[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Mar 19 08:14:33 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2c7b78f0 by security tracker role at 2026-03-19T08:14:26+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-4407 (Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect v ...)
TODO: check
CVE-2026-4120 (The Info Cards \u2013 Add Text and Media in Card Layouts plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4068 (The Add Custom Fields to Media plugin for WordPress is vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4006 (The Simple Draft List plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3475 (The Instant Popup Builder plugin for WordPress is vulnerable to Unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3181
REJECTED
CVE-2026-33163 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -61,89 +61,89 @@ CVE-2026-32321 (ClipBucket v5 is an open source video sharing platform. An authe
CVE-2026-32255 (Kan is an open-source project management tool. In versions 0.5.4 and b ...)
TODO: check
CVE-2026-32000 (OpenClaw versions prior to 2026.2.19 contain a command injection vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31999 (OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a cur ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31998 (OpenClaw versions 2026.2.22 and 2026.2.23 contain an authorization byp ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31997 (OpenClaw versions prior to 2026.3.1 fail to pin executable identity fo ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31996 (OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an i ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31995 (OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injec ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31994 (OpenClaw versions prior to 2026.2.19 contain a local command injection ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31993 (OpenClaw versions prior to 2026.2.22 contain an allowlist parsing mism ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31992 (OpenClaw versions prior to 2026.2.23 contain an allowlist bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31991 (OpenClaw versions prior to 2026.2.26 contain an authorization bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31990 (OpenClaw versions prior to 2026.3.2 contain a vulnerability in the sta ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-31989 (OpenClaw versions prior to 2026.3.1 contain a server-side request forg ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-2571 (The Download Manager plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29608 (OpenClaw 2026.3.1 contains an approval integrity vulnerability in syst ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-29607 (OpenClaw versions prior to 2026.2.22 contain an authorization bypass v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-28461 (OpenClaw versions prior to 2026.3.1 contain an unbounded memory growth ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-28460 (OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-28449 (OpenClaw versions prior to 2026.2.25 lack durable replay state for Nex ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-28073 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-28070 (Missing Authorization vulnerability in Tips and Tricks HQ WP eMember a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-28044 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27670 (OpenClaw versions prior to 2026.3.2 contain a race condition vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27566 (OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-27542 (Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27540 (Unrestricted Upload of File with Dangerous Type vulnerability in Rymer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27413 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27397 (Authorization Bypass Through User-Controlled Key vulnerability in Real ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27096 (Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27093 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27091 (Missing Authorization vulnerability in UiPress UiPress lite allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25873 (OmniGen2-RL contains an unauthenticated remote code execution vulnerab ...)
TODO: check
CVE-2026-25745 (OpenEMR is a free and open source electronic health records and medica ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2026-25471 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25312 (Missing Authorization vulnerability in EventPrime allows Exploiting In ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-22176 (OpenClaw versions prior to 2026.2.19 contain a command injection vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-1276 (IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1238 (The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-36051 (IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potential ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-15051 (IBM QRadar SIEM7.5.0 through 7.5.0 Update Package 14 is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-15031 (A vulnerability in MLflow's pyfunc extraction process allows for arbit ...)
- TODO: check
+ NOT-FOR-US: mlflow
CVE-2025-13995 (IBM QRadar SIEM7.5.0 through 7.5.0 Update Package 14 could allow an at ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-42210 (A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Ma ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-31973 (SAMtools is a program for reading, manipulating and writing bioinforma ...)
- samtools <unfixed>
NOTE: https://github.com/samtools/samtools/security/advisories/GHSA-x86f-q6fj-cm43
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c7b78f01e4b0c72512ee6158bc4d2ae755e9a5b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c7b78f01e4b0c72512ee6158bc4d2ae755e9a5b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260319/ebdbebf6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list