Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6eac908e by security tracker role at 2026-07-16T07:14:06+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2026-56678 (9Router is an AI router & token saver. Prior
to 0.5.6, the Kiro
CVE-2026-55652 (Wekan is open source kanban built with Meteor. Prior to 9.46,
header-l ...)
TODO: check
CVE-2026-55608 (n8n-MCP is an MCP server that provides AI assistants access to
n8n nod ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-55576 (MaaAssistantArknights is a one-click tool for daily Arknights
tasks. I ...)
TODO: check
CVE-2026-55445 (Qinglong is a timed task management platform supporting
Python3, JavaS ...)
@@ -39,15 +39,15 @@ CVE-2026-55445 (Qinglong is a timed task management
platform supporting Python3,
CVE-2026-55410 (NocoBase is an AI-powered no-code/low-code platform for
building busin ...)
TODO: check
CVE-2026-55399 (CVE-2026-55399 is a resource exhaustion vulnerability in the
Secure Ac ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-55398 (CVE-2026-55398 is a memory management vulnerability in Secure
Access c ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-55234 (Wekan is open source kanban built with Meteor. Prior to 9.37,
Wekan DD ...)
TODO: check
CVE-2026-54458 (WWBN AVideo is an open source video platform. Versions prior
to 29.0 c ...)
TODO: check
CVE-2026-54052 (n8n-MCP is an MCP server that provides AI assistants access to
n8n nod ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-53447 (Wekan is open source kanban built with Meteor. Prior to 9.35,
the Weka ...)
TODO: check
CVE-2026-53446 (Wekan is open source kanban built with Meteor. Prior to 9.32,
Wekan we ...)
@@ -73,7 +73,7 @@ CVE-2026-52870 (The MCP Python SDK, called mcp on PyPI, is a
Python implementati
CVE-2026-52869 (The MCP Python SDK, called mcp on PyPI, is a Python
implementation of ...)
TODO: check
CVE-2026-51380 (Buffer Overflow vulnerability in Tenda AC10 v3 (firmware
V03.03.16.09) ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-50183 (WWBN AVideo is an open source video platform. Versions 29.0
and below ...)
TODO: check
CVE-2026-50182 (WWBN AVideo is an open source video platform. Versions prior
to 29.0 c ...)
@@ -81,11 +81,11 @@ CVE-2026-50182 (WWBN AVideo is an open source video
platform. Versions prior to
CVE-2026-50144 (ncnn is a high-performance neural network inference framework
optimize ...)
TODO: check
CVE-2026-50124 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-50030 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-49867 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-49445 (Cilium is a networking, observability, and security solution.
Prior to ...)
TODO: check
CVE-2026-49353 (9Router is an AI router & token saver. In 0.4.45 and earlier,
9Router' ...)
@@ -97,43 +97,43 @@ CVE-2026-49279 (WWBN AVideo is an open source video
platform. Versions 29.0 and
CVE-2026-48795 (AdonisJS is a TypeScript-first web framework. From 10.1.3
until 10.1.5 ...)
TODO: check
CVE-2026-46684 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-46421 (The SAP Cloud Application Programming Model is a tool for
building ent ...)
TODO: check
CVE-2026-46339 (9Router is an AI router & token saver. From 0.4.30 until
0.4.37, 9Rout ...)
TODO: check
CVE-2026-45738 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2026-45737 (Argo CD is a declarative, GitOps continuous delivery tool for
Kubernet ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2026-45535 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-45534 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-45533 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-45419 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-45417 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-45320 (DataEase is an open source data visualization and analysis
tool. Prior ...)
- TODO: check
+ NOT-FOR-US: DataEase
CVE-2026-45313 (Sandboxie-Plus is an open source sandbox-based isolation
software for ...)
TODO: check
CVE-2026-40958 (CVE-2026-40958 is a input validation error in Secure Access
clients pr ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-40957 (o CVE-2026-40957 is a frameable content vulnerability in the
Secure Ac ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-40956 (CVE-2026-40956 is a memory disclosure vulnerability in Secure
Access c ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-40955 (CVE-2026-40955 is an integer underflow vulnerability in the
traffic pa ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-40954 (CVE-2026-40954 is an integer underflow vulnerability in the
traffic pa ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-40953 (CVE-2026-40953 is a heap overflow in the certificate parsing
function ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-40952 (CVE-2026-40952 is a privilege misconfiguration in the Secure
Access in ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-38974 (Dulwich through 1.1.0 was found to be missing SSH host key
verificatio ...)
