Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7c10bb0a by security tracker role at 2026-07-01T07:14:16+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2026-9836 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
affecte ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-9132 (A missing authorization vulnerability was identified in GitHub
Enterpr ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-9107 (The Kali Forms \u2014 Contact Form & Drag-and-Drop Builder
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9106 (A UI misrepresentation vulnerability was identified in GitHub
Enterpri ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-9002 (IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow
an adj ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7874 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow
disclosure ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7873 (IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated
attackers t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7871 (IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis
access t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7840 (UltraVNC repeater through 1.8.2.2 contains a global buffer
overflow in ...)
TODO: check
CVE-2026-7839 (UltraVNC repeater through 1.8.2.2 initializes the HTTP
administration ...)
@@ -29,15 +29,15 @@ CVE-2026-7829 (UltraVNC repeater through 1.8.2.2 contains a
post-authentication
CVE-2026-7828 (UltraVNC repeater through 1.8.2.2 contains an integer overflow
in the ...)
TODO: check
CVE-2026-7803 (IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary
code execu ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7663 (IBM Langflow OSS 1.0.0 through 1.9.6 could allow
unauthenticated attac ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7517 (The Custom Payment Gateways for WooCommerce plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6070 (The WP-BusinessDirectory plugin for WordPress is vulnerable to
Unauthe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-58519 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-58518 (Cross-Site request forgery (CSRF) vulnerability in The
Wikimedia Found ...)
TODO: check
CVE-2026-58450 (Invoice Ninja through 5.13.26 contains an open redirect
vulnerability ...)
@@ -105,9 +105,9 @@ CVE-2026-56300 (Capgo before 12.128.2 contains
unauthenticated security definer
CVE-2026-56286 (Capgo before 12.128.2 contains an authentication bypass
vulnerability ...)
TODO: check
CVE-2026-56278 (Flowise before 3.1.0 (affected versions 3.0.13 and earlier)
uses a wea ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-56277 (Flowise before 3.1.2 sets Access-Control-Allow-Origin to a
hardcoded w ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-56264 (Crawl4AI before 0.8.7 contains an arbitrary JavaScript
execution vulne ...)
TODO: check
CVE-2026-56249 (Capgo before 12.128.2 contains an authorization bypass
vulnerability i ...)
@@ -183,141 +183,141 @@ CVE-2026-44041 (UltraVNC through 1.8.2.2 contains an
out-of-bounds read in the w
CVE-2026-44040 (UltraVNC through 1.8.2.2 uses a cryptographically weak
pseudo-random n ...)
TODO: check
CVE-2026-3602 (IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and
12.0.1.0 thr ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-37106 (An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a
remote atta ...)
TODO: check
CVE-2026-35505 (An unauthenticated remote attacker can repeatedly send crafted
connect ...)
TODO: check
CVE-2026-2387 (The Event Organiser plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-28322 (SolarWinds Database Performance Analyzer was found to be
affected by a ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2026-20463 (In Modem, there is a possible escalation of privilege due to a
permiss ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2026-20462 (In Telephony, there is a possible memory corruption due to a
heap buff ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2026-20461 (In Modem, there is a possible out of bounds write due to a
missing bou ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2026-20460 (In Modem, there is a possible information disclosure due to
improper i ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2026-20459 (In Modem, there is a possible system crash due to improper
input valid ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2026-20458 (In Modem, there is a possible memory corruption due to a
missing bound ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2026-20457 (In Modem, there is a possible system crash due to improper
input valid ...)
- TODO: check
+ NOT-FOR-US: MediaTek
CVE-2026-1239 (The Ninja Forms \u2013 The Contact Form Builder That Grows With
You pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14193 (DVP80ES300T with Improper Validation of Array Index
Vulnerability)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-14191 (An out-of-bounds heap write exists in the RAR5 recovery-volume
(.rev) ...)
TODO: check
CVE-2026-13773 (IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6
Approximately 50 g ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-13772 (IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object
Query La ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-13759 (IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships
three Object ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-13731 (The WPBot \u2013 AI ChatBot for Live Support, Lead Generation,
AI Serv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13468 (The Visualizer \u2013 Tables & Charts Manager with Built-in AI
Generat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13449 (IBM Business Automation Manager Open Editions 9.0.0 through
9.4.2 is v ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-13443 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13246 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13207 (FUXA versions 1.3.1 and prior contain an authentication bypass
vulnera ...)
TODO: check
CVE-2026-13015 (The Wp Google Places Review Slider plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12923 (The Youtube Showcase plugin for WordPress is vulnerable to
Arbitrary F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12904 (The Kadence Blocks \u2013 Gutenberg Blocks for Page Builder
Features p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12902 (The Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg
Editor pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12579 (AS228T with Authentication Bypass Vulnerability)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-12135 (The FV Flowplayer Video Player plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12133 (The JoomSport \u2013 for Sports: Team & League, Football,
Hockey & mor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12127 (The WPForms \u2013 Easy Form Builder for WordPress \u2013
Contact Form ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12113 (The Appointment Booking Calendar plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12110 (The Taskbuilder \u2013 Project Management & Task Management
Tool With ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12090 (The Taskbuilder \u2013 Project Management & Task Management
Tool With ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12086 (IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3
through 7 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-12085 (IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM
UCD - IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-12084 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2
through 8.2.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11988 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell
Online ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11981 (The GiveWP plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11906 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for
Linux, UN ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11887 (The Salon Booking System WordPress plugin before 10.30.20
does not ha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11883 (The WebAuthn Provider for Two Factor WordPress plugin before
2.5.6 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11880 (The Fluent Forms WordPress plugin before 6.2.1 does not
properly veri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11823 (The BookingPress Appointment Booking Pro plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11806 (IBM WebSphere Application Server - Liberty 17.0.0.3 through
26.0.0.6 i ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11794 (The Advanced Form Integration \u2014 Connect Forms to 200+
Apps WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11714 (IBM WebSphere Application Server - Liberty 17.0.0.3 through
26.0.0.7 i ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11712 (IBM WebSphere Application Server 9.0, and 8.5 is affected by a
cross-s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11708 (IBM WebSphere Application Server 9.0, and 8.5 is affected by a
cross-s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11595 (IBM WebSphere Application Server 9.0, and 8.5 could allow a
remote att ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11594 (IBM WebSphere Application Server 9.0, and 8.5 is affected by a
cross-s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11570 (The User Submitted Posts WordPress plugin before 20260608
does not es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11568 (The Product Configurator for WooCommerce WordPress plugin
before 1.7.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11562 (The WS Form LITE WordPress plugin before 1.11.8 does not have
a capab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11546 (IBM WebSphere Application Server - Liberty 17.0.0.3 through
26.0.0.7 i ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11541 (IBM WebSphere Application Server 9.0, and 8.5 and IBM
WebSphere Applic ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-11380 (The JetWidgets For Elementor plugin for WordPress is
vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10750 (The Royal MCP WordPress plugin before 1.4.26 does not perform
capabil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10585 (A stored cross-site scripting vulnerability was identified in
GitHub E ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-10564 (IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side
Request Fo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-10562 (An unauthenticated URL redirection vulnerability has been
identified i ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-10560 (IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing
authentication ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-10546 (IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side
Request Fo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-10140 (IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains
improper sha ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-10134 (IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to
read every ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-10129 (IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side
Request Fo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-10109 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-71381 (Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its
CORS middl ...)
TODO: check
CVE-2025-71374 (picklescan before 0.0.29 fails to detect the built-in python
profile.P ...)
@@ -337,31 +337,31 @@ CVE-2025-71350 (picklescan before 0.0.28 fails to detect
malicious pickle files
CVE-2025-71349 (picklescan before 0.0.29 fails to detect the built-in
trace.Trace.run ...)
TODO: check
CVE-2025-36372 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for
Linux, UN ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36359 (IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not
invalid ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36336 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0
transmits dat ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36333 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could
allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36328 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could
allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36327 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could
allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36324 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36323 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36321 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36320 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36319 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could
allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-15666 (A security vulnerability has been detected in Open Asset
Import Librar ...)
TODO: check
CVE-2025-12530 (IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1
through patch ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-56016
- libcgi-session-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41439279/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c10bb0a6a53f86be09da14ac7848d530c8ae69b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c10bb0a6a53f86be09da14ac7848d530c8ae69b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits