Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef27997c by security tracker role at 2026-02-27T20:15:03+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,31 +3,31 @@ CVE-2026-3327 (Authenticated Iframe Injection in Dato CMS Web
Previews plugin. T
CVE-2026-3304 (Multer is a node.js middleware for handling
`multipart/form-data`. A v ...)
TODO: check
CVE-2026-3277 (The OpenID Connect (OIDC) authentication configuration in
PowerShell ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-3223 (Arbitrary file write & potential privilege escalation
exploiting zip s ...)
TODO: check
CVE-2026-2880 (A vulnerability in @fastify/middie versions < 9.2.0 can result
in auth ...)
TODO: check
CVE-2026-2831 (The MailArchiver plugin for WordPress is vulnerable to SQL
Injection v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2751 (Blind SQL Injection via unsanitized array keys in Service
Dependencies ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2026-2750 (Improper Input Validation vulnerability in Centreon Centreon
Open Tick ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2026-2749 (Vulnerability in Centreon Centreon Open Tickets on Central
Server on L ...)
- TODO: check
+ NOT-FOR-US: Centreon
CVE-2026-2383 (The Simple Download Monitor plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2362 (The WP Accessibility plugin for WordPress is vulnerable to
Stored DOM- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2359 (Multer is a node.js middleware for handling
`multipart/form-data`. A v ...)
TODO: check
CVE-2026-2293 (A NestJS application using @nestjs/platform-fastify can allow
bypass o ...)
TODO: check
CVE-2026-2252 (An XML External Entity (XXE) vulnerability allows malicious
user to pe ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2026-2251 (Improper limitation of a pathname to a restricted directory
(Path Trav ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2026-28354 (ClipBucket v5 is an open source video sharing platform. Prior
to versi ...)
TODO: check
CVE-2026-27947 (Group-Office is an enterprise customer relationship management
and gro ...)
@@ -89,9 +89,9 @@ CVE-2026-26862 (CleverTap Web SDK version 1.15.2 and earlier
is vulnerable to DO
CVE-2026-26861 (CleverTap Web SDK version 1.15.2 and earlier is vulnerable to
Cross-Si ...)
TODO: check
CVE-2026-25147 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-24488 (OpenEMR is a free and open source electronic health records
and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-24352 (PluXml CMS allows a user's session identifier to be set before
authent ...)
TODO: check
CVE-2026-24351 (PluXml CMS is vulnerable to Stored XSS in Static Pages editing
functio ...)
@@ -103,33 +103,33 @@ CVE-2026-22717 (Out-of-bound read vulnerability in VMware
Workstation 25H1 and b
CVE-2026-22716 (Out-of-bound write vulnerability in VMware Workstation 25H1
and below ...)
TODO: check
CVE-2026-21660 (Hardcoded Email Credentials Saved as Plaintext in Firmware
(CWE-256: P ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2026-21659 (Unauthenticated Remote Code Execution and Information
Disclosure due t ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2026-21658 (Unauthenticated Remote Code Execution i.e Improper Control of
Generati ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2026-21657 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2026-21656 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2026-21654 (Improper Neutralization of Special Elements used in an OS
Command ('OS ...)
- TODO: check
+ NOT-FOR-US: Johnson Controls
CVE-2026-21619 (Uncontrolled Resource Consumption, Deserialization of
Untrusted Data v ...)
TODO: check
CVE-2026-1627 (An attacker may exploit the use of outdated and weak MAC
algorithms in ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-1626 (An attacker may exploit the use of weak CBC-based cipher suites
in the ...)
- TODO: check
+ NOT-FOR-US: SICK AG
CVE-2026-1434 (Omega-PSIR is vulnerable to Reflected XSS via the lang
parameter. An a ...)
TODO: check
CVE-2026-1305 (The Japanized for WooCommerce plugin for WordPress is
vulnerable to Im ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-69437 (PublicCMS v5.202506.d and earlier is vulnerable to stored XSS.
Uploade ...)
TODO: check
CVE-2025-15498 (Pro3W CMS if vulnerable toSQL injection attacks.Improper
neutralizatio ...)
TODO: check
CVE-2025-14142 (The Electric Enquiries plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11950 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-11252 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -137,7 +137,7 @@ CVE-2025-11252 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-11251 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2024-10938 (The OVRI Payment plugin for WordPress contains malicious
.htaccess fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2019-25497 (osCommerce 2.3.4.1 contains a SQL injection vulnerability that
allows ...)
TODO: check
CVE-2019-25496 (osCommerce 2.3.4.1 contains a SQL injection vulnerability that
allows ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef27997c1d321713ef6060dc42f75529a173ffcb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef27997c1d321713ef6060dc42f75529a173ffcb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
