Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6a4c6e02 by security tracker role at 2026-07-14T07:14:00+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2026-7640 (The WP Customer Area plugin for WordPress is vulnerable to 
Stored Cros ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-62328 (9Router through version 0.4.41 contain an unauthenticated 
information  ...)
        TODO: check
 CVE-2026-62327 (9Router through version 0.4.41 contain an unauthenticated 
information  ...)
-       TODO: check
+       NOT-FOR-US: Next.js
 CVE-2026-62242 (Spring Boot Admin Server before 4.1.2 contains a server-side 
request f ...)
        TODO: check
 CVE-2026-62240 (CrewAI before 1.15.1 contains a server-side request forgery 
vulnerabil ...)
@@ -11,43 +11,43 @@ CVE-2026-62240 (CrewAI before 1.15.1 contains a server-side 
request forgery vuln
 CVE-2026-62239 (FlashAttention through 2.8.3.post1, fixed in commit 0816ef1, 
contains  ...)
        TODO: check
 CVE-2026-62200 (OpenClaw versions before 2026.6.1 contain a flaw in host exec 
environm ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62199 (OpenClaw versions before 2026.6.6 contain a flaw in host exec 
environm ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62198 (OpenClaw versions 2026.5.28 before 2026.6.6 contain an 
authorization b ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62197 (OpenClaw before 2026.6.6 contains a policy bypass 
vulnerability in bro ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62196 (OpenClaw versions 2026.3.22 before 2026.6.6 contain an 
authorization b ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62195 (OpenClaw versions 2026.5.20 before 2026.6.6 contain an 
authorization b ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62194 (OpenClaw versions 2026.5.20 before 2026.6.9 contain a 
privilege escala ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62193 (OpenClaw versions 2026.6.5 before 2026.6.9 contain a 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62192 (OpenClaw versions 2026.6.6 before 2026.6.9 contain an 
authorization by ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62191 (OpenClaw versions 2026.6.6 before 2026.6.9 contain an 
authorization by ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62190 (OpenClaw versions before 2026.6.9 contain an authorization 
bypass vuln ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62189 (OpenClaw versions before 2026.6.9 contain a symlink following 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62188 (OpenClaw @openclaw/feishu versions 2026.6.6 and earlier 
contain an inc ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62187 (OpenClaw Feishu tools (npm package @openclaw/feishu) in 
versions <= 20 ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62186 (OpenClaw versions before 2026.6.8 contain an authorization 
bypass vuln ...)
-       TODO: check
+       NOT-FOR-US: OpenClaw
 CVE-2026-62185 (Argo CD Helm Chart before 10.0.0 fails to install network 
policies by  ...)
-       TODO: check
+       NOT-FOR-US: Argo CD
 CVE-2026-62184 (luci-app-banip contains a log parsing vulnerability where the 
awk-base ...)
        TODO: check
 CVE-2026-61458 (PasswordPusher before 2.9.2 contains a brute-force 
vulnerability in th ...)
        TODO: check
 CVE-2026-59801 (9Router through version 0.4.41 contains an unauthenticated 
access vuln ...)
-       TODO: check
+       NOT-FOR-US: Next.js
 CVE-2026-58500 (MCP Appium is an MCP server that provides AI assistants with 
tools to  ...)
        TODO: check
 CVE-2026-58489 (HedgeDoc is an open source, real-time collaborative markdown 
notes app ...)
@@ -59,17 +59,17 @@ CVE-2026-58487 (HedgeDoc is an open source, real-time, 
collaborative, markdown n
 CVE-2026-58486 (HedgeDoc is an open source, real-time, collaborative, markdown 
notes a ...)
        TODO: check
 CVE-2026-58411 (ChurchCRM is an open-source church management system. Prior to 
version ...)
-       TODO: check
+       NOT-FOR-US: ChurchCRM
 CVE-2026-58410 (ChurchCRM is an open-source church management system. Prior to 
version ...)
-       TODO: check
+       NOT-FOR-US: ChurchCRM
 CVE-2026-58409 (ChurchCRM is an open-source church management system. Prior to 
version ...)
-       TODO: check
+       NOT-FOR-US: ChurchCRM
 CVE-2026-58408 (ChurchCRM is an open-source church management system. Prior to 
version ...)
-       TODO: check
+       NOT-FOR-US: ChurchCRM
 CVE-2026-58407
        REJECTED
 CVE-2026-58233 (SAP Change and Transport System Attach Tool (ctsattach) allows 
an auth ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-57856 (Cockpit CMS contains a path traversal vulnerability in the 
Bucket file ...)
        TODO: check
 CVE-2026-57855 (Cockpit CMS contains a missing authorization vulnerability in 
the Buck ...)
@@ -81,7 +81,7 @@ CVE-2026-55773 (CedarJava is an open source Java 
implementation of the Cedar pol
 CVE-2026-55771 (CedarJava is an open source Java implementation of the Cedar 
policy la ...)
        TODO: check
 CVE-2026-52533 (An issue in D-Link DIR-1253 v.1.0.1.250923.142435 allows an 
attacker t ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2026-51821 (SQL Injection vulnerability in Shenzhou Shihan Video 
Conference System ...)
        TODO: check
 CVE-2026-51541 (OpENer 2.3.0 (commit 76b95cf) has an out-of-bounds read issue 
in CIP m ...)
@@ -97,37 +97,37 @@ CVE-2026-51537 (EIPStackGroup OpENer 2.3.0 (commit 76b95cf) 
has an out-of-bounds
 CVE-2026-51536 (In OpENer 2.3.0 (commit 76b95cf) when parsing incoming CIP 
(Common Ind ...)
        TODO: check
 CVE-2026-48364 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Unc ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-48363 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Unc ...)
-       TODO: check
+       NOT-FOR-US: Adobe
 CVE-2026-44771 (SAP S/4HANA Draft operation does not perform necessary 
authorization c ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44770 (SAP Create Single Payment does not perform necessary 
authorization che ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44769 (SAP S/4HANA application Project Management (PPM-PRO) allows an 
attacke ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44768 (SAP CRM WebClient UI allows an attacker to inject and execute 
maliciou ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44767 (setThemeRoot() failed to enforce the sap-allowed-theme-origins 
allowli ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44761 (SAP Commerce Cloud could retain a sample OAuth2 client with 
publicly d ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44760 (Due to a Cross-Site Scripting (XSS) vulnerability, 
applications based  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44759 (SAP NetWeaver Enterprise Portal allows an unauthenticated 
attacker to  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44753 (SAP HANA Database (user self service tools) allows an 
unauthenticated  ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44752 (SAP NetWeaver Application Server Java allows an 
unauthenticated attack ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44747 (SAP NetWeaver Application Server ABAP allows an authenticated 
attacker ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-44745 (SAP Approuter does not properly validate incoming request 
headers duri ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-39042 (An issue in MikroTIk (SIA Mikrotikls, Latvia) RouterOS 7.21.x 
before v ...)
-       TODO: check
+       NOT-FOR-US: MikroTik
 CVE-2026-27690 (Due to an HTTP Request Smuggling vulnerability in SAP 
Approuter, an un ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2026-15685 (Ollama downloadBlob Improper Validation of Array Index 
Denial-of-Servi ...)
        TODO: check
 CVE-2026-15684 (Glarysoft Glary Utilities Link Following Local Privilege 
Escalation Vu ...)
@@ -141,7 +141,7 @@ CVE-2026-15681 (AnyDesk Screen Recording Link Following 
Denial-of-Service Vulner
 CVE-2026-15680 (Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format 
String Re ...)
        TODO: check
 CVE-2026-15678 (A security vulnerability has been detected in code-projects 
Online Job ...)
-       TODO: check
+       NOT-FOR-US: code-projects
 CVE-2026-15677 (A weakness has been identified in code-projects Online Job 
Portal 1.0. ...)
        TODO: check
 CVE-2026-15676 (A security flaw has been discovered in code-projects Online 
Job Portal ...)
@@ -149,7 +149,7 @@ CVE-2026-15676 (A security flaw has been discovered in 
code-projects Online Job
 CVE-2026-15675 (A vulnerability was identified in code-projects Online Job 
Portal 1.0. ...)
        TODO: check
 CVE-2026-15672 (A vulnerability was determined in itsourcecode Electronic 
Judging Syst ...)
-       TODO: check
+       NOT-FOR-US: itsourcecode System
 CVE-2026-15669 (A vulnerability was found in louisho5 picobot up to 0.2.0. 
This issue  ...)
        TODO: check
 CVE-2026-15668 (A vulnerability has been found in louisho5 picobot up to 
0.2.0. This v ...)
@@ -183,37 +183,37 @@ CVE-2026-15605 (A security vulnerability has been 
detected in wandb 0.25.2.dev1.
 CVE-2026-15598 (A weakness has been identified in antv layout 2.0.0. This 
impacts the  ...)
        TODO: check
 CVE-2026-15597 (A security flaw has been discovered in SourceCodester Class 
and Exam T ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2026-15596 (A vulnerability was identified in SourceCodester Class and 
Exam Timeta ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2026-15595 (A vulnerability was determined in SourceCodester Class and 
Exam Timeta ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester
 CVE-2026-15594 (A vulnerability was found in waooAI waoowaoo up to 0.4.1. 
Impacted is  ...)
        TODO: check
 CVE-2026-12988 (The WP 2FA  WordPress plugin before 3.1.1.2 does not verify 
that the e ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12583 (The Newsletters WordPress plugin before 4.15 does not prevent 
deserial ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12536 (The Avada (Fusion) Builder plugin for WordPress is vulnerable 
to Store ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12511 (The AI Engine  WordPress plugin before 3.5.5 does not sanitize 
a user- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12482 (A vulnerability in keras-team/keras version 3.12.0 allows an 
attacker  ...)
        TODO: check
 CVE-2026-12385 (The Smart Slider 3 plugin for WordPress is vulnerable to 
Sensitive Inf ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11802 (The FoodBook Lite - Online Food Ordering System plugin for 
WordPress i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11567 (The SureForms  WordPress plugin before 2.11.1 does not 
properly valida ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11563 (The Word Count and Social Shares WordPress plugin through 1.0 
does not ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11390 (The News Kit Addons For Elementor plugin for WordPress is 
vulnerable t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-0487 (SAProuter on Microsoft Windows allows an unauthenticated 
attacker to l ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2025-15665 (The Ultimate Before After Image Slider & Gallery  WordPress 
plugin bef ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-58102 (Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a 
heap out-o ...)
        - libcrypt-openssl-x509-perl <unfixed> (bug #1142034)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41792355/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4c6e02c0ad99ab9a225855d67df42773b7acb6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a4c6e02c0ad99ab9a225855d67df42773b7acb6
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to