[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 13 08:14:15 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2285c98a by security tracker role at 2026-06-13T07:14:09+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-9848 (The WP Ticket plugin for WordPress is vulnerable to SQL Injection via ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9134 (The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9109 (The GPTranslate \u2013 Multilingual AI Translation for WordPress: Auto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9062 (The Store Locator WordPress plugin before 1.6.9 does not validate a pa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9061 (The Store Locator WordPress plugin before 1.6.9 does not sanitize and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6676 (Heap buffer out-of-bounds write vulnerability in Avira Antivirus engin ...)
TODO: check
CVE-2026-54398 (An authorization flaw in MISP\u2019s object add/edit handling allowed ...)
@@ -55,45 +55,45 @@ CVE-2026-53868 (Capgo before 12.128.2 contains a denial of service vulnerability
CVE-2026-53867 (Capgo before 12.128.2 fails to delete previously uploaded profile imag ...)
TODO: check
CVE-2026-53839 (OpenClaw before 2026.5.7 contains a hostname validation vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53838 (OpenClaw before 2026.5.27 contains a state mutation vulnerability in n ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53837 (OpenClaw before 2026.5.6 contains an improper access control vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53836 (OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53835 (OpenClaw before 2026.5.6 contains a configuration enforcement bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53834 (OpenClaw before 2026.4.27 contains an authorization bypass vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53833 (OpenClaw before 2026.4.29 contains an authorization bypass vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53832 (OpenClaw before 2026.5.18 contains an identity header validation vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53831 (OpenClaw before 2026.5.18 contains a policy enforcement vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53830 (OpenClaw before 2026.4.22 contains a webhook secret revocation bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53829 (OpenClaw before 2026.5.18 contains an approval display truncation vuln ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53828 (OpenClaw before 2026.5.6 contains an authorization bypass vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53827 (OpenClaw before 2026.5.2 contains a credential exposure vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53826 (OpenClaw before 2026.4.26 contains an information disclosure vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53825 (OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53824 (OpenClaw before 2026.4.24 contains a token revocation vulnerability al ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53823 (OpenClaw before 2026.5.3 contains a privilege escalation vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53822 (OpenClaw before 2026.5.18 contains a command injection vulnerability w ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53821 (OpenClaw before 2026.5.18 accepts WebSocket client-declared operator s ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53820 (OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53609 (ApostropheCMS is an open-source Node.js content management system. In ...)
TODO: check
CVE-2026-53608 (ApostropheCMS is an open-source Node.js content management system. Ver ...)
@@ -117,7 +117,7 @@ CVE-2026-50552 (Koel is a free, open-source music streaming solution. Prior to v
CVE-2026-50287 (AgenticMail gives AI agents real email addresses and phone numbers. Pr ...)
TODO: check
CVE-2026-4870 (IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-49397 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
TODO: check
CVE-2026-49396 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
@@ -127,9 +127,9 @@ CVE-2026-48119 (Nezha Monitoring is a self-hostable, lightweight, servers and we
CVE-2026-47268 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
TODO: check
CVE-2026-47264 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-47263 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-47260 (Koel is a free, open-source music streaming solution. Prior to version ...)
TODO: check
CVE-2026-47124 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
@@ -141,9 +141,9 @@ CVE-2026-46717 (Nezha Monitoring is a self-hostable, lightweight, servers and we
CVE-2026-46716 (Nezha Monitoring is a self-hostable, lightweight, servers and websites ...)
TODO: check
CVE-2026-45775 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-45085 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-45014 (ApostropheCMS is an open-source Node.js content management system. Ver ...)
TODO: check
CVE-2026-45013 (ApostropheCMS is an open-source Node.js content management system. Ver ...)
@@ -155,19 +155,19 @@ CVE-2026-45011 (ApostropheCMS is an open-source Node.js content management syste
CVE-2026-44990 (ApostropheCMS is an open-source Node.js content management system, and ...)
TODO: check
CVE-2026-44786 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44785 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44784 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44783 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44782 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44780 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-44779 (Discourse is an open-source discussion platform. From versions 2026.1. ...)
- TODO: check
+ NOT-FOR-US: Discourse
CVE-2026-43872 (Actual is an open-source personal finance application. Prior to versio ...)
TODO: check
CVE-2026-42890 (Actual is an open-source personal finance application. In the macOS de ...)
@@ -181,23 +181,23 @@ CVE-2026-42850 (Kitty is a cross-platform GPU based terminal. In versions prior
CVE-2026-42604 (Actual is a local-first personal finance tool. The `POST /openid/confi ...)
TODO: check
CVE-2026-41158 (Software installed and run as a non-privileged user may conduct GPU sy ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-41157 (A web page that contains unusual WebGPU content loaded into the GPU GL ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-41155 (An attacker could cooperatively pass data from one secure GPU process ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-34195 (Software installed and run as a non-privileged user may conduct intent ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-24618 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-12131 (A weakness has been identified in CodeAstro Human Resource Management ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-12130 (A security flaw has been discovered in CodeAstro Human Resource Manage ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-12129 (A vulnerability was identified in CodeAstro Human Resource Management ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-12089 (The LWS Optimize \u2013 All-in-One Speed Booster & Cache Tools plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12068 (Information disclosure vulnerability in Avira Password Manager when us ...)
TODO: check
CVE-2026-11769 (We have released version 5.24.0 of the Grafana Operator. This patch in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2285c98a575f82153685d6054b0cd6c15b3e58ab
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2285c98a575f82153685d6054b0cd6c15b3e58ab
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260613/ebcfe83e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list