Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
83f6b3ce by security tracker role at 2026-06-15T19:14:24+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2026-9863 (Fortra BoKS Manager contains an OS command injection
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2026-9862 (Fortra's Core Privileged Access Manager (BoKS)contains an OS
command i ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2026-9595 (Impact: When a user-configured proxy on webpack-dev-server has
a broad ...)
TODO: check
CVE-2026-9278 (The Form Builder CP WordPress plugin before 1.2.47 does not
properly s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8935 (The WP MAPS PRO WordPress plugin before 6.1.1 registers an
unauthentic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8683 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account
for att ...)
TODO: check
CVE-2026-8386 (The WP Go Maps WordPress plugin before 10.0.10 does not
perform any a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8385 (The WP Go Maps WordPress plugin before 10.0.10 does not
properly enfo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8358 (LibreOffice Calc can import tracked changes from a spreadsheet
documen ...)
TODO: check
CVE-2026-8357 (LibreOffice Calc compiles cell formulas when opening a
spreadsheet. A ...)
@@ -43,7 +43,7 @@ CVE-2026-5079 (Impact: multer versions 1.0.0 through 2.1.1
and 3.0.0-alpha.1 are
CVE-2026-5038 (Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and
3.0.0-alpha.1 ...)
TODO: check
CVE-2026-52704 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-50100 (Multiple printer drivers provided by Ricoh Company, Ltd. and
KONICA MI ...)
TODO: check
CVE-2026-49757 (Authentication Bypass by Spoofing vulnerability in
team-alembic AshAut ...)
@@ -51,13 +51,13 @@ CVE-2026-49757 (Authentication Bypass by Spoofing
vulnerability in team-alembic
CVE-2026-49294 (Valhalla is an open source routing engine and accompanying
libraries f ...)
TODO: check
CVE-2026-49111 (Incorrect Privilege Assignment vulnerability in ThemeGrill
Masteriyo - ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49064 (Insertion of Sensitive Information Into Sent Data
vulnerability in Sti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49062 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48969 (Subscriber Broken Access Control in Really Simple SSL <= 9.5.9
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-47777 (Mastodon is a free, open-source social network server based on
Activit ...)
TODO: check
CVE-2026-44188 (A flaw was found in Ansible Lightspeed. This vulnerability,
related to ...)
@@ -83,19 +83,19 @@ CVE-2026-34022 (TheWertheim SafeController Family 65000,
Controller 65000 - Asse
CVE-2026-34021 (The Wertheim SafeController 5400, Controller 5400 -
AssemblyVersion 6. ...)
TODO: check
CVE-2026-20262 (A vulnerability in the web UI of Cisco Catalyst SD-WAN
Manager, former ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-12057 (When the application executes the JavaScript script embedded
in the PD ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-11860 (Quick.CMS deserializes user-controlled data received over
plaintext HT ...)
TODO: check
CVE-2026-10634 (Zephyr's native TCP stack iterates the global connection list
in net_t ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-64215 (Missing Authorization vulnerability in StylemixThemes
MasterStudy LMS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-15659 (Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-15658 (Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2019-25746 (WordPress Sliced Invoices 3.8.2 contains an authenticated SQL
injectio ...)
TODO: check
CVE-2018-25437 (WordPress CherryFramework Themes 3.1.4 contains an information
disclos ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83f6b3cedd42e699a3aa6c7952c69fef3a971380
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83f6b3cedd42e699a3aa6c7952c69fef3a971380
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
