Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cf7cd8e4 by security tracker role at 2026-07-09T19:14:29+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
 CVE-2026-9253 (The WP Cost Estimation & Payment Forms Builder (E&P Forms) 
plugin for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9240 (The Colissimo Officiel : M\xe9thodes de livraison pour 
WooCommerce plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9237 (The Employee, Leave and Recruitment Management System \u2013 
Crew HRM  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9235 (The DHL eCommerce (Benelux) for WooCommerce plugin for 
WordPress is vu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9028 (The CorvusPay WooCommerce Payment Gateway plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9027 (The CorvusPay WooCommerce Payment Gateway plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9021 (The Easy Invoice plugin for WordPress is vulnerable to Missing 
Authori ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8996 (The Backup and Staging by WP Time Capsule plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8848 (The Popup Maker \u2013 Boost Sales, Conversions, Optins, 
Subscribers w ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7558 (The Age Verification & Identity Verification by Token of Trust 
plugin  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6910 (The Bookero.pl \u2013 system rezerwacji online plugin for 
WordPress is ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-61474 (An improper authorization check in MISP\u2019s attribute 
creation endp ...)
        TODO: check
 CVE-2026-61344 (The Superior Court of California Hearing Reminder Service at 
https://w ...)
@@ -111,15 +111,15 @@ CVE-2026-58459 (gpsd through release-3.27.5, fixed at 
commit 4c06658, contains a
 CVE-2026-58378 (Allwinner H616 TV Box TV98 has ADB enabled and exposed to the 
network  ...)
        TODO: check
 CVE-2026-58307 (Out-of-bounds read, Reachable assertion vulnerability in 
Samsung Open  ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2026-58306 (Heap-based buffer overflow vulnerability in Samsung Open 
Source Escarg ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2026-58305 (Access of resource using incompatible type ('type confusion') 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2026-58304 (Out-of-bounds read, Out-of-bounds write vulnerability in 
Samsung Open  ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2026-58303 (Stack-based buffer overflow vulnerability in Samsung Open 
Source Escar ...)
-       TODO: check
+       NOT-FOR-US: Samsung
 CVE-2026-58198 (ChatterBot is a machine learning, conversational dialog engine 
for cre ...)
        TODO: check
 CVE-2026-58125
@@ -127,15 +127,15 @@ CVE-2026-58125
 CVE-2026-57111 (Permissive Cross-Origin Resource Sharing (CORS) in the REST 
API (helix ...)
        TODO: check
 CVE-2026-56460 (HCL DevOps Deploy / HCL Launch could disclose sensitive 
configurations ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-56459 (HCL DevOps Deploy / HCL Launch is susceptible to sensitive 
information ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-56458 (HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) 
which coul ...)
-       TODO: check
+       NOT-FOR-US: HCL
 CVE-2026-56292 (A SQLi vulnerability in AcyMailing component < 10.11.1 for 
Joomla was  ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-56291 (The Joomla extension Balbooa Forms is vulnerable to an 
unauthenticated ...)
-       TODO: check
+       NOT-FOR-US: Joomla
 CVE-2026-56289 (GNU patch is vulnerable to a denial of service (DoS) due to 
improper v ...)
        TODO: check
 CVE-2026-56288 (GNU patch is vulnerable to a NULL pointer dereference when 
processing  ...)
@@ -143,15 +143,15 @@ CVE-2026-56288 (GNU patch is vulnerable to a NULL pointer 
dereference when proce
 CVE-2026-55590 (CakePHP Authentication is an authentication plugin for CakePHP 
that ca ...)
        TODO: check
 CVE-2026-55420 (Discourse is an open-source discussion platform. Prior to 
2026.6.0, 20 ...)
-       TODO: check
+       NOT-FOR-US: Discourse
 CVE-2026-54801 (A vulnerability has been identified in CPCI85 Central 
Processing/Commu ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2026-54800 (A vulnerability has been identified in CPCI85 Central 
Processing/Commu ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2026-54799 (A vulnerability has been identified in CPCI85 Central 
Processing/Commu ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2026-54798 (A vulnerability has been identified in CPCI85 Central 
Processing/Commu ...)
-       TODO: check
+       NOT-FOR-US: Siemens
 CVE-2026-54695 (Pipecat is an open-source Python framework for building 
real-time voic ...)
        TODO: check
 CVE-2026-54005 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
@@ -165,19 +165,19 @@ CVE-2026-54002 (Kirby is an open-source content 
management system. Prior to 4.9.
 CVE-2026-53987 (The Tag plugin for GLPI 11 before 2.14.4 stores the tag name 
without H ...)
        TODO: check
 CVE-2026-51606 (An improper input handling vulnerability in the RTSP service 
of Tenda  ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-51605 (A stack-based buffer overflow vulnerability in the RTSP 
service of Ten ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-51604 (A stack-based buffer overflow vulnerability in the RTSP 
service of Ten ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-51603 (A stack-based buffer overflow vulnerability in the RTSP 
service of Ten ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-51602 (A stack-based buffer overflow vulnerability in the RTSP 
service of Ten ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-51601 (Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based 
buffer overf ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-51600 (Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the 
Content-Lengt ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-51599 (An insufficient input validation vulnerability in the RTSP 
service of  ...)
        TODO: check
 CVE-2026-51598 (An input validation vulnerability in the RTSP service of 
MERCURY MIPC2 ...)
@@ -189,11 +189,11 @@ CVE-2026-50644 (SOPlanning is vulnerable to SQL injection 
in the audit retention
 CVE-2026-50188 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
        TODO: check
 CVE-2026-4653 (The Block, Suspend, Report for BuddyPress plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4298 (The DSGVO All in one for WP plugin for WordPress is vulnerable 
to Miss ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4275 (The Divi Torque Lite \u2013 Divi Theme, Divi Builder & Extra 
Theme plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-4256 (Improper neutralization of special elements used in an LDAP 
query ('LD ...)
        TODO: check
 CVE-2026-49276 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
@@ -201,7 +201,7 @@ CVE-2026-49276 (Kirby is an open-source content management 
system. Prior to 4.9.
 CVE-2026-49274 (Kirby is an open-source content management system. Prior to 
4.9.4 and  ...)
        TODO: check
 CVE-2026-43752 (An authenticated administrator may be able to achieve 
arbitrary code e ...)
-       TODO: check
+       NOT-FOR-US: Apple
 CVE-2026-33390 (An Incorrect Privilege Assignment vulnerability was discovered 
in the  ...)
        TODO: check
 CVE-2026-31985 (When the upstream Guardian or CMC was configured in the Remote 
Collect ...)
@@ -223,7 +223,7 @@ CVE-2026-1365 (Insertion of sensitive information into sent 
data vulnerability i
 CVE-2026-15308 (The incremental HTML parser (html.parser.HTMLParser) allows 
for CPU de ...)
        TODO: check
 CVE-2026-15204 (A vulnerability was detected in TOTOLINK X5000R 
9.1.0cu.2415_B20250515 ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2026-15202 (A security vulnerability has been detected in YzmCMS up to 
7.5. Affect ...)
        TODO: check
 CVE-2026-15195 (A weakness has been identified in apidevtools 
json-schema-ref-parser u ...)
@@ -237,7 +237,7 @@ CVE-2026-15192 (A vulnerability has been found in mettle 
sendportal up to 3.0.1.
 CVE-2026-15191 (A flaw has been found in mettle sendportal up to 3.0.1. This 
vulnerabi ...)
        TODO: check
 CVE-2026-15190 (A vulnerability was detected in SourceCodester Simple and Nice 
Shoppin ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2026-15189 (A security vulnerability has been detected in aerostackdev 
aerostack-m ...)
        TODO: check
 CVE-2026-15188 (A weakness has been identified in manjurulhoque 
django-job-portal up t ...)
@@ -253,41 +253,41 @@ CVE-2026-15184 (A vulnerability was found in GNU LibreDWG 
up to 0.13.4. The impa
 CVE-2026-15182 (A vulnerability has been found in GNU LibreDWG up to 0.13.4. 
The affec ...)
