[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 11 20:14:35 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11f2f980 by security tracker role at 2026-02-11T20:14:27+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2026-2314 (Heap buffer overflow in Codecs in Google Chrome prior to 145.0.76
CVE-2026-2313 (Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed ...)
TODO: check
CVE-2026-2295 (The WPZOOM Addons for Elementor \u2013 Starter Templates & Widgets plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2250 (The /dbviewer/ web endpoint in METIS WIC devices is exposed without au ...)
TODO: check
CVE-2026-2249 (METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based ...)
@@ -47,47 +47,47 @@ CVE-2026-25084 (Authentication for ZLAN5143D can be bypassed by directly accessi
CVE-2026-24789 (An unprotected API endpoint allows an attacker to remotely change the ...)
TODO: check
CVE-2026-22894 (A path traversal vulnerability has been reported to affect File Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2026-1885 (The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1853 (The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1837 (A specially-crafted file can cause libjxl's decoder to write pixel dat ...)
TODO: check
CVE-2026-1833 (The WaMate Confirm \u2013 Order Confirmation plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1827 (The Flask Micro code-editor plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1826 (The OpenPOS Lite \u2013 Point of Sale for WooCommerce plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1821 (The Microtango plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1809 (The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1804 (The WDES Responsive Popup plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1786 (The Twitter posts to Blog plugin for WordPress is vulnerable to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1748 (The Invoct \u2013 PDF Invoices & Billing for WooCommerce plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1560 (The Custom Block Builder \u2013 Lazy Blocks plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1227 (CWE-611: Improper Restriction of XML External Entity Reference vulnera ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-1226 (CWE\u201194: Improper Control of Generation of Code vulnerability exis ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2026-1215 (The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0910 (The wpForo Forum plugin for WordPress is vulnerable to PHP Object Inje ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0815 (The Category Image plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0724 (The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0229 (A denial-of-service (DoS) vulnerability in the Advanced DNS Security ( ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0228 (An improper certificate validation vulnerability in PAN-OS allows user ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-9986 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
TODO: check
CVE-2025-8668 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
@@ -115,13 +115,13 @@ CVE-2025-69872 (DiskCache (python-diskcache) through 5.6.3 uses Python pickle fo
CVE-2025-69871 (A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and e ...)
TODO: check
CVE-2025-68406 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66278 (A path traversal vulnerability has been reported to affect File Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66277 (A link following vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-66274 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-65480 (An issue was discovered in Pacom Unison Client 5.13.1. Authenticated u ...)
TODO: check
CVE-2025-65128 (A missing authentication mechanism in the web management API component ...)
@@ -131,83 +131,83 @@ CVE-2025-65127 (A lack of session validation in the web API component of Shenzhe
CVE-2025-64075 (A path traversal vulnerability in the check_token function of Shenzhen ...)
TODO: check
CVE-2025-62856 (A path traversal vulnerability has been reported to affect File Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62855 (A path traversal vulnerability has been reported to affect File Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62854 (An uncontrolled resource consumption vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62853 (A path traversal vulnerability has been reported to affect File Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-61969 (Incorrect permission assignment in AMD \xb5Prof may allow a local user ...)
TODO: check
CVE-2025-59386 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-58472 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-58471 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-58470 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-58467 (A relative path traversal vulnerability has been reported to affect Qs ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-58466 (A use of uninitialized variable vulnerability has been reported to aff ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-57713 (A weak authentication vulnerability has been reported to affect File S ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-57711 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-57710 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-57709 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-57708 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-57707 (An improper neutralization of directives in statically saved code ('St ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54170 (An out-of-bounds read vulnerability has been reported to affect Qsync ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54169 (An out-of-bounds read vulnerability has been reported to affect File S ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54163 (A NULL pointer dereference vulnerability has been reported to affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54162 (A path traversal vulnerability has been reported to affect File Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54161 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54155 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54152 (A use of out-of-range pointer offset vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54151 (An uncontrolled resource consumption vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54150 (An uncontrolled resource consumption vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54149 (An uncontrolled resource consumption vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54148 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54147 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54146 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-53598 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52870 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52869 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52868 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52541 (A DLL hijacking vulnerability in Vivado could allow a local attacker t ...)
TODO: check
CVE-2025-48725 (A buffer overflow vulnerability has been reported to affect several QN ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48724 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48723 (A buffer overflow vulnerability has been reported to affect Qsync Cent ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48722 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48518 (Improper input validation in AMD Graphics Driver could allow a local a ...)
TODO: check
CVE-2025-48508 (Improper Hardware reset flow logic in the GPU GFX Hardware IP block co ...)
@@ -215,19 +215,19 @@ CVE-2025-48508 (Improper Hardware reset flow logic in the GPU GFX Hardware IP bl
CVE-2025-48503 (A DLL hijacking vulnerability in the AMD Software Installer could allo ...)
TODO: check
CVE-2025-47209 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47205 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-30276 (An out-of-bounds write vulnerability has been reported to affect Qsync ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-30269 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-30266 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-15440 (The iONE360 configurator plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15096 (The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13651 (Exposure of Sensitive System Information to an Unauthorized Actor vuln ...)
TODO: check
CVE-2025-13650 (An attacker with access to the web application ZeusWeb of the provider ...)
@@ -237,7 +237,7 @@ CVE-2025-13649 (An attacker with access to the web applicationZeusWeb of the pro
CVE-2025-13648 (An attacker with access to the web application ZeusWeb of the provider ...)
TODO: check
CVE-2025-13391 (The Product Options and Price Calculation Formulas for WooCommerce \u2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12474 (A specially-crafted file can cause libjxl's decoder to read pixel data ...)
TODO: check
CVE-2025-12059 (Insertion of Sensitive Information into Externally-Accessible File or ...)
@@ -247,9 +247,9 @@ CVE-2025-10913 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2025-10174 (Cleartext Transmission of Sensitive Information vulnerability in Pan S ...)
TODO: check
CVE-2024-56808 (A command injection vulnerability has been reported to affect Media St ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-56807 (An out-of-bounds read vulnerability has been reported to affect Media ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50618 (A Use of Single-factor Authentication vulnerability in the Authenticat ...)
TODO: check
CVE-2024-36324 (Improper input validation in AMD Graphics Driver could allow an attack ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11f2f980a94c8485c74a2f0cc117797d3ea761e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11f2f980a94c8485c74a2f0cc117797d3ea761e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260211/5b8e3440/attachment.htm>
More information about the debian-security-tracker-commits
mailing list