[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Tue May 12 20:25:41 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3465b152 by security tracker role at 2026-05-12T19:25:35+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2026-8430 (SPIP versions prior to 4.4.14 contain a remote code execution vul
 CVE-2026-8429 (SPIP versions prior to 4.4.14 contain a remote code execution vulnerab ...)
 	TODO: check
 CVE-2026-8407 (Missing authorization in the PAM module in Devolutions Server allows a ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-8401 (Sandbox escape in the Profile Backup component. This vulnerability was ...)
 	TODO: check
 CVE-2026-8391 (Other issue in the JavaScript Engine component. This vulnerability was ...)
@@ -27,127 +27,127 @@ CVE-2026-8161 (multiparty at 4.2.3 and lower versions are vulnerable to denial of s
 CVE-2026-8159 (multiparty at 4.2.3 and lower versions are vulnerable to denial of servic ...)
 	TODO: check
 CVE-2026-8111 (SQL injection in the web consoleof Ivanti Endpoint Managerbefore versi ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2026-8110 (Incorrect permissions assignment inthe agent ofIvanti Endpoint Manager ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2026-8109 (An exposed dangerous methodonthe Core Server ofIvanti Endpoint Manager ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2026-8072 (Insecure generation of credentials in the local SAT (Technical Support ...)
 	TODO: check
 CVE-2026-8051 (OS command injection in Ivanti Virtual Traffic Manager before version  ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2026-8043 (External control of a file name in Ivanti Xtraction before version 202 ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2026-7661 (The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7659 (The Advanced Social Media Icons plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7626 (The Slek Gateway for WooCommerce plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7616 (The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Requ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7562 (The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7561 (The Tm \u2013 WordPress Redirection plugin for WordPress is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7464 (The WP Google Maps Integration plugin for WordPress is vulnerable to R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7437 (The AzonPost plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-7432 (A race condition in Ivanti Secure Access Client before 22.8R6 allows a ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2026-7431 (An incorrect permission assignment for critical resource of Ivanti Sec ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2026-7428 (Prior to 2025-11-03,well-intended users of Terraform or REST API for G ...)
 	TODO: check
 CVE-2026-7050 (The Forms Rb plugin for WordPress is vulnerable to authorization bypas ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6932 (The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6913 (The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6866 (CWE-1188 Initialization of a Resource with an Insecure Default vulnera ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2026-6865 (CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\ ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2026-6813 (The Continually plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6808 (The Pricing Tables for WP plugin for WordPress is vulnerable to Reflec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6800 (The FastBots plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6710 (The Skysa Text Ticker App plugin for WordPress is vulnerable to Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6709 (The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6708 (The HEL Online Classroom: AI-powered Online Classrooms plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6690 (The LifePress plugin for WordPress is vulnerable to Stored Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6663 (The GWD Connect plugin for WordPress is vulnerable to missing authoriz ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6402 (webpack-dev-server versions up to and including 5.2.3 are vulnerable t ...)
 	TODO: check
 CVE-2026-6256 (The Credits Shortcode plugin for WordPress is vulnerable to Stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6247 (The scratchblocks for WP plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6237 (The Quick Table plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-6001 (Authorization bypass through User-Controlled key vulnerability in ABIS ...)
 	TODO: check
 CVE-2026-5715 (The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-5693 (The Smart Appointment & Booking plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-5340 (The Fancy Image Show plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-5146 (Improper access control in the notification management endpoints in De ...)
-	TODO: check
+	NOT-FOR-US: Devolutions
 CVE-2026-5061 (The consul-template library before version 0.42.0 is vulnerable to a s ...)
 	TODO: check
 CVE-2026-5029 (A remote code execution vulnerability exists inCode Runner MCP Server  ...)
 	TODO: check
 CVE-2026-5028 (The Eight Day Week Print Workflow plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4920 (The Next Date plugin for WordPress is vulnerable to Stored Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4859 (The SP Blog Designer plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4827 (CWE\u2011331 Insufficient Entropy vulnerability exists that could lead ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2026-4663 (The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-4301 (The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin f ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-45218 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-45215 (Insertion of Sensitive Information Into Sent Data vulnerability in Saa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-45214 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-45213 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-45212 (Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-45211 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-45210 (Missing Authorization vulnerability in Broadstreet Broadstreet Ads bro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-45091 (sealed-env is a cross-stack, zero-trust secret management library for  ...)
 	TODO: check
 CVE-2026-44412 (A vulnerability has been identified in Solid Edge SE2026 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-44411 (A vulnerability has been identified in Solid Edge SE2026 (All versions ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-44343 (WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there ar ...)
 	TODO: check
 CVE-2026-44279 (A improper export of android application components vulnerability in F ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2026-44278 (A use of hard-coded cryptographic key vulnerability in Fortinet FortiC ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2026-44277 (A improper access control vulnerability in Fortinet FortiAuthenticator ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2026-44204 (Shelf is a platform for tracking physical assets. From 1.12 to before  ...)
 	TODO: check
 CVE-2026-44196 (Pingvin Share X is a secure and easy self-hosted file sharing platform ...)
@@ -179,7 +179,7 @@ CVE-2026-43938 (YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.
 CVE-2026-43937 (YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, A ...)
 	TODO: check
 CVE-2026-43930 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-43929 (ssrfcheck is a library that checks if a string contains a potential SS ...)
 	TODO: check
 CVE-2026-43916 (pam_authnft is a PAM session module binding nftables firewall rules to ...)
@@ -197,33 +197,33 @@ CVE-2026-43513 (Improper Handling of Case Sensitivity vulnerability in LockOutRe
 CVE-2026-43512 (DEPRECATED: Authentication Bypass Issues vulnerability in digest authe ...)
 	TODO: check
 CVE-2026-42899 (Loop with unreachable exit condition ('infinite loop') in ASP.NET Core ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42898 (Improper control of generation of code ('code injection') in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42896 (Integer overflow or wraparound in Windows DWM Core Library allows an a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42893 (Improper neutralization of special elements used in a command ('comman ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42891 (User interface (ui) misrepresentation of critical information in Micro ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42838 (Improper neutralization of special elements in output used by a downst ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42833 (Execution with unnecessary privileges in Microsoft Dynamics 365 (on-pr ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42832 (Improper access control in Microsoft Office allows an unauthorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42831 (Heap-based buffer overflow in Microsoft Office allows an unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42830 (Untrusted search path in Azure Monitor Agent allows an authorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42825 (Use after free in Windows Telephony Service allows an authorized attac ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42823 (Improper access control in Azure Logic Apps allows an authorized attac ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-42742 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42741 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42541 (Kubewarden is a policy engine for Kubernetes. Prior to , An attacker w ...)
 	TODO: check
 CVE-2026-42498 (Exposure of HTTP Authentication Header to unexpected hosts during WebS ...)
@@ -251,21 +251,21 @@ CVE-2026-42006 (An attacker can cause uncontrolled memory usage with excessive b
 CVE-2026-41895 (changedetection.io is a free open source web page change detection too ...)
 	TODO: check
 CVE-2026-41713 (A malicious user could craft input that is stored in conversation memo ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41712 (Spring AI's chat memory component contained a problematic default that ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2026-41614 (Improper access control in M365 Copilot for Desktop allows an unauthor ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41613 (Session fixation in Visual Studio Code allows an unauthorized attacker ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41612 (Relative path traversal in Visual Studio Code allows an unauthorized a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41611 (Improper neutralization of script-related html tags in a web page (bas ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41610 (Improper neutralization of input during web page generation ('cross-si ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41551 (A vulnerability has been identified in ROS# (All versions < V2.2.2). A ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-41513 (Horilla is an HR and CRM software. In 1.5.0, the notification endpoint ...)
 	TODO: check
 CVE-2026-41293 (Improper Input Validation vulnerability in Apache Tomcat.  This issue  ...)
@@ -273,115 +273,115 @@ CVE-2026-41293 (Improper Input Validation vulnerability in Apache Tomcat.  This
 CVE-2026-41284 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	TODO: check
 CVE-2026-41125 (A vulnerability has been identified in blueplanet 100 NX3 M8 (All vers ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-41109 (Improper neutralization of special elements in output used by a downst ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41107 (External control of file name or path in Microsoft Edge (Chromium-base ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41103 (Incorrect implementation of authentication algorithm in Microsoft SSO  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41102 (Improper access control in Microsoft Office PowerPoint allows an autho ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41101 (Improper access control in Microsoft Office Word allows an authorized  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41100 (Improper access control in M365 Copilot allows an authorized attacker  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41097 (Reliance on a component that is not updateable in Windows Secure Boot  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41096 (Heap-based buffer overflow in Microsoft Windows DNS allows an unauthor ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41095 (Use after free in Data Deduplication allows an authorized attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41094 (Improper control of generation of code ('code injection') in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41089 (Stack-based buffer overflow in Windows Netlogon allows an unauthorized ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41088 (External control of file name or path in Windows Ancillary Function Dr ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-41086 (Improper access control in Windows Admin Center allows an authorized a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40638 (Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an e ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-40421 (External control of file name or path in Microsoft Office Word allows  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40420 (Improper access control in Microsoft Office Click-To-Run allows an aut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40419 (Use after free in Microsoft Office allows an authorized attacker to el ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40418 (Use after free in Microsoft Office Click-To-Run allows an authorized a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40417 (Weak authentication in Dynamics Business Central allows an authorized  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40416 (User interface (ui) misrepresentation of critical information in Micro ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40415 (Use after free in Windows TCP/IP allows an unauthorized attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40414 (Null pointer dereference in Windows TCP/IP allows an unauthorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40413 (Null pointer dereference in Windows TCP/IP allows an unauthorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40410 (Use after free in Windows SMB Client allows an authorized attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40408 (Use after free in Windows Kernel-Mode Drivers allows an authorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40407 (Heap-based buffer overflow in Windows Common Log File System Driver al ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40406 (Use after free in Windows TCP/IP allows an unauthorized attacker to di ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40405 (Null pointer dereference in Windows TCP/IP allows an unauthorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40403 (Heap-based buffer overflow in Windows Win32K - GRFX allows an authoriz ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40402 (Use after free in Windows Hyper-V allows an unauthorized attacker to e ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40401 (Null pointer dereference in Windows TCP/IP allows an unauthorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40399 (Stack-based buffer overflow in Windows TCP/IP allows an authorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40398 (Heap-based buffer overflow in Windows Remote Desktop allows an authori ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40397 (Integer underflow (wrap or wraparound) in Windows Common Log File Syst ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40382 (Use after free in Windows Telephony Service allows an authorized attac ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40381 (Improper access control in Azure Connected Machine Agent allows an aut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40380 (Heap-based buffer overflow in Volume Manager Extension Driver allows a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40379 (Exposure of sensitive information to an unauthorized actor in Azure En ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40377 (Heap-based buffer overflow in Windows Cryptographic Services allows an ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40374 (Exposure of sensitive information to an unauthorized actor in Power Au ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40370 (External control of file name or path in SQL Server allows an authoriz ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40369 (Untrusted pointer dereference in Windows Kernel allows an authorized a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40368 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40367 (Untrusted pointer dereference in Microsoft Office Word allows an unaut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40366 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40365 (Insufficient granularity of access control in Microsoft Office SharePo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40364 (Access of resource using incompatible type ('type confusion') in Micro ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40363 (Heap-based buffer overflow in Microsoft Office allows an unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40362 (Heap-based buffer overflow in Microsoft Office Excel allows an unautho ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40361 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40360 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40359 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40358 (Use after free in Microsoft Office allows an unauthorized attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40357 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-40300 (Zulip is an open-source team collaboration tool. Prior to 12.0, With m ...)
 	TODO: check
 CVE-2026-40020 (Attacker can use the IMAP SETACL command to inject the anyone permissi ...)
@@ -389,175 +389,175 @@ CVE-2026-40020 (Attacker can use the IMAP SETACL command to inject the anyone pe
 CVE-2026-40016 (Attacker can upload a malicious Sieve script over ManageSieve service  ...)
 	TODO: check
 CVE-2026-3604 (The WP SEO Structured Data Schema plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-39432 (Missing Authorization vulnerability in Arraytics Timetics allows Explo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-35440 (Files or directories accessible to external parties in Microsoft Offic ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35439 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35438 (Missing authorization in Windows Admin Center allows an authorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35436 (Insufficient granularity of access control in Microsoft Office Click-T ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35433 (Improper input validation in .NET allows an unauthorized attacker to e ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35429 (User interface (ui) misrepresentation of critical information in Micro ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35424 (Missing release of memory after effective lifetime in Windows Internet ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35423 (Out-of-bounds read in Telnet Client allows an unauthorized attacker to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35422 (Authentication bypass using an alternate path or channel in Windows TC ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35421 (Heap-based buffer overflow in Windows GDI allows an unauthorized attac ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35420 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35419 (Out-of-bounds read in Windows DWM Core Library allows an authorized at ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35418 (Use after free in Windows Cloud Files Mini Filter Driver allows an aut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35417 (Access of resource using incompatible type ('type confusion') in Windo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35416 (Use after free in Windows Ancillary Function Driver for WinSock allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35415 (Integer overflow or wraparound in Windows Storage Spaces Controller al ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-35227 (An unauthenticated remote attacker may exhaust all available TCP conne ...)
-	TODO: check
+	NOT-FOR-US: CODESYS
 CVE-2026-35071 (Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an i ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2026-34687 (Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-b ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34684 (Substance3D - Designer versions 15.1.0 and earlier are affected by an  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34683 (Substance3D - Designer versions 15.1.0 and earlier are affected by an  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34682 (Substance3D - Designer versions 15.1.0 and earlier are affected by an  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34681 (Substance3D - Designer versions 15.1.0 and earlier are affected by an  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34676 (Substance3D - Painter versions 12.0.2 and earlier are affected by an o ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34675 (Substance3D - Painter versions 12.0.2 and earlier are affected by an o ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34664 (Substance3D - Designer versions 15.1.0 and earlier are affected by an  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34663 (Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-o ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34662 (Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL P ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34661 (Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-o ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34660 (Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34659 (Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected  ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34644 (After Effects versions 26.0, 25.6.4 and earlier are affected by an Int ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34643 (After Effects versions 26.0, 25.6.4 and earlier are affected by an out ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34642 (After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34640 (Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an I ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34639 (Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an o ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34638 (Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34637 (Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an ou ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34636 (Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an ou ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2026-34351 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34350 (Null pointer dereference in Windows Storport Miniport Driver allows an ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34347 (Use after free in Windows Win32K - GRFX allows an authorized attacker  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34345 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34344 (Access of resource using incompatible type ('type confusion') in Windo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34343 (Heap-based buffer overflow in Windows Application Identity (AppID) Sub ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34342 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34341 (Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34340 (Use after free in Windows Projected File System allows an authorized a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34339 (Null pointer dereference in Windows LDAP - Lightweight Directory Acces ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34338 (Use after free in Windows Telephony Service allows an authorized attac ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34337 (Use after free in Windows Cloud Files Mini Filter Driver allows an aut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34336 (Buffer over-read in Windows DWM Core Library allows an authorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34334 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34333 (Use after free in Windows Win32K - GRFX allows an authorized attacker  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34332 (Use after free in Windows Kernel-Mode Drivers allows an authorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34331 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34330 (Integer overflow or wraparound in Windows Win32K - GRFX allows an auth ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34329 (Heap-based buffer overflow in Windows Message Queuing allows an unauth ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-34187 (Improper Neutralization of Special Elements used in an SQL Command vul ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2026-33893 (A vulnerability has been identified in Teamcenter V2312 (All versions  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-33862 (A vulnerability has been identified in Teamcenter V2312 (All versions  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-33841 (Heap-based buffer overflow in Windows Kernel allows an authorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33840 (Use after free in Windows Win32K - ICOMP allows an authorized attacker ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33839 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33838 (Double free in Windows Message Queuing allows an authorized attacker t ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33837 (Heap-based buffer overflow in Windows TCP/IP allows an authorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33835 (Use after free in Windows Cloud Files Mini Filter Driver allows an aut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33834 (Improper access control in Windows Event Logging Service allows an aut ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33833 (Improper neutralization of special elements in output used by a downst ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33821 (Improper privilege management in Microsoft Dynamics 365 Customer Insig ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33603 (Attacker can use a specially crafted base64 exchange between Dovecot a ...)
 	TODO: check
 CVE-2026-33117 (Improper authentication in Azure SDK allows an unauthorized attacker t ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33112 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-33110 (Deserialization of untrusted data in Microsoft Office SharePoint allow ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-32687 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2026-32684 (The application does not impose strict enough restrictions on director ...)
-	TODO: check
+	NOT-FOR-US: Hikvision
 CVE-2026-32209 (Improper access control in Windows Filtering Platform (WFP) allows an  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-32204 (External control of file name or path in Azure Monitor Agent allows an ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-32185 (Files or directories accessible to external parties in Microsoft Teams ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-32177 (Heap-based buffer overflow in .NET allows an unauthorized attacker to  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-32175 (A tampering vulnerability exists when .NET Core improperly handles spe ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-32170 (Double free in Windows Rich Text Edit Control allows an authorized att ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-32161 (Concurrent execution using shared resource with improper synchronizati ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-31245 (The mem0 1.0.0 server lacks authentication and authorization controls  ...)
 	TODO: check
 CVE-2026-31244 (The mem0 1.0.0 server lacks authentication and authorization controls  ...)
@@ -621,55 +621,55 @@ CVE-2026-31215 (The nexent v1.7.5.2 backend service contains an unauthorized arb
 CVE-2026-31214 (The torch-checkpoint-shrink.py script in the ml-engineering project in ...)
 	TODO: check
 CVE-2026-30810 (Server-Side Request Forgery vulnerability allows Privilege Escalation  ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2026-30808 (Session Fixation vulnerability allows Session Hijacking via crafted se ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2026-30807 (Cross-Site Request Forgery vulnerability allows an attacker to perform ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2026-30805 (Insecure Default Initialization of Resource vulnerability allows Authe ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2026-2993 (The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-2465 (Incorrect Authorization vulnerability in E-Kalite Software Hardware En ...)
 	TODO: check
 CVE-2026-2300 (The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-29204 (Insufficient ownership checks in `clientarea.php` allow an authenticat ...)
 	TODO: check
 CVE-2026-27851 (When safe filter is used with variable expansion, all following pipeli ...)
 	TODO: check
 CVE-2026-27662 (Affected devices do not properly restrict access to the web browser vi ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-26083 (A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 t ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2026-25789 (Affected devices do not properly validate and sanitize filenames on th ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-25787 (Affected devices do not properly validate and sanitize Technology Obje ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-25786 (Affected devices do not properly validate and sanitize PLC/station nam ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-25690 (An improper neutralization of argument delimiters in a command ('argum ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2026-25431 (Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-25088 (An improper neutralization of special elements used in an sql command  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2026-23823 (A vulnerability in the command line interface of Access Points running ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2026-23822 (A vulnerability in the XML handling component of AOS-8 DHCP services c ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2026-23821 (A vulnerability in the configuration processing logic of Access Points ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2026-23820 (A vulnerability in the command line interface of Access Points running ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2026-23819 (A vulnerability in the web-based management interface of Access Points ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2026-22925 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-22924 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2026-21530 (Double free in Windows Rich Text Edit allows an authorized attacker to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-20914 (Null pointer dereference for some Intel(R) QAT software drivers for Wi ...)
 	TODO: check
 CVE-2026-20905 (Improper input validation for some Intel(R) QAT software drivers for W ...)
@@ -707,39 +707,39 @@ CVE-2026-20717 (Improper input validation for some Intel(R) QAT software drivers
 CVE-2026-20714 (Out-of-bounds write for some Intel(R) QAT software drivers for Windows ...)
 	TODO: check
 CVE-2026-1934 (The Motors \u2013 Car Dealership & Classified Listings plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-70842 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in th ...)
 	TODO: check
 CVE-2025-6577 (Improper neutralization of special elements used in an SQL command ('S ...)
 	TODO: check
 CVE-2025-67604 (A use of potentially dangerous function vulnerability in Fortinet Fort ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-65719 (An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to  ...)
 	TODO: check
 CVE-2025-53870 (An improper neutralization of special elements used in an os command ( ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-53844 (A out-of-bounds write vulnerability in Fortinet FortiOS 7.6.0 through  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-53681 (An improper neutralization of special elements used in an SQL Command  ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-53680 (An improper neutralization of special elements used in an OS command ( ...)
-	TODO: check
+	NOT-FOR-US: Fortinet
 CVE-2025-46311 (An inconsistent user interface issue was addressed with improved state ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-43524 (An access issue was addressed with additional sandbox restrictions. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-40949 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2025-40948 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2025-40947 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2025-40946 (A vulnerability has been identified in blueplanet 100 NX3 M8 (All vers ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2025-40833 (The affected devices contain a null pointer dereference vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2025-36515 (Uncontrolled search path for some AI Playground software before versio ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-36510 (Improper buffer restrictions for some Display Virtualization for Windo ...)
 	TODO: check
 CVE-2025-35991 (Improper initialization in the UEFI firmware for some Intel platforms  ...)
@@ -755,7 +755,7 @@ CVE-2025-27723 (Use after free for some Linux kernel driver for the Intel(R) Eth
 CVE-2025-12659 (The affected applications contains a memory corruption vulnerability w ...)
 	TODO: check
 CVE-2024-54017 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
-	TODO: check
+	NOT-FOR-US: Siemens
 CVE-2025-54518
 	- xen <unfixed>
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3465b152dc631ea84438d8fe5defd9d9b084f464

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3465b152dc631ea84438d8fe5defd9d9b084f464
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260512/e5a8687b/attachment-0001.htm>
