Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
84fcdbe3 by security tracker role at 2026-07-08T19:17:32+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-9074 (IBM API Connect 10.0.8.0 through 10.0.8.9 and12.1.0.0 through
12.1.0.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8315 (Improper neutralization of input during web page generation
('cross-si ...)
TODO: check
CVE-2026-8310 (Improper neutralization of input during web page generation
('cross-si ...)
@@ -7,23 +7,23 @@ CVE-2026-8310 (Improper neutralization of input during web
page generation ('cro
CVE-2026-8307 (Improper neutralization of special elements used in an SQL
command ('S ...)
TODO: check
CVE-2026-6854 (The My Calendar \u2013 Accessible Event Manager plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6820 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6818 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6742 (The Advanced iFrame plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6740 (The Nexter Blocks \u2013 Gutenberg Blocks, Page Builder & AI
Website B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6459 (The Essential Addons for Elementor \u2013 Popular Elementor
Templates ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6371 (Improper neutralization of input during web page generation
('cross-si ...)
TODO: check
CVE-2026-6280 (Exposure of sensitive information due to incompatible policies
vulnera ...)
TODO: check
CVE-2026-6230 (The Tainacan plugin for WordPress is vulnerable to time-based
blind SQ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-60125 (MISP\u2019s importModule() path used getEnabledModule() to
resolve a s ...)
TODO: check
CVE-2026-60124 (An authorization bypass in MISP\u2019s
EventsController::importModule( ...)
@@ -33,9 +33,9 @@ CVE-2026-60102 (Horde Virtual File System (VFS) API before
3.0.1 contains an OS
CVE-2026-60092 (AVideo (Meet plugin) through commit
e8d6119f3cb1b849149906efeb0a41fc02 ...)
TODO: check
CVE-2026-5459 (The User Frontend: AI Powered Frontend Posting, User Directory,
Profil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5356 (The LatePoint \u2013 Calendar Booking Plugin for Appointments
and Even ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-59938 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.14 ...)
TODO: check
CVE-2026-59937 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.14 ...)
@@ -109,7 +109,7 @@ CVE-2026-59702 (repomix contains a server-side request
forgery vulnerability in
CVE-2026-59262 (AFFiNE's histories GraphQL field fails to validate Doc.Read
permission ...)
TODO: check
CVE-2026-59261 (OpenClaw before 2026.5.28 contains a credential exposure
vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-59257 (n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before
2.28.1 conta ...)
TODO: check
CVE-2026-59253 (n8n before 2.28.0 contains an improper authorization
vulnerability all ...)
@@ -125,53 +125,53 @@ CVE-2026-58480 (Blocksy Companion Pro plugin for
WordPress before 2.1.47 contain
CVE-2026-57439 (CyberChef is a web app for encryption, encoding, compression,
and data ...)
TODO: check
CVE-2026-57260 (The application opened a PDF file containing an abnormal Unity
3D obje ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57259 (The input file does not need to be strictly in a structurally
valid PD ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57258 (The PRC file header parsing logic trusts the constructed file
structur ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57257 (During the PRC parsing stage, there is a lack of boundary
verification ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57256 (When the application opens a PDF and executes JavaScript, it
performs ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57255 (The application opens a PDF containing an abnormal color space
whose a ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57254 (There is an abnormal annotation within the PDF that is
referenced by o ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57253 (An abnormal image object causes the renderer to enter the
wrong proces ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57252 (When the application opens a PDF file, during the process of
JavaScrip ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57251 (The application opens a PDF, but the cloud-like appearance of
the cons ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57250 (When the application opens a PDF and JavaScript resets the
form fields ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57249 (After the application opened the PDF file, the script first
reset the ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57248 (When the application opens a PDF file and JavaScript writes
annotation ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57247 (The application re-enters the document structure via field
processing ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57246 (When dealing with abnormally constructed objects, there is a
lack of a ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57245 (When the application opens a PDF, traverses and builds the
annotation ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57244 (After JavaScript resetting the form, the synchronization
process lacks ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57243 (During the process of page opening and form formatting, a
JavaScript r ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57242 (The application opens the PDF, and JavaScript modifies the
form. Howev ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57241 (The application opens the PDF, and JavaScript performs
operations on t ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57240 (When the application opens a PDF file and JavaScript deletes
the PDF f ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57239 (The user-controllable executable files will be directly
executed by hi ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57238 (After the application opened the PDF, JavaScript deleted the
form fiel ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-57237 (When the application opens a PDF and JavaScript modifies the
propertie ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-56778 (n8n before 2.25.7 and 2.26.x before 2.26.2 contains an
authorization b ...)
TODO: check
CVE-2026-56776 (n8n before 1.123.55, 2.25.7, and 2.26.2 contains an
authorization bypa ...)
@@ -199,7 +199,7 @@ CVE-2026-56284 (Capgo (Cap-go/capgo) before 12.128.2
contains an information dis
CVE-2026-56283 (Capgo before 12.128.2 contains an html injection vulnerability
in the ...)
TODO: check
CVE-2026-56273 (Flowise before 3.1.0 contains a path traversal vulnerability
in Faiss ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2026-56250 (Capgo before 12.128.2 allows upload-scoped API keys to modify
the muta ...)
TODO: check
CVE-2026-56246 (Capgo before 12.128.2 contains a broken access control
vulnerability i ...)
@@ -211,7 +211,7 @@ CVE-2026-56220 (Capgo before 12.128.2 contains an
authorization bypass vulnerabi
CVE-2026-56217 (Capgo before 12.128.2 contains a policy bypass vulnerability
in app_ve ...)
TODO: check
CVE-2026-56086 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6,
LTS2026 r ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-55874 (SeaweedFS is a distributed storage system. Prior to 4.34, the
S3 API g ...)
TODO: check
CVE-2026-55873 (SeaweedFS is a distributed storage system. In versions 4.08
through 4. ...)
@@ -229,9 +229,9 @@ CVE-2026-54061 (Dgraph is an open source distributed
GraphQL database. Prior to
CVE-2026-53951 (Copier is a library and CLI app for rendering project
templates. In ve ...)
TODO: check
CVE-2026-53482 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-53480 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-50813 (An issue in SQLite before Fossil check-in 869a51ae84df allows
a local ...)
TODO: check
CVE-2026-50812 (A NULL pointer dereference in the SQLite Session Extension in
SQLite 3 ...)
@@ -251,13 +251,13 @@ CVE-2026-49145 (App::Ack versions through 3.10.0 for Perl
read arbitrary files v
CVE-2026-44840 (Dgraph is an open source distributed GraphQL database. Prior
to versio ...)
TODO: check
CVE-2026-41122 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7,
LTS2026 r ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-41042 (Unauthenticated callers can supply a malicious H2 JDBC URL
through the ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-3688 (The WCFM Membership \u2013 WooCommerce Memberships for
Multivendor Mar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3144 (IBM API Connect 12.1.0.0 through 12.1.0.3 uses default
credentials whi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-29009 (U-Boot through 2026.04-rc3 contains a buffer overflow
vulnerability in ...)
TODO: check
CVE-2026-29008 (U-Boot through 2026.04-rc3 contains an integer underflow
vulnerability ...)
@@ -281,7 +281,7 @@ CVE-2026-15063 (A flaw was found in the gorch service
template, which is part of
CVE-2026-15062 (SQL injection vulnerabilities in the Snowflake Snowpark Python
SDK (sn ...)
TODO: check
CVE-2026-15053 (Tanium addressed a denial of service vulnerability in Tanium
Server.)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2026-15044 (A flaw was found in the TrustyAI Service Operator. When
deploying serv ...)
TODO: check
CVE-2026-15041 (A flaw was found in 389 Directory Server. The PBKDF2-SHA256
password v ...)
@@ -301,33 +301,33 @@ CVE-2026-14966 (BBOT's unarchive module rejects archives
containing symlink entr
CVE-2026-14362 (HashiCorp memberlist before version 0.6.0 is vulnerable to a
denial-of ...)
TODO: check
CVE-2026-14250 (The Themehunk Login Registration plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13129 (When the application opens a PDF file, JavaScript uses the
damaged fie ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-13128 (Embedding JavaScript within a PDF file will cause the page to
be delet ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-13127 (The application opens the PDF file. JavaScript then rewrites
the docum ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-13126 (The embedded JavaScript in the PDF deleted the pages, making
the objec ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-12936 (The Recurio \u2013 Ultimate Subscription for WooCommerce
plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12002 (The Smash Balloon Social Photo Feed \u2013 Easy Social Feeds
Plugin pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11903 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-10708 (This vulnerability enables large\u2011scale data harvesting
without re ...)
TODO: check
CVE-2026-10706 (In Adalo\u2019s no-code app builder, (Versions 1 and 2) the
attackers ...)
TODO: check
CVE-2026-10699 (Missing release of memory after effective lifetime
vulnerability in Pr ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-10698 (Improper Neutralization of Special Elements in Data Query
Logic vulner ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2025-3110 (OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare
line-feed seque ...)
TODO: check
CVE-2025-14785 (The Website Builder by SeedProd - Theme Builder, Landing Page
Builder, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-58382
- gimp <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2497384
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84fcdbe3ecd3aeba280718f19a3ff6d66988d3ae
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84fcdbe3ecd3aeba280718f19a3ff6d66988d3ae
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits