Cache plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3366 (IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1,
1.0.0.2, 1. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3349 (The MinhNhut Link Gateway plugin for WordPress is vulnerable to
Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3348 (The MinhNhut Link Gateway plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3279 (The Enable jQuery Migrate Helper plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3001 (The Gutenverse plugin for WordPress is vulnerable to Reflected
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-38945 (Command injection in Raynet rvia version 12.6 Update 8 and
previous ve ...)
TODO: check
CVE-2026-38931 (A stored cross-site scripting (XSS) vulnerability in the
/admin/config ...)
@@ -529,25 +529,25 @@ CVE-2026-31266 (Craft CMS 5.9.5 and earlier contains a
Missing Authorization vul
CVE-2026-30498 (A Cross-Site Request Forgery (CSRF) vulnerability was
discovered in th ...)
TODO: check
CVE-2026-2607 (IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0,
v3.4.1, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-2601 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
TODO: check
CVE-2026-2288 (The myLinksDump plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2280 (The rexCrawler plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2237 (A use of get request method with sensitive query strings
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2026-2030 (The WPBakery Page Builder Addons by Livemesh plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-23679 (libusb before version 1.0.30 contains a NULL pointer
dereference vulne ...)
TODO: check
CVE-2026-1718 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1402 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
TODO: check
CVE-2026-1248 (IBM Business Automation Workflow containers and traditionalmay
leak in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-70116 (A NULL pointer dereference in GPAC MP4Box: when parsing
certain trunca ...)
TODO: check
CVE-2025-70103 (Heap buffer overflow vulnerability in libjxl 0.12.0 via
crafted PBM im ...)
@@ -559,57 +559,57 @@ CVE-2025-68712 (SpSoft AppLock (com.sp.protector.free)
7.9.40 for Android allows
CVE-2025-67903 (Northern.tech Mender Client 5 before 5.0.4 allows a
Cryptographic sign ...)
TODO: check
CVE-2025-66593 (An origin validation error vulnerability in Synology Assistant
before ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-66592 (An origin validation error vulnerability in Synology Active
Backup for ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-52747 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-41670 (A local user with low privileges may be able to influence the
behavior ...)
TODO: check
CVE-2025-41669 (The Web-based Management allows a remote low privileged
Engineer user ...)
TODO: check
CVE-2025-3633 (IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM
Cognos T ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-30028 (A vulnerability in Active Backup for Business allows
unauthorized remo ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-22741 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14713 (An Exposed Dangerous Method or Function vulnerability in
Synology C2 I ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-13593 (Origin validation error vulnerability in Synology
ActiveProtect Agent ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-13392 (Improper check for unusual or exceptional conditions
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-13167 (Improper neutralization of input during web page generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-12686 (Buffer copy without checking size of input ('Classic Buffer
Overflow') ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-10466 (Improper neutralization of input during web page generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-0898 (The Xpro Elementor Addons - Pro plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56462 (IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could
allow a priv ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-47272 (Incorrect authorization vulnerability in IO Module
functionality in Sy ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47271 (Insufficiently protected credentials vulnerability in
IPSpeaker compon ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47270 (Improper preservation of permissions vulnerability in
Archiving Push f ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47269 (Cleartext transmission of sensitive information vulnerability
in Expor ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47268 (Missing authorization vulnerability in AddOns functionality in
Synolog ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47267 (Improper limitation of a pathname to a restricted directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-40684 (IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1,
1.3.5.2, 1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-28765 (IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory
Integrator ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-11399 (Files or directories accessible to external parties
vulnerability in r ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2023-52945 (Uncontrolled search path element vulnerability in OpenSSL DLL
componen ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2026-48736
- symfony 7.4.13+dfsg-1
NOTE:
https://symfony.com/blog/cve-2026-48736-iputils-private-subnets-omits-ipv6-transition-forms-ssrf-bypass-in-noprivatenetworkhttpclient
@@ -388345,7 +388345,7 @@ CVE-2022-41661 (A vulnerability has been identified
in JT2Go (All versions < V1
CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions <
V14.1.0. ...)
NOT-FOR-US: Siemens
CVE-2022-41656 (Missing Authorization vulnerability in Bizswoop Account
Manager for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-41655 (Auth. (subscriber+) Sensitive Data Exposure vulnerability in
Phone Ord ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41650 (Missing Authorization vulnerability in Paul Custom Content by
Country ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af48bc9f5fa3e09c920cd923629e546b600cd36
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af48bc9f5fa3e09c920cd923629e546b600cd36
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
