Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9886c00c by security tracker role at 2026-07-18T07:14:16+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,43 +1,43 @@
CVE-2026-9734 (The W3SC Elementor to Zoho CRM plugin for WordPress is
vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8861 (IBM Security Verify could allow a remote attacker to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8859 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an
attacker ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8635 (IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated
users to es ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8505 (IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in
Langflow' ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8481 (IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote
code e ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8476 (IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote
code e ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8056 (IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated
users to ov ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7872 (IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated
attacker ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7771 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7755 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow
remote code ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7754 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could
allow serve ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7667 (IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated
attacker ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7364 (IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security
Verify ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-63030 (WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is
affected by a R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-60137 (WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x
before 7.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-57980 (Authentication bypass using an alternate path or channel in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-56741 (JLine is a Java library for handling console input. Prior to
3.30.14, ...)
TODO: check
CVE-2026-56740 (JLine is a Java library for handling console input. Prior to
3.30.14, ...)
TODO: check
CVE-2026-56171 (Exposure of private personal information to an unauthorized
actor in W ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-55518 (Avo is a framework to create admin panels for Ruby on Rails
apps. Prio ...)
TODO: check
CVE-2026-55254 (NCalc is a fast, lightweight expression evaluator for .NET.
Prior to 6 ...)
@@ -99,9 +99,9 @@ CVE-2026-50162 (oras-go is a Go library for managing OCI
artifacts. Prior to 2.6
CVE-2026-50151 (oras-go is a Go library for managing OCI artifacts. Prior to
2.6.1, re ...)
TODO: check
CVE-2026-4942 (IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to
send a s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-4938 (IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security
Verify ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-49977 (tarteaucitron.js is a compliant and accessible cookie banner.
Prior to ...)
TODO: check
CVE-2026-49852 (joserfc is a Python library that provides an implementation of
several ...)
@@ -119,7 +119,7 @@ CVE-2026-48819 (Hey API is an ecosystem for turning API
specifications into prod
CVE-2026-48504 (OpenTelemetry Rust is the Rust OpenTelemetry implementation.
In 0.32.0 ...)
TODO: check
CVE-2026-48373 (Acrobat Reader is affected by a Heap-based Buffer Overflow
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-48062 (CodeIgniter is a PHP full-stack web framework. Prior to 4.7.3,
the ext ...)
TODO: check
CVE-2026-48049 (@hapi/inert provides static file and directory handlers for
hapi.js. F ...)
@@ -161,35 +161,35 @@ CVE-2026-16075 (A flaw has been found in AstrBotDevs
AstrBot up to 4.25.5. This
CVE-2026-16074 (A vulnerability was detected in AstrBotDevs AstrBot up to
4.25.2. This ...)
TODO: check
CVE-2026-15995 (IBM Cognos Analytics 12.1.3 GA Version with build number
through 12.1. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-15415 (AWS HealthOmics is a HIPAA-eligible service that fully manages
the com ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-15322 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a
remote at ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-15093 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a
remote at ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-15091 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a
remote at ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-15069 (IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a
remote at ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-14979 (IBM Engineering Lifecycle Management 7.0.3 ( Interim Fix 001
through ) ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-14971 (IBM PowerVM Novalink 2.2.02.2.12.2.1.1, and
2.3.02.3.0.12.3.12.3.2 IBM ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-14501 (IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0
could allow ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-14499 (IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an
authenti ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-13473 (IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1,
and 8.2 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-13448 (IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an
unauthen ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-13446 (IBM Langflow OSS 1.0.0 through 1.10.1 containshard-coded
credentials, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-13445 (IBM Langflow OSS 1.0.0 through 1.10.1 can allow an
authenticated attac ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-12283 (Amazon Athena is a serverless, interactive query service that
lets you ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-51678 (An issue was discovered in RISC-V PicoRV32 commit 87c89a. A
mismatch i ...)
TODO: check
CVE-2025-51677 (An issue was discovered in openRISC OR1200 commit 83ac6b. An
output mi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9886c00ce497755767757c95dae80e41dadd6c67
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9886c00ce497755767757c95dae80e41dadd6c67
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits