[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 16 20:14:45 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d62550a by security tracker role at 2026-06-16T19:14:39+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,111 +1,111 @@
CVE-2026-9507 (A session fixation vulnerability has been identified in osTicket v1.18 ...)
TODO: check
CVE-2026-9307 (A sensitive information disclosure security issue exists within the af ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2026-8484 (A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" ...)
TODO: check
CVE-2026-8444 (The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Inj ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8442 (The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8176 (The LatePoint \u2013 Calendar Booking Plugin for Appointments and Even ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5416 (Due to the improper neutralization of special elements used in a name ...)
TODO: check
CVE-2026-54198 (Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54197 (Unauthenticated Sensitive Data Exposure in GetGenie <= 4.4.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54191 (Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54190 (Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-53900 (Firefox for iOS preserved cookies set on the initial PDF request acros ...)
TODO: check
CVE-2026-53899 (Firefox for iOS used partial domain matching when attaching cookies to ...)
TODO: check
CVE-2026-53866 (OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53865 (OpenClaw before 2026.5.2 contains a path traversal vulnerability in ma ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53864 (OpenClaw before 2026.5.26 contains an insufficient sanitization vulner ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53863 (OpenClaw before 2026.4.25 contains an input validation vulnerability i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53862 (OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerabil ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53861 (OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53860 (OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53859 (OpenClaw before 2026.5.26 contains a hostname validation vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53858 (OpenClaw before 2026.5.2 contains an environment variable injection vu ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53857 (OpenClaw before 2026.5.3 contains a policy enforcement vulnerability w ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53856 (OpenClaw before 2026.4.24 contains an insecure file permissions vulner ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53855 (OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53854 (OpenClaw before 2026.4.25 contains a privilege escalation vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53853 (OpenClaw before 2026.5.12 contains an argument pattern validation bypa ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53852 (OpenClaw before 2026.4.25 contains a scope containment bypass vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53851 (OpenClaw before 2026.5.12 contains a notification bypass vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53850 (OpenClaw before 2026.4.25 contains a control scope enforcement bypass ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53849 (OpenClaw before 2026.5.7 contains a privilege escalation vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53848 (OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerabil ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53847 (OpenClaw before 2026.5.6 contains a privilege escalation vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53846 (OpenClaw before 2026.4.29 contains a path traversal vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53845 (OpenClaw before 2026.5.6 contains a hook bypass vulnerability where sk ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53844 (OpenClaw before 2026.4.29 contains a session visibility check bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53843 (OpenClaw before 2026.5.26 contains an authorization bypass vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53842 (OpenClaw before 2026.5.2 contains an environment variable injection vu ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53841 (OpenClaw before 2026.5.12 contains a cross-site scripting vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53840 (OpenClaw before 2026.5.12 contains an information disclosure vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-53776 (Perry before 0.5.1166 contains a JWT validation vulnerability that all ...)
TODO: check
CVE-2026-52715 (Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52714 (Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52712 (Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-52711 (Unauthenticated Broken Access Control in WooCommerce POS <= 1.8.14 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-50656 (Microsoft is aware of an elevation of privilege in the Microsoft Malwa ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-49774 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49772 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48780 (Forem is open source software for building communities. Prior to commi ...)
TODO: check
CVE-2026-48775 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
TODO: check
CVE-2026-47964 (DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based B ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47963 (DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47934 (DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47927 (DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-boun ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-47749 (stable-diffusion.cpp is a pure C/C++ library for running diffusion mod ...)
TODO: check
CVE-2026-47748 (stable-diffusion.cpp is a pure C/C++ library for running diffusion mod ...)
@@ -117,27 +117,27 @@ CVE-2026-44932 (Passing of unsanitized strings from DHCP replies into the wicked
CVE-2026-42089 (Yeoman Environment provides an API to discover, create, and run genera ...)
TODO: check
CVE-2026-40809 (Missing Authorization vulnerability in Rara Themes Metro Magazine allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40750 (Unrestricted Upload of File with Dangerous Type vulnerability in thema ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39927
REJECTED
CVE-2026-39926
REJECTED
CVE-2026-39581 (Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39574 (Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39490 (Unauthenticated Broken Access Control in JupiterX Core <= 4.14.1 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-39437 (Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-2381 (The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-24228 (NVIDIA NeMo Framework for Linux contains a vulnerability where an atta ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-24155 (NVIDIA NeMo Framework for all platforms contains a code injection vuln ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2026-12412
REJECTED
CVE-2026-12398 (A command injection vulnerability was found in galaxy_ng. The do_git_c ...)
@@ -231,57 +231,57 @@ CVE-2026-12225 (syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, an
CVE-2026-12003 (To allow builds of Python to be run from an in-tree layout (rather tha ...)
TODO: check
CVE-2026-11317 (A denial of service security issue exists in the affected product. The ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2026-10831 (A denial-of-service vulnerability exists in NPort devices because of i ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2026-10829 (A stack-based buffer overflow vulnerability has been found in the NPor ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2026-10828 (A format string vulnerability has been found in the "alias" parameter ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2026-10825 (A denial-of-service vulnerability exists in the WebSocket API due to i ...)
- TODO: check
+ NOT-FOR-US: Moxa
CVE-2026-10748 (An authenticated user with the nx-licensing-create privilege can uploa ...)
- TODO: check
+ NOT-FOR-US: Sonatype
CVE-2026-10640 (Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10639 (In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/ ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10638 (subsys/net/ip/icmpv6.c reads the network interface from a net_pkt afte ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10637 (subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_ ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10636 (In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igm ...)
- TODO: check
+ NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2026-10093 (The File Sharing & Download Manager \u2013 User Private Files plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0647 (An improper authentication security issue exists within the 1794-AENTR ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2026-0646 (A denial-of-service security issue exists within the 1794-AENTR adapte ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9912 (Nokia SR Linux is vulnerable to a local privilege escalation vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Nokia
CVE-2025-71261 (An attacker with network-level access between the SUSE Virtualization ...)
TODO: check
CVE-2025-68045 (Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14272 (A security issue wasidentifiedin Pavilion due to improperauthorization ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-13036 (An authentication bypass security issue exists within FactoryTalk Hist ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-11694 (A security issue exists within1769 CompactLogix controllersdue to them ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2024-39575 (update_disk_psu_baseline.sh requires password in plain text)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-38487 (api-gateway container running with root privilege would allow an attac ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-30476 (PowerStore contains a Stored Cross-Site Scripting Vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-24909 (Dell OpenManage Integration with Microsoft Windows Admin Center contai ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-22451 (Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an unco ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2024-22447 (Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrol ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-46448
- nova <unfixed> (bug #1140149)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/16/5
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d62550a7c7cd6fbcf6ac214352c1a6bf7ef3cd5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d62550a7c7cd6fbcf6ac214352c1a6bf7ef3cd5
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260616/e0d8ee19/attachment.htm>
More information about the debian-security-tracker-commits
mailing list