Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6429c362 by security tracker role at 2026-07-02T07:14:18+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-5821 (The Image Optimizer plugin for WordPress is vulnerable to 
arbitrary fi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-5348 (The Academy LMS \u2013 WordPress LMS Plugin for Complete 
eLearning Sol ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-58593 (NodeBB does not bind the claimed author of an inbound 
ActivityPub obje ...)
        TODO: check
 CVE-2026-58592 (Ladybird contains a dangling-reference memory-safety flaw in 
its WebAs ...)
@@ -91,7 +91,7 @@ CVE-2026-52190 (Buffer Overflow vulnerability in UTT nv518G 
nv518GV3v3.2.7-21091
 CVE-2026-52186 (SQL Injection vulnerability in UTT nv518G 
nv518GV3v3.2.7-210919-161313 ...)
        TODO: check
 CVE-2026-50521 (Use after free in Microsoft Edge (Chromium-based) allows an 
authorized ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-50284 (Craft CMS is a content management system (CMS). In versions 
5.0.0-RC1  ...)
        TODO: check
 CVE-2026-50283 (Craft CMS is a content management system (CMS). Versions 
5.0.0-RC1 thr ...)
@@ -221,17 +221,17 @@ CVE-2026-14382 (Insufficient validation of untrusted 
input in ANGLE in Google Ch
 CVE-2026-14381 (Incorrect security UI in WebAppInstalls in Google Chrome prior 
to 150. ...)
        TODO: check
 CVE-2026-14363 (Improper neutralization of special elements used in an SQL 
command ('S ...)
-       TODO: check
+       NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-14340 (An incorrect authorization vulnerability was identified in 
GitHub Ente ...)
-       TODO: check
+       NOT-FOR-US: Github Enterprise Server
 CVE-2026-14265 (Deserialization of untrusted data in the 
RemoteQueryCachePlugin in Ama ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-14249 (The Request a Quote plugin for WordPress is vulnerable to Code 
Injecti ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13704 (The GiveWP \u2013 Donation Plugin and Fundraising Platform 
plugin for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13357 (The Houzez Property Feed plugin for WordPress is vulnerable to 
SQL Inj ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13132 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
        TODO: check
 CVE-2026-13131 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
@@ -239,21 +239,21 @@ CVE-2026-13131 (GeoWebPlayer (also called "Web Plugin" in 
the GV-VMS documentati
 CVE-2026-13125 (GeoWebPlayer (also called "Web Plugin" in the GV-VMS 
documentation and ...)
        TODO: check
 CVE-2026-11965 (The User Registration & Membership  WordPress plugin before 
5.2.0 does ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11950
        REJECTED
 CVE-2026-11781 (The Adminify  WordPress plugin before 4.2.10 does not perform 
per-user ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11600 (The Envo's Templates & Widgets for Elementor and WooCommerce 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11592 (The Email Subscribers & Newsletters \u2013 Email Marketing, 
Post Notif ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11578 (The Fluent Forms  WordPress plugin before 6.2.5 does not 
properly rest ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10089 (The Insert Pages plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10077 (The yootheme WordPress theme before 5.0.35 does not prevent 
its bundle ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-XXXX [GHSA-jgqj-x5j9-vgcm: Icinga 2 DSL Injection via Unescaped 
Import Template Name]
        - icinga2 2.16.2-1
        NOTE: 
https://github.com/Icinga/icinga2/security/advisories/GHSA-jgqj-x5j9-vgcm



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6429c3625b7b5b22396363f2cb92d604001cc3aa

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6429c3625b7b5b22396363f2cb92d604001cc3aa
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to