[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 2 20:16:45 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3655a16 by security tracker role at 2026-06-02T19:16:39+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
CVE-2026-9844 (Use of default credentials vulnerability in Roche Diagnostics navify D ...)
TODO: check
CVE-2026-9730 (The Remove NoFollow Commenter URL plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9723 (The Google Plus One Bottom plugin for WordPress is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9722 (The Laiser Tag plugin for WordPress is vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9599 (The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9590 (Improper access control in the permission validation component in Devo ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9522 (Improper access control in the PAM account discovery feature in Devolu ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-9234 (The JTL-Connector for WooCommerce plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8993 (D.Launcher 2 component of Slovak eID client ecosystem contains Imprope ...)
TODO: check
CVE-2026-8885 (The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8422 (The Remove meta boxes per user role plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7313 (CWE\u2011522: Insufficiently Protected Credentials in web services in ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7312 (CWE\u2011522: Insufficiently Protected Credentials in web services in ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7299 (Appsmith\u2019s SQL query editor\u2019s autocomplete functionality fai ...)
TODO: check
CVE-2026-7201 (CWE-639: Authorization Bypass Through User-Controlled Key in web servi ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7198 (CWE-284: Improper Access Control in web services in Progress Sitefinit ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-7195 (CWE-20: Improper Input Validation in web services in Progress Sitefini ...)
- TODO: check
+ NOT-FOR-US: Progress Software
CVE-2026-5422 (A path traversal vulnerability exists in jupyter-server version 2.17.0 ...)
TODO: check
CVE-2026-5191 (The Tiled Gallery Carousel Without JetPack plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4081 (The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4080 (The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4071 (The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49943 (CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-ba ...)
TODO: check
CVE-2026-49782 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49754 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
TODO: check
CVE-2026-49753 (Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response S ...)
@@ -91,27 +91,27 @@ CVE-2026-43965 (Path traversal vulnerability in Gleam's dependency management al
CVE-2026-42795 (Symlink following vulnerability in Gleam's Hex package export allows f ...)
TODO: check
CVE-2026-42685 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42684 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42670 (Missing Authorization vulnerability in Etoile Web Design Incorporated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42669 (Missing Authorization vulnerability in EventPrime allows Exploiting In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42654 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42074 (OpenClaude is an open-source coding-agent command line interface for c ...)
TODO: check
CVE-2026-42073 (OpenClaude is an open-source coding-agent command line interface for c ...)
TODO: check
CVE-2026-41918 (A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2026-40780 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40715 (Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Im ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-40713 (Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Im ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-40619 (A high security vulnerability affecting Security Center main server in ...)
TODO: check
CVE-2026-40571 (NamelessMC is website software for Minecraft servers. In version 2.2.4 ...)
@@ -119,19 +119,19 @@ CVE-2026-40571 (NamelessMC is website software for Minecraft servers. In version
CVE-2026-40314 (NamelessMC is website software for Minecraft servers. In version 2.2.4 ...)
TODO: check
CVE-2026-3620 (The Word Replacer plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3514 (In version 3.6.19 of prefecthq/prefect, an authentication bypass vulne ...)
TODO: check
CVE-2026-39555 (Deserialization of Untrusted Data vulnerability in Elated-Themes Askka ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39553 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39552 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39551 (Deserialization of Untrusted Data vulnerability in Elated-Themes T\xf6 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39550 (Deserialization of Untrusted Data vulnerability in Elated-Themes Aperi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-38978 (transmission through 4.1.1 was found to have a clickjacking weakness i ...)
TODO: check
CVE-2026-35718 (A path traversal vulnerability in the /admin/downloadMedias.cgi endpoi ...)
@@ -165,25 +165,25 @@ CVE-2026-30650 (A post-authentication remote buffer overflow vulnerability exist
CVE-2026-30649 (Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows ...)
TODO: check
CVE-2026-2425 (The hiWeb Migration Simple plugin for WordPress is vulnerable to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2382 (The FPW Category Thumbnails plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-28116 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27351 (Missing Authorization vulnerability in Sekander Badsha Crew HRM allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24237 (NVIDIA NVTabular contains a vulnerability where an attacker could caus ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24221 (NVIDIA NVTabular contains a vulnerability where an attacker could caus ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-1871 (TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RT ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-1784 (The Route OpenShift resource allows to define routes to make pods reac ...)
TODO: check
CVE-2026-1451 (The rognone plugin for WordPress is vulnerable to Reflected Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1450 (The rognone plugin for WordPress is vulnerable to Reflected Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10629 (SIP signaling stack in Verizon IMS (unspecified version) implements SI ...)
TODO: check
CVE-2026-10622 (Improper Authentication in REST API in Collibra Agent, allows a remote ...)
@@ -193,47 +193,47 @@ CVE-2026-10621 (Path traversal in restore handler in Collibra Agent, allows an a
CVE-2026-10611 (An authentication bypass vulnerability exists in MISP when LDAP mixed ...)
TODO: check
CVE-2026-10606 (A vulnerability was determined in DedeCMS 5.7.88. The affected element ...)
- TODO: check
+ NOT-FOR-US: DedeCMS
CVE-2026-10591 (Insufficient access control restrictions in the file write tool in Ama ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-10549 (LDAP filter injection vulnerability in Yandex Database prior to 25.3.1 ...)
TODO: check
CVE-2026-10047 (The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2026-10046 (Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds wri ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2026-0611 (Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x be ...)
TODO: check
CVE-2025-69369 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68886 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-5085 (The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-58897 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58707 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58705 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58024 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53440 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53346 (Missing Authorization vulnerability in ThimPress Thim Core allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53345 (Missing Authorization vulnerability leading to code execution after in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53302 (Missing Authorization vulnerability in Anton Shevchuk Constructor allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53209 (Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LM ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52766 (Missing Authorization vulnerability in Printeers Printeers Print & Shi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2024-42206 (HCL iReflection Third party vulnerable and outdated components issue w ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2019-25719 (Dr\xe4ger Infinity Acute Care System and Standalone Infinity M540 pati ...)
TODO: check
CVE-2019-25717 (Dr\xe4ger Infinity Delta, Delta XL, and Kappa patient monitors contain ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3655a16d9f50f040d29f83e908990a713c386b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3655a16d9f50f040d29f83e908990a713c386b6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260602/1be8ec6a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list