[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d2d5915b by security tracker role at 2026-02-15T08:13:33+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2026-1793 (The Element Pack Addons for Elementor plugin for WordPress is vulnerab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1750 (The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1490 (The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-2312 (The Media Library Folders plugin for WordPress is vulnerable to Insecu ...) NOT-FOR-US: WordPress plugin CVE-2026-1843 (The Super Page Cache plugin for WordPress is vulnerable to Stored Cros ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2d5915bd42dc5375c8b1a9fe433eea85dc8400f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2d5915bd42dc5375c8b1a9fe433eea85dc8400f You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 26bdf0aa by security tracker role at 2026-02-14T20:14:07+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,19 +1,19 @@ CVE-2026-2312 (The Media Library Folders plugin for WordPress is vulnerable to Insecu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1843 (The Super Page Cache plugin for WordPress is vulnerable to Stored Cros ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1512 (The Essential Addons for Elementor \u2013 Popular Elementor Templates ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1258 (The Mail Mint plugin for WordPress is vulnerable to blind SQL Injectio ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1254 (The Modula Image Gallery \u2013 Photo Grid & Video Gallery plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1249 (The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by So ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0550 (The myCred plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-8572 (The Truelysell Core plugin for WordPress is vulnerable to privilege es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-23203 (In the Linux kernel, the following vulnerability has been resolved: n ...) - linux 6.18.10-1 [trixie] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26bdf0aada363c714a303cd84894fc838cb5eb0c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26bdf0aada363c714a303cd84894fc838cb5eb0c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8cfd3dd8 by security tracker role at 2026-02-14T08:14:07+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,13 +1,13 @@ CVE-2026-2469 (Versions of the package directorytree/imapengine before 1.22.3 are vul ...) TODO: check CVE-2026-2144 (The Magic Login Mail or QR Code plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-2027 (The AMP Enhancer \u2013 Compatibility Layer for Official AMP Plugin fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-2024 (The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-2022 (The Smart Forms plugin for WordPress is vulnerable to unauthorized acc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-26335 (Calero VeraSMART versions prior to2022 R1 use static ASP.NET/IIS machi ...) TODO: check CVE-2026-26334 (Calero VeraSMART versions prior to2026 R1 contain hardcoded static AES ...) @@ -37,77 +37,77 @@ CVE-2026-26273 (Known is a social publishing platform. Prior to 1.6.3, a Critica CVE-2026-24853 (Caido is a web security auditing toolkit. Prior to 0.55.0, Caido block ...) TODO: check CVE-2026-1988 (The Flexi Product Slider and Grid for WooCommerce plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1987 (The Scheduler Widget plugin for WordPress is vulnerable to Insecure Di ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1985 (The Press3D plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1983 (The SEATT: Simple Event Attendance plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1944 (The CallbackKiller service widget plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1939 (The Percent to Infograph plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1932 (The Appointment Booking Calendar Plugin \u2013 Bookr plugin for WordPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1915 (The Simple Plyr plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1912 (The Citations tools plugin for WordPress is vulnerable to Stored Cross ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1910 (The UpMenu \u2013 Online ordering for restaurants plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1905 (The Sphere Manager plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1904 (The Simple Wp colorfull Accordion plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1903 (The Ravelry Designs Widget plugin for WordPress is vulnerable to Store ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1901 (The QuestionPro Surveys plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1844 (The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1841 (The PixelYourSite \u2013 Your smart PIXEL (TAG) & API Manager plugin f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1796 (The StyleBidet plugin for WordPress is vulnerable to Reflected Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1795 (The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1792 (The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1754 (The personal-authors-category plugin for WordPress is vulnerable to Re ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1394 (The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1306 (The midi-Synth plugin for WordPress is vulnerable to arbitrary file up ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1303 (The MailChimp Campaigns plugin for WordPress is vulnerable to Missing ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1187 (The ZoomifyWP Free plugin
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67556e90 by security tracker role at 2026-02-13T20:13:54+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2026-2443 (A flaw was identified in libsoup, a widely used HTTP library in GNOME- ...) TODO: check CVE-2026-2026 (A vulnerability has been identified where weak file permissions in the ...) - TODO: check + NOT-FOR-US: Tenable CVE-2026-26269 (Vim is an open source, command line text editor. Prior to 9.1.2148, a ...) TODO: check CVE-2026-26268 (Cursor is a code editor built for programming with AI. Sandbox escape ...) @@ -35,7 +35,7 @@ CVE-2026-1619 (Authorization Bypass Through User-Controlled Key vulnerability in CVE-2026-1618 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...) TODO: check CVE-2026-1578 (HP App for Android is potentially vulnerable to cross-site scripting ( ...) - TODO: check + NOT-FOR-US: HP CVE-2026-0872 (Improper Certificate Validation vulnerability in Thales SafeNet Agent ...) TODO: check CVE-2025-70123 (An improper input validation and protocol compliance vulnerability in ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67556e90114c447170ecdc7df9bbfbef93613715 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67556e90114c447170ecdc7df9bbfbef93613715 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2ed3bc0a by security tracker role at 2026-02-13T08:13:43+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -23,7 +23,7 @@ CVE-2026-26224 (Intego Log Reporter, a macOS diagnostic utility bundled with Int CVE-2026-26188 (Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-bu ...) TODO: check CVE-2026-26185 (Directus is a real-time API and App dashboard for managing SQL databas ...) - TODO: check + NOT-FOR-US: Directus CVE-2026-26076 (ntpd-rs is a full-featured implementation of the Network Time Protocol ...) TODO: check CVE-2026-26075 (FastGPT is an AI Agent building platform. Due to the fact that FastGPT ...) @@ -43,7 +43,7 @@ CVE-2026-26011 (navigation2 is a ROS 2 Navigation Framework and System. In 1.3.1 CVE-2026-26005 (ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 ...) TODO: check CVE-2026-26000 (XWiki Platform is a generic wiki platform offering runtime services fo ...) - TODO: check + NOT-FOR-US: XWiki CVE-2026-25996 (Inspektor Gadget is a set of tools and framework for data collection a ...) TODO: check CVE-2026-25828 (grub-btrfs through 2026-01-31 (on Arch Linux and derivative distributi ...) @@ -55,7 +55,7 @@ CVE-2026-1721 (Summary A Reflected Cross-Site Scripting (XSS) vulnerability was CVE-2026-1358 (Airleader Master versions 6.381 and prior allow for file uploads witho ...) TODO: check CVE-2026-0619 (A reachable infinite loop via an integer wraparound is present in Sili ...) - TODO: check + NOT-FOR-US: Silicon Labs CVE-2025-9293 (A vulnerability in the certificate validation logic may allow applicat ...) TODO: check CVE-2025-9292 (A permissive web security configuration may allow cross-origin restric ...) @@ -65,19 +65,19 @@ CVE-2025-70845 (lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) CVE-2025-70092 (A cross-site scripting (XSS) vulnerability in the Item Kits function o ...) TODO: check CVE-2025-48023 (A vulnerability has been found in Vnet/IP Interface Package provided b ...) - TODO: check + NOT-FOR-US: Yokogawa CVE-2025-48022 (A vulnerability has been found in Vnet/IP Interface Package provided b ...) - TODO: check + NOT-FOR-US: Yokogawa CVE-2025-48021 (A vulnerability has been found in Vnet/IP Interface Package provided b ...) - TODO: check + NOT-FOR-US: Yokogawa CVE-2025-48020 (A vulnerability has been found in Vnet/IP Interface Package provided b ...) - TODO: check + NOT-FOR-US: Yokogawa CVE-2025-48019 (A vulnerability has been found in Vnet/IP Interface Package provided b ...) - TODO: check + NOT-FOR-US: Yokogawa CVE-2025-1924 (A vulnerability has been found in Vnet/IP Interface Package provided b ...) - TODO: check + NOT-FOR-US: Yokogawa CVE-2025-15520 (The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-21961 (Improper restriction of operations within the bounds of a memory buffe ...) TODO: check CVE-2020-37167 (ClamAV ClamBC bytecode interpreter contains a vulnerability in functio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ed3bc0a1b48de73bec135ec8f359879acdd8e52 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ed3bc0a1b48de73bec135ec8f359879acdd8e52 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0a34cd4 by security tracker role at 2026-02-12T20:14:08+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -41,15 +41,15 @@ CVE-2026-21435 (webtransport-go is an implementation of the WebTransport protoco CVE-2026-21434 (webtransport-go is an implementation of the WebTransport protocol. Fro ...) TODO: check CVE-2026-1671 (The Activity Log for WordPress plugin for WordPress is vulnerable to u ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1356 (The Converter for Media \u2013 Optimize images | Convert WebP & AVIF p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1320 (The Secure Copy Content Protection and Content Locking plugin for Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1316 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1104 (The FastDup \u2013 Fastest WordPress Migration & Duplicator plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-70981 (CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list qu ...) TODO: check CVE-2025-70886 (An issue in halo v.2.22.4 and before allows a remote attacker to cause ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0a34cd46449b97fde7d3f5f0c694745bfbb -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0a34cd46449b97fde7d3f5f0c694745bfbb You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a0129633 by security tracker role at 2026-02-12T08:13:50+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -61,143 +61,143 @@ CVE-2026-25633 (Statamic is a, Laravel + Git powered CMS designed for building w CVE-2026-25062 (Outline is a service that allows for collaborative documentation. Prio ...) TODO: check CVE-2026-23857 (Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.0 ...) - TODO: check + NOT-FOR-US: Dell / EMC CVE-2026-23856 (Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1 ...) - TODO: check + NOT-FOR-US: Dell / EMC CVE-2026-20700 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20682 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20681 (A privacy issue was addressed with improved private data redaction for ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20680 (The issue was addressed with additional restrictions on the observabil ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20678 (An authorization issue was addressed with improved state management. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20677 (A race condition was addressed with improved handling of symbolic link ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20676 (This issue was addressed through improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20675 (The issue was addressed with improved bounds checks. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20674 (A privacy issue was addressed by removing sensitive data. This issue i ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20673 (A logic issue was addressed with improved checks. This issue is fixed ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20671 (A logic issue was addressed with improved checks. This issue is fixed ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20669 (A parsing issue in the handling of directory paths was addressed with ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20667 (A logic issue was addressed with improved checks. This issue is fixed ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20666 (An authorization issue was addressed with improved state management. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20663 (The issue was resolved by sanitizing logging. This issue is fixed in i ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20662 (An authorization issue was addressed with improved state management. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20661 (An authorization issue was addressed with improved state management. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20660 (A path handling issue was addressed with improved logic. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20658 (A package validation issue was addressed by blocking the vulnerable pa ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20656 (A logic issue was addressed with improved validation. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20655 (An authorization issue was addressed with improved state management. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20654 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20653 (A parsing issue in the handling of directory paths was addressed with ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20652 (The issue was addressed with improved memory handling. This issue is f ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20650 (A denial-of-service issue was addressed with improved validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20649 (A logging issue was addressed with improved data redaction. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20648 (A privacy issue was addressed by moving sensitive data to a protected ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20647 (This issue was addressed with improved data protection. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20646 (A logging issue was addressed with improved data redaction. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-20645 (An inconsistent user interface issue was addressed with impro
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 11f2f980 by security tracker role at 2026-02-11T20:14:27+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,7 +31,7 @@ CVE-2026-2314 (Heap buffer overflow in Codecs in Google Chrome prior to 145.0.76 CVE-2026-2313 (Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed ...) TODO: check CVE-2026-2295 (The WPZOOM Addons for Elementor \u2013 Starter Templates & Widgets plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-2250 (The /dbviewer/ web endpoint in METIS WIC devices is exposed without au ...) TODO: check CVE-2026-2249 (METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based ...) @@ -47,47 +47,47 @@ CVE-2026-25084 (Authentication for ZLAN5143D can be bypassed by directly accessi CVE-2026-24789 (An unprotected API endpoint allows an attacker to remotely change the ...) TODO: check CVE-2026-22894 (A path traversal vulnerability has been reported to affect File Statio ...) - TODO: check + NOT-FOR-US: QNAP CVE-2026-1885 (The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1853 (The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1837 (A specially-crafted file can cause libjxl's decoder to write pixel dat ...) TODO: check CVE-2026-1833 (The WaMate Confirm \u2013 Order Confirmation plugin for WordPress is v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1827 (The Flask Micro code-editor plugin for WordPress is vulnerable to Stor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1826 (The OpenPOS Lite \u2013 Point of Sale for WooCommerce plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1821 (The Microtango plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1809 (The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1804 (The WDES Responsive Popup plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1786 (The Twitter posts to Blog plugin for WordPress is vulnerable to unauth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1748 (The Invoct \u2013 PDF Invoices & Billing for WooCommerce plugin for Wo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1560 (The Custom Block Builder \u2013 Lazy Blocks plugin for WordPress is vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1227 (CWE-611: Improper Restriction of XML External Entity Reference vulnera ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2026-1226 (CWE\u201194: Improper Control of Generation of Code vulnerability exis ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2026-1215 (The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0910 (The wpForo Forum plugin for WordPress is vulnerable to PHP Object Inje ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0815 (The Category Image plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0724 (The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0229 (A denial-of-service (DoS) vulnerability in the Advanced DNS Security ( ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2026-0228 (An improper certificate validation vulnerability in PAN-OS allows user ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2025-9986 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...) TODO: check CVE-2025-8668 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) @@ -115,13 +115,13 @@ CVE-2025-69872 (DiskCache (python-diskcache) through 5.6.3 uses Python pickle fo CVE-2025-69871 (A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and e ...) TODO: check CVE-2025-68406 (A path traversal vulnerability has been reported to affect Qsync Centr ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-66278 (A path traversal vulnerability has been reported to affect File Statio ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-66277 (A link following vulnerability ha
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1ac4e85e by security tracker role at 2026-02-11T08:14:19+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -31,31 +31,31 @@ CVE-2026-25870 (DoraCMS version 3.1 and prior contains a server-side request for CVE-2026-25251 REJECTED CVE-2026-1893 (The Orbisius Random Name Generator plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1763 (Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue a ...) - TODO: check + NOT-FOR-US: GE Vernova CVE-2026-1762 (A vulnerability in GE Vernova Enervista UR Setup on Windows allows Fil ...) - TODO: check + NOT-FOR-US: GE Vernova CVE-2026-1571 (User-controlled input is reflected into the HTML output without proper ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2026-1507 (The affected products are vulnerable to an uncaught exception that cou ...) TODO: check CVE-2026-1495 (The vulnerability, if exploited, could allow an attacker with Event Lo ...) TODO: check CVE-2026-1357 (The Migration, Backup, Staging \u2013 WPvivid Backup & Migration plugi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1235 (The WP eCommerce WordPress plugin through 3.15.1 unserializes user inp ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1231 (The Beaver Builder Page Builder \u2013 Drag and Drop Website Builder p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15524 (The Gallery by FooGallery plugin for WordPress is vulnerable to unauth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15400 (The Pix para Woocommerce WordPress plugin through 2.13.3 allows any a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14541 (The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13431 (The SlimStat Analytics plugin for WordPress is vulnerable to time-base ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12699 (The ZOLL ePCR IOS application reflects unsanitized user input into a W ...) TODO: check CVE-2025-10912 (Authorization Bypass Through User-Controlled Key vulnerability in Saas ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ac4e85ea1ac488cee3197f29beaad20ff355fbc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ac4e85ea1ac488cee3197f29beaad20ff355fbc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a85703c9 by security tracker role at 2026-02-10T20:13:10+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -3,7 +3,7 @@ CVE-2026-2303 (The mongo-go-driver repositorycontains CGo
bindings for GSSAPI (K
CVE-2026-2302 (Under specific conditions when processing a maliciously crafted
value ...)
TODO: check
CVE-2026-2268 (The Ninja Forms plugin for WordPress is vulnerable to Sensitive
Inform ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-26009 (Catalyst is a platform built for enterprise game server hosts,
game co ...)
TODO: check
CVE-2026-26003 (FastGPT is an AI Agent building platform. From 4.14.0 to
4.14.5, attac ...)
@@ -23,9 +23,9 @@ CVE-2026-25805 (Zed is a multiplayer code editor. Prior to
0.219.4, Zed does not
CVE-2026-25728 (ClipBucket v5 is an open source video sharing platform. Prior
to 5.5.3 ...)
TODO: check
CVE-2026-25656 (A vulnerability has been identified in SINEC NMS (All
versions), User ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25655 (A vulnerability has been identified in SINEC NMS (All versions
< V4.0 ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-25613 (An authorized user may disable the MongoDB server by issuing a
query a ...)
TODO: check
CVE-2026-25612 (The internal locking mechanism of the MongoDB server uses an
internal ...)
@@ -47,25 +47,25 @@ CVE-2026-24343 (Improper Neutralization of Data within
XPath Expressions ('XPath
CVE-2026-24045 (Docmost is open-source collaborative wiki and documentation
software. ...)
TODO: check
CVE-2026-23720 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23719 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23718 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23717 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23716 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23715 (A vulnerability has been identified in Simcenter Femap (All
versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-23655 (Cleartext storage of sensitive information in Azure Compute
Gallery al ...)
TODO: check
CVE-2026-22923 (A vulnerability has been identified in NX (All versions <
V2512). The ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-22153 (An Authentication Bypass by Primary Weakness vulnerability
[CWE-305] v ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-21743 (A missing authorization vulnerability in Fortinet
FortiAuthenticator 6 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-21537 (Improper control of generation of code ('code injection') in
Microsoft ...)
TODO: check
CVE-2026-21533 (Improper privilege management in Windows Remote Desktop allows
an auth ...)
@@ -105,93 +105,93 @@ CVE-2026-21510 (Protection mechanism failure in Windows
Shell allows an unauthor
CVE-2026-21508 (Improper authentication in Windows Storage allows an
authorized attack ...)
TODO: check
CVE-2026-21358 (InDesign Desktop versions 21.1, 20.5.1 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21357 (InDesign Desktop versions 21.1, 20.5.1 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21355 (DNG SDK versions 1.7.1 2410 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21354 (DNG SDK versions 1.7.1 2410 and earlier are affected by an
Integer Ove ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21353 (DNG SDK versions 1.7.1 2410 and earlier are affected by an
Integer Ove ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21352 (DNG SDK versions 1.7.1 2410 and earlier are affected by an
out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21351 (After Effects versions 25.6 and earlier are affected by a Use
After Fr ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21350 (After Effects versions 25.6 and earlier are affected by a NULL
Pointer ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21349 (Lightroom Desktop versions 15.1 and earlier are affected by an
out-of- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21348 (Substance3D - Modeler versions 1.22.5 and earlier are affec
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3c12b367 by security tracker role at 2026-02-10T08:14:06+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2026-2260 (A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affect ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2259 (A vulnerability has been found in aardappel lobster up to 2025.4. Affe ...) TODO: check CVE-2026-2258 (A flaw has been found in aardappel lobster up to 2025.4. Affected by t ...) @@ -115,91 +115,91 @@ CVE-2026-25639 (Axios is a promise based HTTP client for the browser and Node.js CVE-2026-25528 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...) TODO: check CVE-2026-24328 (SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticate ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-24327 (Due to missing authorization check in SAP Strategic Enterprise Managem ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-24326 (Due to a missing authorization check in the Disconnected Operations of ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-24325 (SAP BusinessObjects Enterprise does not sufficiently encode user-contr ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-24324 (SAP BusinessObjects Business Intelligence Platform (AdminTools) allows ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-24323 (The BSP applications allow an unauthenticated user to inject malicious ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-24322 (SAP Solution Tools Plug-In (ST-PI) contains a function module that doe ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-24321 (SAP Commerce Cloud exposes multiple API endpoints to unauthenticated u ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-24320 (Due to improper memory management in SAP NetWeaver and ABAP Platform ( ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-24319 (In SAP Business One, sensitive information is written to the applicati ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-24312 (An erroneous authorization check in SAP Business Workflow leads to pri ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-23689 (Due to an uncontrolled resource consumption (Denial of Service) vulner ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-23688 (SAP Fiori App Manage Service Entry Sheets does not perform necessary a ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-23687 (SAP NetWeaver Application Server ABAP and ABAP Platform allows an auth ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-23686 (Due to a CRLF Injection vulnerability in SAP NetWeaver Application Ser ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-23685 (Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-23684 (A race condition vulnerability exists in the SAP Commerce cloud. Becau ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-23681 (Due to missing authorization check in a function module in SAP Support ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-1722 (The WCFM Marketplace \u2013 Multivendor Marketplace for WooCommerce pl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0996 (The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0845 (The WCFM \u2013 Frontend Manager for WooCommerce along with Bookings S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0509 (SAP NetWeaver Application Server ABAP and ABAP Platform allows an auth ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0508 (The SAP BusinessObjects Business Intelligence Platform allows an authe ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0505 (The BSP applications allow an unauthenticated user to manipulate user- ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0490 (SAP BusinessObjects BI Platform allows an unauthenticated attacker to ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0488 (An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0486 (In ABAP based SAP systems a remote enabled function module does not pe ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0485 (SAP BusinessObjects BI Platform allows an unauthenticated attacker to ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0484 (Due to missing authorization check in SAP NetWeaver Application Server ...) - TODO: check + NOT-FOR-US: SAP CVE-2025-15319 (Tanium addressed a l
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e3b5503b by security tracker role at 2026-02-09T20:14:03+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -9,15 +9,15 @@ CVE-2026-2241 (A vulnerability was found in janet-lang janet
up to 1.40.1. This
CVE-2026-2240 (A vulnerability has been found in janet-lang janet up to
1.40.1. The i ...)
TODO: check
CVE-2026-2227 (A vulnerability was found in D-Link DCS-931L up to 1.13.0.
Impacted is ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-2226 (A vulnerability has been found in DouPHP up to 1.9. This issue
affects ...)
TODO: check
CVE-2026-2225 (A flaw has been found in itsourcecode News Portal Project 1.0.
This vu ...)
TODO: check
CVE-2026-2224 (A vulnerability was detected in code-projects Online Reviewer
System 1 ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-2223 (A security vulnerability has been detected in code-projects
Online Rev ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-25916 (Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when
"Block rem ...)
TODO: check
CVE-2026-25905 (The Python code being run by 'runPython' or 'runPythonAsync'
is not is ...)
@@ -25,11 +25,11 @@ CVE-2026-25905 (The Python code being run by 'runPython' or
'runPythonAsync' is
CVE-2026-25904 (The Pydantic-AI MCP Run Python tool configures the Deno
sandbox with a ...)
TODO: check
CVE-2026-25848 (In JetBrains Hub before 2025.3.119807 authentication bypass
allowing a ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-25847 (In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on
Jupyter viewer ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-25846 (In JetBrains YouTrack before 2025.3.119033 access tokens could
be expo ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-25598 (Harden-Runner is a CI/CD security agent that works like an EDR
for Git ...)
TODO: check
CVE-2026-25498 (Craft is a platform for creating digital experiences. In
versions 4.0. ...)
@@ -67,7 +67,7 @@ CVE-2026-24777 (OpenProject is an open-source, web-based
project management soft
CVE-2026-24095 (Improper permission enforcement in Checkmk versions 2.4.0
before 2.4.0 ...)
TODO: check
CVE-2026-21419 (Dell Display and Peripheral Manager (Windows) versions prior
to 2.2 co ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-1960 (Stored Cross-Site Scripting (XSS) vulnerability in Loggro
Pymes, via t ...)
TODO: check
CVE-2026-1959 (Stored Cross-Site Scripting (XSS) vulnerability in Loggro
Pymes, via t ...)
@@ -77,7 +77,7 @@ CVE-2026-1529 (A flaw was found in Keycloak. An attacker can
exploit this vulner
CVE-2026-1486 (A flaw was found in Keycloak. A vulnerability exists in the
jwt-author ...)
TODO: check
CVE-2026-0632 (The Fluent Forms Pro Add On Pack plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0398 (Crafted zones can lead to increased resource usage and crafted
CNAME c ...)
TODO: check
CVE-2025-7799 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -85,7 +85,7 @@ CVE-2025-7799 (Improper Neutralization of Input During Web
Page Generation (XSS
CVE-2025-7708 (Insertion of Sensitive Information Into Sent Data vulnerability
in Atl ...)
TODO: check
CVE-2025-7432 (DPA countermeasures in Silicon Labs' Series 2 devices are not
reseeded ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2025-6830 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-66630 (Fiber is an Express inspired web framework written in Go.
Before 2.52. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3b5503b3f73fe7c025a4dacf5ff759304d9a6f7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e3b5503b3f73fe7c025a4dacf5ff759304d9a6f7
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8302efea by security tracker role at 2026-02-09T08:13:51+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,67 +5,67 @@ CVE-2026-2235 (C&Cm@il developed by HGiga has a SQL Injection vulnerability, all CVE-2026-2234 (C&Cm@il developed by HGiga has a Missing Authentication vulnerability ...) TODO: check CVE-2026- (A weakness has been identified in code-projects Online Reviewer System ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2221 (A security flaw has been discovered in code-projects Online Reviewer S ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2220 (A vulnerability was identified in code-projects Online Reviewer System ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2218 (A vulnerability was determined in D-Link DCS-933L up to 1.14.11. This ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2217 (A vulnerability was found in itsourcecode Event Management System 1.0. ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2216 (A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacte ...) TODO: check CVE-2026-2215 (A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. ...) TODO: check CVE-2026-2214 (A weakness has been identified in code-projects for Plugin 1.0. This a ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2213 (A security flaw has been discovered in code-projects Online Music Site ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2212 (A vulnerability was identified in code-projects Online Music Site 1.0. ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2211 (A vulnerability was determined in code-projects Online Music Site 1.0. ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2210 (A vulnerability has been found in D-Link DIR-823X 250416. This affects ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2203 (A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulne ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2202 (A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2201 (A security vulnerability has been detected in ZeroWdd studentmanager u ...) TODO: check CVE-2026-2200 (A weakness has been identified in heyewei JFinalCMS 5.0.0. This affect ...) TODO: check CVE-2026-2199 (A security flaw has been discovered in code-projects Online Reviewer S ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2198 (A vulnerability was identified in code-projects Online Reviewer System ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2197 (A vulnerability was determined in code-projects Online Reviewer System ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2196 (A vulnerability was found in code-projects Online Reviewer System 1.0. ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2195 (A vulnerability has been found in code-projects Online Reviewer System ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2194 (A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects t ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2193 (A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affecte ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2192 (A security vulnerability has been detected in Tenda AC9 15.03.06.42_mu ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2191 (A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affecte ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2190 (A security flaw has been discovered in itsourcecode School Management ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2189 (A vulnerability was identified in itsourcecode School Management Syste ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2188 (A vulnerability was determined in UTT \u8fdb\u53d6 521G 3.1.1-190816. ...) TODO: check CVE-2026-2187 (A vulnerability was found in Tenda RX3 16.03.13.11. The affected eleme ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2186 (A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2185 (A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2184 (A vulnerability was detected in Great Developers Certificate Generatio ...) TODO: check
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b0a79434 by security tracker role at 2026-02-08T20:14:04+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,81 +3,81 @@ CVE-2026-2183 (A security vulnerability has been detected in Great Developers Ce CVE-2026-2182 (A weakness has been identified in UTT \u8fdb\u53d6 521G 3.1.1-190816. ...) TODO: check CVE-2026-2181 (A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2180 (A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2179 (A vulnerability was determined in PHPGurukul Hospital Management Syste ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-2178 (A vulnerability was found in r-huijts xcode-mcp-server up to f3419f001 ...) TODO: check CVE-2026-2177 (A vulnerability has been found in SourceCodester Prison Management Sys ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2176 (A security vulnerability has been detected in code-projects Contact Ma ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2175 (A weakness has been identified in D-Link DIR-823X 250416. This vulnera ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2174 (A security flaw has been discovered in code-projects Contact Managemen ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2173 (A vulnerability was identified in code-projects Online Examination Sys ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2172 (A vulnerability was determined in code-projects Online Application Sys ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2171 (A vulnerability was found in code-projects Online Student Management S ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2169 (A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2168 (A flaw has been found in D-Link DWR-M921 1.1.50. This affects the func ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2167 (A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. T ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-2166 (A security vulnerability has been detected in code-projects Online Rev ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2165 (A weakness has been identified in detronetdip E-commerce 1.0.0. Impact ...) TODO: check CVE-2026-2164 (A security flaw has been discovered in detronetdip E-commerce 1.0.0. T ...) TODO: check CVE-2026-2163 (A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2162 (A vulnerability was determined in itsourcecode News Portal Project 1.0 ...) TODO: check CVE-2026-2161 (A vulnerability was found in itsourcecode Directory Management System ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2160 (A vulnerability has been found in SourceCodester Simple Responsive Tou ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2159 (A flaw has been found in SourceCodester Simple Responsive Tourism Webs ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2158 (A vulnerability was detected in code-projects Student Web Portal 1.0. ...) TODO: check CVE-2026-2157 (A security vulnerability has been detected in D-Link DIR-823X 250416. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2156 (A weakness has been identified in code-projects Online Student Managem ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2155 (A security flaw has been discovered in D-Link DIR-823X 250416. The aff ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2154 (A vulnerability was identified in SourceCodester/Patrick Mvuma Patient ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2153 (A vulnerability was determined in mwielgoszewski doorman up to 0.6. Th ...) TODO: check CVE-2026-2152 (A vulnerability was found in D-Link DIR-615 4.10. This vulnerability a ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2151 (A vulnerability has been found in D-Link DIR-615 4.10. This affects an ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2150 (A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2149 (A vulnerability was detected in SourceCodester/Patrick Mvuma Patients ...) - TODO: check + NOT-FOR-US: SourceCodester C
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7180cb1f by security tracker role at 2026-02-08T08:14:01+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,43 +11,43 @@ CVE-2026-2205 (A vulnerability was identified in WeKan up to 8.20. This affects CVE-2026-2141 (A security flaw has been discovered in WuKongOpenSource WukongCRM up t ...) TODO: check CVE-2026-2140 (A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. A ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2139 (A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. A ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2138 (A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affect ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2137 (A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. T ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-2136 (A flaw has been found in projectworlds Online Food Ordering System 1.0 ...) - TODO: check + NOT-FOR-US: Project Worlds CVE-2026-2135 (A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impact ...) TODO: check CVE-2026-2134 (A security vulnerability has been detected in PHPGurukul Hospital Mana ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-2133 (A weakness has been identified in code-projects Online Music Site 1.0. ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2132 (A security flaw has been discovered in code-projects Online Music Site ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2131 (A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1 ...) TODO: check CVE-2026-2130 (A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.1 ...) TODO: check CVE-2026-2129 (A vulnerability was found in D-Link DIR-823X 250416. Affected by this ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2122 (A security flaw has been discovered in Xiaopi Panel up to 20260126. Th ...) TODO: check CVE-2026-2120 (A vulnerability was identified in D-Link DIR-823X 250416. This affects ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2118 (A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impa ...) TODO: check CVE-2026-2117 (A vulnerability was found in itsourcecode Society Management System 1. ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2116 (A vulnerability has been found in itsourcecode Society Management Syst ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2115 (A flaw has been found in itsourcecode Society Management System 1.0. T ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2114 (A vulnerability was detected in itsourcecode Society Management System ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2113 (A security vulnerability has been detected in yuan1994 tpadmin up to 1 ...) TODO: check CVE-2026-2111 (A weakness has been identified in JeecgBoot up to 3.9.0. Affected by t ...) @@ -59,7 +59,7 @@ CVE-2026-25859 (Wekan versions prior to 8.20 allow non-administrative users to a CVE-2026-25858 (macrozheng mall version 1.0.3 and prior contains an authentication vul ...) TODO: check CVE-2026-25857 (Tenda G300-F router firmware versio 16.01.14.2 and prior contain an OS ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-25568 (WeKan versions prior to 8.19 contain an authorization logic vulnerabil ...) TODO: check CVE-2026-25567 (WeKan versions prior to 8.19 contain an insecure direct object referen ...) @@ -81,9 +81,9 @@ CVE-2026-25560 (WeKan versions prior to 8.19 contain an LDAP filter injection vu CVE-2025-15564 (A vulnerability has been found in Mapnik up to 4.2.0. This vulnerabili ...) TODO: check CVE-2025-15100 (The JAY Login & Register plugin for WordPress is vulnerable to Privile ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15027 (The JAY Login & Register plugin for WordPress is vulnerable to Privile ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-2109 (A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. ...) NOT-FOR-US: jsbroks COCO Annotator CVE-2026-2108 (A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7180cb1f1d8efcfc34cac128717e28d72b7b8ad2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7180cb1f1d8efcfc34cac128717e28d72b7b8ad2 You're receiving this email because of your a
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 05b9d1d8 by security tracker role at 2026-02-07T20:13:52+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,25 +9,25 @@ CVE-2026-2106 (A vulnerability has been found in yeqifu warehouse up to aaf29962 CVE-2026-2105 (A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d99178 ...) TODO: check CVE-2026-2090 (A vulnerability was determined in SourceCodester Online Class Record S ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2089 (A vulnerability was found in SourceCodester Online Class Record System ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2088 (A vulnerability has been found in PHPGurukul Beauty Parlour Management ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-2087 (A flaw has been found in SourceCodester Online Class Record System 1.0 ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2086 (A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Aff ...) TODO: check CVE-2026-2085 (A security vulnerability has been detected in D-Link DWR-M921 1.1.50. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2084 (A weakness has been identified in D-Link DIR-823X 250416. This impacts ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2083 (A security flaw has been discovered in code-projects Social Networking ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2082 (A vulnerability was identified in D-Link DIR-823X 250416. The impacted ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2081 (A vulnerability was determined in D-Link DIR-823X 250416. The affected ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2080 (A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This iss ...) TODO: check CVE-2026-2079 (A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d99178 ...) @@ -35,29 +35,29 @@ CVE-2026-2079 (A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d CVE-2026-2078 (A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d2 ...) TODO: check CVE-2026-1675 (The Advanced Country Blocker plugin for WordPress is vulnerable to Aut ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1643 (The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1634 (The Subitem AL Slider plugin for WordPress is vulnerable to Reflected ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1613 (The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1611 (The Wikiloops Track Player plugin for WordPress is vulnerable to Store ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1608 (The Video Onclick plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1573 (The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scri ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1570 (The Simple Bible Verse via Shortcode plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1082 (The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Re ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0555 (The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15477 (The Bucketlister plugin for WordPress is vulnerable to SQL Injection v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15476 (The The Bucketlister plugin for WordPress is vulnerable to unauthorize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-2077 (A security vulnerability has been detected in yeqifu warehouse up to a ...) NOT-FOR-US: yeqifu warehouse CVE-2026-2076 (A weakness has been identified in yeqifu warehouse up to aaf29962ba407 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05b9d1d871ec8008a83940ac34ad20ac7927f66a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05b9d1d871ec8008a83940ac34ad20ac7927f66a You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 51f53e25 by security tracker role at 2026-02-07T08:13:46+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -7,7 +7,7 @@ CVE-2026-2075 (A security flaw has been discovered in yeqifu warehouse up to aaf CVE-2026-2074 (A vulnerability was identified in O2OA up to 9.0.0. This impacts an un ...) TODO: check CVE-2026-2073 (A vulnerability was determined in itsourcecode School Management Syste ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2071 (A vulnerability was found in UTT \u8fdb\u53d6 520W 1.7.7-180627. The i ...) TODO: check CVE-2026-2070 (A vulnerability has been found in UTT \u8fdb\u53d6 520W 1.7.7-180627. ...) @@ -101,23 +101,23 @@ CVE-2026-25516 (NiceGUI is a Python-based UI framework. The ui.markdown() compon CVE-2026-25123 (Homarr is an open-source dashboard. Prior to 1.52.0, a public (unauthe ...) TODO: check CVE-2026-1731 (BeyondTrust Remote Support (RS) and certain older versions of Privileg ...) - TODO: check + NOT-FOR-US: BeyondTrust CVE-2026-1727 (The Agentspace service was affected by a vulnerability that exposed se ...) TODO: check CVE-2025-68621 (Trilium Notes is an open-source, cross-platform hierarchical note taki ...) TODO: check CVE-2025-31990 (Rate limiting for certain API calls is not being enforced, making HCL ...) - TODO: check + NOT-FOR-US: HCL CVE-2025-15491 (The Post Slides WordPress plugin through 1.0.1 does not validate some ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15267 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13463 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12803 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12159 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6763 REJECTED CVE-2020-37171 (TapinRadio 2.12.3 contains a denial of service vulnerability in the ap ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51f53e2528a595c7dfc9923c506777802d0afd80 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51f53e2528a595c7dfc9923c506777802d0afd80 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0f6765f by security tracker role at 2026-02-06T20:14:09+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,43 +3,43 @@ CVE-2026-2103 (Infor SyteLine ERP uses hard-coded static cryptographic keys to e CVE-2026-2065 (A security flaw has been discovered in Flycatcher Toys smART Pixelator ...) TODO: check CVE-2026-2064 (A vulnerability was identified in Portabilis i-Educar up to 2.10. Affe ...) - TODO: check + NOT-FOR-US: Portabilis CVE-2026-2063 (A security flaw has been discovered in D-Link DIR-823X 250416. This vu ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2062 (A vulnerability was identified in Open5GS up to 2.7.6. This affects th ...) TODO: check CVE-2026-2061 (A vulnerability was determined in D-Link DIR-823X 250416. Affected by ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2060 (A vulnerability was found in code-projects Simple Blood Donor Manageme ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-2059 (A vulnerability has been found in SourceCodester Medical Center Portal ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2058 (A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to ...) TODO: check CVE-2026-2057 (A vulnerability was detected in SourceCodester Medical Center Portal M ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2056 (A security vulnerability has been detected in D-Link DIR-605L and DIR- ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2055 (A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01 ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2054 (A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-2018 (A flaw has been found in itsourcecode School Management System 1.0. Th ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2017 (A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Aff ...) TODO: check CVE-2026-2016 (A security vulnerability has been detected in happyfish100 libfastcomm ...) TODO: check CVE-2026-2015 (A weakness has been identified in Portabilis i-Educar up to 2.10. Affe ...) - TODO: check + NOT-FOR-US: Portabilis CVE-2026-2014 (A security flaw has been discovered in itsourcecode Student Management ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2013 (A vulnerability was identified in itsourcecode Student Management Syst ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2012 (A vulnerability was determined in itsourcecode Student Management Syst ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-2011 (A vulnerability was found in itsourcecode Student Management System 1. ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-25753 (PlaciPy is a placement management system designed for educational inst ...) TODO: check CVE-2026-25752 (FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwa ...) @@ -77,41 +77,41 @@ CVE-2026-25556 (MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulne CVE-2026-25520 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The ret ...) TODO: check CVE-2026-24931 (Vulnerability of improper criterion security check in the card module. ...) - TODO: check + NOT-FOR-US: Huawei CVE-2026-24930 (UAF concurrency vulnerability in the graphics module. Impact: Successf ...) - TODO: check + NOT-FOR-US: Huawei CVE-2026-24929 (Out-of-bounds read vulnerability in the graphics module. Impact: Succe ...) - TODO: check + NOT-FOR-US: Huawei CVE-2026-24928 (Out-of-bounds write vulnerability in the file system module. Impact: S ...) - TODO: check + NOT-FOR-US: Huawei CVE-2026-24927 (Out-of-bounds access vulnerability in the frequency modulation module. ...) - TODO: check + NOT-FOR-US: Huawei CVE-2026-24926 (Out-of-bounds write vulnerability in the camera module. Impact: Succes ...) - TODO: check + NOT-FOR-US: Huawei CVE-2026-24925 (Heap-based buffer overflow vulnerability in the image module. Impact: ...) - TODO: check + NOT-FOR-US: Huawei CVE-2026-24924 (Vulnerability of improper permission control in the print module. Impa ...) - TODO: check + NOT-FOR-US: Huawei CVE-2026-24923 (Permission control vulnerability in the HDC module. Impact: Successful ...) - TODO: check + NOT-FOR-US: Huawei CVE-2026-24922 (Buffer overflow vulnerability in the HDC module. Impact: Successful ex ...)
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 9a1cb467 by security tracker role at 2026-02-06T08:13:48+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2026-2010 (A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d ...) TODO: check CVE-2026-2009 (A flaw has been found in SourceCodester Gas Agency Management System 1 ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-2008 (A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd ...) TODO: check CVE-2026-2000 (A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is ...) @@ -29,7 +29,7 @@ CVE-2026-24300 (Azure Front Door Elevation of Privilege Vulnerability) CVE-2026-23623 (Collabora Online is a collaborative online office suite based on Libre ...) TODO: check CVE-2026-21626 (Access control settings for forum post custom fields are not applied t ...) - TODO: check + NOT-FOR-US: Joomla CVE-2026-21532 (Azure Function Information Disclosure Vulnerability) TODO: check CVE-2026-1998 (A flaw has been found in micropython up to 1.27.0. This vulnerability ...) @@ -65,25 +65,25 @@ CVE-2026-1963 (A vulnerability was found in WeKan up to 8.20. This affects an un CVE-2026-1962 (A vulnerability has been found in WeKan up to 8.20. The impacted eleme ...) TODO: check CVE-2026-1909 (The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1888 (The Docus \u2013 YouTube Video Playlist plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1808 (The Orange Confort+ accessibility toolbar for WordPress plugin for Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1401 (The Tune Library plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1279 (The Employee Directory plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1228 (The Timeline Block \u2013 Beautiful Timeline Builder for WordPress (Ve ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0598 (A security flaw was identified in the Ansible Lightspeed API conversat ...) TODO: check CVE-2026-0521 (A reflected cross-site scripting (XSS) vulnerability in the PDF export ...) TODO: check CVE-2026-0391 (User interface (ui) misrepresentation of critical information in Micro ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2026-0106 (In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap d ...) - TODO: check + NOT-FOR-US: Google devices CVE-2025-68458 (Webpack is a module bundler. From version 5.49.0 to before 5.104.1, wh ...) TODO: check CVE-2025-68157 (Webpack is a module bundler. From version 5.49.0 to before 5.104.0, wh ...) @@ -93,9 +93,9 @@ CVE-2025-32393 (AutoGPT is a platform that allows users to create, deploy, and m CVE-2025-15566 (A security issue was discovered in ingress-nginxwhere the `nginx.ingre ...) TODO: check CVE-2025-12131 (A truncated 802.15.4 packet can lead to an assert, resulting in a deni ...) - TODO: check + NOT-FOR-US: Silicon Labs CVE-2025-10753 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-25630 REJECTED CVE-2026-23797 (In Quick.Cart user passwords are stored in plaintext form. An attacker ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1cb467efabd4abf3383de8e63fdd87fd41a372 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a1cb467efabd4abf3383de8e63fdd87fd41a372 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 825bb6c6 by security tracker role at 2026-02-05T20:14:06+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,31 +5,31 @@ CVE-2026-23797 (In Quick.Cart user passwords are stored in plaintext form. An at CVE-2026-23796 (Quick.Cart allows a user's session identifier to be set before authent ...) TODO: check CVE-2026-23572 (Improper access control intheTeamViewerFull and Host clients(Windows,m ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2026-1966 (YugabyteDB Anywhere displays LDAP bind passwords configured via gflags ...) TODO: check CVE-2026-1927 (The Greenshift \u2013 animation and page builder blocks plugin for Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1707 (pgAdmin versions 9.11 are affected by a Restore restriction bypass via ...) TODO: check CVE-2026-1654 (The Peter's Date Countdown plugin for WordPress is vulnerable to Refle ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1523 (Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from ...) TODO: check CVE-2026-1517 (A vulnerability was identified in iomad up to 5.0. Affected is an unkn ...) TODO: check CVE-2026-1319 (The Robin Image Optimizer \u2013 Unlimited Image Optimization & WebP C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1301 (In builds with PubSub and JSON enabled, a crafted JSON message can cau ...) TODO: check CVE-2026-1294 (The All In One Image Viewer Block plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1271 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0715 (Moxa Arm-based industrial computers running Moxa Industrial Linux Secu ...) - TODO: check + NOT-FOR-US: Moxa CVE-2026-0714 (A physical attack vulnerability exists in certain Moxa industrial comp ...) - TODO: check + NOT-FOR-US: Moxa CVE-2025-70792 (Cross Site Scripting vulnerability in the "/admin/category/create" end ...) TODO: check CVE-2025-70791 (Cross Site Scripting vulnerability in the "/admin/order/abandoned" end ...) @@ -53,9 +53,9 @@ CVE-2025-58190 (The html.Parse function in golang.org/x/net/html has an infinite CVE-2025-47911 (The html.Parse function in golang.org/x/net/html has quadratic parsing ...) TODO: check CVE-2025-15557 (An Improper Certificate Validation vulnerability in TP-Link Tapo H100 ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2025-15551 (The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2025-15343 (Tanium addressed an incorrect default permissions vulnerability in Enf ...) TODO: check CVE-2025-15342 (Tanium addressed an improper access controls vulnerability in Reputati ...) @@ -107,15 +107,15 @@ CVE-2025-15311 (Tanium addressed an unauthorized code execution vulnerability in CVE-2025-15289 (Tanium addressed an improper access controls vulnerability in Interact ...) TODO: check CVE-2025-14150 (IBM webMethods Integration (on prem) - Integration Server 10.15 throug ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-14079 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13491 (IBM App Connect Enterprise Certified Containerup to 12.19.0 (Continuou ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-13416 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13379 (IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-37152 (PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (X ...) TODO: check CVE-2020-37151 (phpMyChat Plus 1.98 contains a SQL injection vulnerability in the delu ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/825bb6c6ecf899dd70abe122103869c27a46bd76 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/825bb6c6ecf899dd70abe122103869c27a46bd76 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
491e3744 by security tracker role at 2026-02-05T08:13:40+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -75,25 +75,25 @@ CVE-2026-1892 (A security vulnerability has been detected
in WeKan up to 8.20. T
CVE-2026-1884 (A weakness has been identified in ZenTao up to 21.7.6-85642.
The impac ...)
TODO: check
CVE-2026-1554 (XML Injection (aka Blind XPath Injection) vulnerability in
Drupal Cent ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-1553 (Incorrect Authorization vulnerability in Drupal Drupal Canvas
allows F ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-1268 (The Dynamic Widget Content plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1246 (The ShortPixel Image Optimizer plugin for WordPress is
vulnerable to A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0948 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-0947 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-0946 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-0945 (Privilege Defined With Unsafe Actions vulnerability in Drupal
Role Del ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-0944 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-0867 (The Essential Widgets plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-71031 (Water-Melon Melon commit 9df9292 and below is vulnerable to
Denial of ...)
TODO: check
CVE-2025-62616 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
@@ -103,39 +103,39 @@ CVE-2025-62615 (AutoGPT is a platform that allows users
to create, deploy, and m
CVE-2025-61732 (A discrepancy between how Go and C/C++ comments were parsed
allowed fo ...)
TODO: check
CVE-2025-2134 (IBM Jazz Reporting Service could allow an authenticated user on
the ne ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-27550 (IBM Jazz Reporting Service could allow an authenticated user
on the ho ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-1823 (IBM Jazz Reporting Service could allow an authenticated user on
the ho ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-1 (A security flaw has been discovered in Open5GS up to 2.7.6.
Affected b ...)
TODO: check
CVE-2025-15080 (Improper Validation of Specified Quantity in Input
vulnerability in Mi ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2025-13375 (IBM Common Cryptographic Architecture (CCA)7.5.52 and8.4.82
could allo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13192 (The Popup builder with Gamification, Multi-Step Popups,
Page-Level Tar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11730 (A post\u2011authentication command injection vulnerability in
the Dyna ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2025-10314 (Incorrect Default Permissions vulnerability in Mitsubishi
Electric Cor ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2025-10258 (Infinera DNA is vulnerable to a time-based SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2024-51451 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header
injection ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-43181 (IBM Concert 1.0.0 through 2.1.0 does not invalidate session
after logo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-40685 (IBM Operations Analytics \u2013 Log Analysis versions 1.3.5.0
through ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-39724 (IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D
4.8), 7.7 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-38281 (IBM Cloud Pak System does not set the secure attribute on
authorizatio ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-38017 (IBM Cloud Pak Systemis vulnerable to cross-site scripting.
This vulner ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-38010 (IBM Cloud Pak System displays sensitive information in user
messages t ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-25288 (Wacom WTabletService 6.6.7-3 contains an unquoted service path
vulnera ...)
TODO: check
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 53171348 by security tracker role at 2026-02-04T20:14:08+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -55,7 +55,7 @@ CVE-2026-23624 (GLPI is a free asset and IT management software package. In vers CVE-2026-22549 (A vulnerability exists in F5 BIG-IP Container Ingress Services that ma ...) TODO: check CVE-2026-22548 (When a BIG-IP Advanced WAF or ASM security policy is configured on a v ...) - TODO: check + NOT-FOR-US: F5 CVE-2026-22247 (GLPI is a free asset and IT management software package. From version ...) TODO: check CVE-2026-22044 (GLPI is a free asset and IT management software package. From version ...) @@ -63,7 +63,7 @@ CVE-2026-22044 (GLPI is a free asset and IT management software package. From ve CVE-2026-21893 (n8n is an open source workflow automation platform. From version 0.187 ...) TODO: check CVE-2026-20732 (A vulnerability exists in an undisclosed BIG-IP Configuration utility ...) - TODO: check + NOT-FOR-US: F5 CVE-2026-20730 (A vulnerability exists in BIG-IP Edge Client and browser VPN clients o ...) TODO: check CVE-2026-20123 (A vulnerability in the web-based management interface of Cisco Evolved ...) @@ -81,35 +81,35 @@ CVE-2026-1642 (A vulnerability exists in NGINX OSS and NGINX Plus when configure CVE-2026-1622 (Neo4j Enterprise and Community editions versions prior to 2026.01.3 an ...) TODO: check CVE-2026-1370 (The SIBS woocommerce payment gateway plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0873 (On a Cryptobox platform where administrator segregation based on entit ...) TODO: check CVE-2026-0816 (The All push notification for WP plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0743 (The WP Content Permission plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0742 (The Smart Appointment & Booking plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0681 (The Extended Random Number Generator plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0679 (The Fortis for WooCommerce plugin for WordPress is vulnerable to autho ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0662 (A maliciously crafted project directory, when opening a max file in Au ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2026-0661 (A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2026-0660 (A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2026-0659 (A maliciously crafted USD file, when loaded or imported into Autodesk ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2026-0572 (The WebPurify Profanity Filter plugin for WordPress is vulnerable to u ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0538 (A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2026-0537 (A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2026-0536 (A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2025-70997 (A vulnerability has been discovered in eladmin v2.7 and before. This v ...) TODO: check CVE-2025-70545 (A stored cross-site scripting (XSS) vulnerability exists in the web ma ...) @@ -133,25 +133,25 @@ CVE-2025-59818 (This vulnerability allows authenticated attackers to execute arb CVE-2025-41085 (Stored Cross-Site Scripting (XSS) vulnerability type in Apidog in the ...) TODO: check CVE-2025-15508 (The Magic Import Document Extractor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15507 (The Magic Import Document Extractor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15487 (The Code Explorer plugin for WordPress is vulnerable to Path Traversal ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15482 (The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15368 (The SportsPress plugin for WordPress is vulnerable to Local File Inclu ...) - TODO: check + NOT-F
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e40baac0 by security tracker role at 2026-02-04T08:14:34+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -31,27 +31,27 @@ CVE-2026-22875 (Movable Type contains a stored cross-site
scripting vulnerabilit
CVE-2026-21393 (Movable Type contains a stored cross-site scripting
vulnerability in E ...)
TODO: check
CVE-2026-20987 (Improper input validation in GalaxyDiagnostics prior to
version 3.5.05 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20986 (Path traversal in Samsung Members prior to Chinese version
15.5.05.4 a ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20985 (Improper input validation in Samsung Members prior to version
5.6.00.1 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20984 (Improper handling of insufficient permission in Galaxy
Wearable instal ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20983 (Improper export of android application components in Samsung
Dialer pr ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20982 (Path traversal in ShortcutService prior to SMR Feb-2026
Release 1 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20981 (Improper input validation in FacAtFunction prior to SMR
Feb-2026 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20980 (Improper input validation in PACM prior to SMR Feb-2026
Release 1 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20979 (Improper privilege management in Settings prior to SMR
Feb-2026 Releas ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20978 (Improper authorization in KnoxGuardManager prior to SMR
Feb-2026 Relea ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-20977 (Improper access control in Emergency Sharing prior to SMR
Feb-2026 Rel ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-1835 (A vulnerability was identified in lcg0124 BootDo up to
e93dd428ef6f5c8 ...)
TODO: check
CVE-2026-1819 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -67,9 +67,9 @@ CVE-2026-1810 (A vulnerability was detected in bolo-blog
bolo-solo up to 2.6.4.
CVE-2026-1791 (Unrestricted Upload of File with Dangerous Type vulnerability
in Hills ...)
TODO: check
CVE-2026-1756 (The WP FOFT Loader plugin for WordPress is vulnerable to
arbitrary fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1755 (The Menu Icons by ThemeIsle plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1633 (The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter
exposes it ...)
TODO: check
CVE-2026-1632 (MOMA Seismic Station Version v2.4.2520 and prior exposes its
web manag ...)
@@ -81,21 +81,21 @@ CVE-2025-69621 (An arbitrary file overwrite vulnerability
in the file import pro
CVE-2025-69620 (A path traversal in Moo Chan Song v4.5.7 allows attackers to
cause a D ...)
TODO: check
CVE-2025-65081 (An out-of-bounds read vulnerability has been identified in the
Postscr ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-65080 (A type confusion vulnerability has been identified in the
Postscript i ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-65079 (A heap-based buffer overflow vulnerability has been identified
in the ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-65078 (An untrusted search path vulnerability has been identified in
the Embe ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-65077 (A relative path traversal vulnerability has been identified in
the Emb ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-36094 (IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0
Interim Fi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36033 (IBM Engineering Lifecycle Management - Global Configuration
Management ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-33081 (IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive
informati ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-29867 (Access of Resource Using Incompatible Type ('Type Confusion')
vulnerab ...)
TODO: check
CVE-2020-37097 (Edimax EW-7438RPn 1.13 contains an information disclosure
vulnerabilit ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e40baac07b1b1e1630bfd61d0bddc47bf3d55fa2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e40baac07b1b1e1630bfd61d0bddc47bf3d55fa2
You're receiving this email because of your
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1fc4955e by security tracker role at 2026-02-03T20:13:57+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -47,93 +47,93 @@ CVE-2026-25234 (PEAR is a framework and distribution system
for reusable PHP com
CVE-2026-25233 (PEAR is a framework and distribution system for reusable PHP
component ...)
TODO: check
CVE-2026-25036 (Missing Authorization vulnerability in WP Chill Passster
content-prote ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25028 (Missing Authorization vulnerability in Element Invader
ElementInvader ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25027 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25024 (Cross-Site Request Forgery (CSRF) vulnerability in Blair
Williams Thir ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25023 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25022 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25021 (Missing Authorization vulnerability in Mizan Themes Mizan Demo
Importe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25020 (Missing Authorization vulnerability in WP connect WP Sync for
Notion w ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25019 (Missing Authorization vulnerability in Vito Peleg Atarim
atarim-visual ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25016 (Missing Authorization vulnerability in Nelio Software Nelio
Popups nel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25015 (Cross-Site Request Forgery (CSRF) vulnerability in Stiofan
UsersWP use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25014 (Cross-Site Request Forgery (CSRF) vulnerability in themelooks
Enter Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25012 (Missing Authorization vulnerability in gfazioli WP Bannerize
Pro wp-ba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25011 (Missing Authorization vulnerability in Northern Beaches
Websites WP Cu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25010 (Missing Authorization vulnerability in ILLID Share This Image
share-th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24998 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24997 (Missing Authorization vulnerability in Wired Impact Wired
Impact Volun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24996 (Missing Authorization vulnerability in wpelemento WPElemento
Importer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24995 (Missing Authorization vulnerability in Iulia Cazan Latest Post
Shortco ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24994 (Missing Authorization vulnerability in sunshinephotocart
Sunshine Phot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24992 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24991 (Authorization Bypass Through User-Controlled Key vulnerability
in HT P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24990 (Missing Authorization vulnerability in Fahad Mahmood WP Docs
wp-docs a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24988 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.insider
Simple M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24985 (Missing Authorization vulnerability in approveme WP Forms
Signature Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24984 (Missing Authorization vulnerability in Brecht Visual Link
Preview visu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24982 (Missing Authorization vulnerability in Brainstorm Force
Spectra ultima ...)
- TODO: che
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 378317a7 by security tracker role at 2026-02-03T08:13:49+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,15 +17,15 @@ CVE-2026-25060 (OpenList Frontend is a UI component for OpenList. Prior to 4.1.1 CVE-2026-25059 (OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the ...) TODO: check CVE-2026-24936 (When a specific function is enabled while joining a AD Domain from ADM ...) - TODO: check + NOT-FOR-US: Asustor CVE-2026-24935 (A third-party NAT traversal module fails to validate SSL/TLS certifica ...) - TODO: check + NOT-FOR-US: Asustor CVE-2026-24934 (The DDNS function uses an insecure HTTP connection or fails to validat ...) - TODO: check + NOT-FOR-US: Asustor CVE-2026-24933 (The API communication component fails to validate the SSL/TLS certific ...) - TODO: check + NOT-FOR-US: Asustor CVE-2026-24932 (The DDNS update function in ADM fails to properly validate the hostnam ...) - TODO: check + NOT-FOR-US: Asustor CVE-2026-24763 (OpenClaw (formerly Clawdbot) is a personal AI assistant you run on yo ...) TODO: check CVE-2026-24737 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, use ...) @@ -47,7 +47,7 @@ CVE-2026-24043 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1. CVE-2026-24040 (jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the ...) TODO: check CVE-2026-24007 (Tuleap is an Open Source Suite for management of software development ...) - TODO: check + NOT-FOR-US: Tuleap CVE-2026-23997 (FacturaScripts is open-source enterprise resource planning and account ...) TODO: check CVE-2026-23515 (Signal K Server is a server application that runs on a central hub in ...) @@ -65,39 +65,39 @@ CVE-2026-20704 (Cross-site request forgery vulnerability exists in WRC-X1500GS-B CVE-2026-1788 (: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xqui ...) TODO: check CVE-2026-1778 (Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS cer ...) - TODO: check + NOT-FOR-US: Amazon CVE-2026-1777 (The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes th ...) - TODO: check + NOT-FOR-US: Amazon CVE-2026-1730 (The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary fi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1592 (Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site script ...) - TODO: check + NOT-FOR-US: Foxit CVE-2026-1591 (Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site script ...) - TODO: check + NOT-FOR-US: Foxit CVE-2026-1447 (The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1375 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1371 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1210 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1065 (The Form Maker by 10Web plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1058 (The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0950 (The Spectra Gutenberg Blocks \u2013 Website Builder for the Block Edit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0924 (BuhoCleanercontains an insecure XPC service that allows local, unprivi ...) TODO: check CVE-2026-0909 (The WP ULike plugin for WordPress is vulnerable to Insecure Direct Obj ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0617 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0383 (A vulnerability in Brocade Fabric OS could allow an authenticated, loc ...) - TODO: check + NOT-FOR-US: Brocade CVE-2025-9711 (A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevat ...) - TODO: check + NOT-FOR-US: Brocade CVE-2025-8590 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) TODO: check CVE-2025-8589 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) @@ -121,39 +121,39 @@ CVE-2025-61647 (Vulnerability in Wikimedia Foundation
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2a9b5e95 by security tracker role at 2026-02-02T20:13:40+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,63 +3,63 @@ CVE-2026-24071 (It was found that the XPC service offered by the privileged help CVE-2026-24070 (During the installation of the Native Access application, a privileged ...) TODO: check CVE-2026-9 (A command injection vulnerability may be exploited after the admin's a ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2026-7 (A command injection vulnerability may be exploited after the admin's a ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2026-6 (A command injection vulnerability may be exploited after the admin's a ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2026-5 (A command injection vulnerability may be exploited after the admin's a ...) TODO: check CVE-2026-4 (A command injection vulnerability may be exploited after the admin's a ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2026-3 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2026-2 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2026-1 (An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2026-20422 (In Modem, there is a possible system crash due to improper input valid ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20421 (In Modem, there is a possible system crash due to improper input valid ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20420 (In Modem, there is a possible system crash due to incorrect error hand ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20419 (In wlan AP/STA firmware, there is a possible system becoming irrespons ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20418 (In Thread, there is a possible out of bounds write due to a missing bo ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20417 (In pcie, there is a possible out of bounds write due to a missing boun ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20415 (In imgsys, there is a possible memory corruption due to improper locki ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20414 (In imgsys, there is a possible escalation of privilege due to use afte ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20413 (In imgsys, there is a possible out of bounds write due to a missing bo ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20412 (In cameraisp, there is a possible out of bounds write due to a missing ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20411 (In cameraisp, there is a possible escalation of privilege due to use a ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20410 (In imgsys, there is a possible out of bounds write due to a missing bo ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20409 (In imgsys, there is a possible out of bounds write due to a missing bo ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20408 (In wlan, there is a possible out of bounds write due to a heap buffer ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20407 (In wlan STA driver, there is a possible escalation of privilege due to ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20406 (In Modem, there is a possible system crash due to an uncaught exceptio ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20405 (In Modem, there is a possible system crash due to a missing bounds che ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20404 (In Modem, there is a possible system crash due to improper input valid ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20403 (In Modem, there is a possible system crash due to a missing bounds che ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20402 (In Modem, there is a possible system crash due to improper input valid ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-20401 (In Modem, there is a possible system crash due to an uncaught exceptio ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2026-1770 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) TODO: check CVE-2026-1761 (A flaw was found in libsoup. This stack-based buffer overflow vulnerab ...) @@ -73,7 +73,7 @@ CVE-2026-1751 (A vulnerability has been discovered in GitLab CE/EE affecting all CVE-2026-1703 (
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 3aa48e28 by security tracker role at 2026-02-02T08:14:05+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,9 +17,9 @@ CVE-2026-20711 (Cross-site scripting vulnerability exists in E-mail function of CVE-2026-1746 (A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability ...) TODO: check CVE-2026-1745 (A vulnerability was determined in SourceCodester Medical Certificate G ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-1744 (A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affec ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-1743 (A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini ...) TODO: check CVE-2026-1742 (A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected ...) @@ -45,13 +45,13 @@ CVE-2026-1733 (A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. T CVE-2026-1518 (A flaw was found in Keycloak\u2019s CIBA feature where insufficient va ...) TODO: check CVE-2026-0658 (The Five Star Restaurant Reservations WordPress plugin before 2.7.9 d ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15396 (The Library Viewer WordPress plugin before 3.2.0 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15030 (The User Profile Builder WordPress plugin before 3.15.2 does not have ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13348 (An improper access control vulnerability exists in ASUS Secure Delete ...) - TODO: check + NOT-FOR-US: ASUS CVE-2023-54343 (QWE DL 2.0.1 mobile web application contains a persistent input valida ...) NOT-FOR-US: QWE DL CVE-2022-50952 (Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cro ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3aa48e2808adeca305b8c0d5388c82228d9ecb7e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3aa48e2808adeca305b8c0d5388c82228d9ecb7e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: b00615e0 by security tracker role at 2026-01-31T20:15:42+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2026-1165 (The Popup Box plugin for WordPress is vulnerable to Cross-Site Request ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14554 (The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-23039 (In the Linux kernel, the following vulnerability has been resolved: d ...) - linux 6.18.8-1 [trixie] - linux (Vulnerable code not present) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b00615e097e0663a31bd690639e5d7fd6b02739e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b00615e097e0663a31bd690639e5d7fd6b02739e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4b576cd0 by security tracker role at 2026-01-31T08:13:40+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -9,55 +9,55 @@ CVE-2026-25130 (Cybersecurity AI (CAI) is a framework for AI
Security. In versio
CVE-2026-25129 (PsySH is a runtime developer console, interactive debugger,
and REPL f ...)
TODO: check
CVE-2026-1723 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-1705 (A vulnerability was detected in D-Link DSL-6641K
N8.TR069.20131126. Af ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-1431 (The Booking Calendar plugin for WordPress is vulnerable to
unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1251 (The SupportCandy \u2013 Helpdesk & Customer Support Ticket
System plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0683 (The SupportCandy \u2013 Helpdesk & Customer Support Ticket
System plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-36442 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36428 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36427 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36424 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36423 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 12.1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36407 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)11.5. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36387 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36384 (IBM Db2 for Windows12.1.0 - 12.1.3 could allow a local user
with file ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36366 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36365 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36353 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36184 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)11.5. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36123 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36098 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36070 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)11.5. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36009 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36001 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server) 11.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-2668 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect
Server)11.5. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-15525 (The Ajax Load More \u2013 Infinite Scroll, Load More, & Lazy
Load plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15510 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-37057 (Online-Exam-System 2015 contains a SQL injection vulnerability
in the ...)
TODO: check
CVE-2020-37056 (Crystal Shard http-protection 0.2.0 contains an IP spoofing
vulnerabil ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b576cd01158ed17d27884804a4fce5a2edd25f9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b576cd01158ed17d27884804a4fce5a2edd25f9
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
626b4429 by security tracker role at 2026-01-30T20:14:01+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -3,27 +3,27 @@ CVE-2026-25128 (fast-xml-parser allows users to validate XML,
parse XML to JS ob
CVE-2026-25050 (Vendure is an open-source headless commerce platform. Prior to
version ...)
TODO: check
CVE-2026-24855 (ChurchCRM is an open-source church management system. Versions
prior t ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-24854 (ChurchCRM is an open-source church management system. A SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-23835 (LobeHub is an open source human-and-AI-agent network. Prior to
version ...)
TODO: check
CVE-2026-22626 (Due to insufficient input parameter validation on the
interface, authe ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2026-22625 (Improper handling of filenames in certain HIKSEMI NAS products
may lea ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2026-22624 (Due to inadequate access control, authenticated users of
certain HIKSE ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2026-22623 (Due to insufficient input parameter validation on the
interface, authe ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2026-22277 (Dell UnityVSA, version(s) 5.4 and prior, contain(s) an
Improper Neutra ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-21418 (Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper
Neutral ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-1702 (A vulnerability was detected in SourceCodester Pet Grooming
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-1701 (A security vulnerability has been detected in itsourcecode
Student Man ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-1700 (A weakness has been identified in projectworlds House Rental
and Prope ...)
TODO: check
CVE-2026-1699 (In the Eclipse Theia Website repository, the GitHub Actions
workflow . ...)
@@ -31,17 +31,17 @@ CVE-2026-1699 (In the Eclipse Theia Website repository, the
GitHub Actions workf
CVE-2026-1691 (A vulnerability has been found in bolo-solo up to 2.6.4. This
impacts ...)
TODO: check
CVE-2026-1690 (A flaw has been found in Tenda HG10
US_HG7_HG9_HG10re_31138_en_xpo ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-1689 (A vulnerability was detected in Tenda HG10
US_HG7_HG9_HG10re_31138 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-1688 (A security vulnerability has been detected in itsourcecode
Directory M ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-1687 (A weakness has been identified in Tenda HG10
US_HG7_HG9_HG10re_311 ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-1686 (A security flaw has been discovered in Totolink A3600R
5.9c.4959. This ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-1685 (A vulnerability was identified in D-Link DIR-823X 250416. This
vulnera ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-1684 (A vulnerability was found in Free5GC SMF up to 4.1.0. Affected
by this ...)
TODO: check
CVE-2026-1683 (A vulnerability has been found in Free5GC SMF up to 4.1.0.
Affected by ...)
@@ -49,15 +49,15 @@ CVE-2026-1683 (A vulnerability has been found in Free5GC
SMF up to 4.1.0. Affect
CVE-2026-1682 (A flaw has been found in Free5GC SMF up to 4.1.0. Affected is
the func ...)
TODO: check
CVE-2026-1498 (An LDAP Injection vulnerability in WatchGuard Fireware OS may
allow a ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-0709 (Some Hikvision Wireless Access Points are vulnerable to
authenticated ...)
- TODO: check
+ NOT-FOR-US: Hikvision
CVE-2025-9226 (Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils
version ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-7964 (After receiving a malformed 802.15.4 MAC Data Request the
Zigbee C ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2025-6723 (Chef InSpec up to version 5.23 creates named pipes with overly
permiss ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2025-69662 (SQL injection vulnerability in geopandas before v.1.1.2 allows
an atta ...)
TODO: check
CVE-2025-62349 (Salt contains an authentication protocol version downgrade
weakness th ...)
@@ -69,13 +69,13 @@ CVE-2025-51958 (aelsantex runcommand 2014-04-01, a plugin
for DokuWiki, allows u
CVE-2025-4686 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-26385 (Johnson
Re: [Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 710c3fc7 by security tracker role at 2026-01-30T08:14:02+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,25 +47,25 @@ CVE-2026-24729 (An unrestricted upload of file with dangerous type vulnerability CVE-2026-24728 (A missing authentication for critical function vulnerability in the /s ...) TODO: check CVE-2026-24714 (Some end of service NETGEAR products provide "TelnetEnable" functional ...) - TODO: check + NOT-FOR-US: Netgear CVE-2026-1680 (Improper access control in the WCF endpoint in Edgemo (now owned by Da ...) TODO: check CVE-2026-1665 (A command injection vulnerability exists in nvm (Node Version Manager) ...) TODO: check CVE-2026-1638 (A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-1637 (A vulnerability was identified in Tenda AC21 16.03.08.16. The affected ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-1625 (A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted e ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-1624 (A security vulnerability has been detected in D-Link DWR-M961 1.1.47. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-1623 (A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1340 (A code injection in Ivanti Endpoint Manager Mobile allowing attackers ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2026-1281 (A code injection in Ivanti Endpoint Manager Mobile allowing attackers ...) - TODO: check + NOT-FOR-US: Ivanti CVE-2026-0963 (An input neutralization vulnerability in the File Operations API Endpo ...) TODO: check CVE-2026-0805 (An input neutralization vulnerability in the Backup Configuration comp ...) @@ -75,7 +75,7 @@ CVE-2025-15322 (Tanium addressed an improper access controls vulnerability in Ta CVE-2025-15288 (Tanium addressed an improper access controls vulnerability in Interact ...) TODO: check CVE-2025-12899 (A flaw in Zephyr\u2019s network stack allows an IPv4 packet containing ...) - TODO: check + NOT-FOR-US: Zephyr, different from src:zephyr CVE-2026-25210 (In libexpat before 2.7.4, the doContent function does not properly det ...) - expat NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/7ddea353ad3795f7222441274d4d9a155b523cba View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/710c3fc71d2787dd1286338e77ed5970283007e6 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/710c3fc71d2787dd1286338e77ed5970283007e6 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 605d3ee1 by security tracker role at 2026-01-29T20:14:28+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -3,7 +3,7 @@ CVE-2026-25068 (alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to c CVE-2026-24780 (AutoGPT is a platform that allows users to create, deploy, and manage ...) TODO: check CVE-2026-24687 (Umbraco Forms is a form builder that integrates with the Umbraco conte ...) - TODO: check + NOT-FOR-US: Umbraco CMS CVE-2026-24414 (The Icinga PowerShell Framework provides configuration and check possi ...) TODO: check CVE-2026-24413 (Icinga 2 is an open source monitoring system. Starting in version 2.3. ...) @@ -13,33 +13,33 @@ CVE-2026-24054 (Kata Containers is an open source project focusing on a standard CVE-2026-23896 (immich is a high performance self-hosted photo and video management so ...) TODO: check CVE-2026-23571 (A command injection vulnerability was discovered in TeamViewer DEX (fo ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2026-23570 (A missing validation of a user-controlled value in the TeamViewer DEX ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2026-23569 (An out-of-bounds read vulnerability in the TeamViewer DEX Client (form ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2026-23568 (An out-of-bounds read vulnerability in the TeamViewer DEX Client (form ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2026-23567 (An integer underflow in the UDP command handler of the TeamViewer DEX ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2026-23566 (A vulnerability in TeamViewer DEX Client (former 1E Client) - Content ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2026-23565 (A vulnerability in TeamViewer DEX Client (former 1E Client) - Content ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2026-23564 (A vulnerability in TeamViewer DEX Client (former 1E Client) - Content ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2026-23563 (Improper Link Resolution Before File Access (invoked by 1E\u2011Explor ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2026-22806 (vCluster Platform provides a Kubernetes platform for managing virtual ...) TODO: check CVE-2026-22764 (Dell OpenManage Network Integration, versions prior to 3.9, contains a ...) - TODO: check + NOT-FOR-US: Dell / EMC CVE-2026-1616 (The $uri$args concatenation in nginx configuration file present in Ope ...) TODO: check CVE-2026-1610 (A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affecte ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-1601 (A weakness has been identified in Totolink A7000R 4.1cu.4154. The impa ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1600 (A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant ...) TODO: check CVE-2026-1599 (A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant ...) @@ -49,17 +49,17 @@ CVE-2026-1598 (A vulnerability was found in Bdtask Bhojon All-In-One Restaurant CVE-2026-1597 (A vulnerability has been found in Bdtask SalesERP up to 20260116. This ...) TODO: check CVE-2026-1596 (A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability af ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-1595 (A vulnerability was detected in itsourcecode Society Management System ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1594 (A security vulnerability has been detected in itsourcecode Society Man ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1593 (A weakness has been identified in itsourcecode Society Management Syst ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1590 (A vulnerability was identified in itsourcecode School Management Syste ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1589 (A vulnerability was determined in itsourcecode School Management Syste ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1588 (A vulnerability was found in jishenghua jshERP up to 3.6. The impacted ...) TODO: check CVE-2026-1587 (A vulnerability has been found in Open5GS up to 2.7.6. The affected el ...) @@ -69,13 +69,13 @@ CVE-2026-1586 (A flaw has been found in Open5GS up to 2.7.5. Impacted is the fun CVE-2026-1469 (Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vuln ...) TODO: check CVE-2026-1457 (An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2026-1453 (A mi
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 90a5566e by security tracker role at 2026-01-29T08:13:36+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,37 +21,37 @@ CVE-2026-24767 (NocoDB is software for building databases as spreadsheets. Prior CVE-2026-24766 (NocoDB is software for building databases as spreadsheets. Prior to ve ...) TODO: check CVE-2026-24742 (Discourse is an open source discussion platform. In versions prior to ...) - TODO: check + NOT-FOR-US: Discourse CVE-2026-24739 (Symfony is a PHP framework for web and console applications and a set ...) TODO: check CVE-2026-23743 (Discourse is an open source discussion platform. In versions prior to ...) - TODO: check + NOT-FOR-US: Discourse CVE-2026-1552 (A security vulnerability has been detected in SEMCMS 5.0. This vulnera ...) TODO: check CVE-2026-1551 (A weakness has been identified in itsourcecode School Management Syste ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1550 (A security flaw has been discovered in PHPGurukul Hospital Management ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-1549 (A vulnerability was identified in jishenghua jshERP up to 3.6. Affecte ...) TODO: check CVE-2026-1548 (A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1547 (A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affec ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1546 (A security vulnerability has been detected in jishenghua jshERP up to ...) TODO: check CVE-2026-1545 (A weakness has been identified in itsourcecode School Management Syste ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1544 (A security flaw has been discovered in D-Link DIR-823X 250416. Impacte ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-1535 (A security vulnerability has been detected in code-projects Online Mus ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-1534 (A weakness has been identified in code-projects Online Music Site 1.0. ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-1533 (A security flaw has been discovered in code-projects Online Music Site ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-1532 (A vulnerability was identified in D-Link DCS-700L 1.03.09. The affecte ...) - TODO: check + NOT-FOR-US: D-Link CVE-2025-71007 (An input validation vulnerability in the oneflow.index_add component o ...) TODO: check CVE-2025-71006 (A floating point exception (FPE) in the oneflow.reshape component of O ...) @@ -69,7 +69,7 @@ CVE-2025-53869 (Multiple MFPs provided by Brother Industries, Ltd. does not prop CVE-2025-15344 (Tanium addressed a SQL injection vulnerability in Asset.) TODO: check CVE-2025-14975 (The Custom Login Page Customizer WordPress plugin before 2.5.4 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-24775 (OpenProject is an open-source, web-based project management software. ...) NOT-FOR-US: OpenProject CVE-2026-24772 (OpenProject is an open-source, web-based project management software. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90a5566eacbd5bace5c873c3ea4c8f7419e0a905 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90a5566eacbd5bace5c873c3ea4c8f7419e0a905 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0012af9 by security tracker role at 2026-01-28T20:13:15+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -7,7 +7,7 @@ CVE-2026-24685 (OpenProject is an open-source, web-based
project management soft
CVE-2026-22243 (EGroupware is a Web based groupware server written in PHP. A
SQL Injec ...)
TODO: check
CVE-2026-21865 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-1539 (A flaw was found in the libsoup HTTP library that can cause
proxy auth ...)
TODO: check
CVE-2026-1536 (A flaw was found in libsoup. An attacker who can control the
input for ...)
@@ -19,41 +19,41 @@ CVE-2026-1521 (A security flaw has been discovered in
Open5GS up to 2.7.6. This
CVE-2026-1520 (A vulnerability was identified in rethinkdb up to 2.4.3.
Affected by t ...)
TODO: check
CVE-2026-1400 (The AI Engine \u2013 The Chatbot and AI Framework for WordPress
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1399 (The WP Google Ad Manager Plugin plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1398 (The Change WP URL plugin for WordPress is vulnerable to
Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1391 (The Vzaar Media Management plugin for WordPress is vulnerable
to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1381 (The Order Minimum/Maximum Amount Limits for WooCommerce plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1380 (The Bitcoin Donate Button plugin for WordPress is vulnerable to
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1377 (The imwptip plugin for WordPress is vulnerable to Cross-Site
Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1280 (The Frontend File Manager Plugin for WordPress is vulnerable to
unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1237 (Vulnerable cross-model authorization in juju. If a charm's
cross-model ...)
TODO: check
CVE-2026-1060 (The WP Adminify plugin for WordPress is vulnerable to Sensitive
Inform ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1056 (The Snow Monkey Forms plugin for WordPress is vulnerable to
arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1053 (The Ivory Search \u2013 WordPress Search Plugin plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0844 (The Simple User Registration plugin for WordPress is vulnerable
to pri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0750 (Improper Verification of Cryptographic Signature vulnerability
in Drup ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-0749 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-0702 (The VidShop \u2013 Shoppable Videos for WooCommerce plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0483 (Stored Cross-Site Scripting (XSS) vulnerability in the PDF file
upload ...)
TODO: check
CVE-2025-7740 (Default credentials vulnerability exists in SuprOS product. If
exploit ...)
- TODO: check
+ NOT-FOR-US: Hitachi Energy
CVE-2025-71002 (A floating-point exception (FPE) in the flow.column_stack
component of ...)
TODO: check
CVE-2025-71001 (A segmentation violation in the flow.column_stack component of
OneFlow ...)
@@ -71,27 +71,27 @@ CVE-2025-69601 (A directory traversal (Zip Slip)
vulnerability exists in the \u2
CVE-2025-69517 (An issue in Amidaware Inc Tactical RMM v1.3.1 and before
allows a remo ...)
TODO: check
CVE-2025-69289 (Discourse is an open source discussion platform. A privilege
escalatio ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-69218 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68934 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68933 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68666 (Discourse is an open source discussion platform. In versions
prior to ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2025-68662 (Discourse is an open source discussion platform. In versions
prior to ..
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1481f9d2 by security tracker role at 2026-01-28T08:14:22+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -55,7 +55,7 @@ CVE-2026-24770 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) e CVE-2026-24765 (PHPUnit is a testing framework for PHP. A vulnerability has been disco ...) TODO: check CVE-2026-24748 (Kargo manages and automates the promotion of software artifacts. Prior ...) - TODO: check + NOT-FOR-US: Argo CD CVE-2026-24747 (PyTorch is a Python package that provides tensor computation. Prior to ...) TODO: check CVE-2026-24741 (ConvertXis a self-hosted online file converter. In versions prior to 0 ...) @@ -71,71 +71,71 @@ CVE-2026-24134 (StudioCMS is a server-side-rendered, Astro native, headless cont CVE-2026-23830 (SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 ...) TODO: check CVE-2026-21569 (This High severity XXE (XML External Entity Injection) vulnerability w ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2026-1514 (Official Document Management System developed by 2100 Technology has a ...) TODO: check CVE-2026-1513 (billboard.js before 3.18.0 allows an attacker to execute malicious Jav ...) TODO: check CVE-2026-1506 (A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-1505 (A vulnerability was found in D-Link DIR-615 4.10. This issue affects s ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-1466 (Jirafeau normally prevents browser preview for text files due to the p ...) TODO: check CVE-2026-1389 (The Document Embedder \u2013 Embed PDFs, Word, Excel, and Other Files ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1310 (The Simple calendar for Elementor plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1298 (The Easy Replace Image plugin for WordPress is vulnerable to Missing A ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1295 (The Buy Now Plus \u2013 Buy Now buttons for Stripe plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1244 (The Forms Bridge \u2013 Infinite integrations plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1083 (The Appointment Hour Booking \u2013 Booking Calendar plugin for WordPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1054 (The RegistrationMagic plugin for WordPress is vulnerable to Missing Au ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0832 (The New User Approve plugin for WordPress is vulnerable to unauthorize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0825 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0818 (CSS-based exfiltration of the content from partially encrypted emails ...) TODO: check CVE-2025-9082 (The WPBITS Addons For Elementor plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-8072 (The Target Video Easy Publish plugin for WordPress is vulnerable to St ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-67645 (OpenEMR is a free and open source electronic health records and medica ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2025-55292 (Meshtastic is an open source mesh networking solution. In the current ...) TODO: check CVE-2025-54373 (OpenEMR is a free and open source electronic health records and medica ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2025-40554 (SolarWinds Web Help Desk was found to be susceptible to an authenticat ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2025-40553 (SolarWinds Web Help Desk was found to be susceptible to an untrusted d ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2025-40552 (SolarWinds Web Help Desk was found to be susceptible to an authenticat ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2025-40551 (SolarWinds Web Help Desk was found to be susceptible to an untrusted d ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2025-40537 (SolarWinds Web Help Desk was found to be susceptible to a hardcoded cr ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2025-40536 (SolarWinds Web Help Desk was found to be susceptible to a security con ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2025-21589 (An Authentication Bypass Using an Alternate Path or Chan
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
77471908 by security tracker role at 2026-01-27T20:14:20+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -15,7 +15,7 @@ CVE-2026-24869 (Use-after-free in the Layout: Scrolling and
Overflow component.
CVE-2026-24868 (Mitigation bypass in the Privacy: Anti-Tracking component.
This vulner ...)
TODO: check
CVE-2026-24858 (An Authentication Bypass Using an Alternate Path or Channel
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2026-24832 (Out-of-bounds Write vulnerability in ixray-team
ixray-1.6-stcop.This i ...)
TODO: check
CVE-2026-24831 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
@@ -123,9 +123,9 @@ CVE-2026-23892 (OctoPrint provides a web interface for
controlling consumer 3D p
CVE-2026-23881 (Kyverno is a policy engine designed for cloud native platform
engineer ...)
TODO: check
CVE-2026-23593 (A vulnerability in the web-based management interface of HPE
Aruba Net ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-23592 (Insecure file operations in HPE Aruba Networking Fabric
Composer\xe2\u ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-22264 (Suricata is a network IDS, IPS and NSM engine. Prior to
version 8.0.3 ...)
TODO: check
CVE-2026-22263 (Suricata is a network IDS, IPS and NSM engine. Starting in
version 8.0 ...)
@@ -147,7 +147,7 @@ CVE-2026-21721 (The dashboard permissions API does not
verify the target dashboa
CVE-2026-21720 (Every uncached /avatar/:hash request spawns a goroutine that
refreshes ...)
TODO: check
CVE-2026-21417 (Dell CloudBoost Virtual Appliance, versions prior to
19.14.0.0, contai ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-1489 (A flaw was found in GLib. An integer overflow vulnerability in
its Uni ...)
TODO: check
CVE-2026-1485 (A flaw was found in Glib's content type parsing logic. This
buffer und ...)
@@ -195,21 +195,21 @@ CVE-2026-0919 (The HTTP parser of Tapo C220 v1 and C520WS
v2 cameras improperly
CVE-2026-0918 (The Tapo C220 v1 and C520WS v2 cameras\u2019 HTTP service does
not saf ...)
TODO: check
CVE-2026-0746 (The AI Engine plugin for WordPress is vulnerable to Server-Side
Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0705 (Local privilege escalation due to insecure folder permissions.
The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-0648 (The vulnerability stems from an incorrect error-checking logic
in the ...)
TODO: check
CVE-2025-69565 (code-projects Mobile Shop Management System 1.0 is vulnerable
to File ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-69564 (code-projects Mobile Shop Management System 1.0 is vulnerable
to SQL I ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-69563 (code-projects Mobile Shop Management System 1.0 is vulnerable
to SQL I ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-69562 (code-projects Mobile Shop Management System 1.0 is vulnerable
to SQL I ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-69559 (code-projects Computer Book Store 1.0 is vulnerable to File
Upload in ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-68670 (xrdp is an open source RDP server. xrdp before v0.10.5
contains an una ...)
TODO: check
CVE-2025-65264 (The kernel driver of CPUID CPU-Z v2.17 and earlier does not
validate u ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7747190868ceccfcb43acfe73e54c18c7abe158e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7747190868ceccfcb43acfe73e54c18c7abe158e
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d486ed78 by security tracker role at 2026-01-27T08:13:45+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37,7 +37,7 @@ CVE-2026-23889 (pnpm is a package manager. Prior to version 10.28.1, a path trav CVE-2026-23888 (pnpm is a package manager. Prior to version 10.28.1, a path traversal ...) TODO: check CVE-2026-23683 (SAP Fiori App Intercompany Balance Reconciliation does not perform nec ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-22709 (vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version ...) TODO: check CVE-2026-22696 (dcap-qvl implements the quote verification logic for DCAP (Data Center ...) @@ -47,25 +47,25 @@ CVE-2026-21408 (beat-access for Windows version 3.0.3 and prior contains an issu CVE-2026-1449 (A flaw has been found in Hisense TransTech Smart Bus Management System ...) TODO: check CVE-2026-1448 (A vulnerability was detected in D-Link DIR-615 up to 4.10. This impact ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-1445 (A vulnerability was found in iJason-Liu Books_Manager up to 298ba73638 ...) TODO: check CVE-2026-1444 (A vulnerability has been found in iJason-Liu Books_Manager up to 298ba ...) TODO: check CVE-2026-1443 (A flaw has been found in code-projects Online Music Site 1.0. Affected ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-1361 (ASDA-Soft Stack-based Buffer Overflow Vulnerability) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2025-59473 (SQL Injection vulnerability in the Structure for Admin authenticated u ...) TODO: check CVE-2025-59472 (A denial of service vulnerability exists in Next.js versions with Part ...) - TODO: check + NOT-FOR-US: Next.js CVE-2025-59471 (A denial of service vulnerability exists in self-hosted Next.js applic ...) - TODO: check + NOT-FOR-US: Next.js CVE-2025-30248 (DLL hijacking in the WD Discovery Installer in Western Digital WD Disc ...) TODO: check CVE-2025-14971 (The Link Invoice Payment for WooCommerce plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-24440 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) NOT-FOR-US: Tenda CVE-2026-24439 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d486ed7806625cb785f88afab5e08a822718fd05 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d486ed7806625cb785f88afab5e08a822718fd05 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: a43f122b by security tracker role at 2026-01-26T20:14:05+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,25 +1,25 @@ CVE-2026-24440 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-24439 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-24437 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-24436 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-24435 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-24433 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-24432 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-24431 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-24430 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-24429 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-24428 (Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-23864 (Multiple denial of service vulnerabilities exist in React Server Compo ...) TODO: check CVE-2026-21509 (Reliance on untrusted inputs in a security decision in Microsoft Offic ...) @@ -33,9 +33,9 @@ CVE-2026-1428 (Single Sign-On Portal System developed by WellChoose has a OS Com CVE-2026-1427 (Single Sign-On Portal System developed by WellChoose has a OS Command ...) TODO: check CVE-2026-1284 (An Out-Of-Bounds Write vulnerability affecting the EPRT file reading p ...) - TODO: check + NOT-FOR-US: Dassault Systemes CVE-2026-1283 (A Heap-based Buffer Overflow vulnerability affecting the EPRT file rea ...) - TODO: check + NOT-FOR-US: Dassault Systemes CVE-2026-1224 (Tanium addressed an uncontrolled resource consumption vulnerability in ...) TODO: check CVE-2026-0925 (Tanium addressed an improper input validation vulnerability in Discove ...) @@ -107,7 +107,7 @@ CVE-2025-41083 (Vulnerability in Altitude Authentication Service and Altitude Co CVE-2025-41082 (Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communic ...) TODO: check CVE-2025-14756 (Command injection vulnerability was found in the admin interface compo ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2020-36960 (Forma LMS 2.3 contains a stored cross-site scripting vulnerability tha ...) TODO: check CVE-2020-36959 (IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerabilit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a43f122bc9a356eeebb696a639dc9da7da2d6066 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a43f122bc9a356eeebb696a639dc9da7da2d6066 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: d8392969 by security tracker role at 2026-01-26T08:13:44+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,17 +1,17 @@ CVE-2026-1425 (A security flaw has been discovered in pymumu SmartDNS up to 47.1. Thi ...) TODO: check CVE-2026-1424 (A vulnerability was identified in PHPGurukul News Portal 1.0. This aff ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-1423 (A vulnerability was determined in code-projects Online Examination Sys ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-1422 (A vulnerability was found in code-projects Online Examination System 1 ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-1421 (A vulnerability has been found in code-projects Online Examination Sys ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-1420 (A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unkno ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-1419 (A weakness has been identified in D-Link DCS700l 1.03.09. Affected is ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-1418 (A security vulnerability has been detected in GPAC up to 2.4.0. This a ...) TODO: check CVE-2026-1417 (A weakness has been identified in GPAC up to 2.4.0. Affected by this i ...) @@ -37,9 +37,9 @@ CVE-2026-1408 (A weakness has been identified in Beetel 777VR1 up to 01.00.09/01 CVE-2026-1407 (A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01 ...) TODO: check CVE-2025-14973 (The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14316 (The AhaChat Messenger Marketing WordPress plugin through 1.1 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-27821 - hadoop (bug #793644) CVE-2026-24656 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8392969442b3ce68d8a8667818e1b1c98122e8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8392969442b3ce68d8a8667818e1b1c98122e8c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 89d6f32c by security tracker role at 2026-01-25T08:13:38+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2025-6461 (The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1302 (The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored ...) NOT-FOR-US: WordPress plugin CVE-2026-1300 (The Responsive Header plugin for WordPress is vulnerable to Stored Cro ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d6f32c6978b80ce3f551ced119745dc3a73c71 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d6f32c6978b80ce3f551ced119745dc3a73c71 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 57b40d37 by security tracker role at 2026-01-24T20:13:56+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,45 +1,45 @@ CVE-2026-1302 (The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1300 (The Responsive Header plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1266 (The Postalicious plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1208 (The Friendly Functions for Welcart plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1191 (The JavaScript Notifier plugin for WordPress is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1189 (The LeadBI Plugin for WordPress plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1127 (The Timeline Event History plugin for WordPress is vulnerable to Refle ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1098 (The CM CSS Columns plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0911 (The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0862 (The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0800 (The User Submitted Posts \u2013 Enable Users to Submit Posts from the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0687 (The Meta-box GalleryMeta plugin for WordPress is vulnerable to unautho ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0633 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder f ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0593 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15516 (The All-in-One Video Gallery plugin for WordPress is vulnerable to una ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14907 (The Moderate Selected Posts plugin for WordPress is vulnerable to Cros ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14630 (The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Req ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13920 (The WP Directory Kit plugin for WordPress is vulnerable to Sensitive I ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13205 (The SurveyJS: Drag & Drop WordPress Form Builder to create, style and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13194 (The SurveyJS: Drag & Drop WordPress Form Builder to create, style and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13139 (The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-24649 REJECTED CVE-2026-24648 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b40d37431de8a66e097049c9d93241a99bf7b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57b40d37431de8a66e097049c9d93241a99bf7b4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4473fac1 by security tracker role at 2026-01-24T08:13:38+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -55,51 +55,51 @@ CVE-2026-24139 (MyTube is a self-hosted downloader and
player for several video
CVE-2026-24136 (Saleor is an e-commerce platform. Versions 3.2.0 through
3.20.109, 3.2 ...)
TODO: check
CVE-2026-24128 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2026-24127 (Typemill is a flat-file, Markdown-based CMS designed for
informational ...)
TODO: check
CVE-2026-22586 (Hard-coded Cryptographic Key vulnerability in Salesforce
Marketing Clo ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2026-22585 (Use of a Broken or Risky Cryptographic Algorithm vulnerability
in Sale ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2026-22583 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2026-22582 (Improper Neutralization of Argument Delimiters in a Command
('Argument ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2026-1386 (A UNIX symbolic link following issue in the jailer component in
Firecr ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-1257 (The Administrative Shortcodes plugin for WordPress is
vulnerable to Lo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1103 (The AIKTP plugin for WordPress is vulnerable to unauthorized
modificat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1099 (The Administrative Shortcodes plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1097 (The ThemeRuby Multi Authors \u2013 Assign Multiple Writers to
Posts pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1095 (The Canto Testimonials plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1088 (The Login Page Editor plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1084 (The Cookie consent for developers plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1081 (The Set Bulk Post Categories plugin for WordPress is vulnerable
to Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1076 (The Star Review Manager plugin for WordPress is vulnerable to
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1075 (The ZT Captcha plugin for WordPress is vulnerable to Cross-Site
Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1070 (The Alex User Counter plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0991
REJECTED
CVE-2026-0807 (The Frontis Blocks plugin for WordPress is vulnerable to
Server-Side R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0806 (The WP-ClanWars plugin for WordPress is vulnerable to SQL
Injection vi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-70458 (A DOM-based Cross-Site Scripting (XSS) vulnerability exists in
the Dom ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-70457 (A Remote Code Execution (RCE) vulnerability exists in
Sourcecodester M ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-67264 (An OS command injection vulnerability in the
com.sprd.engineermode com ...)
TODO: check
CVE-2025-52026 (An information disclosure vulnerability exists in the
/srvs/membersrv/ ...)
@@ -113,29 +113,29 @@ CVE-2025-52023 (A vulnerability in the PHP backend of
gemscms.aptsys.com.sg thru
CVE-2025-52022 (A vulnerability in the PHP backend of
gemsloyalty.aptsys.com.sg thru 2 ...)
TODO: check
CVE-2025-14985 (The Alpha Blocks plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14941 (The GZSEO plugin for WordPress is vulnerable to authorization
bypass l ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14906 (The WP Youtube Video Gallery plugin for WordPress is
vulnerable to Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14903 (The Simple Crypto Shortcodes plugin for WordPress is
vulnerable to Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14843 (The Wizit Gateway for WooCommerce plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plug
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6ea39d14 by security tracker role at 2026-01-23T20:14:25+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,207 +1,207 @@
CVE-2026-24636 (Missing Authorization vulnerability in Syed Balkhi Sugar
Calendar (Lit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24635 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24634 (Authorization Bypass Through User-Controlled Key vulnerability
in Rust ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24633 (Missing Authorization vulnerability in Passionate Brains Add
Expires H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24632 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24631 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24630 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24629 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24627 (Missing Authorization vulnerability in Trusona Trusona for
WordPress t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24626 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24625 (Missing Authorization vulnerability in Imaginate Solutions
File Upload ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24624 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24623 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24622 (Missing Authorization vulnerability in Sergiy Dzysyak
Suggestion Toolk ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24621 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24620 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24619 (Missing Authorization vulnerability in PopCash PopCash.Net
Code Integr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24617 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24616 (Missing Authorization vulnerability in Damian WP Popups
wp-popups-lite ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24615 (Missing Authorization vulnerability in themebeez Cream
Magazine cream- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24614 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24613 (Missing Authorization vulnerability in Ecwid by Lightspeed
Ecommerce S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24612 (Missing Authorization vulnerability in themebeez Orchid Store
orchid-s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24609 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24608 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24607 (Missing Authorization vulnerability in wptravelengine Travel
Monster t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24606 (Missing Authorization vulnerability in Web Impian Bayarcash
WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24605 (Missing Authorization vulnerability in pencilwp X Addons for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24604 (Missing Authorization vulnerability in themebeez Simple GDPR
Cookie Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plu
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 60383400 by security tracker role at 2026-01-23T08:14:03+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,7 @@ CVE-2026-24335 CVE-2026-24334 REJECTED CVE-2026-24307 (Improper validation of specified type of input in M365 Copilot allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2026-24306 (Improper access control in Azure Front Door (AFD) allows an unauthoriz ...) TODO: check CVE-2026-24305 (Azure Entra ID Elevation of Privilege Vulnerability) @@ -69,11 +69,11 @@ CVE-2026-20750 (Gitea does not properly validate project ownership in organizati CVE-2026-20736 (Gitea does not properly verify repository context when deleting attach ...) TODO: check CVE-2026-20613 (The ArchiveReader.extractContents() function used by cctl image load a ...) - TODO: check + NOT-FOR-US: Apple CVE-2026-1201 (An Authorization Bypass Through User-Controlled Key vulnerability in H ...) TODO: check CVE-2026-0927 (The KiviCare \u2013 Clinic & Patient Management System (EHR) plugin fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0798 (Gitea may send release notification emails for private repositories to ...) TODO: check CVE-2026-0796 (ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execut ...) @@ -179,7 +179,7 @@ CVE-2025-25051 (An attacker could decrypt sensitive data, impersonate legitimate CVE-2025-22234 (The fix applied in CVE-2025-8 inadvertently broke the timing attac ...) TODO: check CVE-2025-15522 (The Uncanny Automator \u2013 Easy Automation, Integration, Webhooks & ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15351 (Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data ...) TODO: check CVE-2025-15350 (Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data ...) @@ -201,11 +201,11 @@ CVE-2025-14751 (A low-privileged user can bypass account credentials without con CVE-2025-14750 (The web application does not sufficiently verify inputs that are assum ...) TODO: check CVE-2025-14745 (The RSS Aggregator \u2013 RSS Import, News Feeds, Feed to Post, and Au ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14069 (The Schema & Structured Data for WP & AMP plugin for WordPress is vuln ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-11976 (The The BuddyPress plugin for WordPress is vulnerable to arbitrary sho ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-24117 (Rekor is a software supply chain transparency log. In versions 1.4.3 a ...) - rekor NOTE: https://github.com/sigstore/rekor/security/advisories/GHSA-4c4x-jm2x-pf9j View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60383400b8a941227ce6f89ba244e132460e9eb7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60383400b8a941227ce6f89ba244e132460e9eb7 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5dd4f7c by security tracker role at 2026-01-22T20:14:00+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,53 +1,53 @@
CVE-2026-24390 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24389 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24388 (Missing Authorization vulnerability in Ludwig You
WPMasterToolKit wpma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24387 (Missing Authorization vulnerability in Arul Prasad J WP Quick
Post Dup ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24386 (Missing Authorization vulnerability in Element Invader Element
Invader ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24384 (Cross-Site Request Forgery (CSRF) vulnerability in
launchinteractive M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24383 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24381 (Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods
PhotoMe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24380 (Missing Authorization vulnerability in Metagauss EventPrime
eventprime ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24379 (Authorization Bypass Through User-Controlled Key vulnerability
in wpjo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24377 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24374 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss
Registrat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24371 (Missing Authorization vulnerability in bookingalgorithms BA
Book Every ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24368 (Missing Authorization vulnerability in Theme-one The Grid
the-grid all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24367 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24366 (Missing Authorization vulnerability in YITHEMES YITH
WooCommerce Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24365 (Cross-Site Request Forgery (CSRF) vulnerability in storeapps
Stock Man ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24361 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24360 (Server-Side Request Forgery (SSRF) vulnerability in Craig
Hewitt Serio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24358 (Missing Authorization vulnerability in ExpressTech Systems
Quiz And Su ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24357 (Missing Authorization vulnerability in Brecht WP Recipe Maker
wp-recip ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24356 (Missing Authorization vulnerability in Roxnor GetGenie
getgenie allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24355 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24354 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24353 (Missing Authorization vulnerability in wpeverest User
Registration use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24332 (Discord through 2026-01-16 allows gathering information about
whether ...)
TODO: check
CVE-2026-24055 (Langfuse is an open source large language model engineering
platform. ...)
@@ -95,13 +95,13 @@ CVE-2026-23990 (The Flux Operator is a Kubernetes CRD
controller that manages th
CVE-2026-23986 (Copier is a library and CLI app for rendering project
templates. Prior ...)
TODO: check
CVE-2026-23978 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-23976 (Improper Neutralization of I
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 45093a3b by security tracker role at 2026-01-21T20:14:20+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,9 +1,9 @@ CVE-2026-23955 (EVerest is an EV charging software stack. Prior to version 2025.9.0, i ...) TODO: check CVE-2026-23755 (D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled s ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-23754 (D-Link D-View 8 versions 2.0.1.107 and below contain an improper acces ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-20109 (Multiple vulnerabilities in the web-based management interface of Cisc ...) TODO: check CVE-2026-20092 (A vulnerability in the read-only maintenance shell of Cisco Intersight ...) @@ -17,27 +17,27 @@ CVE-2026-20045 (A vulnerability in Cisco Unified Communications Manager (Unified CVE-2026-1290 (Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf P ...) TODO: check CVE-2026-0834 (Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (T ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2026-0663 (Denial-of-service vulnerability in M-Files Server versions before26.1. ...) - TODO: check + NOT-FOR-US: M-Files CVE-2025-70651 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-70650 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-70648 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in th ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-70646 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in th ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-70645 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-70644 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-69766 (Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-69763 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIp ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-69762 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIp ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-69209 (ArduinoCore-avr contains the source code and configuration files of th ...) TODO: check CVE-2025-68141 (EVerest is an EV charging software stack. Prior to version 2025.10.0, ...) @@ -149,9 +149,9 @@ CVE-2021-47846 (Digital Crime Report Management System 1.0 contains a critical S CVE-2021-47830 (GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site reque ...) TODO: check CVE-2021-47817 (OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that all ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2021-47802 (Tenda D151 and D301 routers contain an unauthenticated configuration d ...) - TODO: check + NOT-FOR-US: Tenda CVE-2021-47778 (GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injecti ...) TODO: check CVE-2021-47770 (OpenPLC v3 contains an authenticated remote code execution vulnerabili ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45093a3ba48a5068e4247d57c7f929f7f2af4f79 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45093a3ba48a5068e4247d57c7f929f7f2af4f79 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1578eb43 by security tracker role at 2026-01-21T08:13:43+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,15 +47,15 @@ CVE-2026-21978 (Vulnerability in the Oracle FLEXCUBE Universal Banking product o CVE-2026-21977 (Vulnerability in the Oracle Zero Data Loss Recovery Appliance Software ...) TODO: check CVE-2026-21976 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21975 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21974 (Vulnerability in the Oracle Life Sciences Central Designer product of ...) TODO: check CVE-2026-21973 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) TODO: check CVE-2026-21972 (Vulnerability in the Oracle Configurator product of Oracle E-Business ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21971 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...) TODO: check CVE-2026-21970 (Vulnerability in the Oracle Life Sciences Central Designer product of ...) @@ -81,7 +81,7 @@ CVE-2026-21961 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources p CVE-2026-21960 (Vulnerability in the Oracle Applications DBA product of Oracle E-Busin ...) TODO: check CVE-2026-21959 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21957 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) TODO: check CVE-2026-21956 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) @@ -91,7 +91,7 @@ CVE-2026-21955 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt CVE-2026-21952 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) TODO: check CVE-2026-21951 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21950 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) TODO: check CVE-2026-21949 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) @@ -101,31 +101,31 @@ CVE-2026-21948 (Vulnerability in the MySQL Server product of Oracle MySQL (compo CVE-2026-21947 (Vulnerability in Oracle Java SE (component: JavaFX). Supported versio ...) TODO: check CVE-2026-21946 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) TODO: check CVE-2026-21944 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...) TODO: check CVE-2026-21943 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21942 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21941 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) TODO: check CVE-2026-21940 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...) TODO: check CVE-2026-21939 (Vulnerability in the SQLcl component of Oracle Database Server. Suppo ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21938 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21937 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) TODO: check CVE-2026-21936 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) TODO: check CVE-2026-21935 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21934 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) - TODO: check + NOT-FOR-US: Oracle CVE-2026-21933 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) TODO: check CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) @@ -133,13 +133,13 @@ CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Ora CVE-2026-21931 (Vulnerability in the Oracle APEX Sample Applications product of Oracle ...) TODO: check CVE-2026-21930 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) - TODO: check + NOT-FOR-U
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cc14eb0c by security tracker role at 2026-01-20T20:13:54+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2026-22844 (A Command Injection vulnerability in Zoom Node Multimedia Routers (MMR ...) - TODO: check + NOT-FOR-US: Zoom CVE-2026-1245 (A code injection vulnerability in the binary-parser library prior to v ...) TODO: check CVE-2026-1183 (HTML injection vulnerability in multiple Botble products such as Trans ...) @@ -7,35 +7,35 @@ CVE-2026-1183 (HTML injection vulnerability in multiple Botble products such as CVE-2026-1180 (A flaw was identified in Keycloak\u2019s OpenID Connect Dynamic Client ...) TODO: check CVE-2026-0726 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0690 (The FlatPM \u2013 Ad Manager, AdSense and Custom Code plugin for WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0622 (Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever ...) TODO: check CVE-2026-0608 (The Head Meta Data plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0554 (The NotificationX plugin for WordPress is vulnerable to unauthorized m ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0548 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-9466 (A security issue exists within ArmorStart\xae LT that can result in a ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2025-9465 (A security issue exists within ArmorStart\xae LT that can result in a ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2025-9464 (A security issue exists within ArmorStart\xae LT that can result in a ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2025-9283 (A security issue exists within ArmorStart\xae LT that can result in a ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2025-9282 (A security issue exists within ArmorStart\xae LT that can result in a ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2025-9281 (A security issue exists within ArmorStart\xae LT that can result in a ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2025-9280 (A security issue exists within ArmorStart\xae LT that can result in a ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2025-9279 (A security issue exists within ArmorStart\xae LT that can result in a ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2025-9278 (A security issue exists within ArmorStart\xae LT that can result in a ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2025-67824 (The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before ...) TODO: check CVE-2025-67263 (Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-s ...) @@ -127,37 +127,37 @@ CVE-2025-40644 (Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla' CVE-2025-36556 (A reflected cross-site scripting (xss) vulnerability exists in the lda ...) TODO: check CVE-2025-36419 (IBM ApplinX 11.1 could disclose sensitive information about server arc ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36418 (IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerabi ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36411 (IBM ApplinX 11.1 is vulnerable to cross-site request forgery which cou ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36410 (IBM ApplinX 11.1 could allow an authenticated user to perform unauthor ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36409 (IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36408 (IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vu ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36397 (IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML inje ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36396 (IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-sit ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36115 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36113 (IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36066 (IBM Sterlin
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 7945d55d by security tracker role at 2026-01-20T08:13:58+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -83,33 +83,33 @@ CVE-2026-1178 (A security vulnerability has been detected in Yonyou KSOA 9.0. Af CVE-2026-1177 (A weakness has been identified in Yonyou KSOA 9.0. Affected by this vu ...) TODO: check CVE-2026-1176 (A security flaw has been discovered in itsourcecode School Management ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1175 (A vulnerability was identified in birkir prime up to 0.4.0.beta.0. Thi ...) TODO: check CVE-2026-1051 (The Newsletter \u2013 Send awesome emails from WordPress plugin for Wo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1045 (The Viet contact plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-1042 (The WP Hello Bar plugin for WordPress is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0895 (The extension extends TYPO3\u2019 FileSpool component, which was vulne ...) - TODO: check + NOT-FOR-US: TYPO3 (core or extensions) CVE-2025-66523 (URL parameters are directly embedded into JavaScript code or HTML attr ...) TODO: check CVE-2025-15466 (The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14978 (The PeachPay \u2014 Payments & Express Checkout for WooCommerce (suppo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14977 (The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution \u2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14798 (The LearnPress \u2013 WordPress LMS Plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14351 (The Custom Fonts \u2013 Host Your Fonts Locally plugin for WordPress i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14348 (The weMail - Email Marketing, Lead Generation, Optin Forms, Email News ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12573 (The Bookingor WordPress plugin through 1.0.12 exposes authenticated A ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-23878 (HotCRP is conference review software. Starting in commit aa20ef288828b ...) NOT-FOR-US: HotCRP CVE-2026-23852 (SiYuan is a personal knowledge management system. Versions prior to 3. ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7945d55d862ff1aa7d34b1c6f40eecfe518ec738 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7945d55d862ff1aa7d34b1c6f40eecfe518ec738 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 0b451d20 by security tracker role at 2026-01-19T20:16:51+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -65,19 +65,19 @@ CVE-2026-1162 (A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted CVE-2026-1161 (A vulnerability was detected in pbrong hrms 1.0.1. The affected elemen ...) TODO: check CVE-2026-1160 (A security vulnerability has been detected in PHPGurukul Directory Man ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-1159 (A weakness has been identified in itsourcecode Online Frozen Foods Ord ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1158 (A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B202 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1157 (A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1156 (A vulnerability was determined in Totolink LR350 9.3.5u.6369_B20220309 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1155 (A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. Aff ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1154 (A flaw has been found in SourceCodester E-Learning System 1.0. This im ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-1153 (A vulnerability was detected in technical-laohu mpay up to 1.2.4. This ...) TODO: check CVE-2026-1152 (A security vulnerability has been detected in technical-laohu mpay up ...) @@ -85,21 +85,21 @@ CVE-2026-1152 (A security vulnerability has been detected in technical-laohu mpa CVE-2026-1151 (A weakness has been identified in technical-laohu mpay up to 1.2.4. Th ...) TODO: check CVE-2026-1150 (A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B202 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1149 (A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1148 (A vulnerability was determined in SourceCodester/Patrick Mvuma Patient ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-1147 (A vulnerability was found in SourceCodester/Patrick Mvuma Patients Wai ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-1146 (A vulnerability has been found in SourceCodester/Patrick Mvuma Patient ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2026-1145 (A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by ...) TODO: check CVE-2026-1007 (Incorrect Authorization vulnerability in virtual gateway component in ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2026-0610 (SQL Injection vulnerability in remote-sessions in Devolutions Server.T ...) - TODO: check + NOT-FOR-US: Devolutions CVE-2025-69199 (Wings is the server control plane for Pterodactyl, a free, open-source ...) TODO: check CVE-2025-69198 (Pterodactyl is a free, open-source game server management panel. Ptero ...) @@ -109,23 +109,23 @@ CVE-2025-68616 (WeasyPrint helps web developers to create PDF documents. Prior t CVE-2025-61684 (Quicly, an IETF QUIC protocol implementation, is susceptible to a deni ...) TODO: check CVE-2025-55252 (HCL AION version 2 is affected by a Weak Password Policy vulnerability ...) - TODO: check + NOT-FOR-US: HCL CVE-2025-55251 (HCL AION is affected by an Unrestricted File Upload vulnerability. Thi ...) - TODO: check + NOT-FOR-US: HCL CVE-2025-55250 (HCL AION version 2 is affected by a Technical Error Disclosure vulnera ...) - TODO: check + NOT-FOR-US: HCL CVE-2025-55249 (HCL AION is affected by a Missing Security Response Headers vulnerabil ...) - TODO: check + NOT-FOR-US: HCL CVE-2025-52661 (HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerab ...) - TODO: check + NOT-FOR-US: HCL CVE-2025-52660 (HCL AION is affected by an Unrestricted File Upload vulnerability. Thi ...) - TODO: check + NOT-FOR-US: HCL CVE-2025-52659 (HCL AION version 2 is affected by a Cacheable HTTP Response vulnerabil ...) - TODO: check + NOT-FOR-US: HCL CVE-2025-11044 (An Allocation of Resources Without Limits or Throttling vulnerability ...) - TODO: check + NOT-FOR-US: ABB group CVE-2025-11043 (An Improper Certificate Validation vulnerability in the OPC-UA client ...) - TODO: check + NOT-FOR-US: ABB group CVE-2026-23534 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...) - freerdp3 - freerdp2 View it on GitLab: https://salsa.debian.org/secur
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e0161f80 by security tracker role at 2026-01-19T08:13:11+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -11,11 +11,11 @@ CVE-2026-23525 (1Panel is an open-source, web-based control panel for Linux serv CVE-2026-1144 (A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affec ...) TODO: check CVE-2026-1143 (A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B2020051 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-1142 (A security flaw has been discovered in PHPGurukul News Portal 1.0. The ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-1141 (A vulnerability was identified in PHPGurukul News Portal 1.0. The affe ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-1140 (A vulnerability was found in UTT \u8fdb\u53d6 520W 1.7.7-180627. This ...) TODO: check CVE-2026-1139 (A vulnerability has been found in UTT \u8fdb\u53d6 520W 1.7.7-180627. ...) @@ -27,9 +27,9 @@ CVE-2026-1137 (A vulnerability was detected in UTT \u8fdb\u53d6 520W 1.7.7-18062 CVE-2026-1136 (A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c8 ...) TODO: check CVE-2026-1135 (A security flaw has been discovered in itsourcecode Society Management ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1134 (A vulnerability was identified in itsourcecode Society Management Syst ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1133 (A vulnerability was determined in Yonyou KSOA 9.0. The impacted elemen ...) TODO: check CVE-2026-1132 (A vulnerability was found in Yonyou KSOA 9.0. The affected element is ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0161f807736e2f0a1f3613a5454631e6f0e9ae4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e0161f807736e2f0a1f3613a5454631e6f0e9ae4 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 406e0977 by security tracker role at 2026-01-18T20:14:45+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2026-1126 (A security vulnerability has been detected in lwj flow up to a3d2fe813 ...) TODO: check CVE-2026-1125 (A weakness has been identified in D-Link DIR-823X 250416. Affected by ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-1124 (A security flaw has been discovered in Yonyou KSOA 9.0. Affected by th ...) TODO: check CVE-2026-1123 (A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unkn ...) @@ -13,9 +13,9 @@ CVE-2026-1121 (A vulnerability was found in Yonyou KSOA 9.0. This affects an unk CVE-2026-1120 (A vulnerability has been found in Yonyou KSOA 9.0. The impacted elemen ...) TODO: check CVE-2026-1119 (A flaw has been found in itsourcecode Society Management System 1.0. T ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-1118 (A vulnerability was detected in itsourcecode Society Management System ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2026-0863 (Using string formatting and exception handling, an attacker may bypass ...) TODO: check CVE-2025-15537 (A security vulnerability has been detected in Mapnik up to 4.2.0. This ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/406e0977ff6f330d6ed3b24d122f1de370f5b7d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/406e0977ff6f330d6ed3b24d122f1de370f5b7d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 4f827dbc by security tracker role at 2026-01-17T20:15:05+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -13,9 +13,9 @@ CVE-2026-1049 (A security vulnerability has been detected in LigeroSmart up to 6 CVE-2026-1048 (A weakness has been identified in LigeroSmart up to 6.1.26. Impacted i ...) TODO: check CVE-2026-0725 (The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-8615 (The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15532 (A security flaw has been discovered in Open5GS up to 2.7.5. This issue ...) TODO: check CVE-2025-15531 (A vulnerability was identified in Open5GS up to 2.7.5. This vulnerabil ...) @@ -23,9 +23,9 @@ CVE-2025-15531 (A vulnerability was identified in Open5GS up to 2.7.5. This vuln CVE-2025-15530 (A vulnerability was determined in Open5GS up to 2.7.6. This affects th ...) TODO: check CVE-2025-14078 (The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Miss ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-10484 (The Registration & Login with Mobile Phone Number for WooCommerce plug ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-23800 (Incorrect Privilege Assignment vulnerability in Modular DS modular-con ...) NOT-FOR-US: WordPress plugin or theme CVE-2026-23745 (node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails t ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f827dbc186b167609e54dd9d01eb5876ba231cd -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f827dbc186b167609e54dd9d01eb5876ba231cd You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6384c463 by security tracker role at 2026-01-17T08:13:49+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2026-23800 (Incorrect Privilege Assignment vulnerability in Modular DS modular-con ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2026-23745 (node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails t ...) TODO: check CVE-2026-23744 (MCPJam inspector is the local-first development platform for MCP serve ...) @@ -15,25 +15,25 @@ CVE-2026-22865 (Gradle is a build automation tool, and its native-platform tool CVE-2026-22816 (Gradle is a build automation tool, and its native-platform tool provid ...) TODO: check CVE-2026-21223 (Microsoft Edge Elevation Service exposes a privileged COM interface th ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2026-20960 (Improper authorization in Microsoft Power Apps allows an authorized at ...) TODO: check CVE-2026-0833 (The Team Section Block plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0820 (The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0808 (The Spin Wheel plugin for WordPress is vulnerable to client-side prize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0691 (The CM E-Mail Blacklist \u2013 Simple email filtering for safer regist ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0682 (The Church Admin plugin for WordPress is vulnerable to Server-Side Req ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0519 (In Secure Access 12.70 and prior to 14.20, the logging subsystem may ...) - TODO: check + NOT-FOR-US: Absolute Software CVE-2026-0518 (CVE-2026-0518 is a cross-site scripting vulnerability in versions of ...) - TODO: check + NOT-FOR-US: Absolute Software CVE-2026-0517 (CVE-2026-0517 is a denial-of-service vulnerability in versions of Secu ...) - TODO: check + NOT-FOR-US: Absolute Software CVE-2025-5489 REJECTED CVE-2025-5102 @@ -45,33 +45,33 @@ CVE-2025-15529 (A vulnerability was found in Open5GS up to 2.7.6. Affected by th CVE-2025-15528 (A vulnerability has been found in Open5GS up to 2.7.6. Affected by thi ...) TODO: check CVE-2025-15403 (The RegistrationMagic plugin for WordPress is vulnerable to Privilege ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14632 (The Filr \u2013 Secure document library plugin for WordPress is vulner ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14478 (The Demo Importer Plus plugin for WordPress is vulnerable to XML Exter ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14463 (The Payment Button for PayPal plugin for WordPress is vulnerable to un ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14450 (The Wallet System for WooCommerce plugin for WordPress is vulnerable t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14075 (The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive I ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14029 (The Community Events plugin for WordPress is vulnerable to unauthorize ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13725 (The Gutenberg Thim Blocks \u2013 Page Builder, Gutenberg Blocks for th ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12984 (The Advanced Ads \u2013Ad Manager & AdSense plugin for WordPress is vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12825 (The User Registration Using Contact Form 7 plugin for WordPress is vul ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12718 (The Quick Contact Form plugin for WordPress is vulnerable to Open Mail ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12168 (The Phrase TMS Integration for WordPress plugin for WordPress is vulne ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12129 (The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12002 (The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-8506 REJECTED CVE-2024-8491 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6384c4634ec4e3b97f3619a44b818bb5471cdca4 -- View it on GitLab: h
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 73f17025 by security tracker role at 2026-01-16T20:15:07+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,23 +1,23 @@ CVE-2026-23731 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, Th ...) - TODO: check + NOT-FOR-US: WeGIA CVE-2026-23730 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...) - TODO: check + NOT-FOR-US: WeGIA CVE-2026-23729 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...) - TODO: check + NOT-FOR-US: WeGIA CVE-2026-23728 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...) - TODO: check + NOT-FOR-US: WeGIA CVE-2026-23727 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...) - TODO: check + NOT-FOR-US: WeGIA CVE-2026-23726 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An ...) - TODO: check + NOT-FOR-US: WeGIA CVE-2026-23725 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a ...) - TODO: check + NOT-FOR-US: WeGIA CVE-2026-23724 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a ...) - TODO: check + NOT-FOR-US: WeGIA CVE-2026-23723 (WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an ...) - TODO: check + NOT-FOR-US: WeGIA CVE-2026-23722 (WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a ...) - TODO: check + NOT-FOR-US: WeGIA CVE-2026-23645 (SiYuan is self-hosted, open source personal knowledge management softw ...) TODO: check CVE-2026-23634 (Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to ...) @@ -37,21 +37,21 @@ CVE-2026-22876 (Path Traversal vulnerability exists in multiple Network Cameras CVE-2026-22782 (RustFS is a distributed object storage system built in Rust. From >= 1 ...) TODO: check CVE-2026-21625 (User provided uploads to the Easy Discuss component for Joomla aren't ...) - TODO: check + NOT-FOR-US: Joomla CVE-2026-21624 (Lack of input filterung leads to a persistent XSS vulnerability in the ...) - TODO: check + NOT-FOR-US: Joomla CVE-2026-21623 (Lack of input filterung leads to a persistent XSS vulnerability in the ...) - TODO: check + NOT-FOR-US: Joomla CVE-2026-20894 (Cross-site scripting vulnerability exists in multiple Network Cameras ...) TODO: check CVE-2026-20759 (OS Command Injection vulnerability exists in multiple Network Cameras ...) TODO: check CVE-2026-1004 (The Essential Addons for Elementor plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0949 (PEM versions prior to 9.8.1 are affected by a stored Cross-site Script ...) TODO: check CVE-2026-0913 (The User Submitted Posts \u2013 Enable Users to Submit Posts from the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0823 REJECTED CVE-2026-0696 (In ConnectWise PSA versions older than 2026.1, certain session cookies ...) @@ -69,29 +69,29 @@ CVE-2026-0613 (The Librarian contains an internal port scanning vulnerability, f CVE-2026-0612 (The Librarian contains a information leakage vulnerability through the ...) TODO: check CVE-2025-71020 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-70746 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-69581 (An issue was discovered in Chamillo LMS 1.11.2. The Social Network /pe ...) TODO: check CVE-2025-68924 (In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can ...) - TODO: check + NOT-FOR-US: Umbraco CMS CVE-2025-68921 (SteelSeries Nahimic 3 1.10.7 allows Directory traversal.) TODO: check CVE-2025-59870 (HCL MyXalytics v6.7 is affected by improper management of a static JWT ...) - TODO: check + NOT-FOR-US: HCL CVE-2025-48647 (In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, t ...) - TODO: check + NOT-FOR-US: Android CVE-2025-43508 (A logging issue was addressed with improved data redaction. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2025-31186 (A permissions issue was addressed with additional restrictions. This i ...) - TODO: check + NOT-FOR-US: Apple CVE-2025-29943 (Write what were condition within AMD CPUs may allow an admin-privilege ...) TODO: check CVE-2025-24090 (A permissions issue was addressed with additional restrictions. This i ...)
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6763ed4 by security tracker role at 2026-01-16T08:13:15+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -21,35 +21,35 @@ CVE-2026-22863 (Deno is a JavaScript, TypeScript, and
WebAssembly runtime. Befor
CVE-2026-22045 (Traefik is an HTTP reverse proxy and load balancer. Prior to
2.11.35 a ...)
TODO: check
CVE-2026-21921 (A Use After Free vulnerability in the chassis daemon
(chassisd) of Jun ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21920 (An Unchecked Return Value vulnerability in the DNS module of
Juniper N ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21918 (A Double Free vulnerability in the flow processing daemon
(flowd) of J ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21917 (An Improper Validation of Syntactic Correctness of Input
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21914 (An Improper Locking vulnerability in the GTP plugin of Juniper
Network ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21913 (An Incorrect Initialization of Resource vulnerability in the
Internal ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21912 (A Time-of-check Time-of-use (TOCTOU) Race Condition
vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21911 (An Incorrect Calculation vulnerability in the Layer 2 Control
Protoco ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21910 (An Improper Check for Unusual or Exceptional Conditions
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21909 (A Missing Release of Memory after Effective Lifetime
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21908 (A Use After Free vulnerability was identified in the 802.1X
authentica ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21907 (A Use of a Broken or Risky Cryptographic Algorithm
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21906 (An Improper Handling of Exceptional Conditions vulnerability
in the pa ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21905 (A Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-21903 (A Stack-based Buffer Overflow vulnerability in the Packet
Forwarding E ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2026-1023 (Statistics Database System developed by Gotac has a Missing
Authentica ...)
TODO: check
CVE-2026-1022 (Statistics Database System developed by Gotac has an Arbitrary
File Re ...)
@@ -73,31 +73,31 @@ CVE-2026-1009 (A stored cross-site scripting (XSS)
vulnerability exists in the A
CVE-2026-1008 (A stored cross-site scripting (XSS) vulnerability exists in the
user p ...)
TODO: check
CVE-2026-1003 (The GetGenie plugin for WordPress is vulnerable to
authorization bypas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1002 (The Vert.x Web static handler component cache can be
manipulated to de ...)
TODO: check
CVE-2026-1000 (The MailerLite - WooCommerce integration plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0975 (Delta Electronics DIAView has Command Injection vulnerability.)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-0942 (The Rede Ita\xfa for WooCommerce \u2014 Payment PIX, Credit
Card and D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0939 (The Rede Ita\xfa for WooCommerce plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0916 (The Related Posts by Taxonomy plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0915 (Calling getnetbyaddr or getnetbyaddr_r with a configured
nsswitch.conf ...)
TODO: check
CVE-2026-0858 (Versions of the package net.sourceforge.plantuml:plantuml
before 1.202 ...)
TODO: check
CVE-2026-0203 (An Improper Handling of Exceptional Conditions vulnerability in
packet ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2025-70893 (A time-based blind SQL Injection vulnerability exists in
PHPGurukul Cy ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-70892 (Phpgurukul Cyber Cafe Management System v1.0 contains a SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-70891 (A stored cross-site scripting (XSS) vulnerability exists in
Phpgurukul ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-70890 (A stored cross-site scripting (XSS) vulnerability exists in
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 5a974272 by security tracker role at 2026-01-15T20:14:15+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,33 +21,33 @@ CVE-2026-23494 (Pimcore is an Open Source Data & Experience Management Platform. CVE-2026-23493 (Pimcore is an Open Source Data & Experience Management Platform. Prior ...) TODO: check CVE-2026-22920 (The device's passwords have not been adequately salted, making them vu ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22919 (An attacker with administrative access may inject malicious content in ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22918 (An attacker may exploit missing protection against clickjacking by tri ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22917 (Improper input handling in a system endpoint may allow attackers to ov ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22916 (An attacker with low privileges may be able to trigger critical system ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22915 (An attacker with low privileges may be able to read files from specifi ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22914 (An attacker with limited permissions may still be able to write files ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22913 (Improper handling of a URL parameter may allow attackers to execute co ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22912 (Improper validation of a login parameter may allow attackers to redire ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22911 (Firmware update files may expose password hashes for system accounts, ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22910 (The device is deployed with weak and publicly known default passwords ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22909 (Certain system functions may be accessed without proper authorization, ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22908 (Uploading unvalidated container images may allow remote attackers to g ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22907 (An attacker may gain unauthorized access to the host filesystem, poten ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22867 (LaSuite Doc is a collaborative note taking, wiki and documentation pla ...) TODO: check CVE-2026-22803 (SvelteKit is a framework for rapidly developing robust, performant web ...) @@ -57,35 +57,35 @@ CVE-2026-22775 (Svelte devalue is a JavaScript library that serializes values in CVE-2026-22774 (Svelte devalue is a JavaScript library that serializes values into str ...) TODO: check CVE-2026-22646 (Certain error messages returned by the application expose internal sys ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22645 (The application discloses all used components, versions and license in ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22644 (Certain requests pass the authentication token in the URL as string qu ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22643 (In Grafana, an excessively long dashboard title or panel name will cau ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22642 (An open redirect vulnerability has been identified in Grafana OSS orga ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22641 (This vulnerability in Grafana's datasource proxy API allows authorizat ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22640 (An access control vulnerability was discovered in Grafana OSS where an ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22639 (Grafana is an open-source platform for monitoring and observability. T ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22638 (A cross-site scripting (XSS) vulnerability exists in Grafana caused by ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22637 (The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. ...) - TODO: check + NOT-FOR-US: SICK AG CVE-2026-22265 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...) TODO: check CVE-2026-22249 (Docmost is an open-source collaborative wiki and documentation softwar ...) TODO: check CVE-2026-20076 (A vulnerability in the web-based management interface of Cisco Identit ...) - TODO: check + NOT-FOR-US: Cisco CVE-2026-20075 (A vulnerability in the web-based management interface of Cisco Evolved ...) TODO: check CVE-2026-20047 (A vulnerability in the web-based management interface of Cisco Identit ...) - TODO: check +
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 81afd9ca by security tracker role at 2026-01-15T08:13:57+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,29 +29,29 @@ CVE-2026-0959 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 CVE-2026-0861 (Passing too large an alignment to the memalign suite of functions (mem ...) TODO: check CVE-2026-0601 (A reflected cross-site scripting vulnerability exists in Nexus Reposit ...) - TODO: check + NOT-FOR-US: Sonatype CVE-2026-0600 (Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Rep ...) - TODO: check + NOT-FOR-US: Sonatype CVE-2026-0421 (A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 G ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2025-14457 (The Drag and Drop Multiple File Upload for Contact Form 7 plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14448 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14058 (A potential missing authentication vulnerability was reported in some ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2025-13455 (A vulnerability was reported in ThinkPlus configuration software that ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2025-13454 (A potential vulnerability was reported in ThinkPlus configuration soft ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2025-13453 (A potential vulnerability was reported in some ThinkPlus USB drives th ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2025-13154 (An improper link following vulnerability was reported in the SmartPerf ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2025-12533 REJECTED CVE-2025-12166 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-23550 (Incorrect Privilege Assignment vulnerability in Modular DS allows Priv ...) NOT-FOR-US: WordPress plugin or theme CVE-2026-23498 (Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81afd9ca7c36d93ea30c21f1cc0e2c44f2df4f5e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/81afd9ca7c36d93ea30c21f1cc0e2c44f2df4f5e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 8481d8e3 by security tracker role at 2026-01-14T20:14:15+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2026-23550 (Incorrect Privilege Assignment vulnerability in Modular DS allows Priv ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2026-23498 (Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, ...) TODO: check CVE-2026-23497 (Frappe Learning Management System (LMS) is a learning system that help ...) @@ -67,11 +67,11 @@ CVE-2025-71165 (Typesetter CMS versions up to and including 5.1 contain a reflec CVE-2025-71164 (Typesetter CMS versions up to and including 5.1 contain a reflected cr ...) TODO: check CVE-2025-71021 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-70968 (FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE( ...) TODO: check CVE-2025-70747 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in t ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-67835 (Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service ...) TODO: check CVE-2025-67834 (Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthe ...) @@ -91,21 +91,21 @@ CVE-2025-63644 (A stored cross-site scripting (XSS) vulnerability exists in pH7S CVE-2025-56226 (Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3 ...) TODO: check CVE-2025-37185 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) - TODO: check + NOT-FOR-US: HPE CVE-2025-37184 (A vulnerability exists in an Orchestrator service that could allow an ...) - TODO: check + NOT-FOR-US: HPE CVE-2025-37183 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) - TODO: check + NOT-FOR-US: HPE CVE-2025-37182 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) - TODO: check + NOT-FOR-US: HPE CVE-2025-37181 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) - TODO: check + NOT-FOR-US: HPE CVE-2025-33206 (NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an att ...) TODO: check CVE-2025-14557 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) - TODO: check + NOT-FOR-US: Drupal core and addons CVE-2025-14556 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...) - TODO: check + NOT-FOR-US: Drupal core and addons CVE-2025-14317 (In Crazy Bubble Tea mobile application authenticated attacker canobtai ...) TODO: check CVE-2025-14242 (A flaw was found in vsftpd. This vulnerability allows a denial of serv ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8481d8e339a82e15d1ffe32c6eec6af19c2b5243 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8481d8e339a82e15d1ffe32c6eec6af19c2b5243 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 36f2ab21 by security tracker role at 2026-01-14T08:14:02+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,43 +17,43 @@ CVE-2026-22718 (The VSCode extension for Spring CLI are vulnerable to command in CVE-2026-22686 (Enclave is a secure JavaScript sandbox designed for safe AI agent code ...) TODO: check CVE-2026-21308 (Substance3D - Designer versions 15.0.3 and earlier are affected by an ...) - TODO: check + NOT-FOR-US: Adobe CVE-2026-21307 (Substance3D - Designer versions 15.0.3 and earlier are affected by an ...) - TODO: check + NOT-FOR-US: Adobe CVE-2026-21303 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an O ...) - TODO: check + NOT-FOR-US: Adobe CVE-2026-21302 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an O ...) - TODO: check + NOT-FOR-US: Adobe CVE-2026-21301 (Substance3D - Modeler versions 1.22.4 and earlier are affected by a NU ...) - TODO: check + NOT-FOR-US: Adobe CVE-2026-21300 (Substance3D - Modeler versions 1.22.4 and earlier are affected by a NU ...) - TODO: check + NOT-FOR-US: Adobe CVE-2026-21299 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2026-21298 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2026-0813 (The Short Link plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0812 (The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0741 (The Electric Studio Download Counter plugin for WordPress is vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0739 (The WMF Mobile Redirector plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0734 (The WP Allowed Hosts plugin for WordPress is vulnerable to Stored Cros ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0717 (The LottieFiles \u2013 Lottie block for Gutenberg plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0694 (The SearchWiz plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0680 (The Real Post Slider Lite plugin for WordPress is vulnerable to Stored ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0678 (The Flat Shipping Rate by City for WooCommerce plugin for WordPress is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0635 (The Responsive Accordion Slider plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0594 (The List Site Contributors plugin for WordPress is vulnerable to Refle ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0543 (Improper Input Validation (CWE-20) in Kibana's Email Connector can all ...) TODO: check CVE-2026-0531 (Allocation of Resources Without Limits or Throttling (CWE-770) in Kiba ...) @@ -63,37 +63,37 @@ CVE-2026-0530 (Allocation of Resources Without Limits or Throttling (CWE-770) in CVE-2026-0528 (Improper Validation of Array Index (CWE-129) exists in Metricbeat can ...) TODO: check CVE-2025-68970 (Permission verification bypass vulnerability in the media library modu ...) - TODO: check + NOT-FOR-US: Huawei CVE-2025-68969 (Multi-thread race condition vulnerability in the thermal management mo ...) - TODO: check + NOT-FOR-US: Huawei CVE-2025-68968 (Double free vulnerability in the multi-mode input module. Impact: Succ ...) - TODO: check + NOT-FOR-US: Huawei CVE-2025-68967 (Vulnerability of improper permission control in the print module. Impa ...) - TODO: check + NOT-FOR-US: Huawei CVE-2025-68966 (Permission control vulnerability in the Notepad module. Impact: Succes ...) - TODO: check + NOT-FOR-US: Huawei CVE-2025-68965 (Permission control vulnerability in the Notepad module. Impact: Succes ...) - TODO: check + NOT-FOR-US: Huawei CVE-2025-68964 (Data verification vulnerability in the HiView module. Impact: Successf ...) - TODO: check + NOT-FOR-US: Huawei CVE-2025-68963 (Man-in-the-middle attack vulnerability in the Clone module. Impact: Su ...) - TODO: check + NOT-FOR-US: Huawei CVE-2025-68962 (Multi-thread race condition vulnerability in the camera framework modu ...) - TODO: chec
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9954999c by security tracker role at 2026-01-13T20:13:56+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -11,39 +11,39 @@ CVE-2026-22791 (openCryptoki is a PKCS#11 library and tools
for Linux and AIX. I
CVE-2026-22755 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
TODO: check
CVE-2026-21306 (Substance3D - Sampler versions 5.1.0 and earlier are affected
by an ou ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21305 (Substance3D - Painter versions 11.0.3 and earlier are affected
by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21304 (InDesign Desktop versions 21.0, 19.5.5 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21288 (Illustrator versions 29.8.3, 30.0 and earlier are affected by
a NULL P ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21287 (Substance3D - Stager versions 3.1.5 and earlier are affected
by a Use ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21283 (Bridge versions 15.1.2, 16.0 and earlier are affected by a
Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21281 (InCopy versions 21.0, 19.5.5 and earlier are affected by a
Heap-based ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21280 (Illustrator versions 29.8.3, 30.0 and earlier are affected by
an Untru ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21278 (InDesign Desktop versions 21.0, 19.5.5 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21277 (InDesign Desktop versions 21.0, 19.5.5 and earlier are
affected by a H ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21276 (InDesign Desktop versions 21.0, 19.5.5 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21275 (InDesign Desktop versions 21.0, 19.5.5 and earlier are
affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21274 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Incor ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21272 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21271 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21268 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21267 (Dreamweaver Desktop versions 21.6 and earlier are affected by
an Impro ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21265 (Windows Secure Boot stores Microsoft certificates in the UEFI
KEK and ...)
TODO: check
CVE-2026-21226 (Deserialization of untrusted data in Azure Core shared client
library ...)
@@ -267,47 +267,47 @@ CVE-2026-20804 (Incorrect privilege assignment in Windows
Hello allows an unauth
CVE-2026-20803 (Missing authentication for critical function in SQL Server
allows an a ...)
TODO: check
CVE-2026-0859 (TYPO3's mail\u2011file spool deserialization flaw lets local
users wit ...)
- TODO: check
+ NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-0684 (The CP Image Store with Slideshow plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0408 (A path traversal vulnerability in NETGEAR WiFi range extenders
allows ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0407 (An insufficient authentication vulnerability in NETGEAR WiFi
range ex ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0406 (An insufficient input validation vulnerability in the NETGEAR
XR1000v2 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0405 (An authentication bypass vulnerability in NETGEAR Orbi devices
allows ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0404 (An insufficient input validation vulnerability in NETGEAR Orbi
devices ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0403 (An insufficient input validation vulnerability in NETGEAR Orbi
routers ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2026-0386 (Improper access control in Windows Deployment Services allows
an unaut ...)
TODO: check
CVE-2025-9435 (Zohocorp ManageEngine ADManager Plus versions below7230are
vulnerable ...)
- TODO: check
+ NOT-FOR-US: Zoho
CVE-2025-9427 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-8090 (Null pointer dereference in the MsgRegisterEvent() system call
could a ...)
- TODO
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e8efbf14 by security tracker role at 2026-01-13T08:13:29+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -47,51 +47,51 @@ CVE-2026-22213 (RIOT OS versions up to and including 2026.01-devel-317 contain a CVE-2026-22212 (TinyOS versions up to and including 2.1.2 contain a stack-based buffer ...) TODO: check CVE-2026-0514 (Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Conn ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0513 (Due to an Open Redirect Vulnerability in SAP Supplier Relationship Man ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0511 (SAP Fiori App Intercompany Balance Reconciliation does not perform nec ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0510 (The User Management Engine (UME) in NetWeaver Application Server for J ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0507 (Due to an OS Command Injection vulnerability in SAP Application Server ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0506 (Due to a Missing Authorization Check vulnerability in Application Serv ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0504 (Due to insufficient input handling, the SAP Identity Management REST i ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0503 (Due to missing authorization check in the SAP ERP Central Component (S ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0501 (Due to insufficient input validation in SAP S/4HANA Private Cloud and ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0500 (Due to the usage of vulnerable third party component in SAP Wily Intro ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0499 (SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0498 (SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with adm ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0497 (SAP Product Designer Web UI of Business Server Pages allows authentica ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0496 (SAP Fiori App Intercompany Balance Reconciliation allows an attacker w ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0495 (SAP Fiori App Intercompany Balance Reconciliation allows an attacker w ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0494 (Under certain conditions SAP Fiori App Intercompany Balance Reconcilia ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0493 (Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0492 (SAP HANA database is vulnerable to privilege escalation allowing an at ...) - TODO: check + NOT-FOR-US: SAP CVE-2026-0491 (SAP Landscape Transformation allows an attacker with admin privileges ...) - TODO: check + NOT-FOR-US: SAP CVE-2025-67147 (Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Ma ...) TODO: check CVE-2025-67146 (Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MAN ...) TODO: check CVE-2025-66177 (There is a Stack overflow Vulnerability in the device Search and Disco ...) - TODO: check + NOT-FOR-US: Hikvision CVE-2025-66176 (There is a Stack overflow Vulnerability in the device Search and Disco ...) - TODO: check + NOT-FOR-US: Hikvision CVE-2025-41717 (An unauthenticated remote attacker can trick a high privileged user in ...) TODO: check CVE-2025-29329 (Buffer Overflow in the ippprint (Internet Printing Protocol) service i ...) @@ -99,11 +99,11 @@ CVE-2025-29329 (Buffer Overflow in the ippprint (Internet Printing Protocol) ser CVE-2025-15514 (Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointe ...) TODO: check CVE-2025-14829 (The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerab ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12420 (A vulnerability has been identified in the ServiceNow AI Platform that ...) - TODO: check + NOT-FOR-US: ServiceNow CVE-2025-10915 (The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrar ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-58340 (LangChain versions up to and including 0.3.1 contain a regular express ...) TODO: check CVE-2024-58339 (LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8efbf141c74d4a3aa2d304ccd57a5803ef4abec -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commi
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 50bea91f by security tracker role at 2026-01-12T20:13:10+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -19,7 +19,7 @@ CVE-2026-22250 (wlc is a Weblate command-line client using Weblate's REST API. P CVE-2026-22200 (Enhancesoft osTicket versions up to and including 1.18.2 contain an ar ...) TODO: check CVE-2026-22050 (ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 w ...) - TODO: check + NOT-FOR-US: NetApp CVE-2026-22033 (Label Studio is a multi-type data labeling and annotation tool. In 1.2 ...) TODO: check CVE-2025-71063 (Errands before 46.2.10 does not verify TLS certificates for CalDAV ser ...) @@ -43,7 +43,7 @@ CVE-2025-67813 (Quest KACE Desktop Authority through 11.3.1 has Insecure Permiss CVE-2025-66939 (Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 ...) TODO: check CVE-2025-66802 (Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RC ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2025-66689 (A path traversal vulnerability exists in Zen MCP Server before 9.8.2 t ...) TODO: check CVE-2025-65553 (D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is susceptible to RF jam ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bea91f4be0298c42dff75da1990a2910de6c8c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50bea91f4be0298c42dff75da1990a2910de6c8c You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37ba042d by security tracker role at 2026-01-12T08:13:55+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -5,35 +5,35 @@ CVE-2026-0854 (Certain DVR/NVR models developed by Merit
LILIN has a OS Command
CVE-2026-0853 (Certain NVR models developed by A-Plus Video Technologies has a
Sensit ...)
TODO: check
CVE-2026-0852 (A security flaw has been discovered in code-projects Online
Music Site ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0851 (A vulnerability was identified in code-projects Online Music
Site 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0850 (A vulnerability was determined in code-projects Intern
Membership Mana ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-69276 (Deserialization of Untrusted Data vulnerability in Broadcom DX
NetOps ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2025-69275 (Dependency on Vulnerable Third-Party Component vulnerability
in Broadc ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2025-69274 (Authorization Bypass Through User-Controlled Key vulnerability
in Broa ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2025-69273 (Improper Authentication vulnerability in Broadcom DX NetOps
Spectrum o ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2025-69272 (Cleartext Transmission of Sensitive Information vulnerability
in Broad ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2025-69271 (Insufficiently Protected Credentials vulnerability in Broadcom
DX NetO ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2025-69270 (Information Exposure Through Query Strings in GET Request
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2025-69269 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2025-69268 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2025-69267 (Improper Limitation of a Pathname to a Restricted Directory
(Path Trav ...)
- TODO: check
+ NOT-FOR-US: Broadcom
CVE-2025-52694 (Successful exploitation of the SQL injection vulnerability
could allow ...)
TODO: check
CVE-2025-14579 (The Quiz Maker WordPress plugin before 6.7.0.89 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14525
NOT-FOR-US: KubeVirt
CVE-2026-0843 (A vulnerability has been found in jiujiujia/victor123/wxw850227
jjjfoo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37ba042d395df241ad8c5b0306248738a64290e4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37ba042d395df241ad8c5b0306248738a64290e4
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 26e5bab4 by security tracker role at 2026-01-10T20:22:01+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2026-0831 (The Templately plugin for WordPress is vulnerable to Arbitrary File Wr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0824 (A security flaw has been discovered in questdb ui up to 1.11.9. Impact ...) TODO: check CVE-2026-0822 (A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. Thi ...) @@ -19,15 +19,15 @@ CVE-2025-15504 (A security flaw has been discovered in lief-project LIEF up to 0 CVE-2025-15503 (A security flaw has been discovered in Sangfor Operation and Maintenan ...) TODO: check CVE-2025-14976 (The User Registration & Membership \u2013 Custom Registration Form Bui ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14555 (The Countdown Timer \u2013 Widget Countdown plugin for WordPress is vu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14506 (The ConvertForce Popup Builder plugin for WordPress is vulnerable to S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13393 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12379 (The Shortcodes and extra features for Phlox theme plugin for WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-22777 (ComfyUI-Manager is an extension designed to enhance the usability of C ...) NOT-FOR-US: ComfyUI-Manager CVE-2026-22773 (vLLM is an inference and serving engine for large language models (LLM ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26e5bab43567dfbe620eda76be88c914a1195fce -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26e5bab43567dfbe620eda76be88c914a1195fce You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ed4a7ad5 by security tracker role at 2026-01-10T08:13:41+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -71,7 +71,7 @@ CVE-2026-22594 (Ghost is a Node.js content management system.
In versions 5.105.
CVE-2026-22589 (Spree is an open source e-commerce solution built with Ruby on
Rails. ...)
TODO: check
CVE-2026-22584 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Salesforce
CVE-2026-22030 (React Router is a router for React. In
@remix-run/server-runtime versi ...)
TODO: check
CVE-2026-22029 (React Router is a router for React. In @remix-run/router
version prior ...)
@@ -97,15 +97,15 @@ CVE-2026-21897 (CryptoLib provides a software-only solution
using the CCSDS Spac
CVE-2026-21884 (React Router is a router for React. In @remix-run/react
version prior ...)
TODO: check
CVE-2026-0830 (Processing specially crafted workspace folder names could allow
for ar ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-68470 (React Router is a router for React. In versions 6.0.0 through
6.30.1 a ...)
TODO: check
CVE-2025-65091 (XWiki Full Calendar Macro displays objects from the wiki on
the calend ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-65090 (XWiki Full Calendar Macro displays objects from the wiki on
the calend ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-62487 (### Details On October 1, 2025, Palantir discovered that
images upload ...)
- TODO: check
+ NOT-FOR-US: Palantir
CVE-2025-61686 (React Router is a router for React. In @react-router/node
versions 7.0 ...)
TODO: check
CVE-2025-61676 (October is a Content Management System (CMS) and web platform.
Prior t ...)
@@ -119,13 +119,13 @@ CVE-2025-59057 (React Router is a router for React. In
@remix-run/react versions
CVE-2025-51626 (SQL injection vulnerability in pss.sale.com 1.0 via the id
parameter t ...)
TODO: check
CVE-2025-46299 (A memory initialization issue was addressed with improved
memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46298 (The issue was addressed with improved memory handling. This
issue is f ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46297 (A permissions issue was addressed with additional
restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46286 (A logic issue was addressed with improved validation. This
issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-15502 (A vulnerability was identified in Sangfor Operation and
Maintenance Ma ...)
TODO: check
CVE-2025-15501 (A vulnerability was determined in Sangfor Operation and
Maintenance Ma ...)
@@ -135,11 +135,11 @@ CVE-2025-15500 (A vulnerability was found in Sangfor
Operation and Maintenance M
CVE-2025-15499 (A vulnerability has been found in Sangfor Operation and
Maintenance Ma ...)
TODO: check
CVE-2025-14948 (The miniOrange OTP Verification and SMS Notification for
WooCommerce p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14943 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13457 (The WooCommerce Square plugin for WordPress is vulnerable to
Insecure ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-22198 (GestSup versions up to and including 3.2.56 contain a
pre-authenticati ...)
NOT-FOR-US: GestSup
CVE-2026-22197 (GestSup versions up to and including 3.2.56 contain multiple
SQL injec ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed4a7ad546c3378d9dcb7a078e7c1a3f3b1ed0bc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed4a7ad546c3378d9dcb7a078e7c1a3f3b1ed0bc
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ae35501b by security tracker role at 2026-01-09T20:14:19+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -9,25 +9,25 @@ CVE-2026-22195 (GestSup versions up to and including 3.2.56 contain a SQL inject CVE-2026-22194 (GestSup versions up to and including 3.2.56 contain a cross-site reque ...) TODO: check CVE-2026-22082 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-22081 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-22080 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-22079 (This vulnerability exists in Tenda wireless routers (300Mbps Wireless ...) - TODO: check + NOT-FOR-US: Tenda CVE-2026-0817 (Missing Authorization vulnerability in Wikimedia Foundation MediaWiki ...) TODO: check CVE-2026-0803 (A vulnerability was found in PHPGurukul Online Course Registration Sys ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-0627 (The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-7072 (The firmware in KAON CG3000TCand CG3000T routers contains hard-coded c ...) TODO: check CVE-2025-70161 (EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This aris ...) TODO: check CVE-2025-69542 (A Command Injection Vulnerability has been discovered in the DHCP daem ...) - TODO: check + NOT-FOR-US: D-Link CVE-2025-69426 (The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA ...) TODO: check CVE-2025-69425 (The Ruckus vRIoT IoT Controllerfirmware versions prior to 3.0.0.0 (GA) ...) @@ -49,7 +49,7 @@ CVE-2025-67278 (An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v. CVE-2025-67133 (An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to ...) TODO: check CVE-2025-67070 (A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB ...) - TODO: check + NOT-FOR-US: Intelbras CVE-2025-67004 (An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin ...) TODO: check CVE-2025-66744 (In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the serie ...) @@ -75,13 +75,13 @@ CVE-2025-64090 (This vulnerability allows authenticated attackers to execute com CVE-2025-56225 (fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer de ...) TODO: check CVE-2025-46676 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...) - TODO: check + NOT-FOR-US: Dell / EMC CVE-2025-46645 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...) - TODO: check + NOT-FOR-US: Dell / EMC CVE-2025-46644 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...) - TODO: check + NOT-FOR-US: Dell / EMC CVE-2025-46643 (Dell PowerProtect Data Domain with Data Domain Operating System (DD OS ...) - TODO: check + NOT-FOR-US: Dell / EMC CVE-2025-15496 (A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. ...) TODO: check CVE-2025-15495 (A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impac ...) @@ -93,45 +93,45 @@ CVE-2025-15493 (A flaw has been found in RainyGao DocSys up to 2.02.36. The impa CVE-2025-15492 (A vulnerability was detected in RainyGao DocSys up to 2.02.36. The aff ...) TODO: check CVE-2025-15035 (Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 ( ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2025-14598 (BeeS Software Solutions BET Portal contains an SQL injection vulnerabi ...) TODO: check CVE-2025-14172 (The WP Page Permalink Extension plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13967 (The Woodpecker for WordPress plugin for WordPress is vulnerable to Sto ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13908 (The The Tooltip plugin for WordPress is vulnerable to Stored Cross-Sit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13903 (The PullQuote plugin for WordPress is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13900 (The WP Popup Magic plugin for WordPress is vulnerable to Stored Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13897 (The Client Testimonial Slider plugin for WordPress is vulnerable to St ...)
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ad50e21e by security tracker role at 2026-01-09T08:13:53+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,37 +25,37 @@ CVE-2026-22588 (Spree is an open source e-commerce solution built with Ruby on R CVE-2026-21409 (Improper authorization vulnerability exists in RICOH Streamline NX 3.5 ...) TODO: check CVE-2026-20976 (Improper input validation in Galaxy Store prior to version 4.6.02 allo ...) - TODO: check + NOT-FOR-US: Samsung Mobile CVE-2026-20975 (Improper handling of insufficient permission in Samsung Cloud prior to ...) - TODO: check + NOT-FOR-US: Samsung Mobile CVE-2026-20974 (Improper input validation in data related to network restrictions prio ...) - TODO: check + NOT-FOR-US: Samsung Mobile CVE-2026-20973 (Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Rel ...) - TODO: check + NOT-FOR-US: Samsung Mobile CVE-2026-20972 (Improper Export of Android Application Components in UwbTest prior to ...) - TODO: check + NOT-FOR-US: Samsung Mobile CVE-2026-20971 (Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows ...) - TODO: check + NOT-FOR-US: Samsung Mobile CVE-2026-20970 (Improper access control in SLocation prior to SMR Jan-2026 Release 1 a ...) - TODO: check + NOT-FOR-US: Samsung Mobile CVE-2026-20969 (Improper input validation in SecSettings prior to SMR Jan-2026 Release ...) - TODO: check + NOT-FOR-US: Samsung Mobile CVE-2026-20968 (Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local ...) - TODO: check + NOT-FOR-US: Samsung Mobile CVE-2026-0733 (A vulnerability was determined in PHPGurukul Online Course Registratio ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-0732 (A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-0731 (A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impac ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2026-0730 (A flaw has been found in PHPGurukul Staff Leave Management System 1.0. ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-0729 (A vulnerability was detected in code-projects Intern Membership Manage ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0728 (A security vulnerability has been detected in code-projects Intern Mem ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0563 (The WP Google Street View (with 360\xb0 virtual tour) & Google maps + ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-70974 (Fastjson before 1.2.48 mishandles autoType because, when an @type key ...) TODO: check CVE-2025-68719 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configurati ...) @@ -67,55 +67,55 @@ CVE-2025-68717 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentic CVE-2025-68716 (KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH servic ...) TODO: check CVE-2025-66315 (There is a configuration defect vulnerability in the version server of ...) - TODO: check + NOT-FOR-US: ZTE CVE-2025-15464 (Exported Activity allows external applications to gain application con ...) TODO: check CVE-2025-15057 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15055 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-15019 (The BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14980 (The BetterDocs plugin for WordPress is vulnerable to Sensitive Informa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14937 (The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14893 (The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14886 (The Japanized for WooCommerce plugin for WordPress is vulnerable to un ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14803 (The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14782 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14741 (The Frontend Admin by Dy
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ac64c921 by security tracker role at 2026-01-08T20:14:01+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,27 +1,27 @@
CVE-2026-22587 (Ideagen DevonWay contains a stored cross site scripting
vulnerability. ...)
TODO: check
CVE-2026-22522 (Missing Authorization vulnerability in Munir Kamal Block
Slider allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22521 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22519 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22518 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22517 (Missing Authorization vulnerability in Passionate Brains
GA4WP: Google ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22492 (Missing Authorization vulnerability in Nawawi Jamili Docket
Cache allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22490 (Missing Authorization vulnerability in niklaslindemann Bulk
Landing Pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22489 (Authorization Bypass Through User-Controlled Key vulnerability
in Wpte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22488 (Missing Authorization vulnerability in IdeaBox Creations
Dashboard Wel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22487 (Missing Authorization vulnerability in baqend Speed Kit allows
Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22486 (Missing Authorization vulnerability in Hakob Re Gallery &
Responsive P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22257 (Salvo is a Rust web backend framework. Prior to version
0.88.1, the fu ...)
TODO: check
CVE-2026-22256 (Salvo is a Rust web backend framework. Prior to version
0.88.1, the fu ...)
@@ -61,7 +61,7 @@ CVE-2026-22041 (Logging Redactor is a Python library designed
to redact sensitiv
CVE-2026-22034 (Snuffleupagus is a module that raises the cost of attacks
against webs ...)
TODO: check
CVE-2026-22032 (Directus is a real-time API and App dashboard for managing SQL
databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2026-22028 (Preact, a lightweight web development framework, JSON
serialization pr ...)
TODO: check
CVE-2026-21896 (Kirby is an open-source content management system. From
versions 5.0.0 ...)
@@ -93,17 +93,17 @@ CVE-2026-21639 (A malicious actor in Wi-Fi range of the
affected product could l
CVE-2026-21638 (A malicious actor in Wi-Fi range of the affected product could
leverag ...)
TODO: check
CVE-2026-0747 (Exposure of sensitive information in the TeamViewer entry
dashboard co ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-0719 (A flaw was found in libsoup's NTLM (NT LAN Manager)
authentication mod ...)
TODO: check
CVE-2026-0701 (A vulnerability was identified in code-projects Intern
Membership Mana ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0676 (Missing Authorization vulnerability in G5Theme Zorka zorka
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-0675 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-0674 (Missing Authorization vulnerability in Campaign Monitor
Campaign Monit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-0671 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-8307 (Asseco InfoMedica is a comprehensive solution used to manage
both admi ...)
@@ -111,31 +111,31 @@ CVE-2025-8307 (Asseco InfoMedica is a comprehensive
solution used to manage both
CVE-2025-8306 (Asseco InfoMedica is a comprehensive solution used to manage
both admi ...)
TODO: check
CVE-2025-69260 (A message out-of-bounds read vulnerability in Trend Micro Apex
Central ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-69259 (A message unchecked NULL return value vulnerability in Trend
Micro Ape ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-69258 (A LoadLibraryEX vulnerability in Trend Micro Apex Central
could allow ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-69169 (Improp
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 2dc9b85f by security tracker role at 2026-01-08T08:13:59+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -91,13 +91,13 @@ CVE-2026-21427 (The installers for multiple products provided by PIONEER CORPORA CVE-2026-0707 (A flaw was found in Keycloak. The Keycloak Authorization header parser ...) TODO: check CVE-2026-0700 (A vulnerability was determined in code-projects Intern Membership Mana ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0699 (A vulnerability was found in code-projects Intern Membership Managemen ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0698 (A vulnerability has been found in code-projects Intern Membership Mana ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0697 (A flaw has been found in code-projects Intern Membership Management Sy ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-69264 (pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hos ...) TODO: check CVE-2025-69263 (pnpm is a package manager. Versions 10.26.2 and below store HTTP tarba ...) @@ -121,21 +121,21 @@ CVE-2025-62224 (User interface (ui) misrepresentation of critical information in CVE-2025-15346 (A vulnerability in the handling of verify_mode = CERT_REQUIRED in the ...) TODO: check CVE-2025-14275 (The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13679 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13151 (Stack-based buffer overflow in libtasn1 version: v4.20.0. The function ...) TODO: check CVE-2025-12776 (The Report Builder component of the application stores user input dire ...) TODO: check CVE-2025-12640 (The Folders \u2013 Unlimited Folders to Organize Media Library Folder, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-7333 (A weakness has been identified in bluelabsio records-mover up to 1.5.4 ...) TODO: check CVE-2019-25296 (The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2019-25295 (The WP Cost Estimation plugin for WordPress is vulnerable to Upload Di ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2019-25291 (INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded c ...) TODO: check CVE-2019-25290 (Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-sid ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dc9b85fac1fdd0aabd8ccbbc14d5988e73ac250 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2dc9b85fac1fdd0aabd8ccbbc14d5988e73ac250 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6bd4d1b0 by security tracker role at 2026-01-07T20:14:08+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -53,7 +53,7 @@ CVE-2026-21496 (iccDEV provides a set of libraries and tools
that allow for the
CVE-2026-21495 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
TODO: check
CVE-2026-20029 (A vulnerability in the licensing features of Cisco
Identity Servi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20027 (Multiple Cisco products are affected by a vulnerability in the
process ...)
TODO: check
CVE-2026-20026 (Multiple Cisco products are affected by a vulnerability
in the pr ...)
@@ -65,19 +65,19 @@ CVE-2026-0669 (Improper Limitation of a Pathname to a
Restricted Directory ('Pat
CVE-2026-0668 (Inefficient Regular Expression Complexity vulnerability in
Wikimedia F ...)
TODO: check
CVE-2026-0618 (Cross-site Scripting vulnerability in Devolutions PowerShell
Universal ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-6225 (Kieback&Peter Neutrino-GLT product is used for building
management. It ...)
TODO: check
CVE-2025-69344 (Missing Authorization vulnerability in ThemeHunk Oneline Lite
allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69333 (Missing Authorization vulnerability in Crocoblock JetEngine
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69082 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69081 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69080 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68637 (The Uniffle HTTP client is configured to trust all SSL
certificates an ...)
TODO: check
CVE-2025-67366 (@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that
provides file c ...)
@@ -97,7 +97,7 @@ CVE-2025-66560 (Quarkus is a Cloud Native, (Linux) Container
First framework for
CVE-2025-65805 (OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow
vulnerability ...)
TODO: check
CVE-2025-62327 (In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM
configur ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-61939 (An unused function in MicroServer can start a reverse SSH
connection t ...)
TODO: check
CVE-2025-61782 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
@@ -109,145 +109,145 @@ CVE-2025-61489 (A command injection vulnerability in
the shell_exec function of
CVE-2025-58441 (Knowage is an open source analytics and business intelligence
suite. P ...)
TODO: check
CVE-2025-4677 (Insufficient Session Expiration vulnerability in ABB WebPro
SNMP Card ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-4676 (Incorrect Implementation of Authentication Algorithm
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-4675 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-49335 (Server-Side Request Forgery (SSRF) vulnerability in minnur
External Me ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47552 (Deserialization of Untrusted Data vulnerability in Digital
zoom studio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46494 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46434 (Missing Authorization vulnerability in POSIMYTH Innovation The
Plus Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46256 (Path Traversal: '.../...//' vulnerability in SigmaPlugin
Advanced Data ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32303 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32300 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31643 (Incorrect Privilege Assignment vulnerability in Dasinfomedia
WPCHURCH ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-15479 (Stored cross-site scripting (XSS, CWE-79) in the survey
content and ad ...)
TODO: check
CVE-2025-151
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
55388ab4 by security tracker role at 2026-01-07T08:14:04+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -17,7 +17,7 @@ CVE-2026-21492 (iccDEV provides a set of libraries and tools
that allow for the
CVE-2026-20893 (Origin validation error issue exists in Fujitsu Security
Solution Auth ...)
TODO: check
CVE-2026-0656 (The iPaymu Payment Gateway for WooCommerce plugin for WordPress
is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0650 (OpenFlagr versions prior to and including 1.1.18 contain an
authentica ...)
TODO: check
CVE-2026-0649 (A security vulnerability has been detected in invoiceninja up
to 5.12. ...)
@@ -29,59 +29,59 @@ CVE-2026-0642 (A vulnerability was detected in
projectworlds House Rental and Pr
CVE-2025-9611 (Microsoft Playwright MCP Server versions prior to 0.0.40 fails
to vali ...)
TODO: check
CVE-2025-47396 (Memory corruption occurs when a secure application is launched
on a de ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47395 (Transient DOS while parsing a WLAN management frame with a
Vendor Spec ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47394 (Memory corruption when copying overlapping buffers during
memory opera ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47393 (Memory corruption when accessing resources in kernel driver.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47388 (Memory corruption while passing pages to DSP with an unaligned
startin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47380 (Memory corruption while preprocessing IOCTLs in sensors.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47369 (Information disclosure when a weak hashed value is returned to
userlan ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47356 (Memory Corruption when multiple threads concurrently access
and modify ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47348 (Memory corruption while processing identity credential
operations in t ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47346 (Memory corruption while processing a secure logging command in
the tru ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47345 (Cryptographic issue may occur while encrypting license data.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47344 (Memory corruption while handling sensor utility operations.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47343 (Memory corruption while processing a video session to set
video parame ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47339 (Memory corruption while deinitializing a HDCP session.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47337 (Memory corruption while accessing a synchronization object
during conc ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47336 (Memory corruption while performing sensor register read
operations.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47335 (Memory corruption while parsing clock configuration data for a
specifi ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47334 (Memory corruption while processing shared command buffer
packet betwee ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47333 (Memory corruption while handling buffer mapping operations in
the cryp ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47332 (Memory corruption while processing a config call from
userspace.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47331 (Information disclosure while processing a firmware event.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47330 (Transient DOS while parsing video packets received from the
video firm ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-31964 (Improper service binding configuration in internal service
components ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31963 (Improper authentication and missing CSRF protection in the
local setup ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31962 (Insufficient session expiration in the Web UI authentication
component ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-31642 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31051 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30996 (Unrestricted Upload of File with Dangerous Type vulnerability
in Themi ...)
TO
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
14f0a9d8 by security tracker role at 2026-01-06T20:14:04+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -11,99 +11,99 @@ CVE-2026-21489 (iccDEV provides a set of libraries and
tools for working with IC
CVE-2026-21488 (iccDEV provides a set of libraries and tools for working with
ICC colo ...)
TODO: check
CVE-2026-0641 (A security vulnerability has been detected in TOTOLINK WA300
5.2cu.711 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-0640 (A weakness has been identified in Tenda AC23 16.03.07.52. This
affects ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-9637 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey
Maker plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9318 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey
Maker plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9294 (The Quiz and Survey Master (QSM) \u2013 Easy Quiz and Survey
Maker plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7048 (On affected platforms running Arista EOS with MACsec
configuration, a ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-69364 (Missing Authorization vulnerability in Cloudways Breeze breeze
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69363 (Missing Authorization vulnerability in CyberChimps Responsive
Addons f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69362 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69361 (Missing Authorization vulnerability in PublishPress Post
Expirator pos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69360 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69359 (Missing Authorization vulnerability in WPFunnels Creator LMS
creatorlm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69357 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69356 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69355 (Missing Authorization vulnerability in Tickera Tickera
tickera-event-t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69354 (Missing Authorization vulnerability in BBR Plugins Better
Business Rev ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69353 (Missing Authorization vulnerability in Proxy & VPN Blocker
Proxy & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69352 (Missing Authorization vulnerability in StellarWP The Events
Calendar t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69351 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69350 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69349 (Missing Authorization vulnerability in Fahad Mahmood RSS Feed
Widget r ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69348 (Missing Authorization vulnerability in CoolHappy The Events
Calendar C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69346 (Missing Authorization vulnerability in WPCenter AffiliateX
affiliatex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69345 (Missing Authorization vulnerability in BoldGrid Post and Page
Builder ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69342 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69341 (Missing Authorization vulnerability in BuddhaThemes
WeDesignTech Ultim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69336 (Missing Authorization vulnerability in bdthemes Ultimate Store
Kit Ele ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69335 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69334 (Improper Neutraliz
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e2bd862a by security tracker role at 2026-01-06T08:14:00+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -35,17 +35,17 @@ CVE-2026-21439 (badkeys is a tool and library for checking cryptographic public CVE-2026-21411 (Authentication bypass issue exists in OpenBlocks series versions prior ...) TODO: check CVE-2026-0625 (Multiple D-Link DSL gateway devices contain a command injection vulner ...) - TODO: check + NOT-FOR-US: D-Link CVE-2026-0621 (Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 con ...) TODO: check CVE-2026-0607 (A flaw has been found in code-projects Online Music Site 1.0. This aff ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0606 (A vulnerability was detected in code-projects Online Music Site 1.0. A ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0605 (A security vulnerability has been detected in code-projects Online Mus ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0604 (The FastDup \u2013 Fastest WordPress Migration & Duplicator plugin for ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-69197 (Pterodactyl is a free, open-source game server management panel. Versi ...) TODO: check CVE-2025-68954 (Pterodactyl is a free, open-source game server management panel. Versi ...) @@ -81,103 +81,103 @@ CVE-2025-64422 (Coolify is an open-source and self-hostable tool for managing se CVE-2025-61916 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) TODO: check CVE-2025-4776 (The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scrip ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-20807 (In dpe, there is a possible out of bounds write due to an integer over ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20806 (In dpe, there is a possible memory corruption due to use after free. T ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20805 (In dpe, there is a possible memory corruption due to use after free. T ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20804 (In dpe, there is a possible memory corruption due to use after free. T ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20803 (In dpe, there is a possible memory corruption due to an integer overfl ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20802 (In geniezone, there is a possible memory corruption due to use after f ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20801 (In seninf, there is a possible memory corruption due to a race conditi ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20800 (In mminfra, there is a possible out of bounds write due to a missing b ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20799 (In c2ps, there is a possible memory corruption due to use after free. ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20798 (In battery, there is a possible out of bounds write due to a missing b ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20797 (In battery, there is a possible out of bounds write due to a missing b ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20796 (In imgsys, there is a possible out of bounds write due to improper inp ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20795 (In KeyInstall, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20794 (In Modem, there is a possible system crash due to improper input valid ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20793 (In Modem, there is a possible system crash due to incorrect error hand ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20787 (In display, there is a possible memory corruption due to use after fre ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20786 (In display, there is a possible memory corruption due to use after fre ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20785 (In display, there is a possible memory corruption due to use after fre ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20784 (In display, there is a possible memory corruption due to uninitialized ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20783 (In display, there is a possible out of bounds write due to a missing b ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025-20782 (In display, there is a possible out of bounds write due to a missing b ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2025
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
773575dc by security tracker role at 2026-01-05T20:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -5,53 +5,53 @@ CVE-2026-21634 (A malicious actor with access to the adjacent
network could over
CVE-2026-21633 (A malicious actor with access to the adjacent network could
obtain una ...)
TODO: check
CVE-2026-0597 (A flaw has been found in Campcodes Supplier Management System
1.0. Aff ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2026-0592 (A security flaw has been discovered in code-projects Online
Product Re ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0591 (A vulnerability was identified in code-projects Online Product
Reserva ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0590 (A vulnerability was determined in code-projects Online Product
Reserva ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0589 (A vulnerability was found in code-projects Online Product
Reservation ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0588 (A weakness has been identified in Xinhu Rainrock RockOA up to
2.7.1. A ...)
TODO: check
CVE-2026-0587 (A security flaw has been discovered in Xinhu Rainrock RockOA up
to 2.7 ...)
TODO: check
CVE-2026-0586 (A vulnerability was detected in code-projects Online Product
Reservati ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0585 (A security vulnerability has been detected in code-projects
Online Pro ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0584 (A weakness has been identified in code-projects Online Product
Reserva ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0583 (A security flaw has been discovered in code-projects Online
Product Re ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0582 (A vulnerability was identified in itsourcecode Society
Management Syst ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-0581 (A vulnerability was determined in Tenda AC1206 15.03.06.23.
Affected b ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-69291
REJECTED
CVE-2025-69290
REJECTED
CVE-2025-69087 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68865 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68850 (Missing Authorization vulnerability in Codepeople Sell
Downloads allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68547 (Missing Authorization vulnerability in WPweb Follow My Blog
Post allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68280 (Improper Restriction of XML External Entity Reference
vulnerability in ...)
TODO: check
CVE-2025-68044 (Authorization Bypass Through User-Controlled Key vulnerability
in Rust ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68033 (Insertion of Sensitive Information Into Sent Data
vulnerability in Bre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68029 (Insertion of Sensitive Information Into Sent Data
vulnerability in WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68014 (Insertion of Sensitive Information Into Sent Data
vulnerability in Awe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67427 (A Blind Server-Side Request Forgery (SSRF) vulnerability in
evershop 2 ...)
TODO: check
CVE-2025-67419 (A Denial of Service (DoS) vulnerability in evershop 2.1.0 and
prior al ...)
@@ -67,7 +67,7 @@ CVE-2025-67303 (An issue in ComfyUI-Manager prior to version
3.38 allowed remote
CVE-2025-66518 (Any client who can access to Apache Kyuubi Server via Kyuubi
frontend ...)
TODO: check
CVE-2025-66376 (Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before
10.1.13 a ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2025-65922 (PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors
headers, al ...)
TODO: check
CVE-2025-65328 (Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first
value o ...)
@@ -81,7 +81,7 @@ CVE-2025-64419 (Coolify is an open-source and self-hostable
tool for managing se
CVE-2025-61781 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
TODO: check
CVE-2025-5965 (In the backup parameters, a user with high privilege is able to
concat ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2025
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: e1d0bff1 by security tracker role at 2026-01-05T08:13:48+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,7 +1,7 @@ CVE-2026-0580 (A vulnerability was found in SourceCodester API Key Manager App 1.0. A ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2025-9543 (The FlexTable WordPress plugin before 3.19.2 does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-5591 (Kentico Xperience 13 is vulnerable to a stored cross-site scripting at ...) TODO: check CVE-2025-15462 (A vulnerability has been found in UTT \u8fdb\u53d6 520W 1.7.7-180627. ...) @@ -49,7 +49,7 @@ CVE-2025-15235 (QOCA aim AI Medical Cloud Platform developed by Quanta Computer CVE-2025-15022 (Action captions in Vaadin accept HTML by default but were not sanitize ...) TODO: check CVE-2025-14124 (The Team WordPress plugin before 5.0.11 does not properly sanitize an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-0579 (A vulnerability was found in code-projects Online Product Reservation ...) NOT-FOR-US: code-projects CVE-2026-0578 (A vulnerability has been found in code-projects Online Product Reserva ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1d0bff10188ecfde1bf6677916768daeff343bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1d0bff10188ecfde1bf6677916768daeff343bc You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 059c3dc8 by security tracker role at 2026-01-04T20:13:45+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,11 +1,11 @@ CVE-2026-0579 (A vulnerability was found in code-projects Online Product Reservation ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0578 (A vulnerability has been found in code-projects Online Product Reserva ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0577 (A flaw has been found in code-projects Online Product Reservation Syst ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0576 (A vulnerability was detected in code-projects Online Product Reservati ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-15443 (A vulnerability was identified in CRMEB up to 5.6.1. This issue affect ...) TODO: check CVE-2025-15442 (A vulnerability was determined in CRMEB up to 5.6.1. This vulnerabilit ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/059c3dc8e79ed750b7b7e372bad06bfe00d191b8 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/059c3dc8e79ed750b7b7e372bad06bfe00d191b8 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 1201f21e by security tracker role at 2026-01-04T08:13:39+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2026-0575 (A security vulnerability has been detected in code-projects Online Pro ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0574 (A weakness has been identified in yeqifu warehouse up to aaf29962ba407 ...) TODO: check CVE-2025-3660 (Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a br ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1201f21eaced54994ac5f97678d3dc921005a526 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1201f21eaced54994ac5f97678d3dc921005a526 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f3cc14c8 by security tracker role at 2026-01-02T20:13:53+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -17,23 +17,23 @@ CVE-2026-21429 (Emlog is an open source website building system. In version 2.5. CVE-2026-0571 (A security flaw has been discovered in yeqifu warehouse up to aaf29962 ...) TODO: check CVE-2026-0570 (A vulnerability was found in code-projects Online Music Site 1.0. This ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0569 (A vulnerability has been found in code-projects Online Music Site 1.0. ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0568 (A flaw has been found in code-projects Online Music Site 1.0. The impa ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0567 (A vulnerability was detected in code-projects Content Management Syste ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0566 (A security vulnerability has been detected in code-projects Content Ma ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0565 (A weakness has been identified in code-projects Content Management Sys ...) - TODO: check + NOT-FOR-US: code-projects CVE-2026-0547 (A vulnerability was found in PHPGurukul Online Course Registration up ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2026-0546 (A vulnerability was determined in code-projects Content Management Sys ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-9110 (An exposure of sensitive system information to an unauthorized control ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-69417 (In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, ...) TODO: check CVE-2025-69416 (In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, ...) @@ -57,73 +57,73 @@ CVE-2025-67158 (An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of CVE-2025-65125 (SQL injection in gosaliajainam/online-movie-booking 5.5 in movie_detai ...) TODO: check CVE-2025-62857 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-62852 (A buffer overflow vulnerability has been reported to affect several QN ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-62842 (An external control of file name or path vulnerability has been report ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-62840 (A generation of error message containing sensitive information vulnera ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-59389 (An SQL injection vulnerability has been reported to affect Hyper Data ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-59387 (An SQL injection vulnerability has been reported to affect MARS (Multi ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-59384 (A path traversal vulnerability has been reported to affect Qfiling. Th ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-59381 (A path traversal vulnerability has been reported to affect several QNA ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-59380 (A path traversal vulnerability has been reported to affect several QNA ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-57705 (An allocation of resources without limits or throttling vulnerability ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-54166 (An out-of-bounds read vulnerability has been reported to affect severa ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-54165 (An out-of-bounds read vulnerability has been reported to affect severa ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-54164 (An out-of-bounds read vulnerability has been reported to affect severa ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-53597 (A buffer overflow vulnerability has been reported to affect License Ce ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-53596 (A NULL pointer dereference vulnerability has been reported to affect s ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-53594 (A path traversal vulnerability has been reported to affect several pro ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-53593 (A buffer overflow vulnerability has been reported to affect several QN ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-53592 (A NULL pointer dereference vulnerability has been reported to affect s ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-53591 (A use of externally-controlled format string vulnerability has been re ...) - TODO: check + NOT-FOR-US: QNAP CVE-2025-53590 (A NULL pointer dereference vulnerability
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: ac89a132 by security tracker role at 2026-01-02T08:13:15+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -45,17 +45,17 @@ CVE-2025-15413 (A vulnerability was detected in wasm3 up to 0.5.0. Impacted is t CVE-2025-15412 (A security vulnerability has been detected in WebAssembly wabt up to 1 ...) TODO: check CVE-2025-14998 (The Branda plugin for WordPress is vulnerable to privilege escalation ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14072 (The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14047 (The Registration, User Profile, Membership, Content Restriction, User ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13456 (The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13153 (The Logo Slider WordPress plugin before 4.9.0 does not validate and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12685 (The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when de ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2026-21437 (eopkg is a Solus package manager implemented in python3. In versions p ...) NOT-FOR-US: eopkg CVE-2026-21436 (eopkg is a Solus package manager implemented in python3. In versions p ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac89a132fc7306e58f7fde2d9401e647c4b2cb8e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac89a132fc7306e58f7fde2d9401e647c4b2cb8e You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 977b498c by security tracker role at 2026-01-01T20:13:45+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -5,7 +5,7 @@ CVE-2026-21436 (eopkg is a Solus package manager implemented in python3. In vers CVE-2026-21428 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...) TODO: check CVE-2026-0544 (A security flaw has been discovered in itsourcecode School Management ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2025-69203 (Signal K Server is a server application that runs on a central hub in ...) TODO: check CVE-2025-68620 (Signal K Server is a server application that runs on a central hub in ...) @@ -23,31 +23,31 @@ CVE-2025-66023 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Plat CVE-2025-55065 (CWE-89 Improper Neutralization of Special Elements used in an SQL Comm ...) TODO: check CVE-2025-48769 (Use After Free vulnerability was discovered in fs/vfs/fs_rename code o ...) - TODO: check + NOT-FOR-US: Apache software not packaged in Debian CVE-2025-48768 (Release of Invalid Pointer or Reference vulnerability was discovered i ...) - TODO: check + NOT-FOR-US: Apache software not packaged in Debian CVE-2025-47411 (A user with a legitimate non-administrator account can exploit a vulne ...) - TODO: check + NOT-FOR-US: Apache software not packaged in Debian CVE-2025-15411 (A weakness has been identified in WebAssembly wabt up to 1.0.39. This ...) TODO: check CVE-2025-15410 (A vulnerability was identified in code-projects Online Guitar Store 1. ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-15409 (A vulnerability was determined in code-projects Online Guitar Store 1. ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-15408 (A vulnerability was found in code-projects Online Guitar Store 1.0. Af ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-15407 (A vulnerability has been found in code-projects Online Guitar Store 1. ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-15406 (A flaw has been found in PHPGurukul Online Course Registration up to 3 ...) - TODO: check + NOT-FOR-US: PHPGurukul CVE-2025-15405 (A vulnerability was detected in PHPEMS up to 11.0. The impacted elemen ...) TODO: check CVE-2025-15404 (A security vulnerability has been detected in campcodes School File Ma ...) - TODO: check + NOT-FOR-US: Campcodes CVE-2025-14627 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress plugin fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14428 (The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-69413 (In Gitea before 1.25.2, /api/v1/user has different responses for faile ...) - gitea CVE-2025-69412 (KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:fi ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/977b498c9b5e42fef6b9daa7b6dbb09b2b8aed98 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/977b498c9b5e42fef6b9daa7b6dbb09b2b8aed98 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1978f98 by security tracker role at 2026-01-01T08:13:46+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -9,39 +9,39 @@ CVE-2025-69286 (RAGFlow is an open-source RAG
(Retrieval-Augmented Generation) e
CVE-2025-68700 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation)
engine. ...)
TODO: check
CVE-2025-67711 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-67710 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-67709 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-67708 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-67707 (ArcGIS Server version 11.5 and earlier on Windows and Linux
does not p ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-67706 (ArcGIS Server version 11.5 and earlier on Windows and Linux
does not p ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-67705 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-67704 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-67703 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
- TODO: check
+ NOT-FOR-US: Esri
CVE-2025-53235 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52739 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-50053 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-34469 (Cowrie versions prior to 2.9.0 contain a server-side request
forgery ( ...)
TODO: check
CVE-2025-31054 (Cross-Site Request Forgery (CSRF) vulnerability in Themefy
Bloggie all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30628 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28973 (Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk
Watermar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28949 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-22203
@@ -99,7 +99,7 @@ CVE-2025-22154
CVE-2025-15398 (A security vulnerability has been detected in Uasoft badaso up
to 2.9. ...)
TODO: check
CVE-2025-13820 (The Comments WordPress plugin before 7.6.40 does not properly
validat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11157 (A high-severity remote code execution vulnerability exists in
feast-de ...)
TODO: check
CVE-2023-7332 (PocketMine-MP versions prior to 4.18.1 contain an improper
input valid ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1978f989b36e1442d02ee8ce76e52f08dca4894
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1978f989b36e1442d02ee8ce76e52f08dca4894
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e1ea7076 by security tracker role at 2025-12-31T20:13:49+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,273 +1,273 @@
CVE-2025-66160 (Missing Authorization vulnerability in merkulove Select
Graphist for E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66159 (Missing Authorization vulnerability in merkulove Walker for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66158 (Missing Authorization vulnerability in merkulove Gmaper for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66157 (Missing Authorization vulnerability in merkulove Slider for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66156 (Missing Authorization vulnerability in merkulove Watcher for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66155 (Missing Authorization vulnerability in merkulove Questionar
for Elemen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66154 (Missing Authorization vulnerability in merkulove Couponer for
Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66153 (Missing Authorization vulnerability in merkulove Headinger for
Element ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66152 (Missing Authorization vulnerability in merkulove Criptopayer
for Eleme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66151 (Missing Authorization vulnerability in merkulove Countdowner
for Eleme ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66150 (Missing Authorization vulnerability in merkulove Appender
allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66149 (Missing Authorization vulnerability in merkulove UnGrabber
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66148 (Missing Authorization vulnerability in merkulove Conformer for
Element ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66146 (Missing Authorization vulnerability in merkulove Logger for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66145 (Missing Authorization vulnerability in merkulove Worker for
WPBakery a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66144 (Missing Authorization vulnerability in merkulove Worker for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64699 (An incorrect NULL DACL issue exists in SevenCs ORCA G2
2.0.1.35 (EC200 ...)
TODO: check
CVE-2025-63053 (Authorization Bypass Through User-Controlled Key vulnerability
in Jewe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63040 (Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal
Post Sni ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63038 (Missing Authorization vulnerability in Northern Beaches
Websites WP Cu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63032 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63031 (Missing Authorization vulnerability in WP Grids EasyTest
allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63022 (Missing Authorization vulnerability in Illia Simple Like Page
allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63021 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63020 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63016 (Missing Authorization vulnerability in Quadlayers QuadLayers
TikTok Fe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63014 (Cross-Site Request Forgery (CSRF) vulnerability in Serhii
Pasyuk Gmedi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63005 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63004 (Missing Authorization vulnerability in Skynet Technologies USA
LLC All ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63001 (Missing Authoriz
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 88636521 by security tracker role at 2025-12-31T08:13:45+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,37 +1,37 @@ CVE-2025-69277 (libsodium before ad3004e, in atypical use cases involving certain cust ...) TODO: check CVE-2025-68885 (Cross-Site Request Forgery (CSRF) vulnerability in Page Carbajal Custo ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-68131 (cbor2 provides encoding and decoding for the Concise Binary Object Rep ...) TODO: check CVE-2025-66723 (inMusic Brands Engine DJ 4.3.0 suffers from Insecure Permissions due t ...) TODO: check CVE-2025-62753 (Improper Control of Filename for Include/Require Statement in PHP Prog ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-61594 (URI is a module providing classes to handle Uniform Resource Identifie ...) TODO: check CVE-2025-59137 (Cross-Site Request Forgery (CSRF) vulnerability in eLEOPARD Behance Po ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-59131 (Cross-Site Request Forgery (CSRF) vulnerability in Hoernerfranz WP-Cal ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-49354 (Cross-Site Request Forgery (CSRF) vulnerability in Mindstien Technolog ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-49353 (Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noinde ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-49346 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Simp ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-49345 (Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchive ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-49344 (Cross-Site Request Forgery (CSRF) vulnerability in Rene Ade SensitiveT ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-49343 (Cross-Site Request Forgery (CSRF) vulnerability in Socialprofilr Socia ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-49342 (Cross-Site Request Forgery (CSRF) vulnerability in Wolfgang H\xe4felin ...) - TODO: check + NOT-FOR-US: WordPress plugin or theme CVE-2025-2026 (The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulner ...) - TODO: check + NOT-FOR-US: Moxa CVE-2025-1977 (The NPort 6100-G2/6200-G2 Series is affected by an execution with unne ...) - TODO: check + NOT-FOR-US: Moxa CVE-2025-15375 (A flaw has been found in EyouCMS up to 1.7.7. The impacted element is ...) TODO: check CVE-2025-15374 (A vulnerability was detected in EyouCMS up to 1.7.7. The affected elem ...) @@ -41,15 +41,15 @@ CVE-2025-15373 (A security vulnerability has been detected in EyouCMS up to 1.7. CVE-2025-15372 (A weakness has been identified in youlaitech vue3-element-admin up to ...) TODO: check CVE-2025-15371 (A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0- ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-15360 (A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts ...) TODO: check CVE-2025-15357 (A vulnerability was found in D-Link DI-7400G+ 19.12.25A1. This affects ...) - TODO: check + NOT-FOR-US: D-Link CVE-2025-15356 (A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The im ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-15354 (A flaw has been found in itsourcecode Society Management System 1.0. T ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2025-15280 (FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulner ...) TODO: check CVE-2025-15279 (FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Co ...) @@ -85,17 +85,17 @@ CVE-2025-15112 (Ksenia Security Lares 4.0 version 1.6 contains a URL redirection CVE-2025-15111 (Ksenia Security Lares 4.0 Home Automation version 1.6 contains a defau ...) TODO: check CVE-2025-15017 (A vulnerability exists in serial device servers where active debug cod ...) - TODO: check + NOT-FOR-US: Moxa CVE-2025-14987 (When system.enableCrossNamespaceCommands is enabled (on by default), t ...) TODO: check CVE-2025-14986 (When frontend.enableExecuteMultiOperation is enabled, the server can a ...) TODO: check CVE-2025-14783 (The Easy Digital Downloads plugin for WordPress is vulnerable to Unval ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14434 (The Ultimate Post Kit Addons for Elementor WordPress plugin befo
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
61f1f7a4 by security tracker role at 2025-12-30T20:14:18+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -9,119 +9,119 @@ CVE-2025-69210 (FacturaScripts is open-source enterprise
resource planning and a
CVE-2025-69204 (ImageMagick is free and open-source software used for editing
and mani ...)
TODO: check
CVE-2025-69093 (Missing Authorization vulnerability in wpdesk ShopMagic
shopmagic-for- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69092 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69091 (Missing Authorization vulnerability in Kraft Plugins Demo
Importer Plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69089 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69088 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69034 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69033 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69032 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69031 (Missing Authorization vulnerability in Skywarrior Arcane
arcane allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69030 (Authorization Bypass Through User-Controlled Key vulnerability
in Mika ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69029 (Authorization Bypass Through User-Controlled Key vulnerability
in Sele ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69028 (Missing Authorization vulnerability in BoldGrid weForms
weforms allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69027 (Missing Authorization vulnerability in tychesoftwares Product
Delivery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69026 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69025 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69024 (Missing Authorization vulnerability in bizswoop BizPrint
print-google- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69023 (Missing Authorization vulnerability in Marketing Fire
Discussion Board ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69022 (Missing Authorization vulnerability in Weblizar - WordPress
Themes &am ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69021 (Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro
Popup box a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69020 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69019 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69018 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69017 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69016 (Missing Authorization vulnerability in averta Shortcodes and
extra fea ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69015 (Missing Authorization vulnerability in Automattic Crowdsignal
Forms cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69014 (Server-Side Request Forgery (SSRF) vulnerability in Youzify
Youzify yo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69013 (Missing Authorization vulnerability in jetmonsters Stratum
stratum all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69012 (Missing Authorization vulnerability in Stephen Harris Event
Organiser ...)
- TODO: che
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d699751 by security tracker role at 2025-12-30T08:13:38+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -7,49 +7,49 @@ CVE-2025-69217 (coturn is a free open source implementation
of TURN and STUN Ser
CVE-2025-69205 (Micro Registration Utility (\xb5URU) is a telephone self
registration ...)
