Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
025e5330 by security tracker role at 2026-07-11T07:13:45+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,45 +1,45 @@
CVE-2026-9738 (The Print, PDF, Email by PrintFriendly plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9726 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-9282 (The W3 Total Cache plugin for WordPress is vulnerable to
Directory Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9017 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress plugin
for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8678 (The MyParcel plugin for WordPress is vulnerable to
authorization bypas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7655 (The SureCart plugin for WordPress is vulnerable to privilege
escalatio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7639 (Software installed and run as a non-privileged user may conduct
a sequ ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-7620 (The Notification for Telegram plugin for WordPress is
vulnerable to au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7559 (The Affilia \u2013 Affiliate Program & Referral Tracking for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7544 (The Mux Video Uploader plugin for WordPress is vulnerable to
Sensitive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6939 (The CorvusPay WooCommerce Payment Gateway plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6804 (The AI Chatbot & Workflow Automation by AIWU plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6803 (The AI Chatbot & Workflow Automation by AIWU plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6801 (The Context Blog theme for WordPress is vulnerable to Sensitive
Inform ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5743 (The SimpLy Gallery Block & Lightbox plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-59155 (Nezha Monitoring is a self-hostable, lightweight, servers and
websites ...)
TODO: check
CVE-2026-58591 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-58590 (Missing Authorization vulnerability in Drupal FlowDrop allows
Forceful ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-58589 (Missing Authorization vulnerability in Drupal FlowDrop allows
Forceful ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-58588 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-58587 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-58503 (Frappe is a full-stack web application framework. Prior to
16.16.0 and ...)
TODO: check
CVE-2026-58499 (EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS
is vulne ...)
@@ -47,7 +47,7 @@ CVE-2026-58499 (EverOS is a memory runtime for agents. Prior
to 1.0.1, EverOS is
CVE-2026-57850 (RustDesk before 1.4.9 does not enforce a session's authorized
connecti ...)
TODO: check
CVE-2026-57807 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57584 (Phalcon is a high-performance, full-stack PHP framework. Prior
to 5.15 ...)
TODO: check
CVE-2026-57575 (Misskey is an open source, federated social media platform.
Prior to 2 ...)
@@ -93,19 +93,19 @@ CVE-2026-55879 (OpenReplay is a self-hosted session replay
suite. From 1.24.0 be
CVE-2026-55852 (Frappe is a full-stack web application framework. Prior to
16.23.0 and ...)
TODO: check
CVE-2026-55810 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-55809 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-55808 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-55807 (Server-Side Request Forgery (SSRF) vulnerability in Drupal
Drupal core ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-55806 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in D ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-55804 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-55803 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-55789 (Logto is the modern, open-source auth infrastructure for SaaS
and AI a ...)
TODO: check
CVE-2026-55665 (Grist is spreadsheet software using Python as its formula
language. Pr ...)
@@ -157,7 +157,7 @@ CVE-2026-52761 (ModSecurity is an open source, cross
platform web application fi
CVE-2026-52747 (ModSecurity is an open source, cross platform web application
firewall ...)
TODO: check
CVE-2026-4661 (The WP CTA \u2013 Sticky CTA Builder, Generate Leads, Promote
Sales pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49844 (Improper encoding of non-finite floating-point values during
MapMessag ...)
TODO: check
CVE-2026-49394 (Frappe is a full-stack web application framework. Prior to
16.19.0, au ...)
@@ -171,9 +171,9 @@ CVE-2026-47422 (Frappe is a full-stack web application
framework. Prior to 15.10
CVE-2026-47199 (Frappe is a full-stack web application framework. Prior to
16.18.3 and ...)
TODO: check
CVE-2026-45203 (Kernel software installed and running inside a Host VM may
post improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-45196 (Kernel software installed and running inside a Host VM may
post improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-44795 (Spinnaker is an open source, multi-cloud continuous delivery
platform. ...)
TODO: check
CVE-2026-44383 (Multiple connections to the backend using the same charging
station ID ...)
@@ -185,165 +185,165 @@ CVE-2026-42219 (Frappe is a full-stack web application
framework. Prior to 16.19
CVE-2026-41482 (Frappe is a full-stack web application framework. Prior to
16.18.3, po ...)
TODO: check
CVE-2026-41154 (Software installed and run as a non-privileged user may cause
OOB kern ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-3576 (The Planyo Online Reservation System plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3552 (The SurfLink - Ultimate Link Manager plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3367 (The Lockme OAuth2 calendars integration plugin for WordPress is
vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-34196 (Software installed and run as a non-privileged user may
conduct improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-2354 (The Swiss Toolkit For WP plugin for WordPress is vulnerable to
arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-20744 (The charging station websocket endpoint accepts connections
without p ...)
TODO: check
CVE-2026-1832 (The ThriveDesk \u2013 Live Chat, AI Chatbot, Helpdesk &
Knowledge Base ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1382 (The fresh Podcaster plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15338 (The LA-Studio Element Kit for Elementor plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15335 (The Booking Package plugin for WordPress is vulnerable to
generic SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15295 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15155 (The Essential Addons for Elementor \u2013 Popular Elementor
Templates ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15097 (The Themify Builder plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15096 (The Themify Builder plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15089 (vulnerability in Drupal Commerce guest registration allows .
This issu ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-15087 (vulnerability in Drupal Clean RESTful allows . This issue
affects Clea ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-15086 (vulnerability in Drupal Raw Formatter [Meta Tag Formatter]
allows . Th ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-15085 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-15084 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-15083 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-15082 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-15081 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-15080 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray
Enterpri ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-15079 (Improper Restriction of Excessive Authentication Attempts
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-15073 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15072 (The KiviCare \u2013 Clinic & Patient Management System (EHR)
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15010 (The bbp Style Pack plugin for WordPress is vulnerable to
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14480 (OpenPLC Runtime v3 contains an authenticated arbitrary file
write vul ...)
TODO: check
CVE-2026-14286
REJECTED
CVE-2026-14262 (The Simple JWT Login \u2013 Allows you to use JWT on REST
endpoints. p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13756 (The WP Grid Builder plugin for WordPress is vulnerable to
Privilege Es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13378 (The Form Vibes \u2013 Database Manager for Forms plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13353 (The WP Ultimate CSV Importer \u2013 WordPress Import & Export
for CSV, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13262 (The Majestic Support \u2013 The Leading-Edge Help Desk &
Customer Supp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13250 (The Solace Extra plugin for WordPress is vulnerable to
authorization b ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13244 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13243 (Cross-Site Request Forgery (CSRF) vulnerability in Drupal
Salesforce S ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13242 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13241 (Missing Authorization vulnerability in Drupal Paragraphs
allows Forcef ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13240 (Missing Authorization vulnerability in Drupal Paragraphs
allows Forcef ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13239 (Missing Authorization vulnerability in Drupal WissKI allows
Forceful B ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13238 (Incorrect Authorization vulnerability in Drupal Commerce
Realex / Glob ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13237 (Incorrect Authorization vulnerability in Drupal AI Agents
allows Force ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13236 (Missing Authorization vulnerability in Drupal AI Agents allows
Forcefu ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13235 (Missing Authorization vulnerability in Drupal AI (Artificial
Intellige ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13234 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13233 (Server-Side Request Forgery (SSRF) vulnerability in Drupal
OpenAI Prov ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13232 (Incorrect Authorization vulnerability in Drupal Advanced
Content Feedb ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13231 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-13116 (The PDF Invoices & Packing Slips for WooCommerce plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13114 (The Motors \u2013 Car Dealership & Classified Listings Plugin
plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13039 (The Eventin \u2013 Event Calendar, Event Registration, Tickets
& Booki ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12994 (The WCFM \u2013 Frontend Manager for WooCommerce plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12761 (The miniOrange Social Login and Register (Discord, Google,
Twitter, Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12738 (The WP Easy Pay \u2013 Payment and Donation form Builder for
Square pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12535 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-12426 (The Members \u2013 Membership & User Role Editor Plugin plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12141 (The Premium Addons for Elementor \u2013 Powerful Elementor
Templates & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12126 (The WCFM Marketplace \u2013 Multivendor Marketplace for
WooCommerce pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12103 (The Wallet for WooCommerce plugin for WordPress is vulnerable
to autho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11915 (vulnerability in Drupal Brute force attack protection allows .
This is ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-11914 (vulnerability in Drupal Composer allows . This issue affects
Composer ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-11913 (vulnerability in Drupal Mother May I allows . This issue
affects Mothe ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-11909 (Missing Authorization vulnerability in Drupal Examples for
Developers ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-11908 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-11901 (The WP Hotel Booking plugin for WordPress is vulnerable to
Insufficien ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11898 (The White Label CMS plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11591 (The Widgets for Google Reviews plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11426 (The UnderConstructionPage PRO plugin for WordPress is
vulnerable to Ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11321 (The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds)
concatenates ...)
TODO: check
CVE-2026-10865 (The Cost Calculator Builder plugin for WordPress is vulnerable
to Sens ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10770 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-10769 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-10768 (Missing Authorization vulnerability in Drupal LocalGov
Workflows allow ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-10628 (The Points and Rewards for WooCommerce plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10041 (The WCFM \u2013 Frontend Manager for WooCommerce plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6784 (The Code Engine plugin for WordPress is vulnerable to Remote
Code Exec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5017 (The Catalyst Connect Zoho CRM Client Portal plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13968 (The Starboard Suite Reservation Calendars plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9857 (The Invoice123 plugin for WordPress is vulnerable to
authorization byp ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9838 (The ICS Calendar plugin for WordPress is vulnerable to
Reflected Cross ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/025e53304cbb24fe2ab0d144def4e77496cfa148
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/025e53304cbb24fe2ab0d144def4e77496cfa148
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits