[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 13 08:14:00 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
faba13a5 by security tracker role at 2026-05-13T07:13:54+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,27 +17,27 @@ CVE-2026-8053 (An issue in MongoDB Server's time-series collection implementatio
CVE-2026-8052 (HashiCorp Nomad\u2019s exec2 task driver prior to 0.1.2 is vulnerable ...)
TODO: check
CVE-2026-7635 (The coreActivity: Activity Logging for WordPress plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7619 (The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7474 (HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to ...)
TODO: check
CVE-2026-7051 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6965 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6962 (The Cost of Goods: Product Cost & Profit Calculator for WooCommerce pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6959 (HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to ...)
TODO: check
CVE-2026-6929 (The JoomSport \u2013 for Sports: Team & League, Football, Hockey & mor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6888 (Successful exploitation of the SQL injection vulnerability could allow ...)
TODO: check
CVE-2026-6828 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5371 (The MonsterInsights \u2013 Google Analytics Dashboard for WordPress (W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-45227 (Heym before 0.0.21 contains a sandbox escape vulnerability in the cust ...)
TODO: check
CVE-2026-45226 (Heym before 0.0.21 contains an authorization bypass vulnerability in w ...)
@@ -45,57 +45,57 @@ CVE-2026-45226 (Heym before 0.0.21 contains an authorization bypass vulnerabilit
CVE-2026-45225 (Heym before 0.0.21 contains a path traversal vulnerability in the file ...)
TODO: check
CVE-2026-44874 (A vulnerability exists in the web-based management interface of an AOS ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44873 (A session management vulnerability in AOS-8 allows previously authenti ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44872 (A command injection vulnerability exists in the web-based management i ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44871 (Command injection vulnerabilities exist in the command line interface ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44870 (Command injection vulnerabilities exist in the command line interface ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44869 (Command injection vulnerabilities exist in the web-based management in ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44868 (Command injection vulnerabilities exist in the web-based management in ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44867 (Command injection vulnerabilities exist in the web-based management in ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44866 (Command injection vulnerabilities exist in the web-based management in ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44865 (Command injection vulnerabilities exist in the web-based management in ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44864 (SQL injection vulnerabilities exist in several underlying service comp ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44863 (SQL injection vulnerabilities exist in several underlying service comp ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44862 (SQL injection vulnerabilities exist in several underlying service comp ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44861 (SQL injection vulnerabilities exist in several underlying service comp ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44860 (SQL injection vulnerabilities exist in several underlying service comp ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44859 (Stack-based buffer overflow vulnerabilities exist in several underlyin ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44858 (Stack-based buffer overflow vulnerabilities exist in several underlyin ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44857 (Stack-based buffer overflow vulnerabilities exist in several underlyin ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44856 (Stack-based buffer overflow vulnerabilities exist in several underlyin ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44855 (Stack-based buffer overflow vulnerabilities exist in several underlyin ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44854 (Command injection vulnerabilities exist in the web-based management in ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44853 (Command injection vulnerabilities exist in the web-based management in ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44852 (An authenticated remote code execution vulnerability exists in the AOS ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-44612 (Bytello Share (Windows Edition) installer executable provided by Bytel ...)
TODO: check
CVE-2026-44548 (ChurchCRM is an open-source church management system. Prior to 7.3.2, ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-44547 (ChurchCRM is an open-source church management system. From 7.2.0 to 7. ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-44403 (Wing FTP Server 8.1.2 contains an authenticated remote code execution ...)
TODO: check
CVE-2026-44352 (Flowsint is an open-source OSINT graph exploration tool designed for c ...)
@@ -171,9 +171,9 @@ CVE-2026-44010 (Craft CMS is a content management system (CMS). From 4.0.0 to be
CVE-2026-43948 (wger is a free, open-source workout and fitness manager. Prior to 2.6, ...)
TODO: check
CVE-2026-43685 (A Remote Code Execution vulnerability in Claris FileMaker Cloud allowe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-43680 (A Remote Code Execution vulnerability in Claris FileMaker Cloud allowe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2026-42889 (Relay adds real-time collaboration to Obsidian. Relay Server versions ...)
TODO: check
CVE-2026-42855 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...)
@@ -201,9 +201,9 @@ CVE-2026-42355 (NanaZip is an open source file archive. From 5.0.1252.0 to befor
CVE-2026-42338 (ip-address is a library for parsing and manipulating IPv4 and IPv6 add ...)
TODO: check
CVE-2026-42289 (ChurchCRM is an open-source church management system. Prior to 7.3.2, ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-42288 (ChurchCRM is an open-source church management system. Prior to 7.3.2, ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2026-42196 (django-s3file is a lightweight file upload input for Django and Amazon ...)
TODO: check
CVE-2026-42191 (OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetr ...)
@@ -227,65 +227,65 @@ CVE-2026-35555 (PowerSYSTEM Center feature for device project groups allows an a
CVE-2026-35504 (PowerSYSTEM Center email notification service is affected by a CRLF in ...)
TODO: check
CVE-2026-34690 (After Effects versions 26.0, 25.6.4 and earlier are affected by a Stac ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34688 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34686 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34685 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34680 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34679 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34678 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34677 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34673 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34672 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34671 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34670 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34669 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34668 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34667 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34666 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34665 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34658 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34656 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34655 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34654 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34653 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34652 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34651 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34650 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34649 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34648 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34647 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34646 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-34645 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2026-33570 (PowerSYSTEM Center REST API endpoint for devices allows a low privileg ...)
TODO: check
CVE-2026-32661 (Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailS ...)
@@ -295,37 +295,37 @@ CVE-2026-2725 (Incorrect authorization in the "submitted together" feature in Ge
CVE-2026-26289 (PowerSYSTEM Center REST API endpoint for device account export allows ...)
TODO: check
CVE-2026-23827 (A heap-based buffer overflow vulnerability exists in a Network managem ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-23826 (A vulnerability in a network management service of AOS-8 Operating Sys ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-23825 (Vulnerabilities exist in a protocol-handling component of AOS-8 and AO ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-23824 (Vulnerabilities exist in a protocol-handling component of AOS-8 and AO ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2026-21024 (Improper privilege management in Samsung System Support Service prior ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21022 (Improper handling of insufficient permissions in Routines prior to SMR ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21021 (Improper input validation in Routines prior to SMR May-2026 Release 1 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21020 (Improper export of android application components in OmaCP prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21019 (Improper input validation in FacAtFunction in Galaxy Watch prior to SM ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21018 (Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allo ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21016 (Incorrect privilege assignment in LocationManager prior to SMR May-202 ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-21015 (Incorrect default permissions in FactoryCamera prior to SMR May-2026 R ...)
- TODO: check
+ NOT-FOR-US: Samsung Mobile
CVE-2026-1250 (The Court Reservation \u2013 Manage Your Court Bookings Online plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9989 (The Broadstreet plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9988 (The Broadstreet plugin for WordPress is vulnerable to unauthorized acc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9987 (The Broadstreet plugin for WordPress is vulnerable to Sensitive Inform ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-65088 (An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt ...)
TODO: check
CVE-2025-65087 (An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt ...)
@@ -343,13 +343,13 @@ CVE-2025-61972 (Missing lock bit protection for NBIO registers could allow a loc
CVE-2025-61971 (Missing lock bit protection for NBIO registers could allow a local adm ...)
TODO: check
CVE-2025-15463 (The The Advanced Custom Fields: Extended plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14755 (The Cost Calculator Builder plugin for WordPress is vulnerable to Unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14033 (The ilGhera Support System for WooCommerce plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11159 (Hitachi Vantara Pentaho Data Integration & Analytics of all versions c ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2024-36315 (Improper enforcement of the LFENCE serialization property may allow an ...)
TODO: check
CVE-2026-44378
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faba13a5d838243fd4024807c58f54cc4d1ebdc9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/faba13a5d838243fd4024807c58f54cc4d1ebdc9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260513/3b03b49d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list