[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 29 20:14:16 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1bf51c17 by security tracker role at 2026-04-29T19:14:10+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2026-7466 (AgentFlow contains an arbitrary code execution vulnerability that
CVE-2026-7439 (AgentFlow's local web API accepts non-JSON content types on POST /api/ ...)
TODO: check
CVE-2026-7424 (Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-7423 (Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRT ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-7422 (Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-7398 (A weakness has been identified in florensiawidjaja BioinfoMCP up to 7a ...)
TODO: check
CVE-2026-7397 (A security flaw has been discovered in NousResearch hermes-agent 0.8.0 ...)
@@ -15,15 +15,15 @@ CVE-2026-7397 (A security flaw has been discovered in NousResearch hermes-agent
CVE-2026-7396 (A vulnerability was identified in NousResearch hermes-agent 0.8.0. Aff ...)
TODO: check
CVE-2026-7394 (A vulnerability was determined in SourceCodester Pizzafy Ecommerce Sys ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7393 (A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1 ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7392 (A vulnerability has been found in SourceCodester Pharmacy Sales and In ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7391 (A flaw has been found in SourceCodester Pharmacy Sales and Inventory S ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7390 (A vulnerability was detected in SourceCodester Pharmacy Sales and Inve ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7389 (A security vulnerability has been detected in EyouCMS up to 1.7.9. The ...)
TODO: check
CVE-2026-7388 (A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the ...)
@@ -49,37 +49,37 @@ CVE-2026-5141 (Improper Privilege Management, Improper Access Control, Incorrect
CVE-2026-5140 (Improper neutralization of CRLF sequences ('CRLF injection') vulnerabi ...)
TODO: check
CVE-2026-4019 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-42652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42648 (Missing Authorization vulnerability in Brainstorm Force Spectra ultima ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42646 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42645 (Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of " ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42644 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42643 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42642 (Missing Authorization vulnerability in StellarWP GiveWP give allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42641 (Server-Side Request Forgery (SSRF) vulnerability in ILLID Share This I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42525 (Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-42524 (Jenkins HTML Publisher Plugin 427 and earlier does not escape job name ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-42523 (Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the curr ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-42522 (A missing permission check in Jenkins GitHub Branch Source Plugin 1967 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-42521 (Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-42520 (Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-42519 (A missing permission check in Jenkins Script Security Plugin 1399.ve6a ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-42518 (This vulnerability exists in e-Sushrut due to disclosure of sensitive ...)
TODO: check
CVE-2026-42517 (This vulnerability exists in e-Sushrut due to the use of reversible Ba ...)
@@ -93,21 +93,21 @@ CVE-2026-42514 (This vulnerability exists in e-Sushrut due to exposure of OTPs i
CVE-2026-42513 (This vulnerability exists in e-Sushrut due to improper authentication ...)
TODO: check
CVE-2026-42412 (Missing Authorization vulnerability in weDevs WP User Frontend allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42377 (Missing Authorization vulnerability in Brainstorm Force SureForms Pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42249 (Ollama for Windowscontains a Remote Code Execution vulnerability in it ...)
TODO: check
CVE-2026-42248 (Ollama for Windows does not perform integrity or authenticity verifica ...)
TODO: check
CVE-2026-41952 (Local privilege escalation due to improper input validation. The follo ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-41940 (cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54 ...)
TODO: check
CVE-2026-41499 (Wazuh is a free and open source platform used for threat prevention, d ...)
TODO: check
CVE-2026-41220 (Local privilege escalation due to improper input validation. The follo ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-40230 (Helpy contains a stored cross-site scripting vulnerability in the know ...)
TODO: check
CVE-2026-40229 (Helpy contains a stored cross-site scripting vulnerability in the post ...)
@@ -123,21 +123,21 @@ CVE-2026-38991 (Cockpit 2.13.5 and earlier is affected by a misconfiguration wit
CVE-2026-37555 (An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF ...)
TODO: check
CVE-2026-36841 (TOTOLINK N200RE V5 was discovered to contain a command injection vulne ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-36837 (TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-30893 (Wazuh is a free and open source platform used for threat prevention, d ...)
TODO: check
CVE-2026-30769 (An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Pro ...)
TODO: check
CVE-2026-2902 (The WP Meteor Website Speed Optimization Addon plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2810 (Netskope was notified about a potential gap in the Endpoint DLP Module ...)
- TODO: check
+ NOT-FOR-US: Netskope
CVE-2026-28221 (Wazuh is a free and open source platform used for threat prevention, d ...)
TODO: check
CVE-2026-27105 (Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-26206 (Wazuh is a free and open source platform used for threat prevention, d ...)
TODO: check
CVE-2026-26204 (Wazuh is a free and open source platform used for threat prevention, d ...)
@@ -145,7 +145,7 @@ CVE-2026-26204 (Wazuh is a free and open source platform used for threat prevent
CVE-2026-26015 (DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 t ...)
TODO: check
CVE-2026-25852 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2026-22745 (Spring MVC and WebFlux applications are vulnerable to Denial of Servic ...)
TODO: check
CVE-2026-22741 (Spring MVC and WebFlux applications are vulnerable to cache poisoning ...)
@@ -153,11 +153,11 @@ CVE-2026-22741 (Spring MVC and WebFlux applications are vulnerable to cache pois
CVE-2026-22740 (A WebFlux server application that processes multipart requests creates ...)
TODO: check
CVE-2026-0206 (A post-authentication Stack-based Buffer Overflow vulnerabilities in S ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2026-0205 (A post-authentication Path Traversal vulnerability in SonicOS allows a ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2026-0204 (A vulnerability in the access control mechanism of SonicOS may allow c ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-56537 (A stored cross-site scripting (XSS) vulnerability in opennebula v6.10. ...)
TODO: check
CVE-2025-56536 (A stored cross-site scripting (XSS) vulnerability in opennebula v6.10. ...)
@@ -167,7 +167,7 @@ CVE-2025-56535 (A cross-site scripting (XSS) vulnerability in opennebula v6.10.0
CVE-2025-56534 (A cross-site scripting (XSS) vulnerability in the custom authenticator ...)
TODO: check
CVE-2025-10503 (The authentication endpoint accepts user-supplied input without enforc ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2026-XXXX [RUSTSEC-2026-0112]
- rust-astral-tokio-tar 0.6.1-1
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0112.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bf51c178e4002bb6d9ab49de99ae4940513f65c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1bf51c178e4002bb6d9ab49de99ae4940513f65c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260429/e372b46e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list