[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Apr 28 08:14:09 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3236648e by security tracker role at 2026-04-28T07:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,31 +3,31 @@ CVE-2026-7234 (A weakness has been identified in BrowserOperator browser-operato
CVE-2026-7233 (A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impa ...)
TODO: check
CVE-2026-7230 (A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7229 (A vulnerability was found in code-projects Coaching Management System ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-7228 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7227 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7226 (A security vulnerability has been detected in SourceCodester Pizzafy E ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7225 (A weakness has been identified in SourceCodester Pizzafy Ecommerce Sys ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7224 (A security flaw has been discovered in SourceCodester Pizzafy Ecommerc ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7223 (A vulnerability was identified in BigSweetPotatoStudio HyperChat up to ...)
TODO: check
CVE-2026-7222 (A vulnerability was determined in code-projects Coaching Management Sy ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-7221 (A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17 ...)
TODO: check
CVE-2026-7220 (A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b ...)
TODO: check
CVE-2026-7219 (A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7218 (A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The i ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7217 (A security vulnerability has been detected in Deepractice PromptX up t ...)
TODO: check
CVE-2026-7216 (A weakness has been identified in donchelo processing-claude-mcp-bridg ...)
@@ -47,21 +47,21 @@ CVE-2026-7206 (A security flaw has been discovered in dubydu sqlite-mcp up to 0.
CVE-2026-7205 (A vulnerability was identified in duartium papers-mcp-server 9ceb3812a ...)
TODO: check
CVE-2026-7204 (A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7203 (A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Thi ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7202 (A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7200 (A flaw has been found in SourceCodester Pharmacy Sales and Inventory S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7199 (A vulnerability was detected in SourceCodester Pharmacy Sales and Inve ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7196 (A security vulnerability has been detected in CodeAstro Online Classro ...)
TODO: check
CVE-2026-7194 (A weakness has been identified in SourceCodester Pharmacy Sales and In ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7191 (Improper use of the static-eval npm package in the open source solutio ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-7183 (A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The a ...)
TODO: check
CVE-2026-7179 (A security vulnerability has been detected in OSPG binwalk up to 2.4.3 ...)
@@ -71,7 +71,7 @@ CVE-2026-7178 (A weakness has been identified in ChatGPTNextWeb NextChat up to 2
CVE-2026-7177 (A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2 ...)
TODO: check
CVE-2026-7160 (A vulnerability was determined in Tenda HG3 2.0. This vulnerability af ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-7159 (A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. Thi ...)
TODO: check
CVE-2026-7158 (A vulnerability has been found in dmitryglhf mcp-url-downloader up to ...)
@@ -79,77 +79,77 @@ CVE-2026-7158 (A vulnerability has been found in dmitryglhf mcp-url-downloader u
CVE-2026-7157 (A flaw has been found in disler aider-mcp-server up to b2516fa466d0d85 ...)
TODO: check
CVE-2026-7156 (A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7155 (A security vulnerability has been detected in Totolink A8000RU 7.1cu.6 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7154 (A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7153 (A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b202 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7152 (A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7151 (A vulnerability was determined in Tenda HG3 2.0. Impacted is the funct ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2026-7150 (A vulnerability was found in dh1011 auto-favicon up to f189116a9259950 ...)
TODO: check
CVE-2026-7149 (A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffc ...)
TODO: check
CVE-2026-6809 (The Social Post Embed plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6741 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6725 (The WPC Smart Messages for WooCommerce plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6551 (The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5394 (An authenticated administrative user who can import or save DataObject ...)
TODO: check
CVE-2026-5362 (An authenticated attacker with permission to edit document content can ...)
TODO: check
CVE-2026-5306 (The Check & Log Email WordPress plugin before 2.0.13 does not properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-42510 (OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-defa ...)
TODO: check
CVE-2026-41372 (OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hos ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41371 (OpenClaw before 2026.3.28 contains a privilege escalation vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41370 (OpenClaw before 2026.3.31 contains a path traversal vulnerability in A ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41369 (OpenClaw before 2026.3.31 contains insufficient environment variable s ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41368 (OpenClaw before 2026.3.28 contains an environment variable disclosure ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41367 (OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently app ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41366 (OpenClaw before 2026.3.31 contains a local roots self-whitelisting vul ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41365 (OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41364 (OpenClaw before 2026.3.31 contains a symlink following vulnerability i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41363 (OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-41362 (OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-40977 (When an application is configured to use `ApplicationPidFileWriter`, a ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40976 (In certain circumstances, Spring Boot's default web security is ineffe ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40975 (Values produced by ${random.value} are not suitable for use as secrets ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40974 (Spring Boot's Cassandra auto-configuration does not perform hostname v ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40973 (A local attacker on the same host as the application may be able to ta ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40972 (An attacker on the same network as the remote application may be able ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40971 (When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-conf ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40970 (When configured to use an SSL bundle, Spring Boot's Elasticsearch auto ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40967 (In Spring AI, various FilterExpressionConverter implementations accept ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2026-40356 (In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underf ...)
TODO: check
CVE-2026-40355 (In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer de ...)
@@ -169,9 +169,9 @@ CVE-2026-27785 (Specific firmware versions of Milesight AIOT camera firmware con
CVE-2026-20766 (An out-of-bounds memory access vulnerability exists in specific firmwa ...)
TODO: check
CVE-2026-1460 (A post-authentication command injection vulnerability in the \u201cDom ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-0711 (A post-authentication command injection vulnerability in the EasyMesh- ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2025-69428 (An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to ...)
TODO: check
CVE-2024-46636 (NASA Earth Observing System Data and Information System (EOSDIS) MODAP ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3236648e105ad2e27ab05ec52b4ac96ac7dba140
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3236648e105ad2e27ab05ec52b4ac96ac7dba140
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/338ff000/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list