Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf7cd8e4 by security tracker role at 2026-07-09T19:14:29+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2026-9253 (The WP Cost Estimation & Payment Forms Builder (E&P Forms)
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9240 (The Colissimo Officiel : M\xe9thodes de livraison pour
WooCommerce plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9237 (The Employee, Leave and Recruitment Management System \u2013
Crew HRM ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9235 (The DHL eCommerce (Benelux) for WooCommerce plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9028 (The CorvusPay WooCommerce Payment Gateway plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9027 (The CorvusPay WooCommerce Payment Gateway plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9021 (The Easy Invoice plugin for WordPress is vulnerable to Missing
Authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8996 (The Backup and Staging by WP Time Capsule plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8848 (The Popup Maker \u2013 Boost Sales, Conversions, Optins,
Subscribers w ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7558 (The Age Verification & Identity Verification by Token of Trust
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6910 (The Bookero.pl \u2013 system rezerwacji online plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-61474 (An improper authorization check in MISP\u2019s attribute
creation endp ...)
TODO: check
CVE-2026-61344 (The Superior Court of California Hearing Reminder Service at
https://w ...)
@@ -111,15 +111,15 @@ CVE-2026-58459 (gpsd through release-3.27.5, fixed at
commit 4c06658, contains a
CVE-2026-58378 (Allwinner H616 TV Box TV98 has ADB enabled and exposed to the
network ...)
TODO: check
CVE-2026-58307 (Out-of-bounds read, Reachable assertion vulnerability in
Samsung Open ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2026-58306 (Heap-based buffer overflow vulnerability in Samsung Open
Source Escarg ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2026-58305 (Access of resource using incompatible type ('type confusion')
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2026-58304 (Out-of-bounds read, Out-of-bounds write vulnerability in
Samsung Open ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2026-58303 (Stack-based buffer overflow vulnerability in Samsung Open
Source Escar ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2026-58198 (ChatterBot is a machine learning, conversational dialog engine
for cre ...)
TODO: check
CVE-2026-58125
@@ -127,15 +127,15 @@ CVE-2026-58125
CVE-2026-57111 (Permissive Cross-Origin Resource Sharing (CORS) in the REST
API (helix ...)
TODO: check
CVE-2026-56460 (HCL DevOps Deploy / HCL Launch could disclose sensitive
configurations ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-56459 (HCL DevOps Deploy / HCL Launch is susceptible to sensitive
information ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-56458 (HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS)
which coul ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-56292 (A SQLi vulnerability in AcyMailing component < 10.11.1 for
Joomla was ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-56291 (The Joomla extension Balbooa Forms is vulnerable to an
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-56289 (GNU patch is vulnerable to a denial of service (DoS) due to
improper v ...)
TODO: check
CVE-2026-56288 (GNU patch is vulnerable to a NULL pointer dereference when
processing ...)
@@ -143,15 +143,15 @@ CVE-2026-56288 (GNU patch is vulnerable to a NULL pointer
dereference when proce
CVE-2026-55590 (CakePHP Authentication is an authentication plugin for CakePHP
that ca ...)
TODO: check
CVE-2026-55420 (Discourse is an open-source discussion platform. Prior to
2026.6.0, 20 ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-54801 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-54800 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-54799 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-54798 (A vulnerability has been identified in CPCI85 Central
Processing/Commu ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-54695 (Pipecat is an open-source Python framework for building
real-time voic ...)
TODO: check
CVE-2026-54005 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
@@ -165,19 +165,19 @@ CVE-2026-54002 (Kirby is an open-source content
management system. Prior to 4.9.
CVE-2026-53987 (The Tag plugin for GLPI 11 before 2.14.4 stores the tag name
without H ...)
TODO: check
CVE-2026-51606 (An improper input handling vulnerability in the RTSP service
of Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-51605 (A stack-based buffer overflow vulnerability in the RTSP
service of Ten ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-51604 (A stack-based buffer overflow vulnerability in the RTSP
service of Ten ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-51603 (A stack-based buffer overflow vulnerability in the RTSP
service of Ten ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-51602 (A stack-based buffer overflow vulnerability in the RTSP
service of Ten ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-51601 (Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based
buffer overf ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-51600 (Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the
Content-Lengt ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-51599 (An insufficient input validation vulnerability in the RTSP
service of ...)
TODO: check
CVE-2026-51598 (An input validation vulnerability in the RTSP service of
MERCURY MIPC2 ...)
@@ -189,11 +189,11 @@ CVE-2026-50644 (SOPlanning is vulnerable to SQL injection
in the audit retention
CVE-2026-50188 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
TODO: check
CVE-2026-4653 (The Block, Suspend, Report for BuddyPress plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4298 (The DSGVO All in one for WP plugin for WordPress is vulnerable
to Miss ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4275 (The Divi Torque Lite \u2013 Divi Theme, Divi Builder & Extra
Theme plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4256 (Improper neutralization of special elements used in an LDAP
query ('LD ...)
TODO: check
CVE-2026-49276 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
@@ -201,7 +201,7 @@ CVE-2026-49276 (Kirby is an open-source content management
system. Prior to 4.9.
CVE-2026-49274 (Kirby is an open-source content management system. Prior to
4.9.4 and ...)
TODO: check
CVE-2026-43752 (An authenticated administrator may be able to achieve
arbitrary code e ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-33390 (An Incorrect Privilege Assignment vulnerability was discovered
in the ...)
TODO: check
CVE-2026-31985 (When the upstream Guardian or CMC was configured in the Remote
Collect ...)
@@ -223,7 +223,7 @@ CVE-2026-1365 (Insertion of sensitive information into sent
data vulnerability i
CVE-2026-15308 (The incremental HTML parser (html.parser.HTMLParser) allows
for CPU de ...)
TODO: check
CVE-2026-15204 (A vulnerability was detected in TOTOLINK X5000R
9.1.0cu.2415_B20250515 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-15202 (A security vulnerability has been detected in YzmCMS up to
7.5. Affect ...)
TODO: check
CVE-2026-15195 (A weakness has been identified in apidevtools
json-schema-ref-parser u ...)
@@ -237,7 +237,7 @@ CVE-2026-15192 (A vulnerability has been found in mettle
sendportal up to 3.0.1.
CVE-2026-15191 (A flaw has been found in mettle sendportal up to 3.0.1. This
vulnerabi ...)
TODO: check
CVE-2026-15190 (A vulnerability was detected in SourceCodester Simple and Nice
Shoppin ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-15189 (A security vulnerability has been detected in aerostackdev
aerostack-m ...)
TODO: check
CVE-2026-15188 (A weakness has been identified in manjurulhoque
django-job-portal up t ...)
@@ -253,41 +253,41 @@ CVE-2026-15184 (A vulnerability was found in GNU LibreDWG
up to 0.13.4. The impa
CVE-2026-15182 (A vulnerability has been found in GNU LibreDWG up to 0.13.4.
The affec ...)
TODO: check
CVE-2026-15158 (The Blocksy Companion plugin for WordPress is vulnerable to
Arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15000 (The Connect Contact Form 7 and Mailchimp plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14372 (The Bit Form \u2013 Contact Form, Payment Forms, Multi Step
Forms, Cal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14343 (The Download Manager plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14342 (The Mail Mint \u2013 Email Marketing, Newsletter, Email
Automation & W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14278
REJECTED
CVE-2026-14261 (A vulnerability in the Xerte Online Tools allows for
authentication by ...)
TODO: check
CVE-2026-14245 (The miniOrange OTP Login, Verification and SMS Notifications
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13771 (The Customer Reviews for WooCommerce plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13492 (The UsersWP plugin for WordPress is vulnerable to Arbitrary
File Delet ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13462 (PayRange Android app, version 7.0.7 and below, contains an SSL
bypass ...)
TODO: check
CVE-2026-13461 (When coupled with the SSL bypass vulnerability, JavaScript can
be inje ...)
TODO: check
CVE-2026-13450 (The GamiPress \u2013 Gamification plugin to reward points,
achievement ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13441 (The EventPrime \u2013 Events Calendar, Bookings and Tickets
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13334 (The Mang Board WP plugin for WordPress is vulnerable to
Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13253 (The Ultimate Post plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13080 (The WPFunnels \u2013 Funnel Builder for WooCommerce with
Checkout & On ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13011 (The ERP: Complete HR, Accounting & CRM Suite with Recruitment
and WooC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12879 (An Improper Input Validation vulnerability in BigQuery DAO in
Google C ...)
TODO: check
CVE-2026-12593 (The implementation of an internalandundocumentedDashboardAPI
endpoint( ...)
@@ -295,39 +295,39 @@ CVE-2026-12593 (The implementation of an
internalandundocumentedDashboardAPI end
CVE-2026-12590 (Impact: In body-parser versions prior to 1.20.6 (1.x line) and
2.3.0 ( ...)
TODO: check
CVE-2026-12433 (The Hydra Booking \u2013 Appointment Scheduling & Booking
Calendar plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12428 (The Blocks for ACF Fields plugin for WordPress is vulnerable
to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12418 (The User Frontend: AI Powered Frontend Posting, User
Directory, Profil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12406 (The User Frontend: AI Powered Frontend Posting, User
Directory, Profil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12170 (The AcyMailing \u2013 An Ultimate Newsletter Plugin and
Marketing Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12116 (A vulnerability in the Xerte Online Tools allows for RCE
through the a ...)
TODO: check
CVE-2026-11404 (Cesanta Mongoose before 7.22 contains an out-of-bounds read in
the bui ...)
TODO: check
CVE-2026-11359 (The Memberships and User Profiles for WooCommerce \u2013
ProfileGrid W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0287 (Multiple denial of service vulnerabilities in Palo Alto
Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0286 (A command injection vulnerability in the management plane of
Palo Alto ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0285 (A server-side request forgery (SSRF) vulnerability in Palo Alto
Networ ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0284 (An XML injection vulnerability in the Large Scale VPN (LSVPN)
function ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0283 (An authentication bypass vulnerability in Large Scale VPN (
LSVPN) fun ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0282 (A file deletion vulnerability in Palo Alto Networks PAN-OS\xae
softwar ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0281 (An information disclosure vulnerability in Palo Alto Networks
PAN-OS\x ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0280 (An IPv6 packet processing vulnerability in the dataplane of
Palo Alto ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0279 (Multiple cross site scripting vulnerabilities in the
User-ID\u2122 Aut ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-63579 (Unauthorized use of Kyocera printers, allows all information
stored in ...)
TODO: check
CVE-2026-57825
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf7cd8e45afdf9890ffb433f14bae9a542b85af6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf7cd8e45afdf9890ffb433f14bae9a542b85af6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits