Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
025e5330 by security tracker role at 2026-07-11T07:13:45+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,45 +1,45 @@
 CVE-2026-9738 (The Print, PDF, Email by PrintFriendly plugin for WordPress is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9726 (Improperly Controlled Modification of Dynamically-Determined 
Object At ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-9282 (The W3 Total Cache plugin for WordPress is vulnerable to 
Directory Tra ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9017 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin 
for Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-8678 (The MyParcel plugin for WordPress is vulnerable to 
authorization bypas ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7655 (The SureCart plugin for WordPress is vulnerable to privilege 
escalatio ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7639 (Software installed and run as a non-privileged user may conduct 
a sequ ...)
-       TODO: check
+       NOT-FOR-US: Imagination Technologies
 CVE-2026-7620 (The Notification for Telegram plugin for WordPress is 
vulnerable to au ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7559 (The Affilia \u2013 Affiliate Program & Referral Tracking for 
WordPress ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-7544 (The Mux Video Uploader plugin for WordPress is vulnerable to 
Sensitive ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6939 (The CorvusPay WooCommerce Payment Gateway plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6804 (The AI Chatbot & Workflow Automation by AIWU plugin for 
WordPress is v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6803 (The AI Chatbot & Workflow Automation by AIWU plugin for 
WordPress is v ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6801 (The Context Blog theme for WordPress is vulnerable to Sensitive 
Inform ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-5743 (The SimpLy Gallery Block & Lightbox plugin for WordPress is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-59155 (Nezha Monitoring is a self-hostable, lightweight, servers and 
websites ...)
        TODO: check
 CVE-2026-58591 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-58590 (Missing Authorization vulnerability in Drupal FlowDrop allows 
Forceful ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-58589 (Missing Authorization vulnerability in Drupal FlowDrop allows 
Forceful ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-58588 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-58587 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-58503 (Frappe is a full-stack web application framework. Prior to 
16.16.0 and ...)
        TODO: check
 CVE-2026-58499 (EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS 
is vulne ...)
@@ -47,7 +47,7 @@ CVE-2026-58499 (EverOS is a memory runtime for agents. Prior 
to 1.0.1, EverOS is
 CVE-2026-57850 (RustDesk before 1.4.9 does not enforce a session's authorized 
connecti ...)
        TODO: check
 CVE-2026-57807 (Authentication Bypass Using an Alternate Path or Channel 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57584 (Phalcon is a high-performance, full-stack PHP framework. Prior 
to 5.15 ...)
        TODO: check
 CVE-2026-57575 (Misskey is an open source, federated social media platform. 
Prior to 2 ...)
@@ -93,19 +93,19 @@ CVE-2026-55879 (OpenReplay is a self-hosted session replay 
suite. From 1.24.0 be
 CVE-2026-55852 (Frappe is a full-stack web application framework. Prior to 
16.23.0 and ...)
        TODO: check
 CVE-2026-55810 (Improperly Controlled Modification of Dynamically-Determined 
Object At ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-55809 (Improperly Controlled Modification of Dynamically-Determined 
Object At ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-55808 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-55807 (Server-Side Request Forgery (SSRF) vulnerability in Drupal 
Drupal core ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-55806 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in D ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-55804 (Improperly Controlled Modification of Dynamically-Determined 
Object At ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-55803 (Improperly Controlled Modification of Dynamically-Determined 
Object At ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-55789 (Logto is the modern, open-source auth infrastructure for SaaS 
and AI a ...)
        TODO: check
 CVE-2026-55665 (Grist is spreadsheet software using Python as its formula 
language. Pr ...)
@@ -157,7 +157,7 @@ CVE-2026-52761 (ModSecurity is an open source, cross 
platform web application fi
 CVE-2026-52747 (ModSecurity is an open source, cross platform web application 
firewall ...)
        TODO: check
 CVE-2026-4661 (The WP CTA \u2013 Sticky CTA Builder, Generate Leads, Promote 
Sales pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-49844 (Improper encoding of non-finite floating-point values during 
MapMessag ...)
        TODO: check
 CVE-2026-49394 (Frappe is a full-stack web application framework. Prior to 
16.19.0, au ...)
@@ -171,9 +171,9 @@ CVE-2026-47422 (Frappe is a full-stack web application 
framework. Prior to 15.10
 CVE-2026-47199 (Frappe is a full-stack web application framework. Prior to 
16.18.3 and ...)
        TODO: check
 CVE-2026-45203 (Kernel software installed and running inside a Host VM may 
post improp ...)
-       TODO: check
+       NOT-FOR-US: Imagination Technologies
 CVE-2026-45196 (Kernel software installed and running inside a Host VM may 
post improp ...)
-       TODO: check
+       NOT-FOR-US: Imagination Technologies
 CVE-2026-44795 (Spinnaker is an open source, multi-cloud continuous delivery 
platform. ...)
        TODO: check
 CVE-2026-44383 (Multiple connections to the backend using the same charging 
station ID ...)
@@ -185,165 +185,165 @@ CVE-2026-42219 (Frappe is a full-stack web application 
framework. Prior to 16.19
 CVE-2026-41482 (Frappe is a full-stack web application framework. Prior to 
16.18.3, po ...)
        TODO: check
 CVE-2026-41154 (Software installed and run as a non-privileged user may cause 
OOB kern ...)
-       TODO: check
+       NOT-FOR-US: Imagination Technologies
 CVE-2026-3576 (The Planyo Online Reservation System plugin for WordPress is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3552 (The SurfLink - Ultimate Link Manager plugin for WordPress is 
vulnerabl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-3367 (The Lockme OAuth2 calendars integration plugin for WordPress is 
vulner ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-34196 (Software installed and run as a non-privileged user may 
conduct improp ...)
-       TODO: check
+       NOT-FOR-US: Imagination Technologies
 CVE-2026-2354 (The Swiss Toolkit For WP plugin for WordPress is vulnerable to 
arbitra ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-20744 (The charging station websocket endpoint accepts connections 
without  p ...)
        TODO: check
 CVE-2026-1832 (The ThriveDesk \u2013 Live Chat, AI Chatbot, Helpdesk & 
Knowledge Base ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-1382 (The fresh Podcaster plugin for WordPress is vulnerable to 
Stored Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15338 (The LA-Studio Element Kit for Elementor plugin for WordPress 
is vulner ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15335 (The Booking Package plugin for WordPress is vulnerable to 
generic SQL  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15295 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15155 (The Essential Addons for Elementor \u2013 Popular Elementor 
Templates  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15097 (The Themify Builder plugin for WordPress is vulnerable to 
Stored Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15096 (The Themify Builder plugin for WordPress is vulnerable to 
Stored Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15089 (vulnerability in Drupal Commerce guest registration allows . 
This issu ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-15087 (vulnerability in Drupal Clean RESTful allows . This issue 
affects Clea ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-15086 (vulnerability in Drupal Raw Formatter [Meta Tag Formatter] 
allows . Th ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-15085 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-15084 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-15083 (Improperly Controlled Modification of Dynamically-Determined 
Object At ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-15082 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-15081 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-15080 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray 
Enterpri ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-15079 (Improper Restriction of Excessive Authentication Attempts 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-15073 (The KiviCare \u2013 Clinic & Patient Management System (EHR) 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15072 (The KiviCare \u2013 Clinic & Patient Management System (EHR) 
plugin fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15010 (The bbp Style Pack plugin for WordPress is vulnerable to 
Stored Cross- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14480 (OpenPLC Runtime v3 contains an authenticated arbitrary file 
write  vul ...)
        TODO: check
 CVE-2026-14286
        REJECTED
 CVE-2026-14262 (The Simple JWT Login \u2013 Allows you to use JWT on REST 
endpoints. p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13756 (The WP Grid Builder plugin for WordPress is vulnerable to 
Privilege Es ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13378 (The Form Vibes \u2013 Database Manager for Forms plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13353 (The WP Ultimate CSV Importer \u2013 WordPress Import & Export 
for CSV, ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13262 (The Majestic Support \u2013 The Leading-Edge Help Desk & 
Customer Supp ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13250 (The Solace Extra plugin for WordPress is vulnerable to 
authorization b ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13244 (Improperly Controlled Modification of Dynamically-Determined 
Object At ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13243 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal 
Salesforce S ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13242 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13241 (Missing Authorization vulnerability in Drupal Paragraphs 
allows Forcef ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13240 (Missing Authorization vulnerability in Drupal Paragraphs 
allows Forcef ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13239 (Missing Authorization vulnerability in Drupal WissKI allows 
Forceful B ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13238 (Incorrect Authorization vulnerability in Drupal Commerce 
Realex / Glob ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13237 (Incorrect Authorization vulnerability in Drupal AI Agents 
allows Force ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13236 (Missing Authorization vulnerability in Drupal AI Agents allows 
Forcefu ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13235 (Missing Authorization vulnerability in Drupal AI (Artificial 
Intellige ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13234 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13233 (Server-Side Request Forgery (SSRF) vulnerability in Drupal 
OpenAI Prov ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13232 (Incorrect Authorization vulnerability in Drupal Advanced 
Content Feedb ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13231 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-13116 (The PDF Invoices & Packing Slips for WooCommerce plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13114 (The Motors \u2013 Car Dealership & Classified Listings Plugin 
plugin f ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13039 (The Eventin \u2013 Event Calendar, Event Registration, Tickets 
& Booki ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12994 (The WCFM \u2013 Frontend Manager for WooCommerce plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12761 (The miniOrange Social Login and Register (Discord, Google, 
Twitter, Li ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12738 (The WP Easy Pay \u2013 Payment and Donation form Builder for 
Square pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12535 (Improperly Controlled Modification of Dynamically-Determined 
Object At ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-12426 (The Members \u2013 Membership & User Role Editor Plugin plugin 
for Wor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12141 (The Premium Addons for Elementor \u2013 Powerful Elementor 
Templates & ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12126 (The WCFM Marketplace \u2013 Multivendor Marketplace for 
WooCommerce pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12103 (The Wallet for WooCommerce plugin for WordPress is vulnerable 
to autho ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11915 (vulnerability in Drupal Brute force attack protection allows . 
This is ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-11914 (vulnerability in Drupal Composer allows . This issue affects 
Composer  ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-11913 (vulnerability in Drupal Mother May I allows . This issue 
affects Mothe ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-11909 (Missing Authorization vulnerability in Drupal Examples for 
Developers  ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-11908 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-11901 (The WP Hotel Booking plugin for WordPress is vulnerable to 
Insufficien ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11898 (The White Label CMS plugin for WordPress is vulnerable to 
Stored Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11591 (The Widgets for Google Reviews plugin for WordPress is 
vulnerable to S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11426 (The UnderConstructionPage PRO plugin for WordPress is 
vulnerable to Ar ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11321 (The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) 
concatenates ...)
        TODO: check
 CVE-2026-10865 (The Cost Calculator Builder plugin for WordPress is vulnerable 
to Sens ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10770 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-10769 (Improper Neutralization of Input During Web Page Generation 
("Cross-si ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-10768 (Missing Authorization vulnerability in Drupal LocalGov 
Workflows allow ...)
-       TODO: check
+       NOT-FOR-US: Drupal core and addons
 CVE-2026-10628 (The Points and Rewards for WooCommerce plugin for WordPress is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10041 (The WCFM \u2013 Frontend Manager for WooCommerce plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-6784 (The Code Engine plugin for WordPress is vulnerable to Remote 
Code Exec ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-5017 (The Catalyst Connect Zoho CRM Client Portal plugin for 
WordPress is vu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-13968 (The Starboard Suite Reservation Calendars plugin for WordPress 
is vuln ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9857 (The Invoice123 plugin for WordPress is vulnerable to 
authorization byp ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-9838 (The ICS Calendar plugin for WordPress is vulnerable to 
Reflected Cross ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/025e53304cbb24fe2ab0d144def4e77496cfa148

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/025e53304cbb24fe2ab0d144def4e77496cfa148
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to