[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 2 08:30:00 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
12f60b82 by security tracker role at 2026-06-02T07:14:11+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2026-9050 (The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9048 (The Slider Revolution plugin for WordPress is vulnerable to Sensitive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8293 (The Really Simple Security WordPress plugin before 9.5.10.1 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8206 (The Kirki \u2013 Freeform Page Builder, Website Builder & Customizer p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49491 (Pixa Bank 2.0 contains an SQL injection vulnerability that allows unau ...)
TODO: check
CVE-2026-49433 (The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts ...)
@@ -27,39 +27,39 @@ CVE-2026-40965 (Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnera
CVE-2026-40964 (Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all ...)
TODO: check
CVE-2026-3871 (A buffer overflow vulnerability in the UPnP DeletePortMapping() comman ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-3870 (A buffer overflow vulnerability in the UPnP AddPortMapping() command i ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2026-3722 (The Auto Image Attributes From Filename With Bulk Updater (Add Alt Tex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3198 (MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforc ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2026-37234 (FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_i ...)
TODO: check
CVE-2026-28586 (In multiple functions of AppOpsService.java, there is a possible missi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-28581 (In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-28580 (In multiple functions, there is a possible desync in persistence due t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-28578 (In multiple functions of DevicePolicyManagerService.java, there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-28577 (In addWindow of WindowManagerService.java, there is a possible tapjack ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-28511 (eLabFTW is an open source electronic lab notebook. Prior to version 5. ...)
TODO: check
CVE-2026-25879 (Langroid is a framework for building large-language-model-powered appl ...)
TODO: check
CVE-2026-25277 (Memory corruption while using Strongbox due to buffer overflow.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-25276 (Memory corruption while using Strongbox due to missing bounds check.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-25260 (Memory Corruption when accessing shared buffers without validation of ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-25259 (Memory corruption while processing multiple IOCTL command for escape o ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-25258 (Memory corruption while processing IOCTL calls for escape operations.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24782 (Kiteworks is a private data network (PDN). Prior to version 9.3.0,ulti ...)
TODO: check
CVE-2026-24761 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, an ...)
@@ -77,25 +77,25 @@ CVE-2026-24752 (Kiteworks is a private data network (PDN). Prior to version 9.3.
CVE-2026-24751 (Kiteworks is a private data network (PDN). Prior to version 9.3.0, a r ...)
TODO: check
CVE-2026-24092 (Memory Corruption when processing fastboot commands to set display mod ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24091 (Memory corruption while processing fastboot commands with improperly f ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24090 (Cryptographic issue while processing partition table entries allows un ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24089 (Memory corruption while processing fastboot commands with invalid inpu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24088 (Cryptographic Issue while processing a specific partition which allows ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24087 (Memory corruption while processing fastboot OEM commands.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24085 (Memory Corruption when processing display command line information due ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-10583 (A security vulnerability has been detected in nextlevelbuilder GoClaw ...)
TODO: check
CVE-2026-10581 (A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2026-10568 (A vulnerability was detected in itsourcecode Fees Management System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10567 (A security vulnerability has been detected in 1Panel-dev CordysCRM up ...)
TODO: check
CVE-2026-10566 (A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2 ...)
@@ -103,9 +103,9 @@ CVE-2026-10566 (A weakness has been identified in FoundationAgents MetaGPT up to
CVE-2026-10565 (A security flaw has been discovered in Open5GS up to 2.7.6. The impact ...)
TODO: check
CVE-2026-10559 (A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10558 (A vulnerability was detected in SourceCodester Pizzafy Ecommerce Syste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10550 (A weakness has been identified in elunez eladmin up to 2.7. This vulne ...)
TODO: check
CVE-2026-10548 (A security flaw has been discovered in NousResearch hermes-agent up to ...)
@@ -117,23 +117,23 @@ CVE-2026-10528 (A security flaw has been discovered in Orthanc DICOM Server up t
CVE-2026-10514 (A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. Th ...)
TODO: check
CVE-2026-10510 (Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI ...)
- TODO: check
+ NOT-FOR-US: TECNO Mobile
CVE-2026-10302 (A flaw has been found in itsourcecode Fees Management System 1.0. The ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10301 (A vulnerability was detected in itsourcecode Fees Management System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10300 (A security vulnerability has been detected in SGLang 0.5.10.post1. Imp ...)
TODO: check
CVE-2026-10299 (A weakness has been identified in code-projects Online Hospital Manage ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-10298 (A security flaw has been discovered in ggml-org whisper.cpp up to 1.8. ...)
TODO: check
CVE-2026-10297 (A vulnerability was identified in itsourcecode Fees Management System ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10296 (A vulnerability was determined in itsourcecode Fees Management System ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-10295 (A vulnerability was found in SourceCodester Customer Review App 1.0. A ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10294 (A vulnerability has been found in PackageKit up to 1.3.5. Affected is ...)
TODO: check
CVE-2026-10293 (A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This imp ...)
@@ -143,153 +143,153 @@ CVE-2026-10292 (A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170
CVE-2026-10291 (A security vulnerability has been detected in Enderfga claw-orchestrat ...)
TODO: check
CVE-2026-10290 (A weakness has been identified in code-projects Hotel and Tourism Rese ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-10289 (A security flaw has been discovered in code-projects Hotel and Tourism ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-10288 (A vulnerability was identified in code-projects Hotel and Tourism Rese ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-10287 (A vulnerability was determined in SourceCodester SEO Meta Tag Extracto ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-10286 (A vulnerability was found in CodeAstro Payroll System 1.0. This affect ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-10285 (A vulnerability has been found in DevaslanPHP project-management up to ...)
TODO: check
CVE-2026-10284 (A flaw has been found in DevaslanPHP project-management up to 2.0.0-be ...)
TODO: check
CVE-2026-10100 (The Simple Custom Login Page plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0100 (In Load of LoadedArsc.cpp, there is a possible out of bounds write due ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0099 (In onNullBinding of HostEmulationManager.java, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0098 (In getCallingPackageName of Shared.java, there is a possible way to by ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0097 (In multiple locations, there is a possible way to bypass user interact ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0096 (In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0095 (In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0094 (In getApplicationLabel of KeyChainActivity.java, there is a possible w ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0093 (In multiple locations, there is a possible misleading UI due to obfusc ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0091 (In multiple locations, there is a possible way to execute code in the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0089 (In multiple functions of PackageInstallerService.java, there is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0088 (In getCallingAppLabel of CertInstaller.java, there is a possible way t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0087 (In approvalLevelForDomainInternal of DomainVerificationService.java, t ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0086 (In onCreate of DisableSupervisionActivity.kt, there is a possible way ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0085 (In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0080 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0079 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0078 (In setGlobalProxy of DevicePolicyManagerService.java, there is a possi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0077 (In resumeConfigurationDispatch of ActivityRecord.java, there is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0076 (In validateNode of ResourceTypes.cpp, there is a possible out of bound ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0075 (In multiple functions, there is a possible way to access the contacts ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0074 (In getPreferredSize of LauncherProcessImageListener.kt, there is a pos ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0070 (In multiple functions of DevicePolicyManagerService.java, there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0069 (In verifySignature of ApkChecksums.java, there is a possible way to ca ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0067 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0061 (In multiple functions of WindowState.java, there is a possible way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0060 (In updateState of GraphicsDriverEnableAngleAsSystemDriverController.ja ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0059 (In multiple functions of sdp_discovery.cc, there is a possible way to ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0056 (In setTo of ResourceTypes.cpp, there is a possible read out of bounds ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0055 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0052 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0051 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0050 (In handleBondStateChanged of AdapterService.java, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0048 (In hide of WindowState.java, there is a possible way to trick the user ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0046 (In InputInterceptor of Letterbox.java, there is a possible way to tric ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0045 (In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0044 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0043 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0042 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0041 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0040 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0039 (In multiple functions of ubsan_throwing_runtime.cpp, there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0036 (In startAnimation of StageCoordinator.java, there is a possible tapjac ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0018 (In multiple functions of AccessibilityManagerService.java, there is a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0016 (In updateProvidersWhenServiceRemoved of CredentialManagerService.java, ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2026-0009 (In multiple locations, there is a possible tapjacking due to a logic e ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-70099 (A NULL pointer dereference in the ext4_dir_en_get_name_len function in ...)
TODO: check
CVE-2025-59614 (Memory Corruption when sending random number generator command with in ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59613 (Memory Corruption when output buffer size is smaller than input buffer ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59612 (Memory corruption in windows drivers while sending incorrect trusted a ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59611 (Memory corruption in diagnostic services due to absence of input valid ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59610 (Memory Corruption when processing IOCTL requests with mismatched API v ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59609 (Information Disclosure when processing advertisement frames with malfo ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59606 (Memory Corruption when writing to invalid memory locations occurs due ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59605 (Memory Corruption when processing device identifier strings that excee ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59604 (Memory Corruption when running a memory copy operation due to invalid ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-59601 (Information Disclosure when resetting device to factory default settin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-48652 (In performPreInstallChecks of InstallRepository.kt, there is a possibl ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48649 (In multiple locations, there is a possible way to reset user-selected ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48648 (In isSameApp of NotificationManagerService.java, there is a possible p ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48616 (In multiple functions of KeyguardViewMediator.java , there is a possib ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48595 (In multiple locations, there is a possible way to achieve code executi ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-48570 (In multiple functions of PipTaskOrganizer.java, there is a possible wa ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-32348 (In multiple locations, there is a possible background activity launch ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-26418 (In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-22426 (In many functions of ComputerEngine.java, there is a possible way to a ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-22424 (In multiple locations, there is a possible way to reveal images across ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2019-25718 (Dr\xe4ger Infinity Explorer C700 contains a privilege escalation vulne ...)
TODO: check
CVE-2019-25716 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors contain ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12f60b82b497aef85e64403d405ebe5cc5aca3df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12f60b82b497aef85e64403d405ebe5cc5aca3df
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260602/63eb5143/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list