[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 22 20:14:40 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b24f3bff by security tracker role at 2026-04-22T19:14:28+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23,37 +23,37 @@ CVE-2026-6842 (A flaw was found in nano. In environments with permissive umask s
CVE-2026-6515 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-6396 (The Fast & Fancy Filter \u2013 3F plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6356 (A vulnerability in the web application allows standard users to escala ...)
TODO: check
CVE-2026-6355 (A vulnerability in the web application allows unauthorized users to ac ...)
TODO: check
CVE-2026-6294 (The Google PageRank Display plugin for WordPress is vulnerable to Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6246 (The Simple Random Posts Shortcode plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6236 (The Posts map plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6235 (The Sendmachine for WordPress plugin for WordPress is vulnerable to au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6041 (The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6023 (In Progress\xae Telerik\xae UI for AJAX versions 2024.4.1114 through 2 ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-6022 (In Progress\xae Telerik\xae UI for AJAX prior to 2026.1.421, RadAsyncU ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-5820 (The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5816 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-5767 (The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5750 (An insecure direct object reference (IDOR) vulnerability in the Fullst ...)
TODO: check
CVE-2026-5749 (Inadequate access control in the registration process in Fullstep V5, ...)
TODO: check
CVE-2026-5748 (The Text Snippets plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5377 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-5262 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -61,53 +61,53 @@ CVE-2026-5262 (GitLab has remediated an issue in GitLab CE/EE affecting all vers
CVE-2026-4922 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-4353 (The CI HUB Connector plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4280 (The Breaking News WP plugin for WordPress is vulnerable to Local File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4279 (The Bread & Butter plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4142 (The Sentence To SEO (keywords, description and tags) plugin for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4140 (The Ni WooCommerce Order Export plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4139 (The mCatFilter plugin for WordPress is vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4138 (The DX Unanswered Comments plugin for WordPress is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4133 (The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4132 (The HTTP Headers plugin for WordPress is vulnerable to External Contro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4131 (The WP Responsive Popup + Optin plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4128 (The TP Restore Categories And Taxonomies plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4126 (The Table Manager plugin for WordPress is vulnerable to Sensitive Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4125 (The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4121 (The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4119 (The Create DB Tables plugin for WordPress is vulnerable to authorizati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4118 (The Call To Action Plugin plugin for WordPress is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4117 (The CalJ plugin for WordPress is vulnerable to Missing Authorization i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4090 (The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4089 (The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4088 (The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4085 (The Easy Social Photos Gallery plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4082 (The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4076 (The Slider Bootstrap Carousel plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4074 (The Quran Live Multilanguage plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-41469 (Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy ...)
TODO: check
CVE-2026-41468 (Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life com ...)
@@ -117,7 +117,7 @@ CVE-2026-41459 (Xerte Online Toolkits versions 3.15 and earlier contain an infor
CVE-2026-40542 (Missing critical step in authentication in Apache HttpClient 5.6 allow ...)
TODO: check
CVE-2026-3362 (The Short Comment Filter plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3254 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-35548 (An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichmen ...)
@@ -447,27 +447,27 @@ CVE-2026-31192 (Insufficient validation of Chrome extension identifiers in Raind
CVE-2026-30139 (A reflected cross-site scripting (XSS) vulnerability in the AdvancedSe ...)
TODO: check
CVE-2026-2719 (The Private WP suite plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2717 (The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2714 (The Institute Management plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-28950 (A logging issue was addressed with improved data redaction. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-26354 (Dell PowerProtect Data Domain with Domain Operating System (DD OS) of ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-1930 (The Emailchef plugin for WordPress is vulnerable to unauthorized modif ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1913 (The Gallagher Website Design plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1845 (The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1660 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-1395 (The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1379 (The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0539 (Incorrect Default Permissions in pcvisit service binary on Windows all ...)
TODO: check
CVE-2025-9957 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -475,7 +475,7 @@ CVE-2025-9957 (GitLab has remediated an issue in GitLab CE/EE affecting all vers
CVE-2025-6016 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2025-58922 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-3922 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2025-0186 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b24f3bff0f721d894ad91920a10706b4a94621ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b24f3bff0f721d894ad91920a10706b4a94621ef
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260422/e098ccb0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list