[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 12 08:14:12 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d34b248b by security tracker role at 2026-06-12T07:14:06+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,39 +1,39 @@
 CVE-2026-9271 (Vulnerability Title)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9269 (The Secure Copy Content Protection and Content Locking WordPress plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9125 (The Presto Player plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6250 (An authenticated format string vulnerability exists in the ONVIF servi ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2026-53819 (OpenClaw before 2026.5.27 contains an arbitrary code execution vulnera ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53818 (OpenClaw before 2026.4.24 contains an authorization bypass vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53817 (OpenClaw before 2026.5.22 contains a locality validation vulnerability ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53816 (OpenClaw before 2026.5.18 contains an insufficient provenance validati ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53815 (OpenClaw before 2026.5.19 contains an authorization bypass vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53814 (OpenClaw before 2026.5.20 contains a privilege escalation vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53813 (OpenClaw before 2026.4.25 contains a path traversal vulnerability in m ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53812 (OpenClaw before 2026.5.18 contains a server-side request forgery vulne ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53811 (OpenClaw before 2026.5.7 contains a privilege escalation vulnerability ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53810 (OpenClaw before 2026.5.18 contains a code execution vulnerability wher ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53809 (OpenClaw before 2026.4.25 contains a policy bypass vulnerability in em ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53808 (OpenClaw before 2026.5.6 contains an approval policy bypass vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53807 (OpenClaw before 2026.5.6 contains an authorization bypass vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53806 (OpenClaw before 2026.5.12 contains a shell option parsing vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-53782 (Summarize before 0.17.0 contains a server-side request forgery vulnera ...)
 	TODO: check
 CVE-2026-53781 (Summarize before 0.17.0 contains a resource exhaustion vulnerability t ...)
@@ -49,7 +49,7 @@ CVE-2026-49949 (CodexBar before 0.33.0 contains a credential forwarding vulnerab
 CVE-2026-49482 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
 	TODO: check
 CVE-2026-49060 (Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48613 (SQL injection vulnerability in phpBB profile field migration due to im ...)
 	TODO: check
 CVE-2026-48612 (Improper state verification in the OAuth implementation could allow an ...)
@@ -81,19 +81,19 @@ CVE-2026-45802 (FPDI is a collection of PHP classes that facilitate reading page
 CVE-2026-45418 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
 	TODO: check
 CVE-2026-45175 (Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit  ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2026-45174 (Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 al ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2026-45173 (Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) ve ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2026-45172 (Due to incomplete input validation in Idira Privileged Session Manager ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2026-45171 (Incomplete input validation and improperly configured folder permissio ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2026-45170 (Idira Privilege Cloud Connector versions prior 1.1.100504 under specif ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2026-45169 (Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2026-45060 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
 	TODO: check
 CVE-2026-44892 (Netty is a network application framework for development of protocol s ...)
@@ -107,13 +107,13 @@ CVE-2026-44249 (Netty is a network application framework for development of prot
 CVE-2026-42846 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
 	TODO: check
 CVE-2026-42653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42647 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-41005 (Cloud Foundry UAA incorrectly treated XML encryption to the Service Pr ...)
 	TODO: check
 CVE-2026-39494 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-20746 (Virtual attribute handling in Ping Identity PingDirectory in affected  ...)
 	TODO: check
 CVE-2026-12060 (Heptabase developed by Hepta Platforms has a Exposed Dangerous Method  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d34b248b8ed74a134cbe9be7f514ee23583f2ce3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d34b248b8ed74a134cbe9be7f514ee23583f2ce3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/9d3da894/attachment.htm>

More information about the debian-security-tracker-commits mailing list