[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Apr 24 08:13:57 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5c3dfedf by security tracker role at 2026-04-24T07:13:51+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-6947 (DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Prote ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-6942 (radare2-mcp version 1.6.0 and earlier contains an os command injection ...)
TODO: check
CVE-2026-6941 (radare2 prior to 6.1.4 contains a path traversal vulnerability in its ...)
@@ -7,87 +7,87 @@ CVE-2026-6941 (radare2 prior to 6.1.4 contains a path traversal vulnerability in
CVE-2026-6940 (radare2 prior to 6.1.4 contains a path traversal vulnerability in proj ...)
TODO: check
CVE-2026-6810 (The Booking Calendar Contact Form plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6732 (A flaw was found in libxml2. This vulnerability occurs when the librar ...)
TODO: check
CVE-2026-6393 (The BetterDocs plugin for WordPress is vulnerable to Missing Authoriza ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6376 (A weakness in SpiceJet\u2019s public booking retrieval page permits fu ...)
TODO: check
CVE-2026-6375 (A vulnerability in SpiceJet\u2019s booking API allows unauthenticated ...)
TODO: check
CVE-2026-5488 (The ExactMetrics \u2013 Google Analytics Dashboard for WordPress plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5428 (The Royal Elementor Addons plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5364 (The Drag and Drop File Upload for Contact Form 7 plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5347 (The HM Books Gallery plugin for WordPress is vulnerable to Missing Aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-41485 (Kyverno is a policy engine designed for cloud native platform engineer ...)
TODO: check
CVE-2026-41430 (Press, a Frappe custom app that runs Frappe Cloud, manages infrastruct ...)
TODO: check
CVE-2026-41361 (OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41360 (OpenClaw before 2026.4.2 contains an approval integrity vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41359 (OpenClaw before 2026.3.28 contains a privilege escalation vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41358 (OpenClaw before 2026.4.2 fails to filter Slack thread context by sende ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41357 (OpenClaw before 2026.3.31 contains an environment variable leakage vul ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41356 (OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41355 (OpenShell before 2026.3.28 contains an arbitrary code execution vulner ...)
TODO: check
CVE-2026-41354 (OpenClaw before 2026.4.2 contains an insufficient scope vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41353 (OpenClaw before 2026.3.22 contains an access control bypass vulnerabil ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41352 (OpenClaw before 2026.3.31 contains a remote code execution vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41351 (OpenClaw before 2026.3.31 contains a replay detection bypass vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41350 (OpenClaw before 2026.3.31 contains a session visibility bypass vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41349 (OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41348 (OpenClaw before 2026.3.31 contains an authorization bypass vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41347 (OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP oper ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41346 (OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request c ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41345 (OpenClaw before 2026.3.31 contains a credential exposure vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41344 (OpenClaw before 2026.3.28 contains a privilege escalation vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41343 (OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget o ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41342 (OpenClaw before 2026.3.28 contains an authentication bypass vulnerabil ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41341 (OpenClaw before 2026.3.31 contains a logic error in Discord component ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41340 (OpenClaw before 2026.3.31 contains an authentication boundary vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41339 (OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in G ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41338 (OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41337 (OpenClaw before 2026.3.31 contains a callback origin mutation vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41336 (OpenClaw before 2026.3.31 allows workspace .env files to override the ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41335 (OpenClaw before 2026.3.31 contains an information disclosure vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41334 (OpenClaw before 2026.3.31 contains a decompression bomb vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41333 (OpenClaw before 2026.3.31 contains an authentication rate limiting byp ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41332 (OpenClaw before 2026.3.28 contains an environment variable sanitizatio ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41325 (Kirby is an open-source content management system. Kirby's user permis ...)
TODO: check
CVE-2026-41324 (basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vu ...)
@@ -161,13 +161,13 @@ CVE-2026-39462 (A vulnerability exists inSenseLive X3050\u2019s web management i
CVE-2026-35503 (A vulnerability inSenseLive X3050\u2019s web management interface allo ...)
TODO: check
CVE-2026-35431 (Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement M ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-35064 (A vulnerability inSenseLiveX3050\u2019s management ecosystem allows un ...)
TODO: check
CVE-2026-34587 (Kirby is an open-source content management system. Prior to versions 4 ...)
TODO: check
CVE-2026-33819 (Deserialization of untrusted data in Microsoft Bing allows an unauthor ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33318 (Actual is a local-first personal finance tool. Prior to version 26.4.0 ...)
TODO: check
CVE-2026-33317 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion ...)
@@ -175,7 +175,7 @@ CVE-2026-33317 (OP-TEE is a Trusted Execution Environment (TEE) designed as comp
CVE-2026-33208 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
TODO: check
CVE-2026-33102 (Url redirection to untrusted site ('open redirect') in M365 Copilot al ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-33078 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
TODO: check
CVE-2026-33077 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...)
@@ -187,9 +187,9 @@ CVE-2026-32952 (go-ntlmssp is a Go package that provides NTLM/Negotiate authenti
CVE-2026-32870 (Kirby is an open-source content management system. Kirby's `Xml::value ...)
TODO: check
CVE-2026-32210 (Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-32172 (Uncontrolled search path element in Microsoft Power Apps allows an una ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-31956 (Xibo is an open source digital signage platform with a web content man ...)
TODO: check
CVE-2026-31955 (Xibo is an open source digital signage platform with a web content man ...)
@@ -199,7 +199,7 @@ CVE-2026-31953 (Xibo is an open source digital signage platform with a web conte
CVE-2026-31952 (Xibo is an open source digital signage platform with a web content man ...)
TODO: check
CVE-2026-2028 (The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29197 (In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, ...)
TODO: check
CVE-2026-29051 (melange allows users to build apk packages using declarative pipelines ...)
@@ -215,7 +215,7 @@ CVE-2026-27841 (A vulnerability inSenseLiveX3050's web management interface allo
CVE-2026-26210 (KTransformers through 0.5.3 contains an unsafe deserialization vulnera ...)
TODO: check
CVE-2026-26150 (Server-side request forgery (ssrf) in Microsoft Purview allows an unau ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-25874 (LeRobot through 0.5.1 contains an unsafe deserialization vulnerability ...)
TODO: check
CVE-2026-25775 (A vulnerability inSenseLiveX3050\u2019s remote management service allo ...)
@@ -223,17 +223,17 @@ CVE-2026-25775 (A vulnerability inSenseLiveX3050\u2019s remote management servic
CVE-2026-25720 (A vulnerability exists inSenseLive X3050\u2019s web management interf ...)
TODO: check
CVE-2026-24303 (Improper access control in Microsoft Partner Center allows an authoriz ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-1952 (Delta Electronics AS320T has denial of service via the undocumented su ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-1951 (Delta Electronics AS320T has no checking of the length of the buffer w ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-1950 (Delta Electronics AS320T has No checking of the length of the buffer ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-1949 (Delta Electronics AS320T has incorrect calculation of the buffer size ...)
- TODO: check
+ NOT-FOR-US: Delta Electronics
CVE-2026-1789 (A vulnerability in the browser-based remote management interface may a ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-6921 (Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowe ...)
- chromium <not-affected> (Only affects Google Chrome on Windows)
CVE-2026-6920 (Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c3dfedf2e4f8b410d82c5c875d56e140a502c4e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5c3dfedf2e4f8b410d82c5c875d56e140a502c4e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260424/cc27db77/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list