Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d830fb97 by security tracker role at 2026-06-24T19:14:39+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
CVE-2026-7761 (The Ultimate Member plugin for WordPress is vulnerable to
Account Take ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-57307 (A missing permission check in Jenkins Zowe zDevOps Plugin
1.1.3.50.ve3 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57306 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Zowe zDev ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57305 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Assembla ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57304 (A missing permission check in Jenkins Assembla Plugin 1.4 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57303 (Jenkins Assembla Plugin 1.4 and earlier does not configure its
XML par ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57302 (Jenkins FitNesse Plugin 1.36 and earlier stores passwords
unencrypted ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57301 (Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build
operations o ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57300 (A missing permission check in Jenkins MCP Server Plugin
0.177.v629fdb_ ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57299 (Missing permission checks in Jenkins Contrast Continuous
Application S ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57298 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Contrast ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57297 (A missing permission check in Jenkins Contrast Continuous
Application ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57296 (Jenkins External Workspace Manager Plugin 1.3.2 and earlier
does not r ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57295 (A cross-site request forgery (CSRF) vulnerability in Jenkins
EC2 Fleet ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57294 (A missing permission check in Jenkins EC2 Fleet Plugin
4.2.3.539.v8fed ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57293 (An incorrect permission check in Jenkins Gitee Plugin
1288.v18b_deb_c9 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57292 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Gitee Plu ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57291 (Missing permission checks in Jenkins Gitee Plugin
1288.v18b_deb_c9069b ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57290 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Priority ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57289 (Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and
earlier uncon ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57288 (Jenkins Active Directory Plugin 2.41.1 and earlier does not
escape the ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57287 (Jenkins Job Configuration History Plugin 1356.ve360da_6c523a_
and earl ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57286 (A missing permission check in Jenkins Git Parameter Plugin
462.vdcf3df ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57285 (A missing permission check in Jenkins GitHub Branch Source
Plugin 1967 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57284 (Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier
does no ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57283 (A cross-site request forgery (CSRF) vulnerability in Jenkins
Pipeline: ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57282 (Jenkins Git client Plugin 6.6.0 and earlier does not correctly
escape ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57281 (Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier
does not ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-57280 (Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier
does not ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-56761 (hono before 4.12.14 contains an html injection vulnerability
in jsx se ...)
TODO: check
CVE-2026-56370 (ImageMagick before 7.1.2-19 contains an out-of-bounds access
vulnerabi ...)
@@ -107,7 +107,7 @@ CVE-2026-56118
CVE-2026-56111 (Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when
built w ...)
TODO: check
CVE-2026-56052 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-55611 (AnythingLLM is an application that turns pieces of content
into contex ...)
TODO: check
CVE-2026-55488 (motionEye (mEye) is an online interface for a piece of
software called ...)
@@ -219,21 +219,21 @@ CVE-2026-13150 (Server-Side Request Forgery (SSRF)
(CWE-918) in the PDF generati
CVE-2026-13140 (Stored Cross-Site Scripting in the exposed AWS API key store
ofThinkst ...)
TODO: check
CVE-2026-12986 (A critical vulnerability in Admin GUI in Payara Server Full
4.x, 5.x, ...)
- TODO: check
+ NOT-FOR-US: Payara
CVE-2026-12760 (A denial-of-service (DoS) vulnerability has been identified in
Tapo C2 ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-12537 (Improper Neutralization used in an OS Command in the container
launche ...)
TODO: check
CVE-2026-12242 (The AdRotate Banner Manager plugin for WordPress is vulnerable
to PHP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11968 (Argument Injection in TortoiseGitBlame via Malicious Git
History Filen ...)
- TODO: check
+ NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-11878 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2026-11877 (An unauthorized user can modify configuration through API
calls that a ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2026-10745 (Improper output neutralization for logs vulnerability in
upKeeper Solu ...)
- TODO: check
+ NOT-FOR-US: upKeeper Solutions
CVE-2025-71361 (picklescan before 0.0.29 fails to detect malicious
idlelib.calltip.Cal ...)
TODO: check
CVE-2025-71354 (picklescan before 0.0.29 fails to detect malicious pickle
files that e ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d830fb973b826dd05662732bc794a2b950db2265
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d830fb973b826dd05662732bc794a2b950db2265
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits