[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 29 20:14:32 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d70e4190 by security tracker role at 2026-06-29T19:14:24+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-9267 (Eclipse tinydtls before commitb3efd41ad111a4920f599f51ffa4f5e9f1e72221 ...)
 	TODO: check
 CVE-2026-9105 (An authenticated stack-based buffer overflow vulnerability exists in t ...)
-	TODO: check
+	NOT-FOR-US: TPLink
 CVE-2026-58000 (luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a ...)
 	TODO: check
 CVE-2026-57999 (luci-app-tailscale-community contains a command injection vulnerabilit ...)
@@ -47,47 +47,47 @@ CVE-2026-57943 (LibrePhotos before 1.0.0 contains a broken object level authoriz
 CVE-2026-57942 (LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP  ...)
 	TODO: check
 CVE-2026-57676 (Authorization Bypass Through User-Controlled Key vulnerability in Matt ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57525
 	REJECTED
 CVE-2026-57523
 	REJECTED
 CVE-2026-57346 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57341 (Unauthenticated Insecure Direct Object References (IDOR) in Colissimo  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57340 (Unauthenticated Broken Access Control in Japanized For WooCommerce <=  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57339 (Unauthenticated Broken Access Control in Business Directory <= 6.4.23  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57338 (Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 version ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57337 (Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <=  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57336 (Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57335 (Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57334 (Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 ver ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57333 (Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57332 (Subscriber Broken Access Control in Wallet System for WooCommerce <= 2 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57331 (Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57330 (Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <= 3.7.27 ver ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57329 (Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57328 (Subscriber Cross Site Scripting (XSS) in Business Directory <= 6.4.22  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57327 (Subscriber Broken Access Control in MainWP <= 6.1.1 versions.)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57326 (Unauthenticated Cross Site Scripting (XSS) in Business Directory <= 6. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-57320 (Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56783 (Parseable before 2.9.2 contains an information disclosure vulnerabilit ...)
 	TODO: check
 CVE-2026-56782 (Gorse before 0.5.10 contains an authentication bypass vulnerability in ...)
@@ -97,9 +97,9 @@ CVE-2026-56781 (Teable before 2026-06-15T04-43-24Z.1912 contains an improper acc
 CVE-2026-56780 (Modoboa before 2.9.0 contains an insecure direct object reference vuln ...)
 	TODO: check
 CVE-2026-56457 (HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensit ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2026-56290 (The Joomla extension Page Builder CK is vulnerable to an unauthenticat ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-56285 (Nitter's /video media proxy endpoint fails to validate target URLs aga ...)
 	TODO: check
 CVE-2026-56124 (phpUploader before 2.0.2 contains an unauthenticated information discl ...)
@@ -113,7 +113,7 @@ CVE-2026-53428 (Memory Allocation with Excessive Size Value vulnerability in lea
 CVE-2026-53427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	TODO: check
 CVE-2026-49049 (The Helix3 plugin for Joomla exposes an ajax handler task, that allows ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2026-46406 (Claude Code is an agentic coding tool.  From 2.1.59 until 2.1.128, the ...)
 	TODO: check
 CVE-2026-41992 (GNU gzip contains a global buffer overflow vulnerability in the LZH de ...)
@@ -153,7 +153,7 @@ CVE-2026-13746 (Improper neutralization of local CLI parameters in Snowflake CLI
 CVE-2026-13744 (Improper neutralization of attacker-controlled content in Snowflake CL ...)
 	TODO: check
 CVE-2026-13742 (Honeywell IQ MultiAccess, all versions prior to and including version  ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2026-13676 (fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize U ...)
 	TODO: check
 CVE-2026-13601 (A flaw was found in Yelp due to an overly permissive Content Security  ...)
@@ -173,79 +173,79 @@ CVE-2026-13588 (A vulnerability was determined in seladb PcapPlusPlus 25.05. The
 CVE-2026-13587 (A vulnerability was found in seladb PcapPlusPlus 25.05. The affected e ...)
 	TODO: check
 CVE-2026-13583 (A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is  ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-13582 (A flaw has been found in Edimax EW-7478APC 1.04. This issue affects th ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-13581 (A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-13580 (A security vulnerability has been detected in Edimax EW-7478APC 1.04.  ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-13579 (A weakness has been identified in itsourcecode Hospital Management Sys ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13578 (A security flaw has been discovered in itsourcecode Hospital Managemen ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13574 (A vulnerability was determined in llvm llvm-project up to 22.1.6. This ...)
 	TODO: check
 CVE-2026-13573 (A vulnerability was found in llvm llvm-project up to 22.1.6. This affe ...)
 	TODO: check
 CVE-2026-13572 (A vulnerability has been found in itsourcecode Hospital Management Sys ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13571 (A flaw has been found in SourceCodester Simple Food Ordering System 1. ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-13570 (A vulnerability was detected in SourceCodester Inventory Management Sy ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-13569 (A security vulnerability has been detected in weng-xianhu EyouCMS up t ...)
 	TODO: check
 CVE-2026-13568 (A weakness has been identified in SourceCodester Inventory Management  ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-13567 (A security flaw has been discovered in code-projects Online Music Site ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2026-13566 (A vulnerability was identified in SourceCodester Class and Exam Timeta ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-13565 (A vulnerability was determined in SourceCodester Class and Exam Timeta ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester
 CVE-2026-13564 (A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the f ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-13563 (A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-13562 (A flaw has been found in Edimax EW-7478APC 1.04. This affects the func ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-13561 (A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted e ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-13560 (A security vulnerability has been detected in Edimax EW-7478APC 1.04.  ...)
-	TODO: check
+	NOT-FOR-US: Edimax
 CVE-2026-13559 (A weakness has been identified in code-projects Real State Services 1. ...)
 	TODO: check
 CVE-2026-13558 (A security flaw has been discovered in CodeAstro Complaint Management  ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2026-13557 (A vulnerability was identified in itsourcecode Online Hotel Management ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13556 (A vulnerability was determined in itsourcecode Online Hotel Management ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13555 (A vulnerability was found in itsourcecode Online Hotel Management Syst ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13554 (A vulnerability has been found in itsourcecode Online Hotel Management ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13553 (A flaw has been found in itsourcecode Online Hotel Management System 1 ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13552 (A vulnerability was detected in itsourcecode Online Hotel Management S ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13551 (A security vulnerability has been detected in itsourcecode Baptism Inf ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13550 (A weakness has been identified in itsourcecode Baptism Information Man ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13549 (A security flaw has been discovered in CodeAstro Complaint Management  ...)
-	TODO: check
+	NOT-FOR-US: CodeAstro
 CVE-2026-13548 (A vulnerability was identified in itsourcecode Hospital Management Sys ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode System
 CVE-2026-13547 (A vulnerability was determined in Hanwang e-Face General Management Pl ...)
 	TODO: check
 CVE-2026-13546 (A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability ...)
 	TODO: check
 CVE-2026-13545 (A vulnerability has been found in D-Link DCS-935L 1.10.01. This affect ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2026-13437 (Insertion of sensitive information into sent data in the AI Agent job  ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-13165 (SzafirHost verifies the downloaded native library archive with one Jar ...)
 	TODO: check
 CVE-2026-12912 (A flaw was found in libtiff. A remote attacker could exploit this vuln ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d70e41905f2df091199591ce23c35dacfcf0c2ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d70e41905f2df091199591ce23c35dacfcf0c2ad
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260629/15c467e5/attachment.htm>


More information about the debian-security-tracker-commits mailing list