Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
96532fb3 by security tracker role at 2026-06-25T19:14:26+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,17 +3,17 @@ CVE-2026-9800 (A flaw was found in Keycloak Policy Enforcer.
This vulnerability
CVE-2026-9799 (A flaw was found in org.keycloak.authorization. An
authenticated user ...)
TODO: check
CVE-2026-9718 (CWE-617 Reachable Assertion vulnerability exists that could
allow an a ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-9717 (CWE-78 Neutralization of Special Elements used in an OS Command
('OS C ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-9716 (CWE-476 NULL Pointer Dereference vulnerability exists that
could cause ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-9705 (A flaw was found in Keycloak's client registration service. A
remote a ...)
TODO: check
CVE-2026-9651 (CWE-732 Incorrect Permission Assignment for Critical Resource
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-9650 (CWE-522 Insufficiently Protected Credentials vulnerability that
could ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-9099 (A flaw was found in Keycloak. A missing authorization check in
the Gro ...)
TODO: check
CVE-2026-9086 (A flaw was found in Keycloak. A remote attacker with
administrative pr ...)
@@ -21,7 +21,7 @@ CVE-2026-9086 (A flaw was found in Keycloak. A remote
attacker with administrati
CVE-2026-9083 (A flaw was found in Keycloak. A realm administrator with the
"manage-r ...)
TODO: check
CVE-2026-6432 (Improper bounds validation in EmberZNet SDK versions 9.0.2 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-6291 (Bleichenbacher padding oracle in PKCS#7 KTRI decryption. When
decrypti ...)
TODO: check
CVE-2026-6094 (Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when
parsing craf ...)
@@ -29,23 +29,23 @@ CVE-2026-6094 (Heap buffer overread in
wc_PKCS7_DecodeEnvelopedData when parsing
CVE-2026-6091 (Partial-chain certificate verification may accept chains that
terminat ...)
TODO: check
CVE-2026-57700 (Unrestricted Upload of File with Dangerous Type vulnerability
in Daan. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57619 (Contributor Sensitive Data Exposure in Elementor Website
Builder <= 4. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57588 (A SQL injection vulnerability in Nessus allows an attacker to
craft a ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2026-57587 (A SQL injection vulnerability in Nessus allows a remote,
unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Tenable
CVE-2026-57536 (Our payment integration with Mollie did not properly validate
payment ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-57535 (Content injected to PDF rendering contexts could, in many
places, incl ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-57534 (Malicious HTML content could be injected into the content of a
page in ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-57533 (Malicious HTML content could be injected into the page pretix
shows wh ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-57532 (Malicious HTML content contained in the layout specification
of a PDF ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-57456 (Vim is an open source, command line text editor. Prior to
9.2.0699, Vi ...)
TODO: check
CVE-2026-57455 (Vim is an open source, command line text editor. Prior to
9.2.0698, th ...)
@@ -69,7 +69,7 @@ CVE-2026-57435 (Nokogiri is an open source XML and HTML
library for the Ruby pro
CVE-2026-57434 (Nokogiri is an open source XML and HTML library for the Ruby
programmi ...)
TODO: check
CVE-2026-57429 (Contributor Broken Access Control in Slim SEO <= 4.6.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57236 (Nokogiri is an open source XML and HTML library for the Ruby
programmi ...)
TODO: check
CVE-2026-57235 (Nokogiri is an open source XML and HTML library for the Ruby
programmi ...)
@@ -115,29 +115,29 @@ CVE-2026-56122 (Winstone Servlet Engine through 0.9.10
contains a path traversal
CVE-2026-56091 (When using Apache Shiro with the shiro-guice module in a web
servlet c ...)
TODO: check
CVE-2026-56071 (Unauthenticated Cross Site Scripting (XSS) in Forminator <=
1.53.1 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56054 (Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56053 (Subscriber PHP Object Injection in EventPrime <= 4.3.4.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56051 (Unauthenticated Cross Site Scripting (XSS) in TablePress <=
3.3.1 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56050 (Improper Access Control vulnerability in Themeisle PPOM for
WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56049 (Contributor Remote Code Execution (RCE) in Post Snippets <=
4.0.19 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56042 (Customer Cross Site Scripting (XSS) in Advanced Order Export
For WooCo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56023 (Customer Broken Access Control in UPI QR Code Payment Gateway
for WooC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56014 (Unauthenticated Cross Site Scripting (XSS) in Master Slider <=
3.11.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56013 (Unauthenticated Insecure Direct Object References (IDOR) in
License Ma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56006 (Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56005 (Subscriber Cross Site Scripting (XSS) in WP Activity Log <=
5.6.3.1 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-55967 (AES-GCM encryption/decryption with extremely large cumulative
single m ...)
TODO: check
CVE-2026-55961 (wolfSSL_PKCS7_verify() returning success for a degenerate
(certs-only) ...)
@@ -177,35 +177,35 @@ CVE-2026-55092 (Trivy is a security scanner. Prior to
0.71.1, when Trivy downloa
CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage
(S3), fil ...)
TODO: check
CVE-2026-54849 (Unauthenticated SQL Injection in Premmerce Wishlist for
WooCommerce <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54848 (Insertion of Sensitive Information Into Sent Data
vulnerability in Saa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54845 (Unauthenticated Local File Inclusion in MDTF <= 1.3.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54844 (Unauthenticated Broken Access Control in CheckView Automated
Testing < ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54843 (Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54842 (Missing Authorization vulnerability in Royal Plugins Royal MCP
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54841 (Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54838 (Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54836 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54830 (Unauthenticated Broken Access Control in Five Star Restaurant
Reservat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54829 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54828 (Unauthenticated Broken Access Control in Motors <= 1.4.109
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54823 (Contributor Remote Code Execution (RCE) in Widget Options <=
4.2.3 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54822 (Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54821 (Subscriber Sensitive Data Exposure in Visual Link Preview <=
2.3.1 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54679 (jq is a command-line JSON processor. Prior to 1.8.2, on 32bit
system, ...)
TODO: check
CVE-2026-54573 (Outline is a service that allows for collaborative
documentation. Prio ...)
@@ -269,59 +269,59 @@ CVE-2026-50015 (pnpm is a package manager. Prior to
10.34.0 and 11.4.0, pnpm's p
CVE-2026-50014 (pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm
passes th ...)
TODO: check
CVE-2026-4930 (SYMCRYPTO is the SiXG301's host side hardware engine accessed
by PSA c ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-4526 (In EmberZNet v9.0.2 and earlier, malformed global ZCL messages
can tri ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-4522 (Missing authentication for critical function vulnerability in
HYPR Pas ...)
- TODO: check
+ NOT-FOR-US: HYPR
CVE-2026-49506 (Dell Wyse Management Suite, versions prior to WMS 5.5 HF1,
contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-49319 (Remote Keyless Entry System (RKES), using the 433 MHz key fob
bearing ...)
TODO: check
CVE-2026-48995 (pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a
malicious co ...)
TODO: check
CVE-2026-48946 (The K2 frontend article-attachment upload path accepts files
whose ext ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48945 (The K2 article gallery upload path accepts a zip/tar archive,
extracts ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48944 (The K2 frontend article-save handler accepts an
`attachment[N][existin ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48943 (K2 \u2264 2.24 contains a mass-assignment defect in the K2
system user ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48942 (K2 \u2264 2.26 renders the `#__k2_users.image` column directly
into HT ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48941 (The K2 frontend `item.checkin` task accepts an unauthenticated
`sigPro ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48940 (A Joomla user with K2 "create item" rights (Author tier by
default) ca ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-47154 (In EmberZNet v9.0.2 and earlier, a malformed
GetProfileResponse messag ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-47153 (In EmberZNet v9.0.2 and earlier, a malformed Level Control
Step comman ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-47152 (In EmberZNet v9.0.2 and earlier, a malformed Level Control
Move comman ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-47151 (In EmberZNet v9.0.2 and earlier, malformed
ClearWeekdaySchedule messag ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-47150 (In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment
message ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-47149 (In EmberZNet v9.0.2 and earlier, malformed or out-of-range
Door Lock u ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-47148 (In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership
commands ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-47147 (In EmberZNet v9.0.2 and earlier, malformed OTA requests can
drive the ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-47146 (In EmberZNet v9.0.2 and earlier, malformed Color Control
messages can ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-47145 (In EmberZNet v9.0.2 and earlier, malformed Color Control
messages can ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-46735 (Dell Display and Peripheral Manager (DDPM Mac), versions prior
to 2.3, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-46734 (Dell Display and Peripheral Manager (DDPM Mac), versions prior
to 2.3, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-46733 (Dell Display and Peripheral Manager (DDPM Windows), versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-46732 (Dell Display and Peripheral Manager (DDPM Mac), versions prior
to 2.3, ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-46611 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
TODO: check
CVE-2026-46608 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
@@ -333,33 +333,33 @@ CVE-2026-46606 (Glances is an open-source system
cross-platform monitoring tool.
CVE-2026-45233 (HTMLy CMS through 3.1.1 contains a path traversal
vulnerability that a ...)
TODO: check
CVE-2026-41120 (Dell Wyse Management Suite, versions prior to WMS 5.5 HF1,
contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-2815 (Incorrect use of the PUF key for user key generation in
EFR32xG27 resu ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-28898 (swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate
pseudo-hea ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-27366 (Unauthenticated Broken Access Control in MainWP Child <= 6.1.1
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-13351 (Zephyr's IPv6 network stack can be prevented from receiving or
process ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-13350 (Permissions where checked incorrectly during room creation,
allowing a ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-13314 (Malicious HTML content could be injected into the content
rendered by ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-13225 (Malicious HTML content could be injected into the email
address of an ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-13223 (Our payment integration with Computop-based payment methods
did not p ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-13222 (Our payment integration with Oppwa-based payment methods did
not prop ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-12937 (The Tourfic \u2013 AI Powered Travel Booking, Hotel Booking &
Car Rent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12921 (In AzeoTech DAQFactory versions 21.1 and prior, a Use After
Free vulne ...)
TODO: check
CVE-2026-12897 (Horner Automation Cscape versions prior to 10.2 SP3 are
vulnerable to ...)
TODO: check
CVE-2026-12755 (Improper input validation in the PAM AD discovery endpoints in
Devolu ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-11999 (X.509 trust-chain bypass (path-depth exhaustion) in the
OpenSSL compat ...)
TODO: check
CVE-2026-12844 (List::SomeUtils::XS versions before 0.59 for Perl have a heap
buffer o ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96532fb39fd0fb21949c2b73a26a723c76ecc44e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96532fb39fd0fb21949c2b73a26a723c76ecc44e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits