Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2285c98a by security tracker role at 2026-06-13T07:14:09+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-9848 (The WP Ticket plugin for WordPress is vulnerable to SQL
Injection via ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9134 (The FooGallery plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9109 (The GPTranslate \u2013 Multilingual AI Translation for
WordPress: Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9062 (The Store Locator WordPress plugin before 1.6.9 does not
validate a pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9061 (The Store Locator WordPress plugin before 1.6.9 does not
sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6676 (Heap buffer out-of-bounds write vulnerability in Avira
Antivirus engin ...)
TODO: check
CVE-2026-54398 (An authorization flaw in MISP\u2019s object add/edit handling
allowed ...)
@@ -55,45 +55,45 @@ CVE-2026-53868 (Capgo before 12.128.2 contains a denial of
service vulnerability
CVE-2026-53867 (Capgo before 12.128.2 fails to delete previously uploaded
profile imag ...)
TODO: check
CVE-2026-53839 (OpenClaw before 2026.5.7 contains a hostname validation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53838 (OpenClaw before 2026.5.27 contains a state mutation
vulnerability in n ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53837 (OpenClaw before 2026.5.6 contains an improper access control
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53836 (OpenClaw before 2026.5.12 contains an allowlist bypass
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53835 (OpenClaw before 2026.5.6 contains a configuration enforcement
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53834 (OpenClaw before 2026.4.27 contains an authorization bypass
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53833 (OpenClaw before 2026.4.29 contains an authorization bypass
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53832 (OpenClaw before 2026.5.18 contains an identity header
validation vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53831 (OpenClaw before 2026.5.18 contains a policy enforcement
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53830 (OpenClaw before 2026.4.22 contains a webhook secret revocation
bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53829 (OpenClaw before 2026.5.18 contains an approval display
truncation vuln ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53828 (OpenClaw before 2026.5.6 contains an authorization bypass
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53827 (OpenClaw before 2026.5.2 contains a credential exposure
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53826 (OpenClaw before 2026.4.26 contains an information disclosure
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53825 (OpenClaw before 2026.4.7 contains an arbitrary file read
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53824 (OpenClaw before 2026.4.24 contains a token revocation
vulnerability al ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53823 (OpenClaw before 2026.5.3 contains a privilege escalation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53822 (OpenClaw before 2026.5.18 contains a command injection
vulnerability w ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53821 (OpenClaw before 2026.5.18 accepts WebSocket client-declared
operator s ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53820 (OpenClaw before 2026.5.12 contains an exec denylist bypass
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53609 (ApostropheCMS is an open-source Node.js content management
system. In ...)
TODO: check
CVE-2026-53608 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
@@ -117,7 +117,7 @@ CVE-2026-50552 (Koel is a free, open-source music streaming
solution. Prior to v
CVE-2026-50287 (AgenticMail gives AI agents real email addresses and phone
numbers. Pr ...)
TODO: check
CVE-2026-4870 (IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to
trigger ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-49397 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
TODO: check
CVE-2026-49396 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
@@ -127,9 +127,9 @@ CVE-2026-48119 (Nezha Monitoring is a self-hostable,
lightweight, servers and we
CVE-2026-47268 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
TODO: check
CVE-2026-47264 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-47263 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-47260 (Koel is a free, open-source music streaming solution. Prior to
version ...)
TODO: check
CVE-2026-47124 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
@@ -141,9 +141,9 @@ CVE-2026-46717 (Nezha Monitoring is a self-hostable,
lightweight, servers and we
CVE-2026-46716 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
TODO: check
CVE-2026-45775 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-45085 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-45014 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
TODO: check
CVE-2026-45013 (ApostropheCMS is an open-source Node.js content management
system. Ver ...)
@@ -155,19 +155,19 @@ CVE-2026-45011 (ApostropheCMS is an open-source Node.js
content management syste
CVE-2026-44990 (ApostropheCMS is an open-source Node.js content management
system, and ...)
TODO: check
CVE-2026-44786 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44785 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44784 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44783 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44782 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44780 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44779 (Discourse is an open-source discussion platform. From versions
2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-43872 (Actual is an open-source personal finance application. Prior
to versio ...)
TODO: check
CVE-2026-42890 (Actual is an open-source personal finance application. In the
macOS de ...)
@@ -181,23 +181,23 @@ CVE-2026-42850 (Kitty is a cross-platform GPU based
terminal. In versions prior
CVE-2026-42604 (Actual is a local-first personal finance tool. The `POST
/openid/confi ...)
TODO: check
CVE-2026-41158 (Software installed and run as a non-privileged user may
conduct GPU sy ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-41157 (A web page that contains unusual WebGPU content loaded into
the GPU GL ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-41155 (An attacker could cooperatively pass data from one secure GPU
process ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-34195 (Software installed and run as a non-privileged user may
conduct intent ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-24618 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-12131 (A weakness has been identified in CodeAstro Human Resource
Management ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-12130 (A security flaw has been discovered in CodeAstro Human
Resource Manage ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-12129 (A vulnerability was identified in CodeAstro Human Resource
Management ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-12089 (The LWS Optimize \u2013 All-in-One Speed Booster & Cache Tools
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12068 (Information disclosure vulnerability in Avira Password Manager
when us ...)
TODO: check
CVE-2026-11769 (We have released version 5.24.0 of the Grafana Operator. This
patch in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2285c98a575f82153685d6054b0cd6c15b3e58ab
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2285c98a575f82153685d6054b0cd6c15b3e58ab
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
