[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 5 08:14:09 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bfe5dbb9 by security tracker role at 2026-05-05T07:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2026-7824 (An issue was discovered in the PaperCut Hive Ricoh embedded applicatio ...)
TODO: check
CVE-2026-7823 (A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b202 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7822 (A vulnerability was identified in itsourcecode Courier Management Syst ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-7812 (A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906 ...)
TODO: check
CVE-2026-7811 (A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a11 ...)
@@ -11,7 +11,7 @@ CVE-2026-7811 (A vulnerability has been found in 54yyyu code-mcp up to 4cfc46435
CVE-2026-7810 (A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815 ...)
TODO: check
CVE-2026-7791 (Improper privilege management in the log rotation mechanism of the Sky ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2026-7788 (A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up t ...)
TODO: check
CVE-2026-7785 (A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf6 ...)
@@ -33,15 +33,15 @@ CVE-2026-7776 (Boundary Community Edition and Boundary Enterprise (\u201cBoundar
CVE-2026-7768 (@fastify/accepts-serializer cached serializer-selection results keyed ...)
TODO: check
CVE-2026-7750 (A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7749 (A security vulnerability has been detected in Totolink N300RH 3.2.4-B2 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7748 (A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Aff ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7747 (A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2026-7746 (A vulnerability was identified in SourceCodester Web-based Pharmacy Pr ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-7745 (A vulnerability was determined in CodeAstro Online Classroom 1.0. This ...)
TODO: check
CVE-2026-7744 (A vulnerability was found in CodeAstro Online Classroom 1.0. This affe ...)
@@ -55,15 +55,15 @@ CVE-2026-7741 (A vulnerability was detected in CodeAstro Online Classroom 1.0. I
CVE-2026-7482 (Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability ...)
TODO: check
CVE-2026-6704 (The Blog Settings plugin for WordPress is vulnerable to Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6702 (The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6701 (The addfreespace plugin for WordPress is vulnerable to Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6700 (The DX Sources plugin for WordPress is vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6696 (The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6501 (Improper restriction of XML external entity reference vulnerability in ...)
TODO: check
CVE-2026-6500 (Plaintext storage of a password vulnerability in ILM Informatique Open ...)
@@ -77,37 +77,37 @@ CVE-2026-6321 (fast-uri decoded percent-encoded path separators and dot segments
CVE-2026-6266 (A flaw was found in the AAP gateway. The user auto-link strategy, intr ...)
TODO: check
CVE-2026-6255 (The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6180 (A race condition exists in PaperCut MF when processing badge-swipe dat ...)
TODO: check
CVE-2026-5957 (The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5722 (The MoreConvert Pro plugin for WordPress is vulnerable to Authenticati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5505 (The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5294 (The Geeky Bot plugin for WordPress is vulnerable to Missing Authorizat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5247 (The Schedule Post Changes With PublishPress Future plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5192 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom Form B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5159 (The Royal Addons for Elementor plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5100 (The AWP Classifieds plugin for WordPress is vulnerable to SQL Injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4928
REJECTED
CVE-2026-4803 (The Royal Elementor Addons plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4730 (The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4665 (The WP Carousel Free plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4409 (The Subscribe To Comments Reloaded plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4362 (The ElementsKit Elementor Addons plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-44029 (An issue was discovered in Nix before 2.34.7. Writing to arbitrary fil ...)
TODO: check
CVE-2026-44028 (An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Un ...)
@@ -127,15 +127,15 @@ CVE-2026-42796 (Arelle before 2.39.10 contains an unauthenticated remote code ex
CVE-2026-42440 (OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP ...)
TODO: check
CVE-2026-42376 (D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a har ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-42375 (D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcode ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-42374 (D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcode ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-42373 (D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a har ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-42372 (D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a har ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-42238 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
TODO: check
CVE-2026-42237 (n8n is an open source workflow automation platform. Prior to versions ...)
@@ -179,7 +179,7 @@ CVE-2026-42146 (CImg Library is a C++ library for image processing. Prior to com
CVE-2026-42144 (CImg Library is a C++ library for image processing. Prior to commit 4c ...)
TODO: check
CVE-2026-42140 (PlantUML Macro is a macro for rendering UML diagrams from simple textu ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2026-42138 (Dify is an open-source LLM app development platform. Prior to version ...)
TODO: check
CVE-2026-42092 (titra is an open source time tracking project. In version 0.99.52, the ...)
@@ -235,15 +235,15 @@ CVE-2026-41571 (Note Mark is an open-source note-taking application. In version
CVE-2026-41471 (Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and ear ...)
TODO: check
CVE-2026-40797 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-40682 (XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache ...)
TODO: check
CVE-2026-40563 (Description: Improper Control of Generation of Code ('Code Injection') ...)
TODO: check
CVE-2026-3456 (The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot and Le ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3454 (The GenerateBlocks plugin for WordPress is vulnerable to Insecure Dire ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3120 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
TODO: check
CVE-2026-38751 (OpenSTAManager version 2.10 and earlier contains an arbitrary file upl ...)
@@ -279,13 +279,13 @@ CVE-2026-32834 (Easy PayPal Events & Tickets plugin for WordPress version 1.3 an
CVE-2026-31205 (Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev all ...)
TODO: check
CVE-2026-2948 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons & Ecosystem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2868 (The Gutenverse \u2013 Ultimate WordPress FSE Blocks Addons & Ecosystem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2828
REJECTED
CVE-2026-2729 (The Forminator plugin for WordPress is vulnerable to authorization byp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29514 (NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vu ...)
TODO: check
CVE-2026-29169 (A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.6 ...)
@@ -299,9 +299,9 @@ CVE-2026-26332 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3
CVE-2026-25863 (Conditional Fields for Contact Form 7 WordPress plugin through version ...)
TODO: check
CVE-2026-25293 (Buffer overflow due to incorrect authorization in PLC FW)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-25266 (Memory corruption while processing IOCTL command when device is in pow ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24781 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, ...)
TODO: check
CVE-2026-24120 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, ...)
@@ -309,15 +309,15 @@ CVE-2026-24120 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3
CVE-2026-24118 (vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, ...)
TODO: check
CVE-2026-24082 (Memory Corruption when copying data from a freed source while executin ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2026-24072 (An escalation of privilege bug in various modules in Apache HTTP 2.4.6 ...)
TODO: check
CVE-2026-23918 (Double Free and possible RCE vulnerability in Apache HTTP Server with ...)
TODO: check
CVE-2026-1921 (The Loco Translate plugin for WordPress is vulnerable to Path Traversa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0073 (In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wir ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2025-70072 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial ...)
TODO: check
CVE-2025-70071 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial ...)
@@ -327,23 +327,23 @@ CVE-2025-67796 (IKUS Rdiffweb before 2.10.5 has an improper authorization flaw t
CVE-2025-58074 (A privilege escalation vulnerability exists during the installation of ...)
TODO: check
CVE-2025-47408 (Memory corruption when another driver calls an IOCTL with invalid inpu ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47407 (Memory corruption while creating a process on the digital signal proce ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47406 (Information Disclosure while processing IOCTL handler callbacks withou ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47405 (Memory corruption when processing camera sensor input/output control c ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47404 (Memory corruption when dynamically changing the size of a previously a ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47403 (Transient DOS when processing a malformed Fast Transition response fra ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-47401 (Transient DOS when processing target power rate tables during channel ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2025-14320 (Improper neutralization of input during web page generation ('cross-si ...)
TODO: check
CVE-2025-13618 (The Mentoring plugin for WordPress is vulnerable to privilege escalati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13605 (3onedata modbus gateway device modelGW1101-1D(RS-485)-TB-P (hardware v ...)
TODO: check
CVE-2026-43870
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfe5dbb98fb910dd069152c9a0843c191d3e69ec
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bfe5dbb98fb910dd069152c9a0843c191d3e69ec
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/e213658c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list