Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3655a16 by security tracker role at 2026-06-02T19:16:39+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
CVE-2026-9844 (Use of default credentials vulnerability in Roche Diagnostics
navify D ...)
TODO: check
CVE-2026-9730 (The Remove NoFollow Commenter URL plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9723 (The Google Plus One Bottom plugin for WordPress is vulnerable
to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9722 (The Laiser Tag plugin for WordPress is vulnerable to Cross-Site
Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9599 (The Tectite Forms plugin for WordPress is vulnerable to
Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9590 (Improper access control in the permission validation component
in Devo ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9522 (Improper access control in the PAM account discovery feature in
Devolu ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9234 (The JTL-Connector for WooCommerce plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8993 (D.Launcher 2 component of Slovak eID client ecosystem contains
Imprope ...)
TODO: check
CVE-2026-8885 (The DeMomentSomTres Shortcodes plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8422 (The Remove meta boxes per user role plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7313 (CWE\u2011522: Insufficiently Protected Credentials in web
services in ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7312 (CWE\u2011522: Insufficiently Protected Credentials in web
services in ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7299 (Appsmith\u2019s SQL query editor\u2019s autocomplete
functionality fai ...)
TODO: check
CVE-2026-7201 (CWE-639: Authorization Bypass Through User-Controlled Key in
web servi ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7198 (CWE-284: Improper Access Control in web services in Progress
Sitefinit ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7195 (CWE-20: Improper Input Validation in web services in Progress
Sitefini ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-5422 (A path traversal vulnerability exists in jupyter-server version
2.17.0 ...)
TODO: check
CVE-2026-5191 (The Tiled Gallery Carousel Without JetPack plugin for WordPress
is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4081 (The ZeM STL plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4080 (The Easy Cart plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4071 (The BirdSeed plugin for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49943 (CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a
stack-ba ...)
TODO: check
CVE-2026-49782 (Missing Authorization vulnerability in Elementor Elementor
Website Bui ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49754 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
TODO: check
CVE-2026-49753 (Inconsistent Interpretation of HTTP Requests ('HTTP
Request/Response S ...)
@@ -91,27 +91,27 @@ CVE-2026-43965 (Path traversal vulnerability in Gleam's
dependency management al
CVE-2026-42795 (Symlink following vulnerability in Gleam's Hex package export
allows f ...)
TODO: check
CVE-2026-42685 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42684 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42670 (Missing Authorization vulnerability in Etoile Web Design
Incorporated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42669 (Missing Authorization vulnerability in EventPrime allows
Exploiting In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42654 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42074 (OpenClaude is an open-source coding-agent command line
interface for c ...)
TODO: check
CVE-2026-42073 (OpenClaude is an open-source coding-agent command line
interface for c ...)
TODO: check
CVE-2026-41918 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-40780 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40715 (Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765,
contain an Im ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-40713 (Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765,
contain an Im ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-40619 (A high security vulnerability affecting Security Center main
server in ...)
TODO: check
CVE-2026-40571 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
@@ -119,19 +119,19 @@ CVE-2026-40571 (NamelessMC is website software for
Minecraft servers. In version
CVE-2026-40314 (NamelessMC is website software for Minecraft servers. In
version 2.2.4 ...)
TODO: check
CVE-2026-3620 (The Word Replacer plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3514 (In version 3.6.19 of prefecthq/prefect, an authentication
bypass vulne ...)
TODO: check
CVE-2026-39555 (Deserialization of Untrusted Data vulnerability in
Elated-Themes Askka ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39553 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39552 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39551 (Deserialization of Untrusted Data vulnerability in
Elated-Themes T\xf6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39550 (Deserialization of Untrusted Data vulnerability in
Elated-Themes Aperi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-38978 (transmission through 4.1.1 was found to have a clickjacking
weakness i ...)
TODO: check
CVE-2026-35718 (A path traversal vulnerability in the
/admin/downloadMedias.cgi endpoi ...)
@@ -165,25 +165,25 @@ CVE-2026-30650 (A post-authentication remote buffer
overflow vulnerability exist
CVE-2026-30649 (Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a
allows ...)
TODO: check
CVE-2026-2425 (The hiWeb Migration Simple plugin for WordPress is vulnerable
to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2382 (The FPW Category Thumbnails plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-28116 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27351 (Missing Authorization vulnerability in Sekander Badsha Crew
HRM allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24237 (NVIDIA NVTabular contains a vulnerability where an attacker
could caus ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24221 (NVIDIA NVTabular contains a vulnerability where an attacker
could caus ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-1871 (TP-Link Tapo C200 v5 contains a stack-based buffer overflow
flaw in RT ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-1784 (The Route OpenShift resource allows to define routes to make
pods reac ...)
TODO: check
CVE-2026-1451 (The rognone plugin for WordPress is vulnerable to Reflected
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1450 (The rognone plugin for WordPress is vulnerable to Reflected
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10629 (SIP signaling stack in Verizon IMS (unspecified version)
implements SI ...)
TODO: check
CVE-2026-10622 (Improper Authentication in REST API in Collibra Agent, allows
a remote ...)
@@ -193,47 +193,47 @@ CVE-2026-10621 (Path traversal in restore handler in
Collibra Agent, allows an a
CVE-2026-10611 (An authentication bypass vulnerability exists in MISP when
LDAP mixed ...)
TODO: check
CVE-2026-10606 (A vulnerability was determined in DedeCMS 5.7.88. The affected
element ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2026-10591 (Insufficient access control restrictions in the file write
tool in Ama ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-10549 (LDAP filter injection vulnerability in Yandex Database prior
to 25.3.1 ...)
TODO: check
CVE-2026-10047 (The Bitdefender Napoca bare-metal hypervisor contains an
out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2026-10046 (Bitdefender Napoca bare-metal hypervisor contains an
out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2026-0611 (Spacelabs Healthcare Sentinel versions 10.5.x and higher and
11.x.x be ...)
TODO: check
CVE-2025-69369 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68886 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-5085 (The WP Nano AD plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-58897 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58707 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58705 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58024 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53440 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53346 (Missing Authorization vulnerability in ThimPress Thim Core
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53345 (Missing Authorization vulnerability leading to code execution
after in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53302 (Missing Authorization vulnerability in Anton Shevchuk
Constructor allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53209 (Incorrect Privilege Assignment vulnerability in Themeisle
Masteriyo LM ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52766 (Missing Authorization vulnerability in Printeers Printeers
Print & Shi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52759 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2024-42206 (HCL iReflection Third party vulnerable and outdated components
issue w ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2019-25719 (Dr\xe4ger Infinity Acute Care System and Standalone Infinity
M540 pati ...)
TODO: check
CVE-2019-25717 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors
contain ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3655a16d9f50f040d29f83e908990a713c386b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3655a16d9f50f040d29f83e908990a713c386b6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
