Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f05232e7 by security tracker role at 2026-06-24T07:14:11+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,65 +1,65 @@
 CVE-2026-9724 (The MotorDesk plugin for WordPress is vulnerable to Cross-Site 
Request ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9721 (The Book a Room Event Calendar plugin for WordPress is 
vulnerable to C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9710 (The Cornerstone WordPress plugin before 7.8.8 does not enforce 
capabil ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9709 (The Cornerstone WordPress plugin before 7.8.9 does not enforce 
capabil ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9643 (The WP Meta SEO plugin for WordPress is vulnerable to 
Unauthenticated  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9620 (The WP Latest Posts plugin for WordPress is vulnerable to 
Stored Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9619 (The Reviews and Rating \u2013 Docplanner plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9616 (The Generate Security.txt plugin for WordPress is vulnerable to 
author ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9612 (The WhatsOrder \u2013 Instant Checkout for WooCommerce plugin 
for Word ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9539 (An out-of-bounds heap read and integer underflow in the TCP 
urgent dat ...)
        TODO: check
 CVE-2026-9184 (The 24liveblog - live blog tool plugin for WordPress is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9183 (The 24liveblog - live blog tool plugin for WordPress is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9179 (The WP Forms Connector plugin for WordPress is vulnerable to 
SQL Injec ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9178 (The WP Forms Connector plugin for WordPress is vulnerable to 
Informati ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9175 (The Devs Accounting \u2013 Simple Accounting and Invoicing 
Solution pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9172 (The Devs Accounting \u2013 Simple Accounting and Invoicing 
Solution pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9073 (A flaw was found in foreman-mcp-server. This component utilizes 
two di ...)
        TODO: check
 CVE-2026-8905 (The Osiris Signature Banner plugin for WordPress is vulnerable 
to Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8896 (The MIR blocks and shortcodes plugin for WordPress is 
vulnerable to St ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8865 (The Avalon23 Products Filter for WooCommerce plugin for 
WordPress is v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8705 (The ClearSale Total plugin for WordPress is vulnerable to SQL 
Injectio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8690 (The RentMy Real-Time Rental Management Plugin plugin for 
WordPress is  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8688 (The Advance Nav Menu Manager plugin for WordPress is vulnerable 
to aut ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8628 (The EntreDroppers plugin for WordPress is vulnerable to 
Reflected Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8622 (The Image Sizes on Demand plugin for WordPress is vulnerable to 
Reflec ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8617 (The SearchPlus plugin for WordPress is vulnerable to 
unauthorized modi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8614 (The Assistio plugin for WordPress is vulnerable to unauthorized 
modifi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7617 (The Secufor_OAuth plugin for WordPress is vulnerable to 
unauthorized a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7574 (Anthropic Claude Desktop Cowork VM image handling (confirmed 
across v1 ...)
        TODO: check
 CVE-2026-6458 (Missing cryptographic step in Caliptra Core Firmware 
(aes_256_gcm_upda ...)
        TODO: check
 CVE-2026-6292 (The MP Customize Login Page plugin for WordPress is vulnerable 
to Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-5818 (Incorrect check of function return value in Caliptra Core 
Runtime Firm ...)
        TODO: check
 CVE-2026-56785 (FlatPress versions prior to commit 10be83c, contains a stored 
cross-si ...)
@@ -115,7 +115,7 @@ CVE-2026-53622 (Traefik is an HTTP reverse proxy and load 
balancer. Prior to 3.7
 CVE-2026-50193 (jackson-databind contains the general-purpose data-binding 
functionali ...)
        TODO: check
 CVE-2026-4297 (The Welcome Software Publishing plugin for WordPress is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-48493 (Snipe-IT is an IT asset/license management system. In versions 
prior t ...)
        TODO: check
 CVE-2026-48491 (Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 
until 3 ...)
@@ -175,7 +175,7 @@ CVE-2026-45792 (rtk filters and compresses command outputs 
before they reach you
 CVE-2026-41862 (Spring Statemachine's Kryo-based persistence backends (JPA, 
MongoDB, R ...)
        TODO: check
 CVE-2026-3652 (The ARForms plugin for WordPress is vulnerable to Stored 
Cross-Site Sc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-39253 (An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker 
to execut ...)
        TODO: check
 CVE-2026-23513 (FOSSBilling is a free, open-source billing and client 
management syste ...)
@@ -207,23 +207,23 @@ CVE-2026-12486 (Multiple OS command injection 
vulnerabilities exist in the libNe
 CVE-2026-12485 (GV-I/O Box 4E is a smart embedded device with 4 input and 4 
relays out ...)
        TODO: check
 CVE-2026-12417 (The SignUp & SignIn plugin for WordPress is vulnerable to 
Authenticati ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12416 (The Invoice Generator plugin for WordPress is vulnerable to 
Account Ta ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12164 (Fortra File Integrity Monitoring (FIM), formerly Tripwire 
Enterprise,  ...)
-       TODO: check
+       NOT-FOR-US: Fortra
 CVE-2026-12163 (Fortra File Integrity Monitoring (FIM), formerly Tripwire 
Enterprise,  ...)
-       TODO: check
+       NOT-FOR-US: Fortra
 CVE-2026-12112 (A flaw was found in the foreman-mcp-server. A session 
management vulne ...)
        TODO: check
 CVE-2026-12100 (The URL Preview plugin for WordPress is vulnerable to 
Server-Side Requ ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12095 (The Kargo Takip plugin for WordPress is vulnerable to 
Server-Side Requ ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12094 (The Advanced Contact Form 7 - Compact DB plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11997 (The Bulk SEO Image plugin for WordPress is vulnerable to 
Cross-Site Re ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11972 (When using the "tarfile" module with a file opened in 
"streaming mode" ...)
        TODO: check
 CVE-2026-11820 (Module: plugins/modules/nexmo.py  CVSS 3.1: 6.5 MEDIUM \u2014 
AV:N/AC: ...)
@@ -233,23 +233,23 @@ CVE-2026-11819 (Module: plugins/modules/keyring_info.py   
CVSS 3.1: 5.5 MEDIUM \
 CVE-2026-11807 (A missing authorization vulnerability was found in the 
Event-Driven An ...)
        TODO: check
 CVE-2026-11614 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for 
WordPress ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11370 (The WP Meta SEO plugin for WordPress is vulnerable to 
Server-Side Requ ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10753 (The Site Kit by Google  WordPress plugin before 1.176.0 does 
not prope ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10749 (The Post Duplicator WordPress plugin before 3.0.15 does not 
safely han ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10735 (Multiple Shapedsmart-post-show-pro WordPress plugin before 
4.0.2, Real ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10552 (The Blue Captcha plugin for WordPress is vulnerable to 
Cross-Site Requ ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10531 (The AI Share & Summarize WordPress plugin before 2.0.4 does 
not saniti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10092 (The Cincopa video and media plug-in plugin for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10091 (The Email JavaScript Cloak plugin for WordPress is vulnerable 
to Store ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-64105 (FOSSBilling is a billing and client management system that 
automates i ...)
        TODO: check
 CVE-2026-8286



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f05232e732cf34f4e234a2775cdcadd318d18966

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f05232e732cf34f4e234a2775cdcadd318d18966
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to