[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 8 20:14:11 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ac64c921 by security tracker role at 2026-01-08T20:14:01+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
CVE-2026-22587 (Ideagen DevonWay contains a stored cross site scripting vulnerability. ...)
TODO: check
CVE-2026-22522 (Missing Authorization vulnerability in Munir Kamal Block Slider allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22521 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22519 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22518 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22517 (Missing Authorization vulnerability in Passionate Brains GA4WP: Google ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22492 (Missing Authorization vulnerability in Nawawi Jamili Docket Cache allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22490 (Missing Authorization vulnerability in niklaslindemann Bulk Landing Pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22489 (Authorization Bypass Through User-Controlled Key vulnerability in Wpte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22488 (Missing Authorization vulnerability in IdeaBox Creations Dashboard Wel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22487 (Missing Authorization vulnerability in baqend Speed Kit allows Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22486 (Missing Authorization vulnerability in Hakob Re Gallery & Responsive P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22257 (Salvo is a Rust web backend framework. Prior to version 0.88.1, the fu ...)
TODO: check
CVE-2026-22256 (Salvo is a Rust web backend framework. Prior to version 0.88.1, the fu ...)
@@ -61,7 +61,7 @@ CVE-2026-22041 (Logging Redactor is a Python library designed to redact sensitiv
CVE-2026-22034 (Snuffleupagus is a module that raises the cost of attacks against webs ...)
TODO: check
CVE-2026-22032 (Directus is a real-time API and App dashboard for managing SQL databas ...)
- TODO: check
+ NOT-FOR-US: Directus
CVE-2026-22028 (Preact, a lightweight web development framework, JSON serialization pr ...)
TODO: check
CVE-2026-21896 (Kirby is an open-source content management system. From versions 5.0.0 ...)
@@ -93,17 +93,17 @@ CVE-2026-21639 (A malicious actor in Wi-Fi range of the affected product could l
CVE-2026-21638 (A malicious actor in Wi-Fi range of the affected product could leverag ...)
TODO: check
CVE-2026-0747 (Exposure of sensitive information in the TeamViewer entry dashboard co ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-0719 (A flaw was found in libsoup's NTLM (NT LAN Manager) authentication mod ...)
TODO: check
CVE-2026-0701 (A vulnerability was identified in code-projects Intern Membership Mana ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-0676 (Missing Authorization vulnerability in G5Theme Zorka zorka allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-0675 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-0674 (Missing Authorization vulnerability in Campaign Monitor Campaign Monit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-0671 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2025-8307 (Asseco InfoMedica is a comprehensive solution used to manage both admi ...)
@@ -111,31 +111,31 @@ CVE-2025-8307 (Asseco InfoMedica is a comprehensive solution used to manage both
CVE-2025-8306 (Asseco InfoMedica is a comprehensive solution used to manage both admi ...)
TODO: check
CVE-2025-69260 (A message out-of-bounds read vulnerability in Trend Micro Apex Central ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-69259 (A message unchecked NULL return value vulnerability in Trend Micro Ape ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-69258 (A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2025-69169 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68892 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68891 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68890 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68887 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68875 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68873 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68867 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68715 (An issue was discovered in Panda Wireless PWRU0 devices with firmware ...)
TODO: check
CVE-2025-68158 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
@@ -143,55 +143,55 @@ CVE-2025-68158 (Authlib is a Python library which builds OAuth and OpenID Connec
CVE-2025-68151 (CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, ...)
TODO: check
CVE-2025-67937 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67936 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67935 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67934 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67933 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67932 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67931 (Insertion of Sensitive Information Into Sent Data vulnerability in AIT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67928 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67927 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67926 (Missing Authorization vulnerability in Shahjahan Jewel Fluent Support ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67925 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67924 (Unrestricted Upload of File with Dangerous Type vulnerability in zozot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67922 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67921 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67920 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67919 (Authorization Bypass Through User-Controlled Key vulnerability in Woff ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67918 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67917 (Missing Authorization vulnerability in shinetheme Traveler traveler al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67916 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67915 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67914 (Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67913 (Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cach ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67911 (Deserialization of Untrusted Data vulnerability in Tribulant Software ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67910 (Unrestricted Upload of File with Dangerous Type vulnerability in conte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67825 (An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34 ...)
TODO: check
CVE-2025-67325 (Unrestricted file upload in the hotel review feature in QloApps versio ...)
@@ -209,11 +209,11 @@ CVE-2025-66913 (JimuReport thru version 2.1.3 is vulnerable to remote code execu
CVE-2025-66001 (NeuVector supports login authentication through OpenID Connect. Howeve ...)
TODO: check
CVE-2025-65731 (An issue was discovered in D-Link Router DIR-605L (Hardware version F1 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-65518 (Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Deni ...)
TODO: check
CVE-2025-63611 (Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user- ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-62877 (Projects using the SUSE Virtualization (Harvester) environment mayexpo ...)
TODO: check
CVE-2025-61550 (Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValu ...)
@@ -245,53 +245,53 @@ CVE-2025-50334 (An issue in Technitium DNS Server v.13.5 allows a remote attacke
CVE-2025-4596 (Asseco ADMX system is used for processing medical records. It allows l ...)
TODO: check
CVE-2025-27004 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27002 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23993 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23504 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22728 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22726 (Server-Side Request Forgery (SSRF) vulnerability in _nK nK Themes Help ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22725 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22715 (Missing Authorization vulnerability in loopus WP Attractive Donations ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22713 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22712 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22708 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22707 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-22509 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14984 (The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14431 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14430 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14429 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14360 (Missing Authorization vulnerability in Kaira Blockons blockons allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14359 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14358 (Missing Authorization vulnerability in sizam REHub Framework rehub-fra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-13504 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-12551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-12550 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-12549 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22581
REJECTED
CVE-2026-22580
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac64c921313df4a718f336216761ddd178f4a452
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac64c921313df4a718f336216761ddd178f4a452
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260108/7d8370ec/attachment.htm>
More information about the debian-security-tracker-commits
mailing list