Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a4ac720 by security tracker role at 2026-07-01T19:14:49+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,15 +31,15 @@ CVE-2026-5136 (A flaw was found in Foreman. The Usergroup
model in Foreman does
CVE-2026-5135 (A flaw was found in Foreman. This broken access control
vulnerability ...)
TODO: check
CVE-2026-5120 (A Race Condition vulnerability affecting BIOVIA Workbook from
Release ...)
- TODO: check
+ NOT-FOR-US: Dassault Systemes
CVE-2026-5051 (HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit
device valid ...)
TODO: check
CVE-2026-58521 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-58520 (URL redirection to untrusted site ('open redirect')
vulnerability in T ...)
TODO: check
CVE-2026-58517 (Improper neutralization of input terminators vulnerability in
The Wiki ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-58454 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware
4.8.30.57701411 c ...)
TODO: check
CVE-2026-58453 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware
4.8.30.57701411 c ...)
@@ -59,23 +59,23 @@ CVE-2026-58038 (Improper Neutralization of Input During Web
Page Generation (XSS
CVE-2026-58035 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2026-58034 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-58031 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2026-57737 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57736 (Insertion of Sensitive Information Into Sent Data
vulnerability in Hub ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57723 (Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp
VikBooking ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57722 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57721 (Missing Authorization vulnerability in WP Reloaded ApplyOnline
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57720 (Missing Authorization vulnerability in Codexpert Inc
ThumbPress allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57692 (Incorrect Privilege Assignment vulnerability in LCweb
PrivateContent a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57517 (Control Web Panel before 0.9.8.1225 contains a blind SQL
injection vul ...)
TODO: check
CVE-2026-57516 (Ray prior to 2.56.0 contains an unsafe deserialization
vulnerability i ...)
@@ -145,9 +145,9 @@ CVE-2026-49087 (Allocation of Resources Without Limits or
Throttling (CWE-770) i
CVE-2026-46680 (containerd is an open-source container runtime. In versions
prior to 1 ...)
TODO: check
CVE-2026-41121 (Dell Device Management Agent, versions prior to DDMA 26.05,
contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-38142 (An unauthenticated command injection vulnerability in the
/goform/fast ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-34117 (Guardian language-system passes the id GET parameter directly
into a P ...)
TODO: check
CVE-2026-34116 (Guardian language-system passes the id GET parameter directly
into a P ...)
@@ -193,41 +193,41 @@ CVE-2026-34097 (Guardian language-system fails to
sanitize the id GET parameter
CVE-2026-34096 (Guardian language-system fails to sanitize the name GET
parameter befo ...)
TODO: check
CVE-2026-2891 (The following Poly Voice IP devices, CCX, Trio, and Edge E,
might be i ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2026-27435 (Missing Authorization vulnerability in WofficeIO Woffice
allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27409 (Missing Authorization vulnerability in Webba Plugins Webba
Booking all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24270 (NVIDIA AIStore framework contains a vulnerability where an
attacker co ...)
TODO: check
CVE-2026-24266 (NVIDIA Triton Inference Server for Linux contains a
vulnerability wher ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24264 (NVIDIA Triton Inference Server for Linux contains a
vulnerability wher ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24260 (NVIDIA Container Toolkit for Linux contains a vulnerability
where an a ...)
TODO: check
CVE-2026-24251 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24250 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24249 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24248 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24247 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24246 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24245 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24244 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24243 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24242 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24240 (NVIDIA Megatron Bridge for Linux contains a vulnerability
where an att ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-20244 (A vulnerability in the DMG file format parser of ClamAV could
allow an ...)
TODO: check
CVE-2026-20243 (A vulnerability in the ALZ file format parser of ClamAV could
allow an ...)
@@ -257,53 +257,53 @@ CVE-2026-14198 (@fastify/middie versions 9.1.0 through
9.3.2 decode the encoded
CVE-2026-14181 (@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the
URL nor ...)
TODO: check
CVE-2026-13769 (Overly permissive file permissions in AWS CLI before 1.44.78
(v1) and ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-13760 (OS command injection in the NodejsFunction Docker bundling
pipeline (O ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-13733 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13707 (Session fixation vulnerability in Wikimedia Foundation OAuth.
This v ...)
TODO: check
CVE-2026-13706 (Improper input validation vulnerability in Wikimedia
Foundation UrlSho ...)
TODO: check
CVE-2026-13603 (The payment integration pretix-oppwa provides support for the
payment ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-13602 (We found a chain of combining multiple weaknesses in the
product that ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-13454 (The MotoPress Appointment Booking plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13323 (In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint
serves ...)
TODO: check
CVE-2026-13228 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13211 (The genucenter web interface before version 8.0p11
unnecessarily expos ...)
TODO: check
CVE-2026-12754 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12732 (The LearnPress plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12577 (DVP80ES3 with Improperly Implemented Security Check for
Standard vulne ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-12576 (DVP80ES3 with Improper Enforcement of Message Integrity During
Transmi ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-12575 (DVP80ES3 with Improper Resource Shutdown or Release
vulnerability.)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-12480 (Keras versions up to and including 3.13.2 are vulnerable to an
arbitra ...)
TODO: check
CVE-2026-12435 (The Motors \u2013 Car Dealership & Classified Listings Plugin
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12408 (The Slim SEO \u2013 A Fast & Automated SEO Plugin For
WordPress plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12374 (Improper certificate validation and a time-of-check
time-of-use (TOCTO ...)
- TODO: check
+ NOT-FOR-US: Cato
CVE-2026-12224 (The Dokan Pro plugin for WordPress is vulnerable to privilege
escalati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12158 (The RegistrationMagic \u2013 User Registration Forms Plugin
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12142 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress
plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11387 (The SMS Alert \u2013 SMS & OTP for WooCommerce, Order
Notifications & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10540 (The Control-M/Enterprise Manager uses weak protections for
stored hash ...)
TODO: check
CVE-2026-10539 (A Control-M/Server communication command does not sufficiently
filter ...)
@@ -311,9 +311,9 @@ CVE-2026-10539 (A Control-M/Server communication command
does not sufficiently f
CVE-2026-10538 (Messaging consumer functionality allows deserialization of
user-contro ...)
TODO: check
CVE-2026-10096 (The Qi Blocks plugin for WordPress is vulnerable to Insecure
Direct Ob ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10095 (The WP Photo Album Plus plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23351 (NVIDIA ConnectX and BlueField contain a vulnerability in the
command i ...)
TODO: check
CVE-2025-23350 (NVIDIA ConnectX and BlueField contain a vulnerability in the
command i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a4ac720af75a3a2ebd3a06fb7cbb81e1ce33c80
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a4ac720af75a3a2ebd3a06fb7cbb81e1ce33c80
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits