Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e1232917 by security tracker role at 2026-07-03T07:14:07+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2026-9725 (The Printcart Web to Print Product Designer for WooCommerce 
plugin for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9626 (The JSON API User plugin for WordPress is vulnerable to Stored 
Cross-S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9180 (The MotoPress Appointment Booking plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8921 (External Control of File Name or Path vulnerability in ASUS 
Business M ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2026-8892 (The CM Business Directory \u2013 Optimise and showcase local 
business  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8489 (The Ultimate Member \u2013 User Profile, Registration, Login, 
Member D ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8247 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS 
may all ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-59102 (Forgejo before 15.0.3 contains a stored cross-site scripting 
vulnerabi ...)
        TODO: check
 CVE-2026-59101 (AutoBangumi before 3.2.8 contains a server-side request 
forgery (SSRF) ...)
@@ -47,11 +47,11 @@ CVE-2026-58466 (AutoBangumi before 3.2.8 contains a 
hard-coded default credentia
 CVE-2026-58460 (react-native-receive-sharing-intent contains a path traversal 
vulnerab ...)
        TODO: check
 CVE-2026-57100 (Server-side request forgery (ssrf) in Microsoft Entra 
Provisioning Ser ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-55726 (The Azure Blob Storage container used for Gardyn device logs 
is public ...)
        TODO: check
 CVE-2026-54998 (Incorrect authorization in Microsoft Exchange Online allows an 
authori ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-54477 (The admin panel lacks standard security headers, enabling 
clickjacking ...)
        TODO: check
 CVE-2026-52830 (fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, 
fast-mcp- ...)
@@ -71,11 +71,11 @@ CVE-2026-50722 (Libreswan, via the function 
RSA_authenticate_hash_signature_pkcs
 CVE-2026-50721 (Libreswan, via the function 
RSA_authenticate_hash_signature_raw_rsa(), ...)
        TODO: check
 CVE-2026-4967 (In IMS, there is a possible out of bounds read due to a missing 
bounds ...)
-       TODO: check
+       NOT-FOR-US: Unisoc
 CVE-2026-45499 (Server-side request forgery (ssrf) in Azure OpenAI allows an 
authorize ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-41106 (Url redirection to untrusted site ('open redirect') in M365 
Copilot al ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-38972 (Notepad3 through 6.25.822.1 contains a DLL search-order 
hijacking vuln ...)
        TODO: check
 CVE-2026-38971 (ardupilot through Plane-4.6.3 was found to contain an 
out-of-bounds re ...)
@@ -87,69 +87,69 @@ CVE-2026-38969 (ruby webrick through v1.9.2 WEBrick 
reparses trailer Content-Len
 CVE-2026-38968 (ntopng through 6.6 is vulnerable to Predictable Session 
Identifier whi ...)
        TODO: check
 CVE-2026-26145 (Improper access control in Azure Synapse allows an authorized 
attacker ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2026-14352 (The AR for WooCommerce plugin for WordPress is vulnerable to 
Directory ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14327 (The AR for WordPress plugin for WordPress is vulnerable to 
Directory T ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13768 (Gardyn devices expose a privileged iothubowner key. Access to 
this key ...)
        TODO: check
 CVE-2026-13728 (In exception circumstances, WatchGuard Fireware OS on a 
FireCluster ma ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13722 (WatchGuard Fireware OS contains a firmware validation bypass 
when proc ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13384 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS 
wgagent ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13383 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS 
ikestub ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13377 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13376 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13375 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13374 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13373 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13371 (An authenticated administrator can trigger a denial-of-service 
conditi ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13368 (WatchGuard Fireware OS contains a race condition leading to a 
use-afte ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13084 (A null pointer dereference vulnerability in WatchGuard 
Fireware OS may ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13079 (A local privilege escalation vulnerability in the WatchGuard 
Mobile VP ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13054 (A path traversal vulnerability in the WatchGuard Fireware OS 
Managemen ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13053 (An Out-of-bounds Write vulnerability in WatchGuard Fireware 
OS's CLI c ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13050 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS 
network ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard
 CVE-2026-13040 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress 
plugin for Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12960 (An Improper Export of Android Application Components 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2026-12920 (The Cookie Banner for GDPR / CCPA \u2013 WPLP Cookie Consent 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12734 (The weDocs: AI Powered Knowledge Base, Docs, Documentation, 
Wiki & AI  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12731 (The weDocs: AI Powered Knowledge Base, Docs, Documentation, 
Wiki & AI  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12729 (The weDocs: AI Powered Knowledge Base, Docs, Documentation, 
Wiki & AI  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12557 (The Ninja Forms - File Uploads plugin for WordPress is 
vulnerable to a ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12413 (An invalidly formatted IKEv2 fragment causes the Libreswan 
pluto daemo ...)
        TODO: check
 CVE-2026-11397 (The WP Import Export Lite plugin for WordPress is vulnerable 
to Server ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-71385 (Netdata before 2.3.1 reflects the user-supplied love query 
parameter o ...)
        TODO: check
 CVE-2022-4990 (** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of 
Specified Quant ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2022-4989 (** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of 
Specified Quant ...)
-       TODO: check
+       NOT-FOR-US: ASUS
 CVE-2026-58381 (A flaw was found in GIMP's PSP file format parser. A 
double-free condi ...)
        - gimp 3.2.4-1
        NOTE: https://gitlab.gnome.org/GNOME/gimp/-/work_items/16207



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e123291773047976a45e9f696deae692defe8ca3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e123291773047976a45e9f696deae692defe8ca3
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to