Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e1232917 by security tracker role at 2026-07-03T07:14:07+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2026-9725 (The Printcart Web to Print Product Designer for WooCommerce
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9626 (The JSON API User plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9180 (The MotoPress Appointment Booking plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8921 (External Control of File Name or Path vulnerability in ASUS
Business M ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-8892 (The CM Business Directory \u2013 Optimise and showcase local
business ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8489 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8247 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS
may all ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-59102 (Forgejo before 15.0.3 contains a stored cross-site scripting
vulnerabi ...)
TODO: check
CVE-2026-59101 (AutoBangumi before 3.2.8 contains a server-side request
forgery (SSRF) ...)
@@ -47,11 +47,11 @@ CVE-2026-58466 (AutoBangumi before 3.2.8 contains a
hard-coded default credentia
CVE-2026-58460 (react-native-receive-sharing-intent contains a path traversal
vulnerab ...)
TODO: check
CVE-2026-57100 (Server-side request forgery (ssrf) in Microsoft Entra
Provisioning Ser ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-55726 (The Azure Blob Storage container used for Gardyn device logs
is public ...)
TODO: check
CVE-2026-54998 (Incorrect authorization in Microsoft Exchange Online allows an
authori ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-54477 (The admin panel lacks standard security headers, enabling
clickjacking ...)
TODO: check
CVE-2026-52830 (fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1,
fast-mcp- ...)
@@ -71,11 +71,11 @@ CVE-2026-50722 (Libreswan, via the function
RSA_authenticate_hash_signature_pkcs
CVE-2026-50721 (Libreswan, via the function
RSA_authenticate_hash_signature_raw_rsa(), ...)
TODO: check
CVE-2026-4967 (In IMS, there is a possible out of bounds read due to a missing
bounds ...)
- TODO: check
+ NOT-FOR-US: Unisoc
CVE-2026-45499 (Server-side request forgery (ssrf) in Azure OpenAI allows an
authorize ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-41106 (Url redirection to untrusted site ('open redirect') in M365
Copilot al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-38972 (Notepad3 through 6.25.822.1 contains a DLL search-order
hijacking vuln ...)
TODO: check
CVE-2026-38971 (ardupilot through Plane-4.6.3 was found to contain an
out-of-bounds re ...)
@@ -87,69 +87,69 @@ CVE-2026-38969 (ruby webrick through v1.9.2 WEBrick
reparses trailer Content-Len
CVE-2026-38968 (ntopng through 6.6 is vulnerable to Predictable Session
Identifier whi ...)
TODO: check
CVE-2026-26145 (Improper access control in Azure Synapse allows an authorized
attacker ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-14352 (The AR for WooCommerce plugin for WordPress is vulnerable to
Directory ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14327 (The AR for WordPress plugin for WordPress is vulnerable to
Directory T ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13768 (Gardyn devices expose a privileged iothubowner key. Access to
this key ...)
TODO: check
CVE-2026-13728 (In exception circumstances, WatchGuard Fireware OS on a
FireCluster ma ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13722 (WatchGuard Fireware OS contains a firmware validation bypass
when proc ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13384 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS
wgagent ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13383 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS
ikestub ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13377 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13376 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13375 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13374 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13373 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13371 (An authenticated administrator can trigger a denial-of-service
conditi ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13368 (WatchGuard Fireware OS contains a race condition leading to a
use-afte ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13084 (A null pointer dereference vulnerability in WatchGuard
Fireware OS may ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13079 (A local privilege escalation vulnerability in the WatchGuard
Mobile VP ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13054 (A path traversal vulnerability in the WatchGuard Fireware OS
Managemen ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13053 (An Out-of-bounds Write vulnerability in WatchGuard Fireware
OS's CLI c ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13050 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS
network ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2026-13040 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress
plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12960 (An Improper Export of Android Application Components
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-12920 (The Cookie Banner for GDPR / CCPA \u2013 WPLP Cookie Consent
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12734 (The weDocs: AI Powered Knowledge Base, Docs, Documentation,
Wiki & AI ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12731 (The weDocs: AI Powered Knowledge Base, Docs, Documentation,
Wiki & AI ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12729 (The weDocs: AI Powered Knowledge Base, Docs, Documentation,
Wiki & AI ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12557 (The Ninja Forms - File Uploads plugin for WordPress is
vulnerable to a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12413 (An invalidly formatted IKEv2 fragment causes the Libreswan
pluto daemo ...)
TODO: check
CVE-2026-11397 (The WP Import Export Lite plugin for WordPress is vulnerable
to Server ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-71385 (Netdata before 2.3.1 reflects the user-supplied love query
parameter o ...)
TODO: check
CVE-2022-4990 (** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of
Specified Quant ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2022-4989 (** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of
Specified Quant ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-58381 (A flaw was found in GIMP's PSP file format parser. A
double-free condi ...)
- gimp 3.2.4-1
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/work_items/16207
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e123291773047976a45e9f696deae692defe8ca3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e123291773047976a45e9f696deae692defe8ca3
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits