Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0b097e60 by security tracker role at 2026-07-10T19:14:48+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
CVE-2026-9857 (The Invoice123 plugin for WordPress is vulnerable to
authorization byp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9838 (The ICS Calendar plugin for WordPress is vulnerable to
Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8609 (An unauthenticated attacker can repeatedly call Grafana's OAuth
login ...)
- TODO: check
+ NOT-FOR-US: Grafana Labs
CVE-2026-8595 (A user with Editor permissions can craft a dashboard whose
table (Tabl ...)
- TODO: check
+ NOT-FOR-US: Grafana Labs
CVE-2026-6872
REJECTED
CVE-2026-6802 (The Easy Upload Files During Checkout plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6440 (The GoodMeet \u2013 Google Meet Integration for Webinar,
Meeting & Vid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6212 (Authorization bypass through User-Controlled key vulnerability
in Tera ...)
TODO: check
CVE-2026-61492 (In JetBrains YouTrack before 2026.2.17394 stored XSS via
article title ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-61461 (Dify before 1.16.0-rc1 contains a SQL injection vulnerability
in the M ...)
TODO: check
CVE-2026-61460 (Krayin CRM through 2.2.3 contains an insecure direct object
reference ...)
@@ -49,17 +49,17 @@ CVE-2026-60086 (PraisonAI before 4.6.78 contains a prompt
injection defense bypa
CVE-2026-5801 (Improper neutralization of special elements used in an SQL
command ('S ...)
TODO: check
CVE-2026-59796 (In JetBrains TeamCity before 2026.1.2 pipeline modification
was possib ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-59795 (In JetBrains TeamCity before 2026.1.2 stored XSS via
unauthenticated a ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-59794 (In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud
profile ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-59793 (In JetBrains TeamCity before 2026.1.2 arbitrary file access
was possib ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-59792 (In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code
execution via ...)
TODO: check
CVE-2026-59791 (In JetBrains YouTrack before 2026.2.17012 cSS injection via
Mermaid di ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-59193 (Grav is a file-based Web platform. Prior to 2.0.0, an
authenticated ad ...)
TODO: check
CVE-2026-59190 (grav-plugin-admin is an HTML user interface that provides a
way to con ...)
@@ -75,7 +75,7 @@ CVE-2026-59154 (Wekan is open source kanban built with
Meteor. Prior to 9.64, We
CVE-2026-59151 (Prowler is a cloud security platform. Prior to 5.30.3,
Prowler's SAML ...)
TODO: check
CVE-2026-58661 (n8n before 2.28.0 (and before 1.123.58 on the 1.x branch)
contains a d ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-58493 (grav-plugin-database is the database plugin for Grav CMS.
Prior to 1.2 ...)
TODO: check
CVE-2026-58492 (grav-plugin-database is the database plugin for Grav CMS.
Prior to 1.2 ...)
@@ -101,11 +101,11 @@ CVE-2026-56813 (Improper Neutralization of
Parameter/Argument Delimiters vulnera
CVE-2026-56765 (Vikunja before 2.2.1 contains an authorization flaw where the
LinkShar ...)
TODO: check
CVE-2026-56690 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s)
an Improp ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-56689 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s)
an Improp ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-56688 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s)
an Improp ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-56676 (9Router is an AI router & token saver. Prior to 0.5.2, 9router
validat ...)
TODO: check
CVE-2026-56675 (9Router is an AI router & token saver. Prior to 0.5.2, 9router
treats ...)
@@ -125,7 +125,7 @@ CVE-2026-56373 (ImageMagick before 7.1.2-15 contains a
use-after-free vulnerabil
CVE-2026-56366 (ImageMagick before 7.1.2-18 contains a memory leak
vulnerability in th ...)
TODO: check
CVE-2026-56354 (n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and
2.x branch ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-56335 (Capgo before 12.128.2 contains an authorization bypass
vulnerability w ...)
TODO: check
CVE-2026-56329 (Capgo before 12.128.2 contains a cross-tenant preview
namespace collis ...)
@@ -191,11 +191,11 @@ CVE-2026-55460 (Snipe-IT is an IT asset/license
management system. Prior to 8.6.
CVE-2026-54919 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
TODO: check
CVE-2026-54470 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior
contain(s) ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-54469 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior,
contain(s) ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-54468 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior,
contain(s) ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-54329 (Snipe-IT is an IT asset/license management system. Prior to
8.6.2, the ...)
TODO: check
CVE-2026-54149 (MaxKB is an open-source AI assistant for enterprise. Prior to
2.10.0-l ...)
@@ -235,19 +235,19 @@ CVE-2026-41876 (R-SOFT DMS is vulnerable toOS Command
Injection in konwertujActi
CVE-2026-40454 (Out-of-bounds Read, Improper Input Validation vulnerability in
Apache ...)
