[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 7 20:14:13 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e980723a by security tracker role at 2026-05-07T19:14:07+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,13 +13,13 @@ CVE-2026-8086 (A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. T
CVE-2026-8084 (A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This v ...)
TODO: check
CVE-2026-8083 (A vulnerability was found in SourceCodester Pharmacy Sales and Invento ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-8081 (A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Af ...)
TODO: check
CVE-2026-8080 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2026-7821 (Improper certificate validation in Ivanti EPMM beforeversions 12.6.1.1 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-7415 (The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to all ...)
TODO: check
CVE-2026-7414 (Yarbo firmware v2.3.9 contains hardcoded administrative credentials em ...)
@@ -27,7 +27,7 @@ CVE-2026-7414 (Yarbo firmware v2.3.9 contains hardcoded administrative credentia
CVE-2026-7413 (A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that ...)
TODO: check
CVE-2026-6973 (An Improper Input Validation in Ivanti EPMMbeforeversions 12.6.1.1, 12 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-6805 (Vulnerability on the external sharing feature in Cryptobox allows an a ...)
TODO: check
CVE-2026-6795 (URL redirection to untrusted site ('open redirect') vulnerability in D ...)
@@ -39,19 +39,19 @@ CVE-2026-6002 (Improper neutralization of Script-Related HTML tags in a web page
CVE-2026-5791 (Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Informat ...)
TODO: check
CVE-2026-5788 (An Improper Access Control in Ivanti EPMM beforeversions 12.6.1.1, 12. ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-5787 (An Improper Certificate Validation in Ivanti EPMM before versions 12.6 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-5786 (An Improper Access Control vulnerability in Ivanti EPMM before version ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2026-5784 (Improper neutralization of input during web page generation ('cross-si ...)
TODO: check
CVE-2026-44742 (Postorius through 1.3.13 does not escape HTML in the message subject w ...)
TODO: check
CVE-2026-44407 (A remote denial-of-service vulnerability exists in the ZTE Cloud PC cl ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-44406 (ZTE Cloud PC clientuSmartView contains a DLL hijacking vulnerability; ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-44349 (Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, pr ...)
TODO: check
CVE-2026-44264 (Weblate is a web based localization tool. Prior to version 5.17.1, the ...)
@@ -97,7 +97,7 @@ CVE-2026-41642 (GoBGP is an open source Border Gateway Protocol (BGP) implementa
CVE-2026-41589 (Wish is an SSH server with defaults and a collection of middlewares. F ...)
TODO: check
CVE-2026-41554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-41519 (Weblate is a web based localization tool. Prior to version 5.17.1, whe ...)
TODO: check
CVE-2026-41505 (RELATE is a web-based courseware package. Prior to commit 2f68e16, REL ...)
@@ -115,7 +115,7 @@ CVE-2026-36458 (ChestnutCMS v1.5.10 has a SQL injection vulnerability. The conte
CVE-2026-36388 (A Cross-Site Scripting (XSS) vulnerability was found in PHPGurukal Hos ...)
TODO: check
CVE-2026-36387 (A Remote Code Execution vulnerability was found in CODEASTRO Membershi ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-36341 (Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v ...)
TODO: check
CVE-2026-33589 (Lack of user input validation in the file upload functionality of Open ...)
@@ -133,27 +133,27 @@ CVE-2026-30495 (The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01,
CVE-2026-28201 (An improper input validation, together with an overly permissive defau ...)
TODO: check
CVE-2026-27421 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27416 (Missing Authorization vulnerability in bPlugins PDF Poster allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27415 (Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-27329 (Authorization Bypass Through User-Controlled Key vulnerability in YITH ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25468 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25436 (Missing Authorization vulnerability in WProyal Royal Elementor Addons ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-9661 (OS command injection vulneravility in the management gui (maintenance ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2025-68604 (Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68060 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67202 (Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, ...)
TODO: check
CVE-2025-66105 (Missing Authorization vulnerability in Magepeople inc. Bus Ticket Book ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-65122 (Regex Denial of Service in youtube-regex npm package through version 1 ...)
TODO: check
CVE-2025-63706 (NPM package next-npm-version1.0.1 is vulnerable to Command injection.)
@@ -165,15 +165,15 @@ CVE-2025-63704 (NPM package query-parser-string 1.0.0 is vulnerable to Prototype
CVE-2025-63703 (npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in i ...)
TODO: check
CVE-2025-62127 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-4397 (Medtronic MyCareLink Patient Monitor uses per-product credentials that ...)
TODO: check
CVE-2025-4386 (Medtronic MyCareLink Patient Monitor has an internal serial interface, ...)
TODO: check
CVE-2025-2514 (Improper restriction of excessive authentication attempts vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2025-1978 (Remote Code Execution Vulnerability in Hitachi Storage Navigator and t ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2025-14341 (Improperly controlled modification of Dynamically-Determined object at ...)
TODO: check
CVE-2024-43384 (A low privileged remote attacker can gainthe root password due to impr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e980723adf89fd0de34c00a6e96bd081168c5bf2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e980723adf89fd0de34c00a6e96bd081168c5bf2
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260507/3ab41f13/attachment.htm>
More information about the debian-security-tracker-commits
mailing list