[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 15 20:14:30 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
83f6b3ce by security tracker role at 2026-06-15T19:14:24+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2026-9863 (Fortra BoKS Manager contains an OS command injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2026-9862 (Fortra's Core Privileged Access Manager (BoKS)contains an OS command i ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2026-9595 (Impact: When a user-configured proxy on webpack-dev-server has a broad ...)
TODO: check
CVE-2026-9278 (The Form Builder CP WordPress plugin before 1.2.47 does not properly s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8935 (The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthentic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8683 (Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for att ...)
TODO: check
CVE-2026-8386 (The WP Go Maps WordPress plugin before 10.0.10 does not perform any a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8385 (The WP Go Maps WordPress plugin before 10.0.10 does not properly enfo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8358 (LibreOffice Calc can import tracked changes from a spreadsheet documen ...)
TODO: check
CVE-2026-8357 (LibreOffice Calc compiles cell formulas when opening a spreadsheet. A ...)
@@ -43,7 +43,7 @@ CVE-2026-5079 (Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are
CVE-2026-5038 (Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 ...)
TODO: check
CVE-2026-52704 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-50100 (Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MI ...)
TODO: check
CVE-2026-49757 (Authentication Bypass by Spoofing vulnerability in team-alembic AshAut ...)
@@ -51,13 +51,13 @@ CVE-2026-49757 (Authentication Bypass by Spoofing vulnerability in team-alembic
CVE-2026-49294 (Valhalla is an open source routing engine and accompanying libraries f ...)
TODO: check
CVE-2026-49111 (Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49064 (Insertion of Sensitive Information Into Sent Data vulnerability in Sti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49062 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48969 (Subscriber Broken Access Control in Really Simple SSL <= 9.5.9 version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-47777 (Mastodon is a free, open-source social network server based on Activit ...)
TODO: check
CVE-2026-44188 (A flaw was found in Ansible Lightspeed. This vulnerability, related to ...)
@@ -83,19 +83,19 @@ CVE-2026-34022 (TheWertheim SafeController Family 65000, Controller 65000 - Asse
CVE-2026-34021 (The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6. ...)
TODO: check
CVE-2026-20262 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, former ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-12057 (When the application executes the JavaScript script embedded in the PD ...)
- TODO: check
+ NOT-FOR-US: Foxit
CVE-2026-11860 (Quick.CMS deserializes user-controlled data received over plaintext HT ...)
TODO: check
CVE-2026-10634 (Zephyr's native TCP stack iterates the global connection list in net_t ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-64215 (Missing Authorization vulnerability in StylemixThemes MasterStudy LMS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-15659 (Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-15658 (Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2019-25746 (WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injectio ...)
TODO: check
CVE-2018-25437 (WordPress CherryFramework Themes 3.1.4 contains an information disclos ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83f6b3cedd42e699a3aa6c7952c69fef3a971380
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83f6b3cedd42e699a3aa6c7952c69fef3a971380
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260615/c53da09a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list