TODO: check
CVE-2026-40452 (Incorrect Authorization, Improper Access Control vulnerability
in Apac ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-40009 (Improper Privilege Management, Improper Access Control
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-40008 (Use of Externally-Controlled Input to Select Classes or Code
('Unsafe ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-40007 (Uncontrolled Recursion, Uncontrolled Resource Consumption
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-40006 (Memory Allocation with Excessive Size Value, Allocation of
Resources W ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-40005 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-3907 (The Hostel plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3251 (Improper neutralization of input during web page generation
('cross-si ...)
TODO: check
CVE-2026-39903 (Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0
Alpha 5 ...)
@@ -259,7 +259,7 @@ CVE-2026-38059 (The iDirect iQ200 exposes the /api/identity
and /api/ REST API e
CVE-2026-38057 (The iDirect iQ200 does not validate CSRF tokens on
state-changing API ...)
TODO: check
CVE-2026-33382 (Several Grafana API endpoints, some of them unauthenticated,
do not li ...)
- TODO: check
+ NOT-FOR-US: Grafana Labs
CVE-2026-2398 (Authorization bypass through User-Controlled key vulnerability
in Adam ...)
TODO: check
CVE-2026-2397 (Improper neutralization of special elements used in an SQL
command ('S ...)
@@ -267,15 +267,15 @@ CVE-2026-2397 (Improper neutralization of special
elements used in an SQL comman
CVE-2026-29519 (Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and
7.0.x r ...)
TODO: check
CVE-2026-28564 (Insufficient Session Expiration, Authentication Bypass by
Capture-repl ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-22660 (FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a
logic flaw ...)
TODO: check
CVE-2026-22659 (FlaskBB through 2.2.0, fixed in commit acc88cf, contains an
authorizat ...)
TODO: check
CVE-2026-1946 (The GW AI Website Builder plugin for WordPress is vulnerable to
unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1667 (The SEO Plugin by Squirrly SEO plugin for WordPress is
vulnerable to A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15378 (A flaw was found in the `guardrails-detectors` component. This
vulnera ...)
TODO: check
CVE-2026-15377 (A vulnerability was determined in Eleveo Call Recording
Software 9.7.0 ...)
@@ -293,37 +293,37 @@ CVE-2026-15146 (GNU Wget does not validate the IP address
provided by an FTP PAS
CVE-2026-15143 (A flaw was found in the file_type content detector of
guardrails-detec ...)
TODO: check
CVE-2026-15104 (The BetterDocs \u2013 AI Documentation, Knowledge Base, Docs,
Wikis, F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15028 (A flaw was found in libarchive. This vulnerability allows a
remote att ...)
TODO: check
CVE-2026-15026 (The Import and export users and customers plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14475 (The Cookie Banner for GDPR / CCPA \u2013 WPLP Cookie Consent
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14461 (mtr is vulnerable to Out-of-bound read vulnerability in
ipinfo_lookup( ...)
TODO: check
CVE-2026-13710 (The Jeg Kit for Elementor \u2013 Powerful Addons for
Elementor, Widget ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13347 (The Hide My WP Lite plugin for WordPress is vulnerable to
Arbitrary Fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13247 (The Logo Slider \u2013 Logo Carousel, Client Logo Slider &
Brand Showc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13010 (The JoomSport \u2013 for Sports: Team & League, Football,
Hockey & mor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12955 (The GDPR Cookie Consent plugin for WordPress is vulnerable to
unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12924 (The Eventin \u2013 Event Calendar, Event Registration, Tickets
& Booki ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12918 (The Mail Mint \u2013 Email Marketing, Newsletter, Email
Automation & W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12400 (The FlowForms \u2013 Conversational Form Builder plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12108 (The Highlighting Code Block plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11992 (The Easy Appointments plugin for WordPress is vulnerable to
authorizat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11990 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-70796 (An unauthenticated path traversal vulnerability exists in the
web mana ...)
TODO: check
CVE-2025-30008 (HestiaCP before 1.9.5 contains a stored cross-site scripting
vulnerabi ...)
@@ -333,7 +333,7 @@ CVE-2025-30007 (HestiaCP before 1.9.5 contains an
authenticated OS command injec
CVE-2025-12127
REJECTED
CVE-2025-11977 (The Happyforms \u2013 Form Builder for WordPress: Drag & Drop
Contact ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-53363 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 7.0.13-1
[trixie] - linux <not-affected> (Vulnerable code not present)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b097e604470361d71a1c684c11c1a587a037b18
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b097e604470361d71a1c684c11c1a587a037b18
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits