Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a4c6e02 by security tracker role at 2026-07-14T07:14:00+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2026-7640 (The WP Customer Area plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-62328 (9Router through version 0.4.41 contain an unauthenticated
information ...)
TODO: check
CVE-2026-62327 (9Router through version 0.4.41 contain an unauthenticated
information ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-62242 (Spring Boot Admin Server before 4.1.2 contains a server-side
request f ...)
TODO: check
CVE-2026-62240 (CrewAI before 1.15.1 contains a server-side request forgery
vulnerabil ...)
@@ -11,43 +11,43 @@ CVE-2026-62240 (CrewAI before 1.15.1 contains a server-side
request forgery vuln
CVE-2026-62239 (FlashAttention through 2.8.3.post1, fixed in commit 0816ef1,
contains ...)
TODO: check
CVE-2026-62200 (OpenClaw versions before 2026.6.1 contain a flaw in host exec
environm ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62199 (OpenClaw versions before 2026.6.6 contain a flaw in host exec
environm ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62198 (OpenClaw versions 2026.5.28 before 2026.6.6 contain an
authorization b ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62197 (OpenClaw before 2026.6.6 contains a policy bypass
vulnerability in bro ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62196 (OpenClaw versions 2026.3.22 before 2026.6.6 contain an
authorization b ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62195 (OpenClaw versions 2026.5.20 before 2026.6.6 contain an
authorization b ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62194 (OpenClaw versions 2026.5.20 before 2026.6.9 contain a
privilege escala ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62193 (OpenClaw versions 2026.6.5 before 2026.6.9 contain a
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62192 (OpenClaw versions 2026.6.6 before 2026.6.9 contain an
authorization by ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62191 (OpenClaw versions 2026.6.6 before 2026.6.9 contain an
authorization by ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62190 (OpenClaw versions before 2026.6.9 contain an authorization
bypass vuln ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62189 (OpenClaw versions before 2026.6.9 contain a symlink following
vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62188 (OpenClaw @openclaw/feishu versions 2026.6.6 and earlier
contain an inc ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62187 (OpenClaw Feishu tools (npm package @openclaw/feishu) in
versions <= 20 ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62186 (OpenClaw versions before 2026.6.8 contain an authorization
bypass vuln ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-62185 (Argo CD Helm Chart before 10.0.0 fails to install network
policies by ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2026-62184 (luci-app-banip contains a log parsing vulnerability where the
awk-base ...)
TODO: check
CVE-2026-61458 (PasswordPusher before 2.9.2 contains a brute-force
vulnerability in th ...)
TODO: check
CVE-2026-59801 (9Router through version 0.4.41 contains an unauthenticated
access vuln ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-58500 (MCP Appium is an MCP server that provides AI assistants with
tools to ...)
TODO: check
CVE-2026-58489 (HedgeDoc is an open source, real-time collaborative markdown
notes app ...)
@@ -59,17 +59,17 @@ CVE-2026-58487 (HedgeDoc is an open source, real-time,
collaborative, markdown n
CVE-2026-58486 (HedgeDoc is an open source, real-time, collaborative, markdown
notes a ...)
TODO: check
CVE-2026-58411 (ChurchCRM is an open-source church management system. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-58410 (ChurchCRM is an open-source church management system. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-58409 (ChurchCRM is an open-source church management system. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-58408 (ChurchCRM is an open-source church management system. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-58407
REJECTED
CVE-2026-58233 (SAP Change and Transport System Attach Tool (ctsattach) allows
an auth ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-57856 (Cockpit CMS contains a path traversal vulnerability in the
Bucket file ...)
TODO: check
CVE-2026-57855 (Cockpit CMS contains a missing authorization vulnerability in
the Buck ...)
@@ -81,7 +81,7 @@ CVE-2026-55773 (CedarJava is an open source Java
implementation of the Cedar pol
CVE-2026-55771 (CedarJava is an open source Java implementation of the Cedar
policy la ...)
TODO: check
CVE-2026-52533 (An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an
attacker t ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-51821 (SQL Injection vulnerability in Shenzhou Shihan Video
Conference System ...)
TODO: check
CVE-2026-51541 (OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue
in CIP m ...)
@@ -97,37 +97,37 @@ CVE-2026-51537 (EIPStackGroup OpENer 2.3.0 (commit 76b95cf)
has an out-of-bounds
CVE-2026-51536 (In OpENer 2.3.0 (commit 76b95cf) when parsing incoming CIP
(Common Ind ...)
