Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fc074da1 by security tracker role at 2026-06-17T07:14:33+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,21 +3,21 @@ CVE-2026-8317
CVE-2026-55706 (sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before
076e2b1 allo ...)
TODO: check
CVE-2026-54194 (Contributor PHP Object Injection in Fusion Builder <= 3.15.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-53876 (RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS
command inje ...)
TODO: check
CVE-2026-49113 (Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49080 (Unauthenticated SQL Injection in wpDataTables <= 7.3.6
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49073 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49057 (Unauthenticated Broken Access Control in JobSearch <= 3.2.7
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48929 (Rocket.Chat in versions <8.5.1, <8.4.4, <8.3.6, <8.2.6,
<8.1.6, <8.0.7 ...)
TODO: check
CVE-2026-48869 (Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48797 (Backpropagate is a Python library for fine-tuning large
language model ...)
TODO: check
CVE-2026-48788 (Remark42 is a self-hosted comment engine for blogs, articles,
or any o ...)
@@ -39,7 +39,7 @@ CVE-2026-48745 (Traccar Client is a GPS tracking mobile app
for sending location
CVE-2026-48616 (Rocket.Chat versions <8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6,
8.0.7, 7.13.9 ...)
TODO: check
CVE-2026-48294 (Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and
earlier are ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48055 (Streambert is a cross-platform Electron Desktop App to stream
and down ...)
TODO: check
CVE-2026-47750 (stable-diffusion.cpp is a pure C/C++ library for running
diffusion mod ...)
@@ -51,7 +51,7 @@ CVE-2026-47277 (Runtipi is a personal homeserver
orchestrator. In versions 4.9.1
CVE-2026-46979 (Vulnerability in the PeopleSoft Enterprise CS Campus Community
product ...)
TODO: check
CVE-2026-46978 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46977 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
TODO: check
CVE-2026-46976 (Vulnerability in the Oracle Public Sector Payroll product of
Oracle E- ...)
@@ -71,13 +71,13 @@ CVE-2026-46969 (Vulnerability in the Oracle Financials for
EMEA product of Oracl
CVE-2026-46967 (Vulnerability in the Oracle Public Sector Financials
(International) p ...)
TODO: check
CVE-2026-46966 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46965 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46964 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46963 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46962 (Vulnerability in the Oracle Project Portfolio Analysis product
of Orac ...)
TODO: check
CVE-2026-46961 (Vulnerability in the Oracle Project Portfolio Analysis product
of Orac ...)
@@ -89,7 +89,7 @@ CVE-2026-46959 (Vulnerability in the Oracle Subledger
Accounting product of Orac
CVE-2026-46958 (Vulnerability in the Oracle Subledger Accounting product of
Oracle E-B ...)
TODO: check
CVE-2026-46957 (Vulnerability in the Oracle iSupplier Portal product of Oracle
E-Busin ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46956 (Vulnerability in the Oracle Property Manager product of Oracle
E-Busin ...)
TODO: check
CVE-2026-46955 (Vulnerability in the Oracle Human Resources product of Oracle
E-Busine ...)
@@ -127,7 +127,7 @@ CVE-2026-46935 (Vulnerability in the Oracle Complex
Maintenance, Repair and Over
CVE-2026-46934 (Vulnerability in the Oracle Complex Maintenance, Repair and
Overhaul p ...)
TODO: check
CVE-2026-46933 (Vulnerability in the Oracle Applications Manager product of
Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46932 (Vulnerability in the Oracle Enterprise Asset Management
product of Ora ...)
TODO: check
CVE-2026-46931 (Vulnerability in the Oracle Enterprise Asset Management
product of Ora ...)
@@ -159,29 +159,29 @@ CVE-2026-46916 (Vulnerability in the Oracle Process
Manufacturing Product Develo
CVE-2026-46915 (Vulnerability in the Oracle Complex Maintenance, Repair and
Overhaul p ...)
TODO: check
CVE-2026-46914 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46913 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46912 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46911 (Vulnerability in the JD Edwards EnterpriseOne Project Costing
product ...)
TODO: check
CVE-2026-46910 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46909 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46908 (Vulnerability in the JD Edwards EnterpriseOne Accounts Payable
product ...)
TODO: check
CVE-2026-46907 (Vulnerability in the JD Edwards EnterpriseOne Order Promising
product ...)
TODO: check
CVE-2026-46906 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46905 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46904 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46903 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46902 (Vulnerability in the Oracle Enterprise Command Center
Framework produc ...)
TODO: check
CVE-2026-46901 (Vulnerability in the Oracle Enterprise Command Center
Framework produc ...)
@@ -199,7 +199,7 @@ CVE-2026-46896 (Vulnerability in the Oracle Enterprise
Command Center Framework
CVE-2026-46895 (Vulnerability in the Oracle Enterprise Command Center
Framework produc ...)
TODO: check
CVE-2026-46894 (Vulnerability in the Oracle iSupplier Portal product of Oracle
E-Busin ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46893 (Vulnerability in the JD Edwards EnterpriseOne General Ledger
product o ...)
TODO: check
CVE-2026-46892 (Vulnerability in the JD Edwards EnterpriseOne Human Resources
Manageme ...)
@@ -211,7 +211,7 @@ CVE-2026-46890 (Vulnerability in the Siebel Apps -
Marketing product of Oracle S
CVE-2026-46889 (Vulnerability in the Siebel Apps - Marketing product of Oracle
Siebel ...)
TODO: check
CVE-2026-46888 (Vulnerability in the Siebel CRM Deployment product of Oracle
Siebel CR ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46887 (Vulnerability in the Siebel Apps - Marketing product of Oracle
Siebel ...)
TODO: check
CVE-2026-46886 (Vulnerability in the Siebel Apps - Marketing product of Oracle
Siebel ...)
@@ -221,27 +221,27 @@ CVE-2026-46885 (Vulnerability in the Siebel CRM
Integration product of Oracle Si
CVE-2026-46884 (Vulnerability in the Siebel Apps - Marketing product of Oracle
Siebel ...)
TODO: check
CVE-2026-46883 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46882 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46881 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46880 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46879 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46878 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46877 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
TODO: check
CVE-2026-46875 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46874 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
TODO: check
CVE-2026-46873 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
TODO: check
CVE-2026-46872 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46871 (Vulnerability in the MySQL Shell product of Oracle MySQL
(component: S ...)
TODO: check
CVE-2026-46870 (Vulnerability in the MySQL Shell product of Oracle MySQL
(component: S ...)
@@ -249,15 +249,15 @@ CVE-2026-46870 (Vulnerability in the MySQL Shell product
of Oracle MySQL (compon
CVE-2026-46869 (Vulnerability in the MySQL Shell product of Oracle MySQL
(component: S ...)
TODO: check
CVE-2026-46868 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46867 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46866 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46865 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46864 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46863 (Vulnerability in the MySQL Server, MySQL Cluster product of
Oracle MyS ...)
TODO: check
CVE-2026-46862 (Vulnerability in the MySQL Router product of Oracle MySQL
(component: ...)
@@ -267,21 +267,21 @@ CVE-2026-46861 (Vulnerability in the MySQL NDB Cluster
product of Oracle MySQL (
CVE-2026-46860 (Vulnerability in the MySQL Router product of Oracle MySQL
(component: ...)
TODO: check
CVE-2026-46859 (Vulnerability in the Oracle Agile PLM product of Oracle Supply
Chain ( ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46858 (Vulnerability in the APM - Application Performance Management
product ...)
TODO: check
CVE-2026-46857 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46856 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46855 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46854 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46853 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46852 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46851 (Vulnerability in the PeopleSoft Enterprise CS Campus Community
product ...)
TODO: check
CVE-2026-46850 (Vulnerability in the MySQL Shell product of Oracle MySQL
(component: S ...)
@@ -301,7 +301,7 @@ CVE-2026-46844 (Vulnerability in the Oracle WebCenter
Portal product of Oracle F
CVE-2026-46838 (Vulnerability in the Oracle WebCenter Portal product of Oracle
Fusion ...)
TODO: check
CVE-2026-46832 (Vulnerability in the Oracle Enterprise Manager Base Platform
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46825 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
TODO: check
CVE-2026-46816 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
@@ -315,13 +315,13 @@ CVE-2026-46813 (Vulnerability in the Oracle WebCenter
Content product of Oracle
CVE-2026-46812 (Vulnerability in the Oracle Access Manager product of Oracle
Fusion Mi ...)
TODO: check
CVE-2026-46810 (Vulnerability in the Identity Manager product of Oracle Fusion
Middlew ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46809 (Vulnerability in the Oracle WebCenter Sites product of Oracle
Fusion M ...)
TODO: check
CVE-2026-46808 (Vulnerability in the Oracle WebCenter Content product of
Oracle Fusion ...)
TODO: check
CVE-2026-46807 (Vulnerability in the Identity Manager product of Oracle Fusion
Middlew ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46806 (Vulnerability in the Oracle WebCenter Content product of
Oracle Fusion ...)
TODO: check
CVE-2026-46805 (Vulnerability in the Oracle WebCenter Content product of
Oracle Fusion ...)
@@ -389,13 +389,13 @@ CVE-2026-46774 (Vulnerability in the Oracle Unified
Directory product of Oracle
CVE-2026-46773 (Vulnerability in the Oracle Unified Directory product of
Oracle Fusion ...)
TODO: check
CVE-2026-46772 (Vulnerability in the Oracle Application Development Framework
(ADF) pr ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46771 (Vulnerability in the Oracle Application Development Framework
(ADF) pr ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46770 (Vulnerability in the Oracle Application Development Framework
(ADF) pr ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46769 (Vulnerability in the Oracle Application Development Framework
(ADF) pr ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46768 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
TODO: check
CVE-2026-46767 (Vulnerability in the Oracle WebCenter Portal product of Oracle
Fusion ...)
@@ -407,59 +407,59 @@ CVE-2026-46765 (Vulnerability in the Oracle WebCenter
Portal product of Oracle F
CVE-2026-44587 (CarrierWave is a framework to upload files from Ruby
applications. In ...)
TODO: check
CVE-2026-40761 (Unauthenticated PHP Object Injection in Valeska <= 1.2.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40760 (Unauthenticated PHP Object Injection in Behold <= 1.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40759 (Unauthenticated PHP Object Injection in Esm\xe9e <= 1.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40758 (Unauthenticated PHP Object Injection in L\xe9onie <= 1.2.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40755 (Unauthenticated PHP Object Injection in TechLink <= 1.3
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40754 (Unauthenticated PHP Object Injection in Roisin <= 1.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40751 (Unauthenticated PHP Object Injection in Ashtanga <= 1.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40739 (Unauthenticated PHP Object Injection in LuxeDrive <= 1.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40736 (Unauthenticated PHP Object Injection in Laurits <= 1.5.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39598 (Unrestricted Upload of File with Dangerous Type vulnerability
in Kodez ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39580 (Unauthenticated PHP Object Injection in Micdrop <= 1.3.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39578 (Unauthenticated PHP Object Injection in Valiance <= 1.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39577 (Unauthenticated PHP Object Injection in Playroom <= 1.4.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39568 (Unauthenticated Local File Inclusion in Mr. SEO <= 2.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39567 (Unauthenticated PHP Object Injection in Sant\xe9 <= 1.5.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39557 (Unauthenticated PHP Object Injection in NeoBeat <= 1.7
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39554 (Unauthenticated PHP Object Injection in Fidalgo <= 1.2.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39549 (Unauthenticated Local File Inclusion in Aperitif <= 1.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39548 (Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39547 (Unauthenticated Local File Inclusion in Getaway < 1.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39539 (Unauthenticated PHP Object Injection in Alloggio - Hotel
Booking <= 2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39529 (Unauthenticated PHP Object Injection in Elementra <= 1.0.9
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39522 (Unauthenticated Local File Inclusion in Solene <= 3.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39446 (Unauthenticated PHP Object Injection in Kapee < 1.7.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39443 (Unauthenticated PHP Object Injection in EmallShop <= 2.4.21
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39438 (Unauthenticated SQL Injection in ListingPro <= 2.9.10
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39433 (Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-35327 (Vulnerability in the Oracle WebCenter Content product of
Oracle Fusion ...)
TODO: check
CVE-2026-35326 (Vulnerability in the Oracle WebCenter Content product of
Oracle Fusion ...)
@@ -567,13 +567,13 @@ CVE-2026-35271 (Vulnerability in the PeopleSoft
Enterprise PT PeopleTools produc
CVE-2026-35270 (Vulnerability in the Oracle WebCenter Content product of
Oracle Fusion ...)
TODO: check
CVE-2026-35269 (Vulnerability in the Identity Manager product of Oracle Fusion
Middlew ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-35268 (Vulnerability in the Identity Manager product of Oracle Fusion
Middlew ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-35267 (Vulnerability in the Identity Manager product of Oracle Fusion
Middlew ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-35265 (Vulnerability in the Identity Manager product of Oracle Fusion
Middlew ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-35263 (Vulnerability in the WebLogic Server product of Oracle Fusion
Middlewa ...)
TODO: check
CVE-2026-35262 (Vulnerability in the Oracle Data Integrator product of Oracle
Fusion M ...)
@@ -585,17 +585,17 @@ CVE-2026-35259 (Vulnerability in the WebLogic Server
product of Oracle Fusion Mi
CVE-2026-35258 (Vulnerability in the WebLogic Server product of Oracle Fusion
Middlewa ...)
TODO: check
CVE-2026-34895 (Unauthenticated Local File Inclusion in Softlab Core < 1.2.11
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34894 (Unauthenticated Local File Inclusion in Integrio Core < 1.2.8
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-34893 (Unauthenticated Local File Inclusion in Thegov Core < 2.0.23
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27429 (Unauthenticated PHP Object Injection in Nifty <= 1.4.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27395 (Unauthenticated Privilege Escalation in Support Board < 3.8.9
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25470 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22313 (The device has a webserver that exposes a REST API
authenticated with ...)
TODO: check
CVE-2026-22312 (The device has a webserver that exposes a REST API
authenticated with ...)
@@ -667,199 +667,199 @@ CVE-2026-12438 (Inappropriate implementation in WebView
in Google Chrome on Andr
CVE-2026-12437 (Use after free in WebShare in Google Chrome on Windows prior
to 149.0. ...)
TODO: check
CVE-2026-12425 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-12360 (The JetEngine plugin for WordPress is vulnerable to SQL
injection in a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12348 (Address bar spoofing in Arc Search for Android allows a remote
attacke ...)
TODO: check
CVE-2026-12256 (Contributor PHP Object Injection in Avada <= 3.15.3 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-12117 (Improper access control in the social login connection
endpoint in De ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-12105 (Improper access control in Devolutions Server 2026.2.5,
2026.1.21 allo ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-11890 (Improper access control in PAM account discovery results in
Devolution ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-11410 (An authenticated OS command injection vulnerability exists in
the BigP ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-11409 (An authenticated OS command injection vulnerability exists in
the IPv6 ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-10303 (In ServerCo getssl version 2.49 and prior, the ACME challenge
token re ...)
TODO: check
CVE-2026-0165 (In several functions of the RTCP packet decoder, there is a
possible o ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0164 (In Modem, there is a possible out of bounds write due to a
missing bou ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0162 (In ParsePayloads of AudioSdpParser.cpp, there is a possible
memory cor ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0161 (In numberOfReportBlocks of RtpSession.cpp, there is a possible
out of ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0160 (In TextRtpPayloadDecoderNode::DecodeT140 of
TextRtpPayloadDecoderNode. ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0158 (In Camera, there is a possible unauthorized way to access
photos due t ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0157 (In RtcpHeader::decodeRtcpHeader, there is a possible OOB read
due to a ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0156 (In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a
possible memo ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0155 (In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB
read due ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0154 (In Modem, there is a possible way to trigger a modem crash
during a SI ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0153 (In Write of msg_to_host_buffer.cc, there is a possible out of
bounds w ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0152 (In OSMMapPMRGeneric of pmr_os.c, there is a possible way to
leverage a ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0151 (In IntfGraphCreate of intfgraph.c, there is a possible out of
bounds w ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0150 (In ExecuteGraph command handler of EdgeTPU firmware, there is a
possib ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0149 (In RtpSession::rtpSendRtcpPacket, there is a possible OOB write
due to ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0148 (In multiple functions of VideoRtpPayloadDecoderNode.cpp, there
is a po ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0147 (In __mfc_core_nal_q_get_dec_metadata_sei_nal of
mfc_core_nal_q.c, ther ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0146 (In mfc_core_get_dec_metadata_sei_nal of mfc_core_reg_api.c,
there is a ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0145 (In keymint, there is a possible Permission Bypass due to a
logic error ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0144 (In writeAocCommand of AocAudioCodec.cpp, there is a possible
memory sa ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0143 (In lwis_device_external_event_emit of lwis_event.c, there is a
possibl ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0142 (In iavb_parse_key_data of avb_rsa.c, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0141 (In decodeAppPacket of RtcpAppPacket.cpp, there is a possible
OOB read ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0140 (In RtpPacket::decodePacket, there is a possible out-of-bounds
read due ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0139 (In Modem, there is a possible out of bounds write due to a
missing bou ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0138 (In lwis_io_buffer_write of lwis_io_buffer.c, there is a
possible out o ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0137 (In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c,
there is a ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0136 (In Modem, there is a possible out of bounds read due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0135 (In Modem, there is a possible out of bounds read due to a
missing boun ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0134 (In PostWipeData of recovery_ui.cpp, there is a possible data
persisten ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0133 (In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to
sign m ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0132 (In Modem, there is a possible out of bounds write due to a heap
buffer ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0131 (In RtpPacket::decodePacket, there is a possible out of bounds
access d ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0130 (In RtcpChunk::decodeRtcpChunk, there is a possible out of
bounds read ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0129 (In RtcpByePacket::decodeByePacket, there is a possible due to
a missi ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0128 (In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of
bounds ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0127 (In NrmmMsgCodec::DecodeUPUTransparentContext of
cn_NrmmDecoder.cpp, th ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0126 (In WC-Radio, there is a possible out of bounds write due to a
missing ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0125 (In multiple functions of vpu_ioctl.c, there is a possible use
after fr ...)
- TODO: check
+ NOT-FOR-US: Google devices
CVE-2026-0057 (In Contacts Provider, there is a possible way to access an
incoming ca ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0019 (In SettingsLib, there is a possible way to disable system
components d ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-69178 (Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69177 (Unauthenticated Local File Inclusion in Roneous <= 2.1.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69176 (Unauthenticated Local File Inclusion in ITactics <= 1.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69168 (Unauthenticated Local File Inclusion in Spike <= 1.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69167 (Unauthenticated Local File Inclusion in Eros <= 1.3 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69165 (Unauthenticated Local File Inclusion in Choreo <= 1.6
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69163 (Unauthenticated Local File Inclusion in WineShop <= 3.17
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69162 (Unauthenticated Local File Inclusion in Grecko <= 5.17
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69160 (Unauthenticated Local File Inclusion in Gita <= 1.11 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69159 (Unauthenticated Local File Inclusion in Printo <= 1.11
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69151 (Unauthenticated Cross Site Scripting (XSS) in Grand Car Rental
<= 3.7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69150 (Unauthenticated Local File Inclusion in Medeus <= 1.14
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69149 (Unauthenticated Local File Inclusion in Top Dog <= 1.0.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69147 (Unauthenticated Local File Inclusion in Putter <= 1.17
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69146 (Unauthenticated Local File Inclusion in Dom <= 1.24 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69143 (Unauthenticated Local File Inclusion in Mission <= 1.22
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69142 (Unauthenticated Local File Inclusion in Abelle <= 1.22
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69141 (Unauthenticated Local File Inclusion in Kelly Young <= 1.1.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69139 (Unauthenticated Arbitrary File Deletion in Car Zone <= 3.7
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69137 (Subscriber Broken Access Control in Genemy <= 1.6.6 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69136 (Unauthenticated Local File Inclusion in Wanium <= 1.9.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69131 (Unauthenticated Arbitrary File Download in WordPress &
WooCommerce Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69125 (Unauthenticated Local File Inclusion in Food Drop <= 1.3
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69124 (Unauthenticated Local File Inclusion in Especio <= 1.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69122 (Unauthenticated PHP Object Injection in SeaFood Company <= 1.4
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69121 (Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69119 (Unauthenticated Local File Inclusion in Corbesier <= 1.15.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69118 (Unauthenticated Local File Inclusion in CopyPress <= 1.4.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69116 (Unauthenticated Local File Inclusion in Iona <= 1.0.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69114 (Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69113 (Unauthenticated Local File Inclusion in Nexio <= 1.10.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69112 (Unauthenticated Local File Inclusion in Planty <= 1.14.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69109 (Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69108 (Unauthenticated PHP Object Injection in Hot Coffee <= 1.7
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69107 (Unauthenticated Local File Inclusion in Rosaleen <= 2.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69105 (Unauthenticated Local File Inclusion in Modernee <= 1.6.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69104 (Unauthenticated Cross Site Scripting (XSS) in Qreatix <= 1.9.4
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69103 (Subscriber Arbitrary Content Deletion in Brikk <= 3.0.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60085 (Unauthenticated Local File Inclusion in Learnify <= 1.15.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58924 (Unauthenticated Local File Inclusion in Geya <= 1.15 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48643 (In multiple locations there is a possible provisioning bypass
due to i ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48640 (In multiple locations, there is a possible 3rd party passkey
entry pai ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48617 (In overrideConfig of CarrierConfigLoader.java, there is a
possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48571 (In multiple functions of btm_sec.cc, there is a possible way
for an at ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-15642 (Netskope is notified about a potential gap in its Netskoped
Client for ...)
- TODO: check
+ NOT-FOR-US: Netskope
CVE-2025-15641 (Netskope was notified about a potential gap in its Netskope
Client for ...)
- TODO: check
+ NOT-FOR-US: Netskope
CVE-2026-53615 [Integer Overflow or Wraparound in
libblkid/src/partitions/dos.c]
- util-linux <unfixed>
NOTE:
https://github.com/util-linux/util-linux/security/advisories/GHSA-h4rw-gv36-wmp5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc074da13dba5d3f8461889d76a6936cc1a340b2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc074da13dba5d3f8461889d76a6936cc1a340b2
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
