Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3eb378ac by security tracker role at 2026-05-29T19:16:30+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,13 +15,13 @@ CVE-2026-9509 (An unhandled exception in Suprema BioStar 2
(Server), versions 2.
CVE-2026-9508 (Incorrect permission settings on a critical resource in Suprema
BioSta ...)
TODO: check
CVE-2026-9243 (The Plus Addons for Elementor plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9194
REJECTED
CVE-2026-9189 (The Contact Form 7 \u2013 PayPal & Stripe Add-on plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9051 (There is an authentication bypass vulnerability in the NI
SystemLink E ...)
- TODO: check
+ NOT-FOR-US: National Instruments
CVE-2026-8326 (Path traversal vulnerability in Remote Spark
(https://www.Remotespark. ...)
TODO: check
CVE-2026-7786 (Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to
Wi-Fi/Et ...)
@@ -29,7 +29,7 @@ CVE-2026-7786 (Jinan USR IOT Technology Limited (PUSR)
USR-W610 RS232/485 to Wi-
CVE-2026-6824 (A stored cross-site scripting (XSS) vulnerability exists in
certain 1x ...)
TODO: check
CVE-2026-6075 (The Media Library Assistant plugin for WordPress is vulnerable
to Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5768 (The Frontier X2 device allows unauthenticated BLE read/write
access to ...)
TODO: check
CVE-2026-5386 (The affectedKMW CCTV Security Cameras arevulnerable to a
critical unau ...)
@@ -37,45 +37,45 @@ CVE-2026-5386 (The affectedKMW CCTV Security Cameras
arevulnerable to a critical
CVE-2026-4776 (An SQL injection vulnerability exists in Mautic's API contact
filterin ...)
TODO: check
CVE-2026-4290 (The WP Travel Pro plugin for WordPress is vulnerable to
arbitrary user ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49386 (In JetBrains YouTrack before 2026.1.13570 improper access
control allo ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49385 (In JetBrains YouTrack before 2026.1.13570 improper access
control allo ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49384 (In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter
notebook Ma ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49383 (In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI
Designer form p ...)
TODO: check
CVE-2026-49382 (In JetBrains IntelliJ IDEA before 2026.1 code execution was
possible v ...)
TODO: check
CVE-2026-49381 (In JetBrains TeamCity before 2026.1 stored XSS on the SAML
login page ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49380 (In JetBrains TeamCity before 2026.1 open redirect in the SAML
plugin w ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49379 (In JetBrains TeamCity before 2026.1 credentials could be
exposed in th ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49378 (In JetBrains TeamCity before 2026.1 credentials parameters
were expose ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49377 (In JetBrains TeamCity before 2025.11.2 exposure of sensitive
data via ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49376 (In JetBrains TeamCity before 2026.1 insufficient username
validation i ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49375 (In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS
was poss ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49374 (In JetBrains TeamCity before 2026.1 improper permission checks
exposed ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49373 (In JetBrains TeamCity before 2026.1 remote code execution was
possible ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49372 (In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated
SSRF vi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49371 (In JetBrains TeamCity before 2026.1.1 reflected XSS in the
keyword fil ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49370 (In JetBrains YouTrack before 2026.1.13162 information
disclosure was p ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49369 (In JetBrains YouTrack before 2026.1.13162 information
disclosure was p ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49368 (In JetBrains YouTrack before 2026.1.13162 stored XSS in
project notifi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-49367 (In JetBrains IntelliJ IDEA before 2026.1.1 command execution
was possi ...)
TODO: check
CVE-2026-49366 (In JetBrains IntelliJ IDEA before 2026.1.1 command injection
was possi ...)
@@ -249,31 +249,31 @@ CVE-2026-40510 (OpenSC before 0.27.0-rc1, fixed in commit
3f24f0b, contains a st
CVE-2026-40425 (The administrator account for the Danelec MacGregor Voyage
Data Recor ...)
TODO: check
CVE-2026-3655 (The OTP Login With Phone Number, OTP Verification plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-39292 (Falco Solutions PHPPageBuilder v0.31.0 contains an
unrestricted file u ...)
TODO: check
CVE-2026-39276 (The template upload feature in Emlog Pro v2.6.9 has a path
traversal v ...)
- TODO: check
+ NOT-FOR-US: Emlog
CVE-2026-39229 (Bolt CMS through 3.7.0 allows SQL Injection in the 'order'
parameter o ...)
TODO: check
CVE-2026-36324 (SourceCodester Doctor Appointment System 1.0 is vulnerable to
Cross Si ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-35674 (OpenClaw before 2026.5.18 contains a scope bypass
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-35673 (OpenClaw before 2026.4.29 contains an SSRF policy bypass
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-35630 (OpenClaw before 2026.5.18 contains an authorization bypass
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-34507 (OpenClaw before 2026.4.29 contains a policy bypass
vulnerability in QQ ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-33386 (QuickCMS is vulnerable to Cross-Site Scripting (XSS) through
its insec ...)
TODO: check
CVE-2026-33384 (QuickCMS allows a user's session identifier to be set before
authentic ...)
TODO: check
CVE-2026-32906 (OpenClaw before 2026.5.12 contains a privilege escalation
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-32905 (OpenClaw before 2026.5.4 contains an authorization bypass
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-10108 (xiaomusic v0.5.7 contains an unauthenticated path traversal
vulnerabil ...)
TODO: check
CVE-2026-10107 (MoviePilot v2 contains a server-side request forgery
vulnerability in ...)
@@ -309,15 +309,15 @@ CVE-2026-10066 (A security vulnerability has been
detected in Shibby Tomato up t
CVE-2026-10065 (A weakness has been identified in Shibby Tomato 1.28. This
vulnerabili ...)
TODO: check
CVE-2026-10064 (A security flaw has been discovered in TRENDnet TEW-432BRP
3.10B20. Th ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-10063 (A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20.
Affecte ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-10062 (A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20.
Affecte ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-10061 (A vulnerability was found in TRENDnet TEW-432BRP 3.10B20.
Affected is ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-10060 (A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20.
This im ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2026-10058 (ITS Intelligent SCADA System developed by ITP Technology has a
Stored ...)
TODO: check
CVE-2026-10057 (ITS Intelligent SCADA System developed by ITP Technology has a
Stored ...)
@@ -329,7 +329,7 @@ CVE-2026-10052 (A flaw was found in the Quay config-tool's
LDAP and SMTP validat
CVE-2026-10042 (manga-image-translator contains a remote code execution
vulnerability ...)
TODO: check
CVE-2026-10039 (The Frontend Admin by DynamiApps plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-41281 (Nozomi Networks Labs identified a CWE-78: Improper
Neutralization of S ...)
TODO: check
CVE-2025-41280 (Nozomi Networks Labs identified a CWE-23: Relative Path
Traversal (Zip ...)
@@ -365,9 +365,9 @@ CVE-2025-41266 (Nozomi Networks Labs identified a CWE-78:
Improper Neutralizatio
CVE-2025-41265 (Nozomi Networks Labs identified a CWE-78: Improper
Neutralization of S ...)
TODO: check
CVE-2025-12714 (The Rank Math SEO \u2013 AI SEO Tools to Dominate SEO Rankings
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11262 (The Link Whisper Free plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2018-25404 (The Open ISES Project 3.30A contains an SQL injection
vulnerability th ...)
TODO: check
CVE-2018-25403 (The Open ISES Project 3.30A contains an SQL injection
vulnerability th ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eb378acb2f39d690d5724a12899eda8bb612208
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eb378acb2f39d690d5724a12899eda8bb612208
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