TODO: check
CVE-2026-48364 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Unc ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48363 (ColdFusion versions 2025.9, 2023.20 and earlier are affected
by an Unc ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-44771 (SAP S/4HANA Draft operation does not perform necessary
authorization c ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44770 (SAP Create Single Payment does not perform necessary
authorization che ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44769 (SAP S/4HANA application Project Management (PPM-PRO) allows an
attacke ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44768 (SAP CRM WebClient UI allows an attacker to inject and execute
maliciou ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44767 (setThemeRoot() failed to enforce the sap-allowed-theme-origins
allowli ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44761 (SAP Commerce Cloud could retain a sample OAuth2 client with
publicly d ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44760 (Due to a Cross-Site Scripting (XSS) vulnerability,
applications based ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44759 (SAP NetWeaver Enterprise Portal allows an unauthenticated
attacker to ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44753 (SAP HANA Database (user self service tools) allows an
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44752 (SAP NetWeaver Application Server Java allows an
unauthenticated attack ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44747 (SAP NetWeaver Application Server ABAP allows an authenticated
attacker ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-44745 (SAP Approuter does not properly validate incoming request
headers duri ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-39042 (An issue in MikroTIk (SIA Mikrotikls, Latvia) RouterOS 7.21.x
before v ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2026-27690 (Due to an HTTP Request Smuggling vulnerability in SAP
Approuter, an un ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2026-15685 (Ollama downloadBlob Improper Validation of Array Index
Denial-of-Servi ...)
TODO: check
CVE-2026-15684 (Glarysoft Glary Utilities Link Following Local Privilege
Escalation Vu ...)
@@ -141,7 +141,7 @@ CVE-2026-15681 (AnyDesk Screen Recording Link Following
Denial-of-Service Vulner
CVE-2026-15680 (Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format
String Re ...)
TODO: check
CVE-2026-15678 (A security vulnerability has been detected in code-projects
Online Job ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-15677 (A weakness has been identified in code-projects Online Job
Portal 1.0. ...)
TODO: check
CVE-2026-15676 (A security flaw has been discovered in code-projects Online
Job Portal ...)
@@ -149,7 +149,7 @@ CVE-2026-15676 (A security flaw has been discovered in
code-projects Online Job
CVE-2026-15675 (A vulnerability was identified in code-projects Online Job
Portal 1.0. ...)
TODO: check
CVE-2026-15672 (A vulnerability was determined in itsourcecode Electronic
Judging Syst ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-15669 (A vulnerability was found in louisho5 picobot up to 0.2.0.
This issue ...)
TODO: check
CVE-2026-15668 (A vulnerability has been found in louisho5 picobot up to
0.2.0. This v ...)
@@ -183,37 +183,37 @@ CVE-2026-15605 (A security vulnerability has been
detected in wandb 0.25.2.dev1.
CVE-2026-15598 (A weakness has been identified in antv layout 2.0.0. This
impacts the ...)
TODO: check
CVE-2026-15597 (A security flaw has been discovered in SourceCodester Class
and Exam T ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-15596 (A vulnerability was identified in SourceCodester Class and
Exam Timeta ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-15595 (A vulnerability was determined in SourceCodester Class and
Exam Timeta ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-15594 (A vulnerability was found in waooAI waoowaoo up to 0.4.1.
Impacted is ...)
TODO: check
CVE-2026-12988 (The WP 2FA WordPress plugin before 3.1.1.2 does not verify
that the e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12583 (The Newsletters WordPress plugin before 4.15 does not prevent
deserial ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12536 (The Avada (Fusion) Builder plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12511 (The AI Engine WordPress plugin before 3.5.5 does not sanitize
a user- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12482 (A vulnerability in keras-team/keras version 3.12.0 allows an
attacker ...)
TODO: check
CVE-2026-12385 (The Smart Slider 3 plugin for WordPress is vulnerable to
Sensitive Inf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11802 (The FoodBook Lite - Online Food Ordering System plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11567 (The SureForms WordPress plugin before 2.11.1 does not
properly valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11563 (The Word Count and Social Shares WordPress plugin through 1.0
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11390 (The News Kit Addons For Elementor plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0487 (SAProuter on Microsoft Windows allows an unauthenticated
attacker to l ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-15665 (The Ultimate Before After Image Slider & Gallery WordPress
plugin bef ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-58102 (Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a
heap out-o ...)
- libcrypt-openssl-x509-perl <unfixed> (bug #1142034)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41792355/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4c6e02c0ad99ab9a225855d67df42773b7acb6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4c6e02c0ad99ab9a225855d67df42773b7acb6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits