[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 18 20:18:16 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
775c4910 by security tracker role at 2026-06-18T19:17:57+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-9815 (The MagicForm WordPress plugin through 0.1.3 does not properly validat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9158 (In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DE ...)
 	TODO: check
 CVE-2026-8811 (SEPPmail versions before 15.0.5 allow improper handling of attachment  ...)
@@ -7,11 +7,11 @@ CVE-2026-8811 (SEPPmail versions before 15.0.5 allow improper handling of attach
 CVE-2026-8461 (An out-of-bounds write vulnerability in FFmpeg's libavcodec library, s ...)
 	TODO: check
 CVE-2026-8039 (The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8024 (A remote, unauthenticated attacker may exploit a deserialization of un ...)
 	TODO: check
 CVE-2026-56024 (Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56022 (Webmin accepts basic authentication without session cookies when an at ...)
 	TODO: check
 CVE-2026-56021 (Webmin allows unauthenticated attackers to read the contents of any fi ...)
@@ -19,11 +19,11 @@ CVE-2026-56021 (Webmin allows unauthenticated attackers to read the contents of
 CVE-2026-56020 (The Webmin HTTP server (miniserv.pl) allows unauthenticated attackers  ...)
 	TODO: check
 CVE-2026-56012 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56009 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56007 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-55746 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored ...)
 	TODO: check
 CVE-2026-55745 (Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross- ...)
@@ -109,9 +109,9 @@ CVE-2026-38715 (InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (inc
 CVE-2026-38714 (InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including ...)
 	TODO: check
 CVE-2026-2021 (The Slideshow Gallery LITE plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-28573 (In AndroidManifest.xml, there is a possible persistent denial of servi ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2026-22551 (In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdo ...)
 	TODO: check
 CVE-2026-12539 (Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied o ...)
@@ -123,15 +123,15 @@ CVE-2026-12475
 CVE-2026-12390 (In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulne ...)
 	TODO: check
 CVE-2026-12137 (The SysBasics Customize My Account for WooCommerce \u2013 Dashboard, E ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12136 (The Customize My Account For Woocommerce plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12111 (The Appointment Booking Calendar plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12102 (The UsersWP \u2013 Front-end login form, User Registration, User Profi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12098 (The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12039 (Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but do ...)
 	TODO: check
 CVE-2026-11982 (Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site s ...)
@@ -145,7 +145,7 @@ CVE-2026-11718 (An authentication bypass vulnerability exists in the generic opa
 CVE-2026-11717 (An authentication bypass vulnerability exists in the generic opaque to ...)
 	TODO: check
 CVE-2026-11395 (The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-10687
 	REJECTED
 CVE-2025-58175 (GeoServer is an open source server that allows users to share and edit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/775c4910d8a04243cd6c829cce674985ff61ed31

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/775c4910d8a04243cd6c829cce674985ff61ed31
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260618/20664b74/attachment.htm>

More information about the debian-security-tracker-commits mailing list