Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6eac908e by security tracker role at 2026-07-16T07:14:06+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2026-56678 (9Router is an AI router & token saver. Prior 
to 0.5.6, the Kiro
 CVE-2026-55652 (Wekan is open source kanban built with Meteor. Prior to 9.46, 
header-l ...)
        TODO: check
 CVE-2026-55608 (n8n-MCP is an MCP server that provides AI assistants access to 
n8n nod ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-55576 (MaaAssistantArknights is a one-click tool for daily Arknights 
tasks. I ...)
        TODO: check
 CVE-2026-55445 (Qinglong is a timed task management platform supporting 
Python3, JavaS ...)
@@ -39,15 +39,15 @@ CVE-2026-55445 (Qinglong is a timed task management 
platform supporting Python3,
 CVE-2026-55410 (NocoBase is an AI-powered no-code/low-code platform for 
building busin ...)
        TODO: check
 CVE-2026-55399 (CVE-2026-55399 is a resource exhaustion vulnerability in the 
Secure Ac ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-55398 (CVE-2026-55398 is a memory management vulnerability in Secure 
Access c ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-55234 (Wekan is open source kanban built with Meteor. Prior to 9.37, 
Wekan DD ...)
        TODO: check
 CVE-2026-54458 (WWBN AVideo is an open source video platform. Versions prior 
to 29.0 c ...)
        TODO: check
 CVE-2026-54052 (n8n-MCP is an MCP server that provides AI assistants access to 
n8n nod ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-53447 (Wekan is open source kanban built with Meteor. Prior to 9.35, 
the Weka ...)
        TODO: check
 CVE-2026-53446 (Wekan is open source kanban built with Meteor. Prior to 9.32, 
Wekan we ...)
@@ -73,7 +73,7 @@ CVE-2026-52870 (The MCP Python SDK, called mcp on PyPI, is a 
Python implementati
 CVE-2026-52869 (The MCP Python SDK, called mcp on PyPI, is a Python 
implementation of  ...)
        TODO: check
 CVE-2026-51380 (Buffer Overflow vulnerability in Tenda AC10 v3 (firmware 
V03.03.16.09) ...)
-       TODO: check
+       NOT-FOR-US: Tenda
 CVE-2026-50183 (WWBN AVideo is an open source video platform. Versions 29.0 
and below  ...)
        TODO: check
 CVE-2026-50182 (WWBN AVideo is an open source video platform. Versions prior 
to 29.0 c ...)
@@ -81,11 +81,11 @@ CVE-2026-50182 (WWBN AVideo is an open source video 
platform. Versions prior to
 CVE-2026-50144 (ncnn is a high-performance neural network inference framework 
optimize ...)
        TODO: check
 CVE-2026-50124 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-50030 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-49867 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-49445 (Cilium is a networking, observability, and security solution. 
Prior to ...)
        TODO: check
 CVE-2026-49353 (9Router is an AI router & token saver. In 0.4.45 and earlier, 
9Router' ...)
@@ -97,43 +97,43 @@ CVE-2026-49279 (WWBN AVideo is an open source video 
platform. Versions 29.0 and
 CVE-2026-48795 (AdonisJS is a TypeScript-first web framework. From 10.1.3 
until 10.1.5 ...)
        TODO: check
 CVE-2026-46684 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-46421 (The SAP Cloud Application Programming Model is a tool for 
building ent ...)
        TODO: check
 CVE-2026-46339 (9Router is an AI router & token saver. From 0.4.30 until 
0.4.37, 9Rout ...)
        TODO: check
 CVE-2026-45738 (Argo CD is a declarative, GitOps continuous delivery tool for 
Kubernet ...)
-       TODO: check
+       NOT-FOR-US: Argo CD
 CVE-2026-45737 (Argo CD is a declarative, GitOps continuous delivery tool for 
Kubernet ...)
-       TODO: check
+       NOT-FOR-US: Argo CD
 CVE-2026-45535 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-45534 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-45533 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-45419 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-45417 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-45320 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
-       TODO: check
+       NOT-FOR-US: DataEase
 CVE-2026-45313 (Sandboxie-Plus is an open source sandbox-based isolation 
software for  ...)
        TODO: check
 CVE-2026-40958 (CVE-2026-40958 is a input validation error in Secure Access 
clients pr ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-40957 (o CVE-2026-40957 is a frameable content vulnerability in the 
Secure Ac ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-40956 (CVE-2026-40956 is a memory disclosure vulnerability in Secure 
Access c ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-40955 (CVE-2026-40955 is an integer underflow vulnerability in the 
traffic pa ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-40954 (CVE-2026-40954 is an integer underflow vulnerability in the 
traffic pa ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-40953 (CVE-2026-40953 is a heap overflow in the certificate parsing 
function  ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-40952 (CVE-2026-40952 is a privilege misconfiguration in the Secure 
Access in ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-38974 (Dulwich through 1.1.0 was found to be missing SSH host key 
verificatio ...)
        TODO: check
 CVE-2026-38755 (A heap overflow in the evalcommand() function (shell/ash.c) of 
Busybox ...)
@@ -149,11 +149,11 @@ CVE-2026-36590 (An issue in EMQ NanoMQ v.0.24.9 allows a 
remote attacker to caus
 CVE-2026-33684 (WWBN AVideo is an open source video platform. Prior to version 
29.0, P ...)
        TODO: check
 CVE-2026-33445 (CVE-2026-33445 is a memory management vulnerability in Secure 
Access s ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-33444 (CVE-2026-33444 is a memory management vulnerability in Secure 
Access s ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-33443 (CVE-2026-33443 is a memory management error in Secure Access 
servers p ...)
-       TODO: check
+       NOT-FOR-US: Absolute Software
 CVE-2026-30623 (LiteLLM 1.18.10 contains a remote code execution vulnerability 
in its  ...)
        TODO: check
 CVE-2026-30618 (xszyou Fay 4.3.1 contains a remote code execution 
vulnerability in its ...)
@@ -175,59 +175,59 @@ CVE-2026-15909 (A vulnerability has been found in RafyMrX 
TOKO-ONLINE-ROTI up to
 CVE-2026-15907 (A flaw has been found in H3C SecPath F1000-C8300 up to 
20260522. This  ...)
        TODO: check
 CVE-2026-15895 (OS command injection in the npm package loading component in 
AWS jsii- ...)
-       TODO: check
+       NOT-FOR-US: Amazon
 CVE-2026-15652 (The Easy Accordion \u2013 AI-Powered FAQ & Accordion Blocks, 
Product F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15458 (The SEO Booster plugin for WordPress is vulnerable to generic 
SQL Inje ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15445 (The SEO Booster plugin for WordPress is vulnerable to 
time-based SQL I ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15336 (The Catch Themes Demo Import plugin for WordPress is 
vulnerable to Mis ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15306 (The Product Feed Manager For WooCommerce \u2013 Sell on 200+ 
Online Ma ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-15013 (The SAML Single Sign On \u2013 SSO Login plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14987 (The GiveWP \u2013 Donation Plugin and Fundraising Platform 
plugin for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13042 (The RPB Chessboard plugin for WordPress is vulnerable to 
Stored Cross- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13005 (The MxChat \u2013 AI Chatbot & Content Generation for 
WordPress plugin ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12979 (The FunnelKit  WordPress plugin before 3.15.0.6 does not 
validate a us ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12978 (The FunnelKit  WordPress plugin before 3.15.0.6 does not 
escape a user ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12941 (The MultiVendorX \u2013 WooCommerce Multivendor Marketplace AI 
Powered ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12907 (The RTMKit WordPress plugin before 2.0.9 does not perform a 
proper cap ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12906 (The RTMKit WordPress plugin before 2.0.9 does not perform a 
capability ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12869 (The Header Footer Builder for Elementor WordPress plugin 
before 1.2.1  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12753 (The Advance Product Search- Voice & Ajax Search for 
WooCommerce plugin ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12684 (The Customer Reviews for WooCommerce WordPress plugin before 
5.113.0 d ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12585 (The Abandoned Cart Lite for WooCommerce WordPress plugin 
before 6.8.2  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12525 (The Redux Framework WordPress plugin before 4.5.13 does not 
restrict w ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12510 (The AI Engine  WordPress plugin before 3.5.5 does not verify 
that a us ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12492 (The Happy Coders OTP Login for WooCommerce WordPress plugin 
before 2.8 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12434 (The List category posts plugin for WordPress is vulnerable to 
Sensitiv ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12409 (The Landing Page Builder \u2013 Coming Soon page, Maintenance 
Mode, Le ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12395 (The WP Job Portal  WordPress plugin before 2.5.5 does not 
properly san ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11866 (The Appointment Booking Plugin  WordPress plugin before 5.6.3 
does not ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11371 (The BetterDocs  WordPress plugin before 4.5.5 does not 
sanitise an AI- ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-65720 (An issue in Open Source GPT Researcher v3.3.7 allows attackers 
to exec ...)
        TODO: check
 CVE-2026-53366 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eac908e5b6793ac4217d156dc2565e99010da54

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eac908e5b6793ac4217d156dc2565e99010da54
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to