[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 9 08:14:18 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92ddc817 by security tracker role at 2026-06-09T07:14:13+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,83 +1,83 @@
 CVE-2026-9662 (The Recover Exit For WooCommerce plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9185 (The 6Storage Rentals plugin for WordPress is vulnerable to Authorizati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8981 (The Custom Block Builder  WordPress plugin before 4.3.0 does not consi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8977 (The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8940 (The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8910 (The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8909 (The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8907 (The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8904 (The FastPicker, an order picker and order management system (oms) for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8902 (The AJAX Report Comments plugin for WordPress is vulnerable to Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8895 (The kk blog card plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8883 (The Global Body Mass Index Calculator plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8882 (The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8880 (The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8841 (The Extra Settings for RocketChat plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8795 (A YAML injection vulnerability exists in the Windows.Collectors.Remapp ...)
 	TODO: check
 CVE-2026-8499 (The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7662 (The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7556 (The FV Flowplayer Video Player plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-5714 (The Enable Media Replace plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-5067 (A remote, unauthenticated attacker can trigger memory corruption in Ze ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-4986 (The WPForms  WordPress plugin before 1.10.0.5 does not verify the auth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-49141 (WACRM prior to commit 73041bf contain an authorization bypass vulnerab ...)
 	TODO: check
 CVE-2026-47345 (Namespace attributes are not encoded correctly during HTML serializati ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 (core or extensions)
 CVE-2026-47344 (When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing ta ...)
-	TODO: check
+	NOT-FOR-US: TYPO3 (core or extensions)
 CVE-2026-46484 (Headplane is a feature-complete Web UI for Headscale. Prior to version ...)
 	TODO: check
 CVE-2026-44757 (SAP Wily Introscope Enterprise Manager allows an unauthenticated attac ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-44755 (SAP Business Objects Business Intelligence Platform does not sufficien ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-44754 (The Remote Function Call (RFC) modules of the Operational Data Provisi ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-44751 (Application server ABAP does not perform necessary authorization check ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-44750 (SAP MDG (Review Match Groups Application) does not perform the necessa ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-44748 (SAP NetWeaver Application Server ABAP and ABAP Platform allows an auth ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-44746 (Due to a reflected cross-site scripting (XSS) vulnerability in SAP Net ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-44744 (SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remo ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-44743 (Under certain conditions, when an unauthorized attacker accesses a spe ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-44541 (Fides is an open-source privacy engineering platform. From version 2.3 ...)
 	TODO: check
 CVE-2026-41980 (Permission control vulnerability in the file preview module.Impact: Su ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2026-41979 (Permission control vulnerability in the print module.Impact: Successfu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2026-41978 (Permission control vulnerability in the clone module.Impact: Successfu ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2026-41975 (Permission management vulnerability in the network management module.I ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2026-41855 (In an untrusted JMS environment, org.springframework.jms.support.conve ...)
 	TODO: check
 CVE-2026-41854 (Due to incorrect host parsing, applications that rely on UriComponents ...)
@@ -121,7 +121,7 @@ CVE-2026-41715 (In specific scenarios involving HTTP redirects from a secure to
 CVE-2026-41710 (An attacker can craft a large number of unique requests that trigger a ...)
 	TODO: check
 CVE-2026-41539 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2026-41007 (Spring HATEOAS maintains an unbounded static cache of StringLinkRelati ...)
 	TODO: check
 CVE-2026-41006 (Spring HATEOAS's internal PropertyUtils.createObjectFromProperties met ...)
@@ -133,43 +133,43 @@ CVE-2026-40983 (In Micrometer, it is possible for a user to provide specially cr
 CVE-2026-40519 (Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5 ...)
 	TODO: check
 CVE-2026-40128 (SAP NetWeaver Application Server Java (Web Container) allows an unauth ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-27671 (Due to improper RFC protocol validation in the SAP Kernel used by the  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-26236 (A missing authorization vulnerability has been reported to affect QuMa ...)
-	TODO: check
+	NOT-FOR-US: QNAP
 CVE-2026-24315 (SAP Fiori Launchpad allows attackers to craft malicious URLs that trig ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2026-11623 (A security vulnerability has been detected in tmux up to 3.6a. Affecte ...)
 	TODO: check
 CVE-2026-11621 (A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This im ...)
 	TODO: check
 CVE-2026-11620 (A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. Thi ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2026-11619 (A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The i ...)
-	TODO: check
+	NOT-FOR-US: Dolibarr
 CVE-2026-11618 (A vulnerability was determined in DTStack Taier up to 1.4.0. The affec ...)
 	TODO: check
 CVE-2026-11603 (The Product Filter Widget for Elementor plugin for WordPress is vulner ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-11585 (A vulnerability was determined in CodeAstro Student Attendance Managem ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2026-11584 (A vulnerability was found in CodeAstro Student Attendance Management S ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2026-11583 (A vulnerability has been found in CodeAstro Student Attendance Managem ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2026-11582 (A flaw has been found in CodeAstro Student Attendance Management Syste ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2026-11572 (Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3. ...)
 	TODO: check
 CVE-2026-10862 (The Accordions plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-10738 (The jQuery Hover Footnotes plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-10553 (The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-10024 (The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-11628 (Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allow ...)
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92ddc817f93ba51fbecb2085fcb3618515e08c93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92ddc817f93ba51fbecb2085fcb3618515e08c93
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260609/692a58ef/attachment.htm>

More information about the debian-security-tracker-commits mailing list