Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b3a3079 by security tracker role at 2026-05-29T07:14:12+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -255,7 +255,7 @@ CVE-2026-9873 (Use after free in Network in Google Chrome
prior to 148.0.7778.21
CVE-2026-9872 (Out of bounds write in GPU in Google Chrome on Android prior to
148.0. ...)
TODO: check
CVE-2026-9714 (The Simple Divi Shortcode plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9646 (A reflected cross-site scripting issue exists in URL handling.)
TODO: check
CVE-2026-9645 (Exposed methods allow authenticated users to create and execute
arbitr ...)
@@ -269,29 +269,29 @@ CVE-2026-9038 (A stack-based buffer overflow
vulnerability in the charging contr
CVE-2026-9037 (A firmware update mechanism in the affected charging controller
fails ...)
TODO: check
CVE-2026-8995 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image
Polls plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8809 (The Advanced Custom Fields: Extended plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8732 (The WP Maps Pro plugin for WordPress is vulnerable to Privilege
Escala ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8070 (Incorrect permission assignment for a critical resource in
Armoury Cra ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-7480 (An Incorrect Permission Assignment for Critical Resource
vulnerability ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-7430 (The Post Snippets plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6892 (Improper handling of symbolic links in the installer of CUPS
Printer D ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-6891 (Improper handling of symbolic links in the installer of My
Image Garde ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-6816 (An access bypass vulnerability in Drupal TFA Basic Plugins
allows user ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-6324 (A flaw was found in libsoup. A remote attacker could exploit an
unsign ...)
TODO: check
CVE-2026-6275 (The StatCounter \u2013 Free Real Time Visitor Stats plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5343 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-49299 (In OpenStack Neutron before 28.0.1, the tagging controller
enforces pl ...)
TODO: check
CVE-2026-49130 (Music Player Daemon (MPD) before version 0.24.11 contains a
CRLF injec ...)
@@ -313,27 +313,27 @@ CVE-2026-48116 (AnythingLLM is an application that turns
pieces of content into
CVE-2026-47713 (AnythingLLM is an application that turns pieces of content
into contex ...)
TODO: check
CVE-2026-46843 (Vulnerability in Oracle REST Data Services (component: Core).
Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46842 (Vulnerability in Oracle REST Data Services (component: Core).
Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46841 (Vulnerability in Oracle REST Data Services (component:
General). Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46840 (Vulnerability in Oracle REST Data Services (component:
Backend-as-a-Se ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46839 (Vulnerability in Oracle REST Data Services (component: Core).
Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46837 (Vulnerability in the Oracle Flow Manufacturing product of
Oracle E-Bus ...)
TODO: check
CVE-2026-46835 (Vulnerability in the Net Service component of Oracle Database
Server. ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46834 (Vulnerability in the Net Service component of Oracle Database
Server. ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46833 (Vulnerability in the Net Service component of Oracle Database
Server. ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46830 (Vulnerability in Oracle REST Data Services (component:
Mongoapi). Sup ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46829 (Vulnerability in Oracle REST Data Services (component:
Mongoapi). Sup ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46828 (Vulnerability in the Oracle Payroll product of Oracle
E-Business Suite ...)
TODO: check
CVE-2026-46827 (Vulnerability in the Oracle Payroll product of Oracle
E-Business Suite ...)
@@ -341,7 +341,7 @@ CVE-2026-46827 (Vulnerability in the Oracle Payroll product
of Oracle E-Business
CVE-2026-46826 (Vulnerability in the Oracle Payroll product of Oracle
E-Business Suite ...)
TODO: check
CVE-2026-46824 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46823 (Vulnerability in the Oracle Public Sector Financials
(International) p ...)
TODO: check
CVE-2026-46822 (Vulnerability in the Oracle iAssets product of Oracle
E-Business Suite ...)
@@ -357,7 +357,7 @@ CVE-2026-46818 (Vulnerability in the Oracle Payments
product of Oracle E-Busines
CVE-2026-46817 (Vulnerability in the Oracle Payments product of Oracle
E-Business Suit ...)
TODO: check
CVE-2026-46775 (Vulnerability in Oracle REST Data Services (component: Core).
Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-45410 (TREK is a collaborative travel planner. Prior to 3.0.18, early
return ...)
TODO: check
CVE-2026-45403 (AnythingLLM is an application that turns pieces of content
into contex ...)
@@ -415,11 +415,11 @@ CVE-2026-41897 (Mantis Bug Tracker (MantisBT) is an open
source issue tracker. F
CVE-2026-39929 (Lakeside SysTrack Agent versions prior to 11.2.1.28,
11.3.0.38, 11.4.0 ...)
TODO: check
CVE-2026-35277 (Vulnerability in Oracle REST Data Services (component: Core).
Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-35266 (Vulnerability in Oracle REST Data Services (component: Core).
Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-34311 (Vulnerability in the Oracle Hospitality OPERA 5 Property
Services prod ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-33590 (Insecure default settings of Portainer CE grant regular
(non-admin) us ...)
TODO: check
CVE-2026-33464 (Uncontrolled Resource Consumption (CWE-400) in Kibana can lead
to a de ...)
@@ -431,7 +431,7 @@ CVE-2026-33462 (A path traversal vulnerability was
identified in Kibana's dashbo
CVE-2026-32847 (DeepCode through commit c991dc2 contains a path traversal
vulnerabilit ...)
TODO: check
CVE-2026-2128 (The Breeze plugin for WordPress is vulnerable to Exposure of
Sensitive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10044 (Usagi-org ai-goofish-monitor contains an unauthenticated
arbitrary fil ...)
TODO: check
CVE-2026-10028 (A flaw was found in glib-networking. A remote attacker can
exploit thi ...)
@@ -483,9 +483,9 @@ CVE-2026-10001 (Use after free in PerformanceManager in
Google Chrome prior to 1
CVE-2026-10000 (Use after free in Passwords in Google Chrome on Windows prior
to 148.0 ...)
TODO: check
CVE-2025-14042 (The Automotive Car Dealership Business WordPress Theme for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11993 (The WooCommerce Infinite Scroll and Ajax Pagination plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-48756
- incus 7.0.0-2
[trixie] - incus <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3a30796cad7b5569d83df1f3cbcacc64e71cc4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3a30796cad7b5569d83df1f3cbcacc64e71cc4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
