[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 19 08:13:50 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0c7713a3 by security tracker role at 2026-06-19T07:13:44+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2026-9822 (The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce ca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-9013 (The Bogo plugin for WordPress is vulnerable to Sensitive Information E ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8806 (Expected Behavior Violation vulnerability in Mitsubishi Electric MELSE ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2026-8805 (Integer Overflow or Wraparound vulnerability in the EtherNet/IP functi ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi
 CVE-2026-8713 (The Avada (Fusion) Builder plugin for WordPress is vulnerable to arbit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8668 (A static credential embedded in Chef 360 prior to v1.7.0 permitted una ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2026-8118 (The Royal Addons for Elementor \u2013 Addons and Templates Kit for Ele ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-8100 (Impact  A security issue has been identified in Chef 360 that could al ...)
-	TODO: check
+	NOT-FOR-US: Progress Software
 CVE-2026-7547 (The Woosa \u2013 Marktplaats for WooCommerce plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7515 (The BetterDocs Pro plugin for WordPress is vulnerable to Local File In ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6716
 	REJECTED
 CVE-2026-56132 (In libexpat before 2.8.2, there is a heap-based buffer overflow in doP ...)
@@ -39,7 +39,7 @@ CVE-2026-56074 (PraisonAI before 1.5.128 caches tool approval decisions by tool
 CVE-2026-54414 (FileRise before 3.16.0 is vulnerable to path traversal in the shared-f ...)
 	TODO: check
 CVE-2026-54130 (Missing authentication for critical function in M365 Copilot allows an ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-54017 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
 	TODO: check
 CVE-2026-52866 (An attacker within BLE communication range can monopolize the device's ...)
@@ -47,7 +47,7 @@ CVE-2026-52866 (An attacker within BLE communication range can monopolize the de
 CVE-2026-50034 (An attacker within BLE communication range can passively intercept  wi ...)
 	TODO: check
 CVE-2026-4328 (The Advanced Import plugin for WordPress is vulnerable to Server-Side  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-49454 (Relyra is a strict-by-default SAML 2.0 Service Provider library for El ...)
 	TODO: check
 CVE-2026-49257 (mcp-pinot is a Python-based Model Context Protocol (MCP) server for in ...)
@@ -73,9 +73,9 @@ CVE-2026-47847 (Bitnami MariaDB Galera container images and Helm chart are affec
 CVE-2026-47846 (Bitnami Cassandra container images are affected by a retained default  ...)
 	TODO: check
 CVE-2026-47647 (Improper access control in Microsoft Dynamics 365 allows an authorized ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-47633 (Exposure of sensitive information to an unauthorized actor in Cost Man ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-46699 (conda-smithy is a tool for combining a conda recipe with configuration ...)
 	TODO: check
 CVE-2026-45696 (OpenEXR is the reference implementation and specification for the EXR  ...)
@@ -89,7 +89,7 @@ CVE-2026-43915 (Coturn is a free open source implementation of TURN and STUN Ser
 CVE-2026-40624 (Improper input validation in AVer PTC500S, PTC115, PTC500+, and PTC115 ...)
 	TODO: check
 CVE-2026-32174 (Improper authentication in Azure Bot Service allows an authorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-2842
 	REJECTED
 CVE-2026-25865 (Punto Switcher through 4.5.0.583 contains an unquoted search path elem ...)
@@ -97,13 +97,13 @@ CVE-2026-25865 (Punto Switcher through 4.5.0.583 contains an unquoted search pat
 CVE-2026-22674 (Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a  ...)
 	TODO: check
 CVE-2026-1856 (The Appointment Booking Calendar plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12644 (Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Un ...)
 	TODO: check
 CVE-2026-12430 (The Blocksy Companion plugin for WordPress is vulnerable to Stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12157 (The BetterDocs - Knowledge Base Docs & FAQ Solution for Elementor & Bl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-12050 (SQL injection in pgAdmin 4's named restore point endpoint (POST /brows ...)
 	TODO: check
 CVE-2026-12049 (Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA ...)
@@ -119,21 +119,21 @@ CVE-2026-12045 (Read-only transaction bypass in the pgAdmin 4 AI Assistant allow
 CVE-2026-12044 (SQL injection in pgAdmin 4 across every dialog template that renders ` ...)
 	TODO: check
 CVE-2026-11989 (The Bit integrations \u2013 Form Integration, Webhook, Spreadsheets, C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-11775 (The User Admin Simplifier plugin for WordPress is vulnerable to Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-11752 (A vulnerability has been identified in armeria-xds versions 1.38.0 thr ...)
 	TODO: check
 CVE-2026-10779 (The Classified Listing \u2013 Classified ads & Business Directory plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-10746
 	REJECTED
 CVE-2026-10720 (Canonical MicroCeph versions from the squid and tentacle track are vul ...)
 	TODO: check
 CVE-2026-10034 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to author ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7737 (DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Pl ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2025-15661 (libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bo ...)
 	TODO: check
 CVE-2026-55766



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c7713a3d23b37ed38e9f162cbd1cb6695b55a8e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c7713a3d23b37ed38e9f162cbd1cb6695b55a8e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260619/6e4c6e95/attachment.htm>

More information about the debian-security-tracker-commits mailing list