TODO: check
CVE-2025-68860 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68607 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68562 (Unrestricted Upload of File with Dangerous Type vulnerability
in Roman ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68504 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68503 (Missing Authorization vulnerability in Crocoblock JetBlog
allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68502 (Authorization Bypass Through User-Controlled Key vulnerability
in Croc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68499 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68498 (Missing Authorization vulnerability in Crocoblock JetTabs
allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68120 (To prevent unexpected untrusted code execution, the Visual
Studio Code ...)
TODO: check
CVE-2025-68040 (Insertion of Sensitive Information Into Sent Data
vulnerability in weD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68036 (Missing Authorization vulnerability in Emraan Cheema CubeWP
allows Acc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23554 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23550 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23469 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23458 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-15355 (ISOinsight developed by NetVision Information has a Reflected
Cross-si ...)
TODO: check
CVE-2025-15284 (Improper Input Validation vulnerability in qs (parse modules)
allows H ...)
TODO: check
CVE-2025-15233 (A security flaw has been discovered in Tenda M3
1.0.0.13(4903). This i ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15232 (A vulnerability was identified in Tenda M3 1.0.0.13(4903).
This vulner ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15231 (A vulnerability was determined in Tenda M3 1.0.0.13(4903).
This affect ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15230 (A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected
by this ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15229 (A vulnerability has been found in Tenda CH22 up to 1.0.0.1.
Affected b ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15222 (A vulnerability has been found in Dromara Sa-Token up to
1.44.0. This ...)
TODO: check
CVE-2025-15221 (A flaw has been found in SohuTV CacheCloud up to 3.2.0. This
vulnerabi ...)
@@ -59,41 +59,41 @@ CVE-2025-15220 (A vulnerability was detected in SohuTV
CacheCloud up to 3.2.0. T
CVE-2025-15219 (A security vulnerability has been detected in SohuTV
CacheCloud up to ...)
TODO: check
CVE-2025-15218 (A weakness has been identified in Tenda AC10U
15.03.06.48/15.03.06.49. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15217 (A security flaw has been discovered in Tenda AC23 16.03.07.52.
Affecte ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15216 (A vulnerability was identified in Tenda AC23 16.03.07.52. This
impacts ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15215 (A vulnerability was determined in Tenda AC10U
15.03.06.48/15.03.06.49. ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15214 (A vulnerability was found in Campcodes Park Ticketing System
1.0. The ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-15213 (A vuln
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34308d7c by security tracker role at 2025-12-29T20:15:03+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -15,23 +15,23 @@ CVE-2025-68929 (Frappe is a full-stack web application
framework. Prior to versi
CVE-2025-68928 (Frappe CRM is an open-source customer relationship management
tool. Pr ...)
TODO: check
CVE-2025-68897 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68893 (Server-Side Request Forgery (SSRF) vulnerability in HETWORKS
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68879 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68878 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68877 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68876 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68870 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68868 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68861 (Missing Authorization vulnerability in Plugin Optimizer allows
Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68706 (A stack-based buffer overflow exists in the GoAhead-Webs HTTP
daemon o ...)
TODO: check
CVE-2025-68431 (libheif is an HEIF and AVIF file format decoder and encoder.
Prior to ...)
@@ -87,9 +87,9 @@ CVE-2025-15201 (A flaw has been found in SohuTV CacheCloud up
to 3.2.0. The impa
CVE-2025-15200 (A vulnerability was detected in SohuTV CacheCloud up to 3.2.0.
The aff ...)
TODO: check
CVE-2025-15199 (A security vulnerability has been detected in code-projects
College No ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15198 (A weakness has been identified in code-projects College Notes
Uploadin ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15197 (A security flaw has been discovered in
code-projects/anirbandutta9 Con ...)
TODO: check
CVE-2025-15196 (A vulnerability was identified in code-projects Assessment
Management ...)
@@ -97,45 +97,45 @@ CVE-2025-15196 (A vulnerability was identified in
code-projects Assessment Manag
CVE-2025-15195 (A vulnerability was determined in code-projects Assessment
Management ...)
TODO: check
CVE-2025-15194 (A vulnerability was found in D-Link DIR-600 up to 2.15WWb02.
Affected ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-15193 (A vulnerability was detected in D-Link DWR-M920 up to 1.1.50.
This aff ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-15192 (A security vulnerability has been detected in D-Link DWR-M920
up to 1. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-15191 (A weakness has been identified in D-Link DWR-M920 up to
1.1.50. The af ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-15190 (A security flaw has been discovered in D-Link DWR-M920 up to
1.1.50. I ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-15189 (A vulnerability was identified in D-Link DWR-M920 up to
1.1.50. This i ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-15188 (A vulnerability was determined in Campcodes Complete Online
Beauty Par ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-15187 (A vulnerability was found in GreenCMS up to 2.3. This affects
an unkno ...)
TODO: check
CVE-2025-15186 (A vulnerability has been found in code-projects Refugee Food
Managemen ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15185 (A flaw has been found in code-projects Refugee Food Management
System ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15184 (A vulnerability was detected in code-projects Refugee Food
Management ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15183 (A security vulnerability has been detected in code-projects
Refugee Fo ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15182 (A weakness has been identified in code-projects Refugee Food
Managemen ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d789860e by security tracker role at 2025-12-29T08:13:30+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -9,11 +9,11 @@ CVE-2025-15226 (WMPro developed by Sunnet has a Arbitrary
File Upload vulnerabil
CVE-2025-15225 (WMPro developed by Sunnet has an Arbitrary File Read
vulnerability, al ...)
TODO: check
CVE-2025-15179 (A vulnerability was determined in Tenda WH450 1.0.0.18.
Impacted is an ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15178 (A vulnerability was found in Tenda WH450 1.0.0.18. This issue
affects ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15177 (A vulnerability has been found in Tenda WH450 1.0.0.18. This
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15176 (A flaw has been found in Open5GS up to 2.7.5. This affects the
functio ...)
TODO: check
CVE-2025-15175 (A vulnerability was detected in SohuTV CacheCloud up to 3.2.0.
Affecte ...)
@@ -31,23 +31,23 @@ CVE-2025-15170 (A security vulnerability has been detected
in Advaya Softech GEM
CVE-2025-15169 (A weakness has been identified in BiggiDroid Simple PHP CMS
1.0. Affec ...)
TODO: check
CVE-2025-15168 (A vulnerability was identified in itsourcecode Student
Management Syst ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-15167 (A vulnerability was determined in itsourcecode Online Cake
Ordering Sy ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-15166 (A vulnerability was found in itsourcecode Online Cake Ordering
System ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-15165 (A vulnerability has been found in itsourcecode Online Cake
Ordering Sy ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-15164 (A security flaw has been discovered in Tenda WH450 1.0.0.18.
This affe ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15163 (A vulnerability was identified in Tenda WH450 1.0.0.18.
Affected by th ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15162 (A vulnerability was determined in Tenda WH450 1.0.0.18.
Affected by th ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15161 (A vulnerability was found in Tenda WH450 1.0.0.18. Affected is
an unkn ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15160 (A vulnerability has been found in Tenda WH450 1.0.0.18. This
impacts a ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15156 (A flaw has been found in omec-project UPF up to 2.1.3-dev.
This affect ...)
TODO: check
CVE-2025-15155 (A vulnerability was detected in floooh sokol up to
16cbcc864012898793c ...)
@@ -69,9 +69,9 @@ CVE-2025-15066 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2025-15065 (Exposure of Sensitive Information to an Unauthorized Actor,
Missing En ...)
TODO: check
CVE-2025-13958 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.40
does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13417 (The Plugin Organizer WordPress plugin before 10.2.4 does not
sanitize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14269
NOT-FOR-US: Headlamp
CVE-2025-68973 (In GnuPG through 2.4.8, armor_filter in g10/armor.c has two
increments ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d789860e77d33b808d4e11f5ac49fe6861b44820
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d789860e77d33b808d4e11f5ac49fe6861b44820
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: dfeb76e4 by security tracker role at 2025-12-28T20:13:48+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -25,13 +25,13 @@ CVE-2025-15141 (A vulnerability was determined in Halo up to 2.21.10. This issue CVE-2025-15140 (A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e568061 ...) TODO: check CVE-2025-15139 (A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2025-15138 (A flaw has been found in prasathmani TinyFileManager up to 2.6. Affect ...) TODO: check CVE-2025-15137 (A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected b ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2025-15136 (A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1 ...) - TODO: check + NOT-FOR-US: TRENDnet CVE-2025-15135 (A weakness has been identified in joey-zhou xiaozhi-esp32-server-java ...) TODO: check CVE-2025-15134 (A security flaw has been discovered in yourmaileyes MOOC up to 1.17. T ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfeb76e431b21cef1ad3ce29ece0a0eb1ce28ea2 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfeb76e431b21cef1ad3ce29ece0a0eb1ce28ea2 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 84eab6df by security tracker role at 2025-12-26T20:13:58+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -15,29 +15,29 @@ CVE-2025-66737 (Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Trav CVE-2025-65885 (An issue was discovered in the Delight Custom Firmware (CFW) for Nokia ...) TODO: check CVE-2025-64645 (IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate t ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-57403 (Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS qu ...) TODO: check CVE-2025-36230 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injec ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36229 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated u ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36228 (IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent perm ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-36192 (IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45 ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-25341 (A vulnerability exists in the libxmljs 1.0.11 when parsing a specially ...) TODO: check CVE-2025-1721 (IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtai ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-14687 (IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authent ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-13915 (IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a ...) - TODO: check + NOT-FOR-US: IBM CVE-2025-13158 (Prototype pollution vulnerability in apidoc-core versions 0.2.0 and al ...) - TODO: check + NOT-FOR-US: Sonatype CVE-2025-12771 (IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer ...) - TODO: check + NOT-FOR-US: IBM CVE-2024-44065 (Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at th ...) TODO: check CVE-2024-42718 (A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attac ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84eab6dfca1da40bc3904a2b15c1ac906d149c26 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84eab6dfca1da40bc3904a2b15c1ac906d149c26 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: cc2538f4 by security tracker role at 2025-12-26T08:13:42+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -21,13 +21,13 @@ CVE-2025-68938 (Gitea before 1.25.2 mishandles authorization for deletion of rel CVE-2025-68937 (Forgejo before 13.0.2 allows attackers to write to unintended files, a ...) TODO: check CVE-2025-67450 (Due to insecure library loading in the Eaton UPS Companion software ex ...) - TODO: check + NOT-FOR-US: Eaton CVE-2025-62578 (DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information) - TODO: check + NOT-FOR-US: Delta Electronics CVE-2025-59888 (Improper quotation in search paths in the Eaton UPS Companion software ...) - TODO: check + NOT-FOR-US: Eaton CVE-2025-59887 (Improper authentication of library files in the Eaton UPS Companion so ...) - TODO: check + NOT-FOR-US: Eaton CVE-2025-52601 (Cybersecurity Nozomi Networks Labs, a specialized security company foc ...) TODO: check CVE-2025-52600 (Cybersecurity Nozomi Networks Labs, a specialized security company foc ...) @@ -63,7 +63,7 @@ CVE-2025-15087 (A security vulnerability has been detected in youlaitech youlai- CVE-2025-15086 (A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. ...) TODO: check CVE-2025-14913 (The Frontend Post Submission Manager Lite \u2013 Frontend Posting Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-14820 REJECTED CVE-2025-14715 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc2538f41b436eddfce75d843ca711ec1519e2d0 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc2538f41b436eddfce75d843ca711ec1519e2d0 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: f0474242 by security tracker role at 2025-12-25T08:13:45+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -27,17 +27,17 @@ CVE-2025-32096 (Pexip Infinity 33.0 through 37.0 before 37.1 has improper input CVE-2025-32095 (Pexip Infinity before 37.0 has improper input validation in signalling ...) TODO: check CVE-2025-15078 (A vulnerability was detected in itsourcecode Student Management System ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2025-15077 (A security vulnerability has been detected in itsourcecode Student Man ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2025-15076 (A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an u ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-15075 (A security flaw has been discovered in itsourcecode Student Management ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2025-15074 (A vulnerability was identified in itsourcecode Online Frozen Foods Ord ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2025-15073 (A vulnerability was determined in itsourcecode Online Frozen Foods Ord ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2025-68916 (Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsuplo ...) NOT-FOR-US: Riello UPS NetMan 208 Application CVE-2025-68915 (Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbann ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f047424296fb8e008b592eb0933b9d5fedec1640 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f047424296fb8e008b592eb0933b9d5fedec1640 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f49987a5 by security tracker role at 2025-12-24T20:13:49+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -37,183 +37,183 @@ CVE-2025-68736 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-68735 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
TODO: check
CVE-2025-68608 (Missing Authorization vulnerability in DeluxeThemes Userpro
userpro al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68606 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68605 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68603 (Missing Authorization vulnerability in Marketing Fire
Editorial Calend ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68602 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68601 (Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius
Five Sta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68600 (Server-Side Request Forgery (SSRF) vulnerability in Yannick
Lefebvre L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68599 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68598 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68597 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68596 (Missing Authorization vulnerability in Bit Apps Bit Assist
bit-assist ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68595 (Missing Authorization vulnerability in Trustindex Widgets for
Social P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68594 (Missing Authorization vulnerability in Assaf Parag Poll,
Survey & Quiz ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68593 (Missing Authorization vulnerability in Liton Arefin WP
Adminify admini ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68592 (Missing Authorization vulnerability in Liton Arefin WP
Adminify admini ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68591 (Missing Authorization vulnerability in Mitchell Bennis Simple
File Lis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68590 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68589 (Missing Authorization vulnerability in WP Socio WP Telegram
Widget and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68588 (Missing Authorization vulnerability in totalsoft TS Poll
poll-wp allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68587 (Missing Authorization vulnerability in Bob Watu Quiz watu
allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68586 (Missing Authorization vulnerability in Gora Tech Cooked cooked
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68585 (Missing Authorization vulnerability in Ben Balter WP Document
Revision ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68584 (Cross-Site Request Forgery (CSRF) vulnerability in Constantin
Boiangiu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68583 (Cross-Site Request Forgery (CSRF) vulnerability in Tikweb
Management F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68582 (Missing Authorization vulnerability in Funnelforms Funnelforms
Free fu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68581 (Missing Authorization vulnerability in YITHEMES YITH Slider
for page b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68580 (Cross-Site Request Forgery (CSRF) vulnerability in pluginsware
Advance ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68579 (Missing Authorization vulnerability in FolioVision FV Simpler
SEO fv-a ...)
- TODO: c
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 6fc194df by security tracker role at 2025-12-24T08:13:41+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -29,9 +29,9 @@ CVE-2025-68664 (LangChain is a framework for building agents and LLM-powered app CVE-2025-68617 (FluidSynth is a software synthesizer based on the SoundFont 2 specific ...) TODO: check CVE-2025-66445 (Authorization bypass vulnerability in Hitachi Infrastructure Analytics ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2025-66444 (Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2025-66213 (Coolify is an open-source and self-hostable tool for managing servers, ...) TODO: check CVE-2025-66212 (Coolify is an open-source and self-hostable tool for managing servers, ...) @@ -45,25 +45,25 @@ CVE-2025-66209 (Coolify is an open-source and self-hostable tool for managing se CVE-2025-64641 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10. ...) TODO: check CVE-2025-57840 (ADB(Android Debug Bridge) is affected by type privilege bypass, succes ...) - TODO: check + NOT-FOR-US: Honor CVE-2025-15053 (A flaw has been found in code-projects Student Information System 1.0. ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-15052 (A vulnerability was detected in code-projects Student Information Syst ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-15050 (A security vulnerability has been detected in code-projects Student Fi ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-15049 (A vulnerability was identified in code-projects Online Farm System 1.0 ...) - TODO: check + NOT-FOR-US: code-projects CVE-2025-15048 (A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts a ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-15047 (A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unk ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-15046 (A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted e ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-15045 (A flaw has been found in Tenda WH450 1.0.0.18. The affected element is ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-15044 (A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an u ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-14936 (NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote ...) TODO: check CVE-2025-14935 (NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote ...) @@ -175,7 +175,7 @@ CVE-2025-14402 (PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Exe CVE-2025-14401 (PDFsam Enhanced App Out-Of-Bounds Read Remote Code Execution Vulnerabi ...) TODO: check CVE-2025-13773 (The Print Invoice & Delivery Notes for WooCommerce plugin for WordPres ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-13767 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10. ...) TODO: check CVE-2025-13716 (Tencent MimicMotion create_pipeline Deserialization of Untrusted Data ...) @@ -207,7 +207,7 @@ CVE-2025-13700 (DreamFactory saveZipFile Command Injection Remote Code Execution CVE-2025-13698 (Deciso OPNsense diag_backup.php filename Directory Traversal Arbitrary ...) TODO: check CVE-2025-13407 (The Gravity Forms WordPress plugin before 2.9.23.1 does not properly p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2025-12840 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...) TODO: check CVE-2025-12839 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc194df3ed08bf44ecb574d58be4db062a27266 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6fc194df3ed08bf44ecb574d58be4db062a27266 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec216439 by security tracker role at 2025-12-23T20:16:53+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,23 +1,23 @@
CVE-2025-68561 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68560 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68559 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68557 (Missing Authorization vulnerability in Vikas Ratudi Chakra
test allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68556 (Missing Authorization vulnerability in VillaTheme HAPPY allows
Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68551 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68550 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68548 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68546 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68544 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67111 (An integer overflow in the RTPS protocol implementation of
OpenDDS DDS ...)
TODO: check
CVE-2025-67109 (Improper verification of the time certificate in Eclipse
Cyclone DDS b ...)
@@ -35,17 +35,17 @@ CVE-2025-65410 (A stack overflow in the src/main.c
component of GNU Unrtf v0.21.
CVE-2025-65354 (Improper input handling in /Grocery/search_products_itname.php
inPunee ...)
TODO: check
CVE-2025-59886 (Improper input validation at one of the endpoints of Eaton
xComfort EC ...)
- TODO: check
+ NOT-FOR-US: Eaton
CVE-2025-51511 (Cadmium CMS v.0.4.9 has a background arbitrary file upload
vulnerabili ...)
TODO: check
CVE-2025-50526 (Netgear EX8000 V1.0.0.126 was discovered to contain a command
injectio ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-48864
REJECTED
CVE-2025-48863
REJECTED
CVE-2025-45493 (Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection
via the i ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2025-33224 (NVIDIA Isaac Launchable contains a vulnerability where an
attacker cou ...)
TODO: check
CVE-2025-33223 (NVIDIA Isaac Launchable contains a vulnerability where an
attacker cou ...)
@@ -53,29 +53,29 @@ CVE-2025-33223 (NVIDIA Isaac Launchable contains a
vulnerability where an attack
CVE-2025-33222 (NVIDIA Isaac Launchable contains a vulnerability where an
attacker cou ...)
TODO: check
CVE-2025-29229 (linksys E5600 V1.1.0.26 is vulnerable to command injection in
the func ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-29228 (Linksys E5600 V1.1.0.26 is vulnerable to command injection in
the runt ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-25364 (A command injection vulnerability in the
me.connectify.SMJobBlessHelpe ...)
TODO: check
CVE-2025-14635 (The Happy Addons for Elementor plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14548 (The Calendar plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14388 (The PhastPress plugin for WordPress is vulnerable to
Unauthenticated A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14163 (The Premium Addons for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14155 (The Premium Addons for Elementor \u2013 Powerful Elementor
Templates & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14000 (The Membership Plugin \u2013 Restrict Content plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13183 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-13074
REJECTED
CVE-2025-12934 (The Beaver Builder \u2013 WordPress Page Builder plugin for
WordPress ...)
- TODO: check
+ NOT-
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 578bf2d7 by security tracker role at 2025-12-23T08:16:18+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -37,7 +37,7 @@ CVE-2025-34458 (wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, pr CVE-2025-34457 (wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to ...) TODO: check CVE-2025-15034 (A security flaw has been discovered in itsourcecode Student Management ...) - TODO: check + NOT-FOR-US: itsourcecode System CVE-2024-27708 (Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes M ...) TODO: check CVE-2023-53981 (PhotoShow 3.0 contains a remote code execution vulnerability that allo ...) @@ -45,7 +45,7 @@ CVE-2023-53981 (PhotoShow 3.0 contains a remote code execution vulnerability tha CVE-2023-53980 (ProjectSend r1605 contains a remote code execution vulnerability that ...) TODO: check CVE-2023-53979 (MyBB 1.8.32 contains a chained vulnerability that allows authenticated ...) - TODO: check + NOT-FOR-US: MyBB CVE-2023-53978 (myBB Forums 1.8.26 contains a stored cross-site scripting vulnerabilit ...) TODO: check CVE-2023-53977 (myBB Forums 1.8.26 contains a stored cross-site scripting vulnerabilit ...) @@ -55,7 +55,7 @@ CVE-2023-53976 (myBB Forums 1.8.26 contains a stored cross-site scripting vulner CVE-2023-53975 (Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability t ...) TODO: check CVE-2023-53974 (D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulner ...) - TODO: check + NOT-FOR-US: D-Link CVE-2023-53973 (Zillya Total Security 3.0.2367.0 contains a privilege escalation vulne ...) TODO: check CVE-2023-53972 (WebTareas 2.4 contains a SQL injection vulnerability in the webTareasS ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/578bf2d75a9ce79fcbb645c2d68eadf8b5485d4d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/578bf2d75a9ce79fcbb645c2d68eadf8b5485d4d You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
64cba96c by security tracker role at 2025-12-22T20:13:39+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -1,7 +1,7 @@
CVE-2025-8460 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2025-68645 (A Local File Inclusion (LFI) vulnerability exists in the
Webmail Class ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2025-68337 (In the Linux kernel, the following vulnerability has been
resolved: j ...)
TODO: check
CVE-2025-68336 (In the Linux kernel, the following vulnerability has been
resolved: l ...)
@@ -39,7 +39,7 @@ CVE-2025-67290 (A stored cross-site scripting (XSS)
vulnerability in the Page Se
CVE-2025-67289 (An arbitrary file upload vulnerability in the Attachments
module of Fr ...)
TODO: check
CVE-2025-67288 (An arbitrary file upload vulnerability in Umbraco CMS v16.3.3
allows a ...)
- TODO: check
+ NOT-FOR-US: Umbraco CMS
CVE-2025-65837 (PublicCMS V5.202506.b is vulnerable to Cross Site Scripting
(XSS) in t ...)
TODO: check
CVE-2025-65790 (A reflected cross-site scripting (XSS) vulnerability exists in
FuguHub ...)
@@ -53,11 +53,11 @@ CVE-2025-63663 (Incorrect access control in the
/api/v1/conversations/*/files AP
CVE-2025-63662 (Insecure permissions in the /api/v1/agents API of GT Edge AI
Platform ...)
TODO: check
CVE-2025-62880 (Cross-Site Request Forgery (CSRF) vulnerability in Kunal Nagar
Custom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-62107 (Cross-Site Request Forgery (CSRF) vulnerability in PluginOps
Feather L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-62094 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-61740 (Authentication issue that does not verify the source of a
packet which ...)
TODO: check
CVE-2025-61739 (Due to Nonce reuse, attackers can perform reply attack or
decrypt capt ...)
@@ -65,19 +65,19 @@ CVE-2025-61739 (Due to Nonce reuse, attackers can perform
reply attack or decryp
CVE-2025-61738 (Under certain circumstances, attacker can capture the network
key, rea ...)
TODO: check
CVE-2025-54890 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2025-26787 (An error in the SignServer container startup logic was found
in Keyfac ...)
TODO: check
CVE-2025-26379 (Use of a weak pseudo-random number generator, which may allow
an attac ...)
TODO: check
CVE-2025-15033 (A vulnerability in WooCommerce 8.1 to 10.4.2 can allow
logged-in custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14273 (Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5,
10.12.x <= 10. ...)
TODO: check
CVE-2025-14018 (Unquoted Search Path or Element vulnerability in NetBT
Consulting Serv ...)
TODO: check
CVE-2025-12514 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2025-10021 (A Use of Uninitialized Variable vulnerability exists in Open
DesignAll ...)
TODO: check
CVE-2024-35321 (MyNET up to v26.08 was discovered to contain a Reflected
cross-site sc ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64cba96cdfadd6144972c959d0c2d05b97456f47
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64cba96cdfadd6144972c959d0c2d05b97456f47
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1b24d13f by security tracker role at 2025-12-22T08:15:35+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=
data/CVE/list
=
@@ -3,13 +3,13 @@ CVE-2025-8305 (An authenticated local user can obtain
information that allows cl
CVE-2025-8304 (An authenticated local user can obtain information that allows
claimin ...)
TODO: check
CVE-2025-62955 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-62926 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-62901 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59301 (Delta Electronics DVP15MC11Tlacks proper validation of the
modbus/tcp ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2025-15016 (Enterprise Cloud Database developed by Ragic has a Hard-coded
Cryptogr ...)
TODO: check
CVE-2025-15015 (Enterprise Cloud Database developed by Ragic has a Arbitrary
File Read ...)
@@ -19,23 +19,23 @@ CVE-2025-15014 (A security flaw has been discovered in
loganhong php loganSite u
CVE-2025-15013 (A vulnerability was identified in floooh sokol up to
5d11344150973f15e ...)
TODO: check
CVE-2025-15012 (A vulnerability was determined in code-projects Refugee Food
Managemen ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15011 (A vulnerability was found in code-projects Simple Stock System
1.0. Im ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-15010 (A vulnerability has been found in Tenda WH450 1.0.0.18. This
issue aff ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15009 (A flaw has been found in liweiyi ChestnutCMS up to 1.5.8. This
vulnera ...)
TODO: check
CVE-2025-15008 (A vulnerability was detected in Tenda WH450 1.0.0.18. This
affects an ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15007 (A security vulnerability has been detected in Tenda WH450
1.0.0.18. Af ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15006 (A weakness has been identified in Tenda WH450 1.0.0.18.
Affected by th ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-15005 (A security flaw has been discovered in CouchCMS up to 2.4.
Affected is ...)
TODO: check
CVE-2025-15004 (A vulnerability was identified in DedeCMS up to 5.7.118. This
impacts ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2025-15003 (A vulnerability was found in SeaCMS up to 13.3. The impacted
element i ...)
TODO: check
CVE-2025-15002 (A vulnerability has been found in SeaCMS up to 13.3. The
affected elem ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b24d13fef28c882e6a6957cbe068bcdb380d5e6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b24d13fef28c882e6a6957cbe068bcdb380d5e6
You're receiving this email because of your account on salsa.debian.org.
___
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker Commits: 67e7a40a by security tracker role at 2025-12-21T20:15:28+00:00 automatic NOT-FOR-US entries update - - - - - 1 changed file: - data/CVE/list Changes: = data/CVE/list = @@ -1,5 +1,5 @@ CVE-2025-14995 (A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected ...) - TODO: check + NOT-FOR-US: Tenda CVE-2025-9343 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...) NOT-FOR-US: WordPress plugin CVE-2025-68644 (Yealink RPS before 2025-06-27 allows unauthorized access to informatio ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e7a40ab5c0541ac9358baf214d6a55d3b6ca75 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e7a40ab5c0541ac9358baf214d6a55d3b6ca75 You're receiving this email because of your account on salsa.debian.org. ___ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
