Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92ddc817 by security tracker role at 2026-06-09T07:14:13+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,83 +1,83 @@
CVE-2026-9662 (The Recover Exit For WooCommerce plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9185 (The 6Storage Rentals plugin for WordPress is vulnerable to
Authorizati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8981 (The Custom Block Builder WordPress plugin before 4.3.0 does
not consi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8977 (The WP GDPR Cookie Consent plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8940 (The WP Meta Sort Posts plugin for WordPress is vulnerable to
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8910 (The WP Emoticon Rating plugin for WordPress is vulnerable to
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8909 (The WpMobi plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8907 (The WP-Ultimate-Map plugin for WordPress is vulnerable to
Cross-Site R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8904 (The FastPicker, an order picker and order management system
(oms) for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8902 (The AJAX Report Comments plugin for WordPress is vulnerable to
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8895 (The kk blog card plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8883 (The Global Body Mass Index Calculator plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8882 (The WP ApplicantStack Jobs Display plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8880 (The RomanCart Ecommerce plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8841 (The Extra Settings for RocketChat plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8795 (A YAML injection vulnerability exists in the
Windows.Collectors.Remapp ...)
TODO: check
CVE-2026-8499 (The Helpfulcrowd Product Reviews plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7662 (The ePaperFlip Publisher plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7556 (The FV Flowplayer Video Player plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5714 (The Enable Media Replace plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5067 (A remote, unauthenticated attacker can trigger memory
corruption in Ze ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-4986 (The WPForms WordPress plugin before 1.10.0.5 does not verify
the auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49141 (WACRM prior to commit 73041bf contain an authorization bypass
vulnerab ...)
TODO: check
CVE-2026-47345 (Namespace attributes are not encoded correctly during HTML
serializati ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-47344 (When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant
closing ta ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-46484 (Headplane is a feature-complete Web UI for Headscale. Prior to
version ...)
TODO: check
CVE-2026-44757 (SAP Wily Introscope Enterprise Manager allows an
unauthenticated attac ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44755 (SAP Business Objects Business Intelligence Platform does not
sufficien ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44754 (The Remote Function Call (RFC) modules of the Operational Data
Provisi ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44751 (Application server ABAP does not perform necessary
authorization check ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44750 (SAP MDG (Review Match Groups Application) does not perform the
necessa ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44748 (SAP NetWeaver Application Server ABAP and ABAP Platform allows
an auth ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44746 (Due to a reflected cross-site scripting (XSS) vulnerability in
SAP Net ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44744 (SAP S/4HANA(On-Premise) contains SQL injection vulnerability
in a remo ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44743 (Under certain conditions, when an unauthorized attacker
accesses a spe ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44541 (Fides is an open-source privacy engineering platform. From
version 2.3 ...)
TODO: check
CVE-2026-41980 (Permission control vulnerability in the file preview
module.Impact: Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41979 (Permission control vulnerability in the print module.Impact:
Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41978 (Permission control vulnerability in the clone module.Impact:
Successfu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41975 (Permission management vulnerability in the network management
module.I ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2026-41855 (In an untrusted JMS environment,
org.springframework.jms.support.conve ...)
TODO: check
CVE-2026-41854 (Due to incorrect host parsing, applications that rely on
UriComponents ...)
@@ -121,7 +121,7 @@ CVE-2026-41715 (In specific scenarios involving HTTP
redirects from a secure to
CVE-2026-41710 (An attacker can craft a large number of unique requests that
trigger a ...)
TODO: check
CVE-2026-41539 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-41007 (Spring HATEOAS maintains an unbounded static cache of
StringLinkRelati ...)
TODO: check
CVE-2026-41006 (Spring HATEOAS's internal
PropertyUtils.createObjectFromProperties met ...)
@@ -133,43 +133,43 @@ CVE-2026-40983 (In Micrometer, it is possible for a user
to provide specially cr
CVE-2026-40519 (Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in
commit a5 ...)
TODO: check
CVE-2026-40128 (SAP NetWeaver Application Server Java (Web Container) allows
an unauth ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-27671 (Due to improper RFC protocol validation in the SAP Kernel used
by the ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-26236 (A missing authorization vulnerability has been reported to
affect QuMa ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-24315 (SAP Fiori Launchpad allows attackers to craft malicious URLs
that trig ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-11623 (A security vulnerability has been detected in tmux up to 3.6a.
Affecte ...)
TODO: check
CVE-2026-11621 (A weakness has been identified in Dcat-Admin up to 2.2.3-beta.
This im ...)
TODO: check
CVE-2026-11620 (A security flaw has been discovered in TOTOLINK EX200
4.0.3c.7646. Thi ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-11619 (A vulnerability was identified in Dolibarr ERP CRM up to
23.0.2. The i ...)
- TODO: check
+ NOT-FOR-US: Dolibarr
CVE-2026-11618 (A vulnerability was determined in DTStack Taier up to 1.4.0.
The affec ...)
TODO: check
CVE-2026-11603 (The Product Filter Widget for Elementor plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11585 (A vulnerability was determined in CodeAstro Student Attendance
Managem ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-11584 (A vulnerability was found in CodeAstro Student Attendance
Management S ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-11583 (A vulnerability has been found in CodeAstro Student Attendance
Managem ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-11582 (A flaw has been found in CodeAstro Student Attendance
Management Syste ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-11572 (Versions of the package degit before 2.8.6, from 3.0.0 and
before 3.3. ...)
TODO: check
CVE-2026-10862 (The Accordions plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10738 (The jQuery Hover Footnotes plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10553 (The jQuery Hover Footnotes plugin for WordPress is vulnerable
to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10024 (The TinyMCE shortcode Addon plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11628 (Use after free in Ozone in Google Chrome prior to
149.0.7827.103 allow ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92ddc817f93ba51fbecb2085fcb3618515e08c93
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92ddc817f93ba51fbecb2085fcb3618515e08c93
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
