Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
84fcdbe3 by security tracker role at 2026-07-08T19:17:32+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-9074 (IBM API Connect 10.0.8.0 through 10.0.8.9 and12.1.0.0 through 
12.1.0.3 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-8315 (Improper neutralization of input during web page generation 
('cross-si ...)
        TODO: check
 CVE-2026-8310 (Improper neutralization of input during web page generation 
('cross-si ...)
@@ -7,23 +7,23 @@ CVE-2026-8310 (Improper neutralization of input during web 
page generation ('cro
 CVE-2026-8307 (Improper neutralization of special elements used in an SQL 
command ('S ...)
        TODO: check
 CVE-2026-6854 (The My Calendar \u2013 Accessible Event Manager plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6820 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6818 (The VikBooking Hotel Booking Engine & PMS plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6742 (The Advanced iFrame plugin for WordPress is vulnerable to 
Stored Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6740 (The Nexter Blocks \u2013 Gutenberg Blocks, Page Builder & AI 
Website B ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6459 (The Essential Addons for Elementor \u2013 Popular Elementor 
Templates  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6371 (Improper neutralization of input during web page generation 
('cross-si ...)
        TODO: check
 CVE-2026-6280 (Exposure of sensitive information due to incompatible policies 
vulnera ...)
        TODO: check
 CVE-2026-6230 (The Tainacan plugin for WordPress is vulnerable to time-based 
blind SQ ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-60125 (MISP\u2019s importModule() path used getEnabledModule() to 
resolve a s ...)
        TODO: check
 CVE-2026-60124 (An authorization bypass in MISP\u2019s 
EventsController::importModule( ...)
@@ -33,9 +33,9 @@ CVE-2026-60102 (Horde Virtual File System (VFS) API before 
3.0.1 contains an OS
 CVE-2026-60092 (AVideo (Meet plugin) through commit 
e8d6119f3cb1b849149906efeb0a41fc02 ...)
        TODO: check
 CVE-2026-5459 (The User Frontend: AI Powered Frontend Posting, User Directory, 
Profil ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-5356 (The LatePoint \u2013 Calendar Booking Plugin for Appointments 
and Even ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-59938 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.14 ...)
        TODO: check
 CVE-2026-59937 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.14 ...)
@@ -109,7 +109,7 @@ CVE-2026-59702 (repomix contains a server-side request 
forgery vulnerability in
 CVE-2026-59262 (AFFiNE's histories GraphQL field fails to validate Doc.Read 
permission ...)
        TODO: check
 CVE-2026-59261 (OpenClaw before 2026.5.28 contains a credential exposure 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-59257 (n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 
2.28.1 conta ...)
        TODO: check
 CVE-2026-59253 (n8n before 2.28.0 contains an improper authorization 
vulnerability all ...)
@@ -125,53 +125,53 @@ CVE-2026-58480 (Blocksy Companion Pro plugin for 
WordPress before 2.1.47 contain
 CVE-2026-57439 (CyberChef is a web app for encryption, encoding, compression, 
and data ...)
        TODO: check
 CVE-2026-57260 (The application opened a PDF file containing an abnormal Unity 
3D obje ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57259 (The input file does not need to be strictly in a structurally 
valid PD ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57258 (The PRC file header parsing logic trusts the constructed file 
structur ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57257 (During the PRC parsing stage, there is a lack of boundary 
verification ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57256 (When the application opens a PDF and executes JavaScript, it 
performs  ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57255 (The application opens a PDF containing an abnormal color space 
whose a ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57254 (There is an abnormal annotation within the PDF that is 
referenced by o ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57253 (An abnormal image object causes the renderer to enter the 
wrong proces ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57252 (When the application opens a PDF file, during the process of 
JavaScrip ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57251 (The application opens a PDF, but the cloud-like appearance of 
the cons ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57250 (When the application opens a PDF and JavaScript resets the 
form fields ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57249 (After the application opened the PDF file, the script first 
reset the  ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57248 (When the application opens a PDF file and JavaScript writes 
annotation ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57247 (The application re-enters the document structure via field 
processing  ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57246 (When dealing with abnormally constructed objects, there is a 
lack of a ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57245 (When the application opens a PDF, traverses and builds the 
annotation  ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57244 (After JavaScript resetting the form, the synchronization 
process lacks ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57243 (During the process of page opening and form formatting, a 
JavaScript r ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57242 (The application opens the PDF, and JavaScript modifies the 
form. Howev ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57241 (The application opens the PDF, and JavaScript performs 
operations on t ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57240 (When the application opens a PDF file and JavaScript deletes 
the PDF f ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57239 (The user-controllable executable files will be directly 
executed by hi ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57238 (After the application opened the PDF, JavaScript deleted the 
form fiel ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-57237 (When the application opens a PDF and JavaScript modifies the 
propertie ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-56778 (n8n before 2.25.7 and 2.26.x before 2.26.2 contains an 
authorization b ...)
        TODO: check
 CVE-2026-56776 (n8n before 1.123.55, 2.25.7, and 2.26.2 contains an 
authorization bypa ...)
@@ -199,7 +199,7 @@ CVE-2026-56284 (Capgo (Cap-go/capgo) before 12.128.2 
contains an information dis
 CVE-2026-56283 (Capgo before 12.128.2 contains an html injection vulnerability 
in the  ...)
        TODO: check
 CVE-2026-56273 (Flowise before 3.1.0 contains a path traversal vulnerability 
in Faiss  ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2026-56250 (Capgo before 12.128.2 allows upload-scoped API keys to modify 
the muta ...)
        TODO: check
 CVE-2026-56246 (Capgo before 12.128.2 contains a broken access control 
vulnerability i ...)
@@ -211,7 +211,7 @@ CVE-2026-56220 (Capgo before 12.128.2 contains an 
authorization bypass vulnerabi
 CVE-2026-56217 (Capgo before 12.128.2 contains a policy bypass vulnerability 
in app_ve ...)
        TODO: check
 CVE-2026-56086 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, 
LTS2026 r ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-55874 (SeaweedFS is a distributed storage system. Prior to 4.34, the 
S3 API g ...)
        TODO: check
 CVE-2026-55873 (SeaweedFS is a distributed storage system. In versions 4.08 
through 4. ...)
@@ -229,9 +229,9 @@ CVE-2026-54061 (Dgraph is an open source distributed 
GraphQL database. Prior to
 CVE-2026-53951 (Copier is a library and CLI app for rendering project 
templates. In ve ...)
        TODO: check
 CVE-2026-53482 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-53480 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-50813 (An issue in SQLite before Fossil check-in 869a51ae84df allows 
a local  ...)
        TODO: check
 CVE-2026-50812 (A NULL pointer dereference in the SQLite Session Extension in 
SQLite 3 ...)
@@ -251,13 +251,13 @@ CVE-2026-49145 (App::Ack versions through 3.10.0 for Perl 
read arbitrary files v
 CVE-2026-44840 (Dgraph is an open source distributed GraphQL database. Prior 
to versio ...)
        TODO: check
 CVE-2026-41122 (Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, 
LTS2026 r ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-41042 (Unauthenticated callers can supply a malicious H2 JDBC URL 
through the ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-3688 (The WCFM Membership \u2013 WooCommerce Memberships for 
Multivendor Mar ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3144 (IBM API Connect 12.1.0.0 through 12.1.0.3 uses default 
credentials whi ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-29009 (U-Boot through 2026.04-rc3 contains a buffer overflow 
vulnerability in ...)
        TODO: check
 CVE-2026-29008 (U-Boot through 2026.04-rc3 contains an integer underflow 
vulnerability ...)
@@ -281,7 +281,7 @@ CVE-2026-15063 (A flaw was found in the gorch service 
template, which is part of
 CVE-2026-15062 (SQL injection vulnerabilities in the Snowflake Snowpark Python 
SDK (sn ...)
        TODO: check
 CVE-2026-15053 (Tanium addressed a denial of service vulnerability in Tanium 
Server.)
-       TODO: check
+       NOT-FOR-US: Tanium
 CVE-2026-15044 (A flaw was found in the TrustyAI Service Operator. When 
deploying serv ...)
        TODO: check
 CVE-2026-15041 (A flaw was found in 389 Directory Server. The PBKDF2-SHA256 
password v ...)
@@ -301,33 +301,33 @@ CVE-2026-14966 (BBOT's unarchive module rejects archives 
containing symlink entr
 CVE-2026-14362 (HashiCorp memberlist before version 0.6.0 is vulnerable to a 
denial-of ...)
        TODO: check
 CVE-2026-14250 (The Themehunk Login Registration plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13129 (When the application opens a PDF file, JavaScript uses the 
damaged fie ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-13128 (Embedding JavaScript within a PDF file will cause the page to 
be delet ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-13127 (The application opens the PDF file. JavaScript then rewrites 
the docum ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-13126 (The embedded JavaScript in the PDF deleted the pages, making 
the objec ...)
-       TODO: check
+       NOT-FOR-US: Foxit
 CVE-2026-12936 (The Recurio \u2013 Ultimate Subscription for WooCommerce 
plugin for Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12002 (The Smash Balloon Social Photo Feed \u2013 Easy Social Feeds 
Plugin pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11903 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-10708 (This vulnerability enables large\u2011scale data harvesting 
without re ...)
        TODO: check
 CVE-2026-10706 (In Adalo\u2019s no-code app builder, (Versions 1 and 2) the 
attackers  ...)
        TODO: check
 CVE-2026-10699 (Missing release of memory after effective lifetime 
vulnerability in Pr ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2026-10698 (Improper Neutralization of Special Elements in Data Query 
Logic vulner ...)
-       TODO: check
+       NOT-FOR-US: Progress Software
 CVE-2025-3110 (OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare 
line-feed seque ...)
        TODO: check
 CVE-2025-14785 (The Website Builder by SeedProd - Theme Builder, Landing Page 
Builder, ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-58382
        - gimp <unfixed>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2497384



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84fcdbe3ecd3aeba280718f19a3ff6d66988d3ae

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84fcdbe3ecd3aeba280718f19a3ff6d66988d3ae
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to