TODO: check
CVE-2026-38755 (A heap overflow in the evalcommand() function (shell/ash.c) of
Busybox ...)
@@ -149,11 +149,11 @@ CVE-2026-36590 (An issue in EMQ NanoMQ v.0.24.9 allows a
remote attacker to caus
CVE-2026-33684 (WWBN AVideo is an open source video platform. Prior to version
29.0, P ...)
TODO: check
CVE-2026-33445 (CVE-2026-33445 is a memory management vulnerability in Secure
Access s ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-33444 (CVE-2026-33444 is a memory management vulnerability in Secure
Access s ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-33443 (CVE-2026-33443 is a memory management error in Secure Access
servers p ...)
- TODO: check
+ NOT-FOR-US: Absolute Software
CVE-2026-30623 (LiteLLM 1.18.10 contains a remote code execution vulnerability
in its ...)
TODO: check
CVE-2026-30618 (xszyou Fay 4.3.1 contains a remote code execution
vulnerability in its ...)
@@ -175,59 +175,59 @@ CVE-2026-15909 (A vulnerability has been found in RafyMrX
TOKO-ONLINE-ROTI up to
CVE-2026-15907 (A flaw has been found in H3C SecPath F1000-C8300 up to
20260522. This ...)
TODO: check
CVE-2026-15895 (OS command injection in the npm package loading component in
AWS jsii- ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-15652 (The Easy Accordion \u2013 AI-Powered FAQ & Accordion Blocks,
Product F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15458 (The SEO Booster plugin for WordPress is vulnerable to generic
SQL Inje ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15445 (The SEO Booster plugin for WordPress is vulnerable to
time-based SQL I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15336 (The Catch Themes Demo Import plugin for WordPress is
vulnerable to Mis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15306 (The Product Feed Manager For WooCommerce \u2013 Sell on 200+
Online Ma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-15013 (The SAML Single Sign On \u2013 SSO Login plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-14987 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13042 (The RPB Chessboard plugin for WordPress is vulnerable to
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13005 (The MxChat \u2013 AI Chatbot & Content Generation for
WordPress plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12979 (The FunnelKit WordPress plugin before 3.15.0.6 does not
validate a us ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12978 (The FunnelKit WordPress plugin before 3.15.0.6 does not
escape a user ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12941 (The MultiVendorX \u2013 WooCommerce Multivendor Marketplace AI
Powered ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12907 (The RTMKit WordPress plugin before 2.0.9 does not perform a
proper cap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12906 (The RTMKit WordPress plugin before 2.0.9 does not perform a
capability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12869 (The Header Footer Builder for Elementor WordPress plugin
before 1.2.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12753 (The Advance Product Search- Voice & Ajax Search for
WooCommerce plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12684 (The Customer Reviews for WooCommerce WordPress plugin before
5.113.0 d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12585 (The Abandoned Cart Lite for WooCommerce WordPress plugin
before 6.8.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12525 (The Redux Framework WordPress plugin before 4.5.13 does not
restrict w ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12510 (The AI Engine WordPress plugin before 3.5.5 does not verify
that a us ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12492 (The Happy Coders OTP Login for WooCommerce WordPress plugin
before 2.8 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12434 (The List category posts plugin for WordPress is vulnerable to
Sensitiv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12409 (The Landing Page Builder \u2013 Coming Soon page, Maintenance
Mode, Le ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12395 (The WP Job Portal WordPress plugin before 2.5.5 does not
properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11866 (The Appointment Booking Plugin WordPress plugin before 5.6.3
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11371 (The BetterDocs WordPress plugin before 4.5.5 does not
sanitise an AI- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-65720 (An issue in Open Source GPT Researcher v3.3.7 allows attackers
to exec ...)
TODO: check
CVE-2026-53366 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eac908e5b6793ac4217d156dc2565e99010da54
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6eac908e5b6793ac4217d156dc2565e99010da54
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits