Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0b097e60 by security tracker role at 2026-07-10T19:14:48+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,21 +1,21 @@
 CVE-2026-9857 (The Invoice123 plugin for WordPress is vulnerable to 
authorization byp ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9838 (The ICS Calendar plugin for WordPress is vulnerable to 
Reflected Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8609 (An unauthenticated attacker can repeatedly call Grafana's OAuth 
login  ...)
-       TODO: check
+       NOT-FOR-US: Grafana Labs
 CVE-2026-8595 (A user with Editor permissions can craft a dashboard whose 
table (Tabl ...)
-       TODO: check
+       NOT-FOR-US: Grafana Labs
 CVE-2026-6872
        REJECTED
 CVE-2026-6802 (The Easy Upload Files During Checkout plugin for WordPress is 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6440 (The GoodMeet \u2013 Google Meet Integration for Webinar, 
Meeting & Vid ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6212 (Authorization bypass through User-Controlled key vulnerability 
in Tera ...)
        TODO: check
 CVE-2026-61492 (In JetBrains YouTrack before 2026.2.17394 stored XSS via 
article title ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2026-61461 (Dify before 1.16.0-rc1 contains a SQL injection vulnerability 
in the M ...)
        TODO: check
 CVE-2026-61460 (Krayin CRM through 2.2.3 contains an insecure direct object 
reference  ...)
@@ -49,17 +49,17 @@ CVE-2026-60086 (PraisonAI before 4.6.78 contains a prompt 
injection defense bypa
 CVE-2026-5801 (Improper neutralization of special elements used in an SQL 
command ('S ...)
        TODO: check
 CVE-2026-59796 (In JetBrains TeamCity before 2026.1.2 pipeline modification 
was possib ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2026-59795 (In JetBrains TeamCity before 2026.1.2 stored XSS via 
unauthenticated a ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2026-59794 (In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud 
profile  ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2026-59793 (In JetBrains TeamCity before 2026.1.2 arbitrary file access 
was possib ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2026-59792 (In JetBrains IntelliJ IDEA before 2026.1.4,  2026.2 code 
execution via ...)
        TODO: check
 CVE-2026-59791 (In JetBrains YouTrack before 2026.2.17012 cSS injection via 
Mermaid di ...)
-       TODO: check
+       NOT-FOR-US: JetBrains
 CVE-2026-59193 (Grav is a file-based Web platform. Prior to 2.0.0, an 
authenticated ad ...)
        TODO: check
 CVE-2026-59190 (grav-plugin-admin is an HTML user interface that provides a 
way to con ...)
@@ -75,7 +75,7 @@ CVE-2026-59154 (Wekan is open source kanban built with 
Meteor. Prior to 9.64, We
 CVE-2026-59151 (Prowler is a cloud security platform. Prior to 5.30.3, 
Prowler's SAML  ...)
        TODO: check
 CVE-2026-58661 (n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) 
contains a d ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-58493 (grav-plugin-database is the database plugin for Grav CMS. 
Prior to 1.2 ...)
        TODO: check
 CVE-2026-58492 (grav-plugin-database is the database plugin for Grav CMS. 
Prior to 1.2 ...)
@@ -101,11 +101,11 @@ CVE-2026-56813 (Improper Neutralization of 
Parameter/Argument Delimiters vulnera
 CVE-2026-56765 (Vikunja before 2.2.1 contains an authorization flaw where the 
LinkShar ...)
        TODO: check
 CVE-2026-56690 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) 
an Improp ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-56689 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) 
an Improp ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-56688 (Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) 
an Improp ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-56676 (9Router is an AI router & token saver. Prior to 0.5.2, 9router 
validat ...)
        TODO: check
 CVE-2026-56675 (9Router is an AI router & token saver. Prior to 0.5.2, 9router 
treats  ...)
@@ -125,7 +125,7 @@ CVE-2026-56373 (ImageMagick before 7.1.2-15 contains a 
use-after-free vulnerabil
 CVE-2026-56366 (ImageMagick before 7.1.2-18 contains a memory leak 
vulnerability in th ...)
        TODO: check
 CVE-2026-56354 (n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 
2.x branch ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-56335 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability w ...)
        TODO: check
 CVE-2026-56329 (Capgo before 12.128.2 contains a cross-tenant preview 
namespace collis ...)
@@ -191,11 +191,11 @@ CVE-2026-55460 (Snipe-IT is an IT asset/license 
management system. Prior to 8.6.
 CVE-2026-54919 (cpp-httplib is a C++11 single-file header-only cross platform 
HTTP/HTT ...)
        TODO: check
 CVE-2026-54470 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior 
contain(s)  ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-54469 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, 
contain(s) ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-54468 (Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, 
contain(s) ...)
-       TODO: check
+       NOT-FOR-US: Dell / EMC
 CVE-2026-54329 (Snipe-IT is an IT asset/license management system. Prior to 
8.6.2, the ...)
        TODO: check
 CVE-2026-54149 (MaxKB is an open-source AI assistant for enterprise. Prior to 
2.10.0-l ...)
@@ -235,19 +235,19 @@ CVE-2026-41876 (R-SOFT DMS is vulnerable toOS Command 
Injection in konwertujActi
 CVE-2026-40454 (Out-of-bounds Read, Improper Input Validation vulnerability in 
Apache  ...)
        TODO: check
 CVE-2026-40452 (Incorrect Authorization, Improper Access Control vulnerability 
in Apac ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40009 (Improper Privilege Management, Improper Access Control 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40008 (Use of Externally-Controlled Input to Select Classes or Code 
('Unsafe  ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40007 (Uncontrolled Recursion, Uncontrolled Resource Consumption 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40006 (Memory Allocation with Excessive Size Value, Allocation of 
Resources W ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40005 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-3907 (The Hostel plugin for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3251 (Improper neutralization of input during web page generation 
('cross-si ...)
        TODO: check
 CVE-2026-39903 (Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 
Alpha 5  ...)
@@ -259,7 +259,7 @@ CVE-2026-38059 (The iDirect iQ200 exposes the /api/identity 
and /api/ REST API e
 CVE-2026-38057 (The iDirect iQ200 does not validate CSRF tokens on 
state-changing API  ...)
        TODO: check
 CVE-2026-33382 (Several Grafana API endpoints, some of them unauthenticated, 
do not li ...)
-       TODO: check
+       NOT-FOR-US: Grafana Labs
 CVE-2026-2398 (Authorization bypass through User-Controlled key vulnerability 
in Adam ...)
        TODO: check
 CVE-2026-2397 (Improper neutralization of special elements used in an SQL 
command ('S ...)
@@ -267,15 +267,15 @@ CVE-2026-2397 (Improper neutralization of special 
elements used in an SQL comman
 CVE-2026-29519 (Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 
7.0.x r ...)
        TODO: check
 CVE-2026-28564 (Insufficient Session Expiration, Authentication Bypass by 
Capture-repl ...)
-       TODO: check
+       NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-22660 (FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a 
logic flaw  ...)
        TODO: check
 CVE-2026-22659 (FlaskBB through 2.2.0, fixed in commit acc88cf, contains an 
authorizat ...)
        TODO: check
 CVE-2026-1946 (The GW AI Website Builder plugin for WordPress is vulnerable to 
unauth ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-1667 (The SEO Plugin by Squirrly SEO plugin for WordPress is 
vulnerable to A ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15378 (A flaw was found in the `guardrails-detectors` component. This 
vulnera ...)
        TODO: check
 CVE-2026-15377 (A vulnerability was determined in Eleveo Call Recording 
Software 9.7.0 ...)
@@ -293,37 +293,37 @@ CVE-2026-15146 (GNU Wget does not validate the IP address 
provided by an FTP PAS
 CVE-2026-15143 (A flaw was found in the file_type content detector of 
guardrails-detec ...)
        TODO: check
 CVE-2026-15104 (The BetterDocs \u2013 AI Documentation, Knowledge Base, Docs, 
Wikis, F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15028 (A flaw was found in libarchive. This vulnerability allows a 
remote att ...)
        TODO: check
 CVE-2026-15026 (The Import and export users and customers plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14475 (The Cookie Banner for GDPR / CCPA \u2013 WPLP Cookie Consent 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14461 (mtr is vulnerable to Out-of-bound read vulnerability in 
ipinfo_lookup( ...)
        TODO: check
 CVE-2026-13710 (The Jeg Kit for Elementor \u2013 Powerful Addons for 
Elementor, Widget ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13347 (The Hide My WP Lite plugin for WordPress is vulnerable to 
Arbitrary Fi ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13247 (The Logo Slider \u2013 Logo Carousel, Client Logo Slider & 
Brand Showc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13010 (The JoomSport \u2013 for Sports: Team & League, Football, 
Hockey & mor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12955 (The GDPR Cookie Consent plugin for WordPress is vulnerable to 
unauthor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12924 (The Eventin \u2013 Event Calendar, Event Registration, Tickets 
& Booki ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12918 (The Mail Mint \u2013 Email Marketing, Newsletter, Email 
Automation & W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12400 (The FlowForms \u2013 Conversational Form Builder plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12108 (The Highlighting Code Block plugin for WordPress is vulnerable 
to Stor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11992 (The Easy Appointments plugin for WordPress is vulnerable to 
authorizat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11990 (The KiviCare \u2013 Clinic & Patient Management System (EHR) 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-70796 (An unauthenticated path traversal vulnerability exists in the 
web mana ...)
        TODO: check
 CVE-2025-30008 (HestiaCP before 1.9.5 contains a stored cross-site scripting 
vulnerabi ...)
@@ -333,7 +333,7 @@ CVE-2025-30007 (HestiaCP before 1.9.5 contains an 
authenticated OS command injec
 CVE-2025-12127
        REJECTED
 CVE-2025-11977 (The Happyforms \u2013 Form Builder for WordPress: Drag & Drop 
Contact  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-53363 (In the Linux kernel, the following vulnerability has been 
resolved:  x ...)
        - linux 7.0.13-1
        [trixie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b097e604470361d71a1c684c11c1a587a037b18

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b097e604470361d71a1c684c11c1a587a037b18
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to