        TODO: check
 CVE-2026-15158 (The Blocksy Companion plugin for WordPress is vulnerable to 
Arbitrary  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15000 (The Connect Contact Form 7 and Mailchimp plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14372 (The Bit Form \u2013 Contact Form, Payment Forms, Multi Step 
Forms, Cal ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14343 (The Download Manager plugin for WordPress is vulnerable to 
Stored Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14342 (The Mail Mint \u2013 Email Marketing, Newsletter, Email 
Automation & W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14278
        REJECTED
 CVE-2026-14261 (A vulnerability in the Xerte Online Tools allows for 
authentication by ...)
        TODO: check
 CVE-2026-14245 (The miniOrange OTP Login, Verification and SMS Notifications 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13771 (The Customer Reviews for WooCommerce plugin for WordPress is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13492 (The UsersWP plugin for WordPress is vulnerable to Arbitrary 
File Delet ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13462 (PayRange Android app, version 7.0.7 and below, contains an SSL 
bypass  ...)
        TODO: check
 CVE-2026-13461 (When coupled with the SSL bypass vulnerability, JavaScript can 
be inje ...)
        TODO: check
 CVE-2026-13450 (The GamiPress \u2013 Gamification plugin to reward points, 
achievement ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13441 (The EventPrime \u2013 Events Calendar, Bookings and Tickets 
plugin for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13334 (The Mang Board WP plugin for WordPress is vulnerable to 
Reflected Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13253 (The Ultimate Post plugin for WordPress is vulnerable to Stored 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13080 (The WPFunnels \u2013 Funnel Builder for WooCommerce with 
Checkout & On ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13011 (The ERP: Complete HR, Accounting & CRM Suite with Recruitment 
and WooC ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12879 (An Improper Input Validation vulnerability in BigQuery DAO in 
Google C ...)
        TODO: check
 CVE-2026-12593 (The implementation of an internalandundocumentedDashboardAPI 
endpoint( ...)
@@ -295,39 +295,39 @@ CVE-2026-12593 (The implementation of an 
internalandundocumentedDashboardAPI end
 CVE-2026-12590 (Impact: In body-parser versions prior to 1.20.6 (1.x line) and 
2.3.0 ( ...)
        TODO: check
 CVE-2026-12433 (The Hydra Booking \u2013 Appointment Scheduling & Booking 
Calendar plu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12428 (The Blocks for ACF Fields plugin for WordPress is vulnerable 
to unauth ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12418 (The User Frontend: AI Powered Frontend Posting, User 
Directory, Profil ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12406 (The User Frontend: AI Powered Frontend Posting, User 
Directory, Profil ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12170 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and 
Marketing Auto ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12116 (A vulnerability in the Xerte Online Tools allows for RCE 
through the a ...)
        TODO: check
 CVE-2026-11404 (Cesanta Mongoose before 7.22 contains an out-of-bounds read in 
the bui ...)
        TODO: check
 CVE-2026-11359 (The Memberships and User Profiles for WooCommerce \u2013 
ProfileGrid W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-0287 (Multiple denial of service vulnerabilities in Palo Alto 
Networks PAN-O ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0286 (A command injection vulnerability in the management plane of 
Palo Alto ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0285 (A server-side request forgery (SSRF) vulnerability in Palo Alto 
Networ ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0284 (An XML injection vulnerability in the Large Scale VPN (LSVPN) 
function ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0283 (An authentication bypass vulnerability in Large Scale VPN ( 
LSVPN) fun ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0282 (A file deletion vulnerability in Palo Alto Networks PAN-OS\xae 
softwar ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0281 (An information disclosure vulnerability in Palo Alto Networks 
PAN-OS\x ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0280 (An IPv6 packet processing vulnerability in the dataplane of 
Palo Alto  ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2026-0279 (Multiple cross site scripting vulnerabilities in the 
User-ID\u2122 Aut ...)
-       TODO: check
+       NOT-FOR-US: Palo Alto Networks
 CVE-2025-63579 (Unauthorized use of Kyocera printers, allows all information 
stored in ...)
        TODO: check
 CVE-2026-57825



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf7cd8e45afdf9890ffb433f14bae9a542b85af6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf7cd8e45afdf9890ffb433f14bae9a542b85af6
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to