[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 5 20:14:49 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5198cfac by security tracker role at 2026-05-05T19:14:43+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-7865 (A hidden console command is vulnerable to command injection flaw when ...)
- TODO: check
+ NOT-FOR-US: Crestron
CVE-2026-7855 (A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-7854 (A security vulnerability has been detected in D-Link DI-8100 16.07.26A ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-7853 (A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-7851 (A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affe ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-7847 (A vulnerability was found in chatchat-space Langchain-Chatchat up to 0 ...)
TODO: check
CVE-2026-7846 (A vulnerability has been found in chatchat-space Langchain-Chatchat up ...)
@@ -33,71 +33,71 @@ CVE-2026-6918 (In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication rem
CVE-2026-6322 (fast-uri normalize() decoded percent-encoded authority delimiters insi ...)
TODO: check
CVE-2026-6262 (The Betheme theme for WordPress is vulnerable to Arbitrary File Deleti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6261 (The Betheme theme for WordPress is vulnerable to Arbitrary File Upload ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4304 (The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Inje ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-43574 (OpenClaw before 2026.4.12 contains an improper authorization vulnerabi ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43573 (OpenClaw before 2026.4.10 contains a server-side request forgery polic ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43572 (OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authori ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43571 (OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43570 (OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversa ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43569 (OpenClaw before 2026.4.9 contains an authentication bypass vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43568 (OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escala ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43567 (OpenClaw before 2026.4.10 contains a path traversal vulnerability in t ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43566 (OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escala ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43535 (OpenClaw before 2026.4.14 contains an authorization context reuse vuln ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43534 (OpenClaw before 2026.4.10 contains an input validation vulnerability t ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43533 (OpenClaw before 2026.4.10 contains an arbitrary file read vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43532 (OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43531 (OpenClaw before 2026.4.9 contains an environment variable injection vu ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43530 (OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec a ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43529 (OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnera ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43528 (OpenClaw before 2026.4.14 contains a redaction bypass vulnerability th ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43527 (OpenClaw before 2026.4.14 contains a server-side request forgery vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43526 (OpenClaw before 2026.4.12 contains a server-side request forgery vulne ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-43002 (An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7 ...)
TODO: check
CVE-2026-42997 (An issue was discovered in idrac in OpenStack Ironic before 35.0.1. Du ...)
TODO: check
CVE-2026-42439 (OpenClaw before 2026.4.10 contains a server-side request forgery polic ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-42438 (OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy by ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-42437 (OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of servic ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-42436 (OpenClaw before 2026.4.14 contains an improper access control vulnerab ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-42435 (OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insuffici ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-42434 (OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape v ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-42433 (OpenClaw before 2026.4.10 contains an authorization bypass vulnerabili ...)
- TODO: check
+ NOT-FOR-US: OpenClaw
CVE-2026-3601 (The User Registration & Membership plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3359 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-39103 (Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea ...)
TODO: check
CVE-2026-38432 (ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XS ...)
@@ -161,7 +161,7 @@ CVE-2023-54349 (AmazCart CMS 3.4 contains a reflected cross-site scripting vulne
CVE-2023-54348 (ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows auth ...)
TODO: check
CVE-2023-54347 (OpenEMR 7.0.1 contains an authentication brute force vulnerability tha ...)
- TODO: check
+ NOT-FOR-US: OpenEMR
CVE-2023-54346 (WordPress Plugin Backup Migration 1.2.8 contains an information disclo ...)
TODO: check
CVE-2023-54345 (Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerabilit ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5198cfac51265a9e0cec981599823e434bb0daa9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5198cfac51265a9e0cec981599823e434bb0daa9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/160ded90/attachment.htm>
More information about the debian-security-tracker-commits
mailing list