Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d60b1be6 by Salvatore Bonaccorso at 2026-07-02T21:58:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -32,7 +32,7 @@ CVE-2026-9145 (The Database for Contact Form 7, WPforms,
Elementor forms plugin
CVE-2026-8699 (A stored Cross-Site Scripting (XSS) vulnerability has been
identified ...)
NOT-FOR-US: TPLink
CVE-2026-8482 (A vulnerability was discovered on StormShield Network Security
4.3.0 t ...)
- TODO: check
+ NOT-FOR-US: StormShield
CVE-2026-8441 (The WP Review Slider Pro plugin for WordPress is vulnerable to
SQL Inj ...)
NOT-FOR-US: WordPress plugin
CVE-2026-8147 (In MLflow versions prior to 3.14.0, when running with
authentication e ...)
@@ -44,13 +44,13 @@ CVE-2026-7311 (The TinyPNG \u2013 JPEG, PNG & WebP image
compression plugin for
CVE-2026-5524 (The Divi Form Builder plugin for WordPress is vulnerable to
Arbitrary ...)
NOT-FOR-US: WordPress plugin
CVE-2026-58653 (PraisonAI before 0.1.7 fails to validate that project_id in
issue crea ...)
- TODO: check
+ NOT-FOR-US: PraisonAI
CVE-2026-58652 (luci-app-travelmate (and the travelmate package) contain a
privilege-e ...)
- TODO: check
+ NOT-FOR-US: luci-app-travelmate
CVE-2026-58465 (Eclipse Wakaama before snapshot/2026-05-26 contains an
unbounded memor ...)
TODO: check
CVE-2026-58455 (Dockwatch through 0.6.567 contains an unauthenticated OS
command injec ...)
- TODO: check
+ NOT-FOR-US: Dockwatch
CVE-2026-57766 (Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE
\u2013 File ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-57765 (Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.)
@@ -192,9 +192,9 @@ CVE-2026-57343 (Unauthenticated Cross Site Scripting (XSS)
in Real Estate 7 <= 3
CVE-2026-57342 (Subscriber Cross Site Scripting (XSS) in ShortPixel Adaptive
Images <= ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-56842 (A malicious actor with access to the network and under certain
conditi ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-56841 (A malicious actor with access to the network and low
privileges could ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-56037 (Deserialization of Untrusted Data vulnerability in Themify
Themify Pop ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-56004 (A shellcode injection in the mercurial handler of the obs
tar_scm sour ...)
@@ -204,25 +204,25 @@ CVE-2026-55952 (The Erlang/OTP ssl application does not
validate that the PSK id
CVE-2026-55950 (Time-of-check Time-of-use (TOCTOU) race condition
vulnerability in Erl ...)
TODO: check
CVE-2026-55119 (A malicious actor with access to the network and low
privileges could ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-55118 (A malicious actor with access to the network,low privileges
and under ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-55117 (A malicious actor with access to the network could exploit a
Path Trav ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-55116 (A malicious actor with access to the network and under certain
network ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-55115 (A malicious actor with access to the network and low
privileges could ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-55114 (A malicious actor with access to the network and low
privileges could ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-55113 (A malicious actor with access to the network could exploit a
Server-Si ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-55112 (A malicious actor with access to the network and low
privileges and un ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-55111 (A malicious actor with access to the network could exploit a
Path Trav ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-55110 (A malicious actor who lures an authenticated user to a
malicious page ...)
- TODO: check
+ NOT-FOR-US: UniFi
CVE-2026-54891 (Improper Enforcement of Message Integrity During Transmission
in a Com ...)
TODO: check
CVE-2026-54887 (Use of Default Cryptographic Key vulnerability in Erlang/OTP
ssl (DTLS ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d60b1be6ced5a0a12aa78b473c92b68069118495
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d60b1be6ced5a0a12aa78b473c92b68069118495
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits