[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Fri, 19 Jun 2026 00:14:00 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0c7713a3 by security tracker role at 2026-06-19T07:13:44+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2026-9822 (The WP Hotel Booking WordPress plugin before 2.3.1 does not 
enforce ca ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9013 (The Bogo plugin for WordPress is vulnerable to Sensitive 
Information E ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8806 (Expected Behavior Violation vulnerability in Mitsubishi 
Electric MELSE ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2026-8805 (Integer Overflow or Wraparound vulnerability in the EtherNet/IP 
functi ...)
-       TODO: check
+       NOT-FOR-US: Mitsubishi
 CVE-2026-8713 (The Avada (Fusion) Builder plugin for WordPress is vulnerable 
to arbit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8668 (A static credential embedded in Chef 360 prior to v1.7.0 
permitted una ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-8118 (The Royal Addons for Elementor \u2013 Addons and Templates Kit 
for Ele ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8100 (Impact  A security issue has been identified in Chef 360 that 
could al ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-7547 (The Woosa \u2013 Marktplaats for WooCommerce plugin for 
WordPress is v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7515 (The BetterDocs Pro plugin for WordPress is vulnerable to Local 
File In ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6716
        REJECTED
 CVE-2026-56132 (In libexpat before 2.8.2, there is a heap-based buffer 
overflow in doP ...)
@@ -39,7 +39,7 @@ CVE-2026-56074 (PraisonAI before 1.5.128 caches tool approval 
decisions by tool
 CVE-2026-54414 (FileRise before 3.16.0 is vulnerable to path traversal in the 
shared-f ...)
        TODO: check
 CVE-2026-54130 (Missing authentication for critical function in M365 Copilot 
allows an ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-54017 (Open WebUI is a self-hosted artificial intelligence platform 
designed  ...)
        TODO: check
 CVE-2026-52866 (An attacker within BLE communication range can monopolize the 
device's ...)
@@ -47,7 +47,7 @@ CVE-2026-52866 (An attacker within BLE communication range 
can monopolize the de
 CVE-2026-50034 (An attacker within BLE communication range can passively 
intercept  wi ...)
        TODO: check
 CVE-2026-4328 (The Advanced Import plugin for WordPress is vulnerable to 
Server-Side  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-49454 (Relyra is a strict-by-default SAML 2.0 Service Provider 
library for El ...)
        TODO: check
 CVE-2026-49257 (mcp-pinot is a Python-based Model Context Protocol (MCP) 
server for in ...)
@@ -73,9 +73,9 @@ CVE-2026-47847 (Bitnami MariaDB Galera container images and 
Helm chart are affec
 CVE-2026-47846 (Bitnami Cassandra container images are affected by a retained 
default  ...)
        TODO: check
 CVE-2026-47647 (Improper access control in Microsoft Dynamics 365 allows an 
authorized ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-47633 (Exposure of sensitive information to an unauthorized actor in 
Cost Man ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-46699 (conda-smithy is a tool for combining a conda recipe with 
configuration ...)
        TODO: check
 CVE-2026-45696 (OpenEXR is the reference implementation and specification for 
the EXR  ...)
@@ -89,7 +89,7 @@ CVE-2026-43915 (Coturn is a free open source implementation 
of TURN and STUN Ser
 CVE-2026-40624 (Improper input validation in AVer PTC500S, PTC115, PTC500+, 
and PTC115 ...)
        TODO: check
 CVE-2026-32174 (Improper authentication in Azure Bot Service allows an 
authorized atta ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-2842
        REJECTED
 CVE-2026-25865 (Punto Switcher through 4.5.0.583 contains an unquoted search 
path elem ...)
@@ -97,13 +97,13 @@ CVE-2026-25865 (Punto Switcher through 4.5.0.583 contains 
an unquoted search pat
 CVE-2026-22674 (Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, 
contains a  ...)
        TODO: check
 CVE-2026-1856 (The Appointment Booking Calendar plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12644 (Versions of the package ts-deepmerge before 8.0.0 are 
vulnerable to Un ...)
        TODO: check
 CVE-2026-12430 (The Blocksy Companion plugin for WordPress is vulnerable to 
Stored Cro ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12157 (The BetterDocs - Knowledge Base Docs & FAQ Solution for 
Elementor & Bl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12050 (SQL injection in pgAdmin 4's named restore point endpoint 
(POST /brows ...)
        TODO: check
 CVE-2026-12049 (Open redirect in pgAdmin 4's multi-factor authentication flow. 
The MFA ...)
@@ -119,21 +119,21 @@ CVE-2026-12045 (Read-only transaction bypass in the 
pgAdmin 4 AI Assistant allow
 CVE-2026-12044 (SQL injection in pgAdmin 4 across every dialog template that 
renders ` ...)
        TODO: check
 CVE-2026-11989 (The Bit integrations \u2013 Form Integration, Webhook, 
Spreadsheets, C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11775 (The User Admin Simplifier plugin for WordPress is vulnerable 
to Cross- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11752 (A vulnerability has been identified in armeria-xds versions 
1.38.0 thr ...)
        TODO: check
 CVE-2026-10779 (The Classified Listing \u2013 Classified ads & Business 
Directory plug ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10746
        REJECTED
 CVE-2026-10720 (Canonical MicroCeph versions from the squid and tentacle track 
are vul ...)
        TODO: check
 CVE-2026-10034 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable 
to author ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-7737 (DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual 
Storage Pl ...)
-       TODO: check
+       NOT-FOR-US: Hitachi
 CVE-2025-15661 (libssh2 through 1.11.1, fixed in commit 2dae302, contains an 
out-of-bo ...)
        TODO: check
 CVE-2026-55766



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c7713a3d23b37ed38e9f162cbd1cb6695b55a8e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c7713a3d23b37ed38e9f162cbd1cb6695b55a8e
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to