[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 14 08:14:11 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
36f2ab21 by security tracker role at 2026-01-14T08:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,43 +17,43 @@ CVE-2026-22718 (The VSCode extension for Spring CLI are vulnerable to command in
CVE-2026-22686 (Enclave is a secure JavaScript sandbox designed for safe AI agent code ...)
TODO: check
CVE-2026-21308 (Substance3D - Designer versions 15.0.3 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21307 (Substance3D - Designer versions 15.0.3 and earlier are affected by an ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21303 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an O ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21302 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an O ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21301 (Substance3D - Modeler versions 1.22.4 and earlier are affected by a NU ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21300 (Substance3D - Modeler versions 1.22.4 and earlier are affected by a NU ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21299 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-21298 (Substance3D - Modeler versions 1.22.4 and earlier are affected by an o ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-0813 (The Short Link plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0812 (The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0741 (The Electric Studio Download Counter plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0739 (The WMF Mobile Redirector plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0734 (The WP Allowed Hosts plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0717 (The LottieFiles \u2013 Lottie block for Gutenberg plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0694 (The SearchWiz plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0680 (The Real Post Slider Lite plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0678 (The Flat Shipping Rate by City for WooCommerce plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0635 (The Responsive Accordion Slider plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0594 (The List Site Contributors plugin for WordPress is vulnerable to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0543 (Improper Input Validation (CWE-20) in Kibana's Email Connector can all ...)
TODO: check
CVE-2026-0531 (Allocation of Resources Without Limits or Throttling (CWE-770) in Kiba ...)
@@ -63,37 +63,37 @@ CVE-2026-0530 (Allocation of Resources Without Limits or Throttling (CWE-770) in
CVE-2026-0528 (Improper Validation of Array Index (CWE-129) exists in Metricbeat can ...)
TODO: check
CVE-2025-68970 (Permission verification bypass vulnerability in the media library modu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68969 (Multi-thread race condition vulnerability in the thermal management mo ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68968 (Double free vulnerability in the multi-mode input module. Impact: Succ ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68967 (Vulnerability of improper permission control in the print module. Impa ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68966 (Permission control vulnerability in the Notepad module. Impact: Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68965 (Permission control vulnerability in the Notepad module. Impact: Succes ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68964 (Data verification vulnerability in the HiView module. Impact: Successf ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68963 (Man-in-the-middle attack vulnerability in the Clone module. Impact: Su ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68962 (Multi-thread race condition vulnerability in the camera framework modu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68961 (Multi-thread race condition vulnerability in the camera framework modu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68960 (Multi-thread race condition vulnerability in the video framework modul ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68959 (Permission verification bypass vulnerability in the media library modu ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68958 (Multi-thread race condition vulnerability in the card framework module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68957 (Multi-thread race condition vulnerability in the card framework module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68956 (Multi-thread race condition vulnerability in the card framework module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68955 (Multi-thread race condition vulnerability in the card framework module ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-68947 (NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authentic ...)
TODO: check
CVE-2025-68658 (Open Source Point of Sale (opensourcepos) is a web based point of sale ...)
@@ -101,91 +101,91 @@ CVE-2025-68658 (Open Source Point of Sale (opensourcepos) is a web based point o
CVE-2025-68492 (Chainlit versions prior to 2.8.5 contain an authorization bypass throu ...)
TODO: check
CVE-2025-37186 (A local privilege-escalation vulnerability has been discovered in the ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37179 (Multiple out-of-bounds read vulnerabilities were identified in a syste ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37178 (Multiple out-of-bounds read vulnerabilities were identified in a syste ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37177 (An arbitrary file deletion vulnerability has been identified in the co ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37176 (A command injection vulnerability in AOS-8 allows an authenticated pri ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37175 (Arbitrary file upload vulnerability exists in the web-based management ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37174 (Authenticated arbitrary file write vulnerability exists in the web-bas ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37173 (An improper input handling vulnerability exists in the web-based manag ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37172 (Authenticated command injection vulnerabilities exist in the web-based ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37171 (Authenticated command injection vulnerabilities exist in the web-based ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37170 (Authenticated command injection vulnerabilities exist in the web-based ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-15513 (The Float Payment Gateway plugin for WordPress is vulnerable to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15512 (The Aplazo Payment Gateway plugin for WordPress is vulnerable to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15486 (The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15475 (The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15378 (The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15377 (The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15376 (The Stopwords for comments plugin for WordPress is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15283 (The Name Directory plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15266 (The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot and Le ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15056 (A lack of data validation vulnerability in the HTML export feature in ...)
TODO: check
CVE-2025-15021 (The Gotham Block Extra Light plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15020 (The Gotham Block Extra Light plugin for WordPress is vulnerable to Arb ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14880 (The Netcash WooCommerce Payment Gateway plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14854 (The WP-CRM System plugin for WordPress is vulnerable to unauthorized a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14846 (The SocialChamp with WordPress plugin for WordPress is vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14770 (The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14725 (The Internal Link Builder plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14615 (The DASHBOARD BUILDER \u2013 WordPress plugin for Charts and Graphs pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14613 (The GetContentFromURL plugin for WordPress is vulnerable to Server-Sid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14502 (The News and Blog Designer Bundle plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14482 (The Crush.pics Image Optimizer - Image Compression and Optimization pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14464 (The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14389 (The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14379 (The Testimonials Creator plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14301 (The Integration Opvius AI for WooCommerce plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14173 (The Perfit WooCommerce plugin for WordPress is vulnerable to Missing A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13627 (The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12178 (The SpiceForms Form Builder plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12053 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2025-12052 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2025-12051 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2025-12050 (The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to ...)
- TODO: check
+ NOT-FOR-US: Insyde
CVE-2023-54341 (Webgrind 1.1 and before contains a reflected cross-site scripting vuln ...)
TODO: check
CVE-2023-54340 (WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f2ab2180cb7aa1d5acd0667f15fc1c80d95a92
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36f2ab2180cb7aa1d5acd0667f15fc1c80d95a92
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260114/7d7b4527/attachment.htm>
More information about the debian-security-tracker-commits
mailing list