Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d9dd2c27 by security tracker role at 2026-07-08T07:14:10+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-9842 (The Backstage - Customizer Demo Access plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9731 (The Wp Js Detect plugin for WordPress is vulnerable to
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9701 (The Eventer plugin for WordPress is vulnerable to an insecure
password ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9700 (The Eventer plugin for WordPress is vulnerable to time-based
SQL Injec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9695 (An Improper Authentication vulnerability affecting DELMIA
Apriso from ...)
- TODO: check
+ NOT-FOR-US: Dassault Systemes
CVE-2026-8377 (Missing Authorization vulnerability in Armiya Information
Technologies ...)
TODO: check
CVE-2026-8309 (Improper neutralization of input during web page generation
('cross-si ...)
@@ -17,7 +17,7 @@ CVE-2026-8306 (Improper neutralization of input during web
page generation ('cro
CVE-2026-7380 (Improper neutralization of Script-Related HTML tags in a web
page (bas ...)
TODO: check
CVE-2026-6101 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-60002 (ssh in OpenSSH before 10.4 can have a use-after-free when a
server cha ...)
TODO: check
CVE-2026-60001 (sshd in OpenSSH before 10.4 does not always honor the minimum
authenti ...)
@@ -77,7 +77,7 @@ CVE-2026-57895 (Incorrect default permissions issue exists in
Pupsman versions p
CVE-2026-57851 (MSI Feature Manager contains a local privilege escalation
vulnerabilit ...)
TODO: check
CVE-2026-57172 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-56843 (Incorrect authorization in the XML-RPC API of WebPros Plesk
before 18. ...)
TODO: check
CVE-2026-56812 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
@@ -87,13 +87,13 @@ CVE-2026-56811 (Allocation of Resources Without Limits or
Throttling vulnerabili
CVE-2026-56437 (Uncontrolled search path element issue exists in Pupsman
versions prio ...)
TODO: check
CVE-2026-55647 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-55635 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-55633 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-55631 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-55592 (Dashy is a self-hostable personal dashboard. Prior to 4.3.7,
Dashy's w ...)
TODO: check
CVE-2026-55490 (OpenWrt is a Linux operating system targeting embedded
devices. Before ...)
@@ -149,19 +149,19 @@ CVE-2026-54601 (FastGPT is an open source AI knowledge
base platform. From 4.14.
CVE-2026-53935 (Cilium is a networking, observability, and security solution.
Prior to ...)
TODO: check
CVE-2026-53751 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-53730 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-53729 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-53511 (calibre is an e-book manager. Prior to 9.10.0, a malicious
EPUB, OPF, ...)
TODO: check
CVE-2026-53483 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-53481 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-53479 (DellPowerProtectData Domain, versions 7.7.1.0 through 8.7,
LTS2026 rel ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-51937 (An issue in Oneblog V2.3.9 allows a remote attacker to obtain
sensitiv ...)
TODO: check
CVE-2026-50811 (An out-of-bounds read vulnerability exists in FreeType 2.14.3
and vers ...)
@@ -169,9 +169,9 @@ CVE-2026-50811 (An out-of-bounds read vulnerability exists
in FreeType 2.14.3 an
CVE-2026-50810 (A NULL pointer dereference in smooth_parse_stream_index() in
src/media ...)
TODO: check
CVE-2026-50530 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-50529 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-50179 (Actual is a local-first personal finance tool. Prior to
26.6.0, export ...)
TODO: check
CVE-2026-50007 (Actual is an open-source personal finance application. Prior
to 26.7.0 ...)
@@ -183,29 +183,29 @@ CVE-2026-49229 (Actual is a local-first personal finance
app. Prior to 26.6.0, i
CVE-2026-49033 (The application contains a stack-based buffer overflow
vulnerability t ...)
TODO: check
CVE-2026-48958 (An improper access check allows unauthorized users to create
custom fi ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48957 (An improper access check allows unauthorized users to access
com_priva ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48956 (An improper access check allows users to display a list of
modules in ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48955 (An improper access check allows unauthorized users to access
workflow ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48954 (Improper validation leads to a generic XSS vector in the
language over ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48953 (Lack of escaping leads to an XSS vulnerability in the generic
image ou ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48952 (Lack of escaping leads to an XSS vulnerability in the update
list view ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48951 (Lack of escaping leads to XSS vulnerabilities in modalreturn
layouts o ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48950 (Lack of escaping leads to an XSS vulnerability in the file
management ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48949 (Lack of validation leads to an XSS vulnerability in the MFA
management ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48948 (An improper access check allows user to download vcard exports
of com_ ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48947 (An improper access check allows privileged users to overwrite
media fi ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-46700 (Actual is a local-first personal finance tool. Prior to
26.6.0, the GE ...)
TODO: check
CVE-2026-46672 (Actual is a local-first personal finance app. Prior to 26.6.0,
@actual ...)
@@ -217,7 +217,7 @@ CVE-2026-45796 (Coder allows organizations to provision
remote development envir
CVE-2026-44938 (A vulnerability has been identified in Fleet's agent-side
deployer, wh ...)
TODO: check
CVE-2026-44877 (An unauthenticated remote disclosure vulnerability has been
identified ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44454 (Coder allows organizations to provision remote development
environment ...)
TODO: check
CVE-2026-42958 (The application contains a use-after-free vulnerability that
can be ex ...)
@@ -245,51 +245,51 @@ CVE-2026-14940 (A heap-buffer-overflow flaw was found in
389 Directory Server (3
CVE-2026-14935 (A logic vulnerability was found in GStreamer's webrtcbin
component. Th ...)
TODO: check
CVE-2026-14904 (AWS Research and Engineering Studio (RES) is an open-source
solution t ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-14868 (The encryption algorithm used to protect the configuration of
user acc ...)
TODO: check
CVE-2026-14867 (Credentials of built-in users are insecurely stored in the
User direct ...)
TODO: check
CVE-2026-14500 (The Bulk Order Update for WooCommerce plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14495 (The DoLogin Security plugin for WordPress is vulnerable to
Authenticat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14489 (The WHMCS Bridge plugin for WordPress is vulnerable to
arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14487 (The Simple Coherent Form plugin for WordPress is vulnerable to
arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14482 (The \u591a\u8bf4\u793e\u4f1a\u5316\u8bc4\u8bba\u6846 plugin
for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14476 (A path traversal flaw was found in SSSD's AD GPO provider. The
ad_gpo_ ...)
TODO: check
CVE-2026-14474 (A flaw was found in SSSD's LDAP sudo provider. When the
ldap_sudo_sear ...)
TODO: check
CVE-2026-14244 (The Jssor Slider by jssor.com plugin for WordPress is
vulnerable to Di ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14158 (The Widget Logic Visual plugin for WordPress is vulnerable to
Remote C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13696 (Improper neutralization of special elements used in an LDAP
query ('LD ...)
TODO: check
CVE-2026-13199 (EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices
produce ...)
TODO: check
CVE-2026-13020 (A Weak Password Recovery Mechanism for Forgotten Password
exists in Es ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2026-13019 (Esri Portal for ArcGIS versions 12.1 and earlier on Windows,
Linux and ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2026-12948 (A stored cross-site scripting (XSS) vulnerability in the web
managemen ...)
- TODO: check
+ NOT-FOR-US: Digi
CVE-2026-12378 (The Appointment Booking Calendar Plugin and Scheduling Plugin
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12352 (This vulnerability allows an unauthenticated actor to bypass
authentic ...)
- TODO: check
+ NOT-FOR-US: Digi
CVE-2026-12153 (The WP Learn Manager plugin for WordPress is vulnerable to
authorizati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12097 (The User Management plugin for WordPress is vulnerable to
authorizatio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12041 (The Chatra Live Chat + ChatBot + Cart Saver plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11798 (The Social Share, Social Login and Social Comments Plugin
\u2013 Super ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11610 (A heap buffer overflow flaw was found in the SASL I/O layer of
389 Dir ...)
TODO: check
CVE-2026-11348 (Improper verification of cryptographic signature vulnerability
in HAVE ...)
@@ -297,9 +297,9 @@ CVE-2026-11348 (Improper verification of cryptographic
signature vulnerability i
CVE-2026-11340 (Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS
allows ...)
TODO: check
CVE-2026-10659 (The Dhara flash translation layer disk driver
(drivers/disk/ftl_dhara. ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10570 (The Sympl Repeater for ACF and Elementor plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site
Scripti ...)
TODO: check
CVE-2026-56003 [computeProps Property Buffer Heap Buffer Overflow]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9dd2c27a93b090500bbb6d91fe8e46ff5af5fd8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9dd2c27a93b090500bbb6d91fe8e46ff5af5fd8
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits