Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5d62550a by security tracker role at 2026-06-16T19:14:39+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,111 +1,111 @@
CVE-2026-9507 (A session fixation vulnerability has been identified in
osTicket v1.18 ...)
TODO: check
CVE-2026-9307 (A sensitive information disclosure security issue exists within
the af ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2026-8484 (A heap buffer overflow vulnerability exists in the Jansi JNI
"ioctl()" ...)
TODO: check
CVE-2026-8444 (The WP Review Slider Pro plugin for WordPress is vulnerable to
SQL Inj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8442 (The WP Review Slider Pro plugin for WordPress is vulnerable to
Arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8176 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5416 (Due to the improper neutralization of special elements used in
a name ...)
TODO: check
CVE-2026-54198 (Unauthenticated Cross Site Scripting (XSS) in Media LIbrary
Assistant ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54197 (Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54191 (Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54190 (Unauthenticated Broken Access Control in Envira Photo Gallery
<= 1.12. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-53900 (Firefox for iOS preserved cookies set on the initial PDF
request acros ...)
TODO: check
CVE-2026-53899 (Firefox for iOS used partial domain matching when attaching
cookies to ...)
TODO: check
CVE-2026-53866 (OpenClaw before 2026.5.12 contains an allowlist bypass
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53865 (OpenClaw before 2026.5.2 contains a path traversal
vulnerability in ma ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53864 (OpenClaw before 2026.5.26 contains an insufficient
sanitization vulner ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53863 (OpenClaw before 2026.4.25 contains an input validation
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53862 (OpenClaw before 2026.5.12 contains a bootstrap token replay
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53861 (OpenClaw before 2026.5.6 contains an allowlist bypass
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53860 (OpenClaw before 2026.5.7 contains a sender policy bypass
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53859 (OpenClaw before 2026.5.26 contains a hostname validation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53858 (OpenClaw before 2026.5.2 contains an environment variable
injection vu ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53857 (OpenClaw before 2026.5.3 contains a policy enforcement
vulnerability w ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53856 (OpenClaw before 2026.4.24 contains an insecure file
permissions vulner ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53855 (OpenClaw before 2026.4.2 contains an inline-eval bypass
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53854 (OpenClaw before 2026.4.25 contains a privilege escalation
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53853 (OpenClaw before 2026.5.12 contains an argument pattern
validation bypa ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53852 (OpenClaw before 2026.4.25 contains a scope containment bypass
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53851 (OpenClaw before 2026.5.12 contains a notification bypass
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53850 (OpenClaw before 2026.4.25 contains a control scope enforcement
bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53849 (OpenClaw before 2026.5.7 contains a privilege escalation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53848 (OpenClaw before 2026.5.26 contains an exec allowlist bypass
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53847 (OpenClaw before 2026.5.6 contains a privilege escalation
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53846 (OpenClaw before 2026.4.29 contains a path traversal
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53845 (OpenClaw before 2026.5.6 contains a hook bypass vulnerability
where sk ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53844 (OpenClaw before 2026.4.29 contains a session visibility check
bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53843 (OpenClaw before 2026.5.26 contains an authorization bypass
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53842 (OpenClaw before 2026.5.2 contains an environment variable
injection vu ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53841 (OpenClaw before 2026.5.12 contains a cross-site scripting
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53840 (OpenClaw before 2026.5.12 contains an information disclosure
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53776 (Perry before 0.5.1166 contains a JWT validation vulnerability
that all ...)
TODO: check
CVE-2026-52715 (Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52714 (Unauthenticated Broken Access Control in SEO Plugin by
Squirrly SEO <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52712 (Subscriber SQL Injection in Attendance Manager <= 0.6.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52711 (Unauthenticated Broken Access Control in WooCommerce POS <=
1.8.14 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-50656 (Microsoft is aware of an elevation of privilege in the
Microsoft Malwa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-49774 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49772 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48780 (Forem is open source software for building communities. Prior
to commi ...)
TODO: check
CVE-2026-48775 (LangGraph SQLite Checkpoint is an implementation of LangGraph
Checkpoi ...)
TODO: check
CVE-2026-47964 (DNG SDK versions 1.7.1 2536 and earlier are affected by a
Heap-based B ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47963 (DNG SDK versions 1.7.1 2536 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47934 (DNG SDK versions 1.7.1 2536 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47927 (DNG SDK versions 1.7.1 2536 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47749 (stable-diffusion.cpp is a pure C/C++ library for running
diffusion mod ...)
TODO: check
CVE-2026-47748 (stable-diffusion.cpp is a pure C/C++ library for running
diffusion mod ...)
@@ -117,27 +117,27 @@ CVE-2026-44932 (Passing of unsanitized strings from DHCP
replies into the wicked
CVE-2026-42089 (Yeoman Environment provides an API to discover, create, and
run genera ...)
TODO: check
CVE-2026-40809 (Missing Authorization vulnerability in Rara Themes Metro
Magazine allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40750 (Unrestricted Upload of File with Dangerous Type vulnerability
in thema ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39927
REJECTED
CVE-2026-39926
REJECTED
CVE-2026-39581 (Subscriber SQL Injection in WP Sessions Time Monitoring Full
Automatic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39574 (Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39490 (Unauthenticated Broken Access Control in JupiterX Core <=
4.14.1 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39437 (Unauthenticated Cross Site Scripting (XSS) in Min Max Step
Quantity Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-2381 (The WooCommerce Stripe Payment Gateway plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-24228 (NVIDIA NeMo Framework for Linux contains a vulnerability where
an atta ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24155 (NVIDIA NeMo Framework for all platforms contains a code
injection vuln ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-12412
REJECTED
CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The
do_git_c ...)
@@ -231,57 +231,57 @@ CVE-2026-12225 (syracom AG Secure Login (2FA) for
Atlassian Jira, Confluence, an
CVE-2026-12003 (To allow builds of Python to be run from an in-tree layout
(rather tha ...)
TODO: check
CVE-2026-11317 (A denial of service security issue exists in the affected
product. The ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2026-10831 (A denial-of-service vulnerability exists in NPort devices
because of i ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2026-10829 (A stack-based buffer overflow vulnerability has been found in
the NPor ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2026-10828 (A format string vulnerability has been found in the "alias"
parameter ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2026-10825 (A denial-of-service vulnerability exists in the WebSocket API
due to i ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2026-10748 (An authenticated user with the nx-licensing-create privilege
can uploa ...)
- TODO: check
+ NOT-FOR-US: Sonatype
CVE-2026-10640 (Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na,
net_ipv ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10639 (In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in
subsys/ ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10638 (subsys/net/ip/icmpv6.c reads the network interface from a
net_pkt afte ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10637 (subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface
via net_ ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10636 (In Zephyr's IPv4 IGMP implementation, igmp_send() in
subsys/net/ip/igm ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10093 (The File Sharing & Download Manager \u2013 User Private Files
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0647 (An improper authentication security issue exists within the
1794-AENTR ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2026-0646 (A denial-of-service security issue exists within the 1794-AENTR
adapte ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9912 (Nokia SR Linux is vulnerable to a local privilege escalation
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-71261 (An attacker with network-level access between the SUSE
Virtualization ...)
TODO: check
CVE-2025-68045 (Unauthenticated Broken Access Control in WP Event SOlution <=
4.1.12 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14272 (A security issue wasidentifiedin Pavilion due to
improperauthorization ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-13036 (An authentication bypass security issue exists within
FactoryTalk Hist ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11694 (A security issue exists within1769 CompactLogix controllersdue
to them ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-39575 (update_disk_psu_baseline.sh requires password in plain text)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-38487 (api-gateway container running with root privilege would allow
an attac ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-30476 (PowerStore contains a Stored Cross-Site Scripting
Vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-24909 (Dell OpenManage Integration with Microsoft Windows Admin
Center contai ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-22451 (Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain
an unco ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-22447 (Dell Peripheral Manager, versions prior to 1.7.3, contain an
uncontrol ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-46448
- nova <unfixed> (bug #1140149)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/16/5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d62550a7c7cd6fbcf6ac214352c1a6bf7ef3cd5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d62550a7c7cd6fbcf6ac214352c1a6bf7ef3cd5
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
