Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6429c362 by security tracker role at 2026-07-02T07:14:18+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2026-5821 (The Image Optimizer plugin for WordPress is vulnerable to
arbitrary fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5348 (The Academy LMS \u2013 WordPress LMS Plugin for Complete
eLearning Sol ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-58593 (NodeBB does not bind the claimed author of an inbound
ActivityPub obje ...)
TODO: check
CVE-2026-58592 (Ladybird contains a dangling-reference memory-safety flaw in
its WebAs ...)
@@ -91,7 +91,7 @@ CVE-2026-52190 (Buffer Overflow vulnerability in UTT nv518G
nv518GV3v3.2.7-21091
CVE-2026-52186 (SQL Injection vulnerability in UTT nv518G
nv518GV3v3.2.7-210919-161313 ...)
TODO: check
CVE-2026-50521 (Use after free in Microsoft Edge (Chromium-based) allows an
authorized ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-50284 (Craft CMS is a content management system (CMS). In versions
5.0.0-RC1 ...)
TODO: check
CVE-2026-50283 (Craft CMS is a content management system (CMS). Versions
5.0.0-RC1 thr ...)
@@ -221,17 +221,17 @@ CVE-2026-14382 (Insufficient validation of untrusted
input in ANGLE in Google Ch
CVE-2026-14381 (Incorrect security UI in WebAppInstalls in Google Chrome prior
to 150. ...)
TODO: check
CVE-2026-14363 (Improper neutralization of special elements used in an SQL
command ('S ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-14340 (An incorrect authorization vulnerability was identified in
GitHub Ente ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-14265 (Deserialization of untrusted data in the
RemoteQueryCachePlugin in Ama ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-14249 (The Request a Quote plugin for WordPress is vulnerable to Code
Injecti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13704 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13357 (The Houzez Property Feed plugin for WordPress is vulnerable to
SQL Inj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13132 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
TODO: check
CVE-2026-13131 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
@@ -239,21 +239,21 @@ CVE-2026-13131 (GeoWebPlayer (also called "Web Plugin" in
the GV-VMS documentati
CVE-2026-13125 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS
documentation and ...)
TODO: check
CVE-2026-11965 (The User Registration & Membership WordPress plugin before
5.2.0 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11950
REJECTED
CVE-2026-11781 (The Adminify WordPress plugin before 4.2.10 does not perform
per-user ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11600 (The Envo's Templates & Widgets for Elementor and WooCommerce
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11592 (The Email Subscribers & Newsletters \u2013 Email Marketing,
Post Notif ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11578 (The Fluent Forms WordPress plugin before 6.2.5 does not
properly rest ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10089 (The Insert Pages plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10077 (The yootheme WordPress theme before 5.0.35 does not prevent
its bundle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-XXXX [GHSA-jgqj-x5j9-vgcm: Icinga 2 DSL Injection via Unescaped
Import Template Name]
- icinga2 2.16.2-1
NOTE:
https://github.com/Icinga/icinga2/security/advisories/GHSA-jgqj-x5j9-vgcm
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6429c3625b7b5b22396363f2cb92d604001cc3aa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6429c3625b7b5b22396363f2cb92d604001cc3aa
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits