[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 14 08:13:55 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7322e774 by security tracker role at 2026-05-14T07:13:50+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,13 +11,13 @@ CVE-2026-8328 (The ftpcp() function in Lib/ftplib.py was not updated when CVE-2
CVE-2026-8280 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-8181 (The Burst Statistics \u2013 Privacy-Friendly WordPress Analytics (Goog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8144 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-7648 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7525 (The My Calendar \u2013 Accessible Event Manager plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7481 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
TODO: check
CVE-2026-7471 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
@@ -27,55 +27,55 @@ CVE-2026-7377 (GitLab has remediated an issue in GitLab EE affecting all version
CVE-2026-6883 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
TODO: check
CVE-2026-6670 (The Media Sync plugin for WordPress is vulnerable to Path Traversal in ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6510 (The InfusedWoo Pro plugin for WordPress is vulnerable to privilege esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6506 (The InfusedWoo Pro plugin for WordPress is vulnerable to privilege esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6417 (The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6335 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-6282 (A potential improper file path validation vulnerability was reported i ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-6281 (A potential vulnerability was reported in some Lenovo Personal Cloud S ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2026-6271 (The Career Section plugin for WordPress is vulnerable to Arbitrary Fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6252 (The Meta Field Block plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6225 (The Taskbuilder \u2013 Project Management & Task Management Tool With ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6177 (The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6073 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
TODO: check
CVE-2026-6063 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
TODO: check
CVE-2026-5486 (The Unlimited Elements for Elementor plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5396 (The Fluent Forms plugin for WordPress is vulnerable to Authorization B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5395 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5365 (The LatePoint plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5361 (The Envira Gallery Lite plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5243 (The The Plus Addons for Elementor \u2013 Addons for Elementor, Page Te ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5193 (The Essential Addons for Elementor \u2013 Popular Elementor Templates ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4798 (The Avada Builder plugin for WordPress is vulnerable to time-based SQL ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4782 (The Avada Builder plugin for WordPress is vulnerable to Arbitrary File ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4609 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4608 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4607 (The ProfileGrid \u2013 User Profiles, Groups and Communities plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4527 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-4524 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -101,7 +101,7 @@ CVE-2026-45228 (Quark Drive before 0.8.5 contains a stored cross-site scripting
CVE-2026-45158 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
TODO: check
CVE-2026-45109 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-45055 (CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6 ...)
TODO: check
CVE-2026-45054 (CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin ...)
@@ -119,27 +119,27 @@ CVE-2026-44665 (fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an i
CVE-2026-44664 (fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026- ...)
TODO: check
CVE-2026-44582 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44581 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44580 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44579 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44578 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44577 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44576 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44575 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44574 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44573 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44572 (Next.js is a React framework for building full-stack web applications. ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2026-44479 (Vercel\u2019s AI Cloud is a unified platform for building modern appli ...)
TODO: check
CVE-2026-44478 (hoppscotch is an open source API development ecosystem. The fix for CV ...)
@@ -277,15 +277,15 @@ CVE-2026-42948 (Stored cross-site scripting vulnerability exists in ELECOM wirel
CVE-2026-42937 (Incorrect permission assignment vulnerabilities exist in BIG-IP and BI ...)
TODO: check
CVE-2026-42930 (When running in Appliance mode, an authenticated attacker assigned the ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42924 (An authenticated attacker with the Resource Administrator or Administr ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42920 (When a Client SSL profile is configured with Allow Dynamic Record Sizi ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42919 (A vulnerability exists in BIG-IP systems that may allow an authenticat ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42781 (When embedded Packet Velocity Acceleration (ePVA) acceleration is conf ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42780 (A directory traversal vulnerability exists in BIG-IP SSL Orchestrator ...)
TODO: check
CVE-2026-42602 (azureauthextension is the Azure Authenticator Extension. From 0.124.0 ...)
@@ -331,7 +331,7 @@ CVE-2026-42463 (SQLBot is an intelligent Text-to-SQL system based on large langu
CVE-2026-42409 (When an HTTP/2 profile and an iRule containing the HTTP::redirector HT ...)
TODO: check
CVE-2026-42408 (When BIG-IP DNS is provisioned, a vulnerability exists in an undisclos ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42406 (A vulnerability exists in BIG-IP and BIG-IQ systems where a highly pri ...)
TODO: check
CVE-2026-42290 (protobufjs-cli is the command line add-on for protobuf.js. Prior to 1. ...)
@@ -339,11 +339,11 @@ CVE-2026-42290 (protobufjs-cli is the command line add-on for protobuf.js. Prior
CVE-2026-42266 (jupyterlab is an extensible environment for interactive and reproducib ...)
TODO: check
CVE-2026-42063 (A vulnerability exists in iControl SOAP where an authenticated attacke ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42062 (ELECOM wireless LAN access point devices contain an OS command injecti ...)
TODO: check
CVE-2026-42058 (An authenticated attacker's undisclosed requests to BIG-IP iControl RE ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-42032 (CKAN is an open-source DMS (data management system) for powering data ...)
TODO: check
CVE-2026-42031 (CKAN is an open-source DMS (data management system) for powering data ...)
@@ -357,7 +357,7 @@ CVE-2026-41956 (When a classification profile is configured on a UDP virtual ser
CVE-2026-41954 (Sensitive information disclosure vulnerability exists in the undisclos ...)
TODO: check
CVE-2026-41953 (A vulnerability exists in BIG-IP systems where a highly privileged, au ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41410
REJECTED
CVE-2026-41281 (Android App "\u3042\u3093\u3057\u3093\u30d5\u30a3\u30eb\u30bf\u30fc fo ...)
@@ -365,15 +365,15 @@ CVE-2026-41281 (Android App "\u3042\u3093\u3057\u3093\u30d5\u30a3\u30eb\u30bf\u3
CVE-2026-41255 (CKAN is an open-source DMS (data management system) for powering data ...)
TODO: check
CVE-2026-41227 (On an HTTP/2 virtual server with Layer 7 DoS Protection configured, un ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41225 (A vulnerability exists in iControl REST where a highly privileged, aut ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41219 (An improper sanitization vulnerability exists in the BIG-IP QKView uti ...)
TODO: check
CVE-2026-41218 (When BIG-IP PEM iRules are configured on a virtual server (iRules usin ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41217 (A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) comm ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41132 (CKAN is an open-source DMS (data management system) for powering data ...)
TODO: check
CVE-2026-41051 (csync2 uses insecure temporary directories when compiled with C99 or l ...)
@@ -381,13 +381,13 @@ CVE-2026-41051 (csync2 uses insecure temporary directories when compiled with C9
CVE-2026-41050 (Fleet's Helm deployer did not fully apply ServiceAccount impersonation ...)
TODO: check
CVE-2026-40703 (A cross-site request forgery (CSRF) vulnerability exists in the dashbo ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40699 (A vulnerability exists in the undisclosed pages in the Configuration u ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40698 (A vulnerability exists in BIG-IP and BIG-IQ systems where a highly pri ...)
TODO: check
CVE-2026-40631 (An authenticated attacker with the Resource Administrator or Administr ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40629 (When SSL profiles are configured on a virtual server, undisclosed traf ...)
TODO: check
CVE-2026-40621 (ELECOM wireless LAN access point devices do not require authentication ...)
@@ -395,35 +395,35 @@ CVE-2026-40621 (ELECOM wireless LAN access point devices do not require authenti
CVE-2026-40618 (When an SSL profile is configured on a virtual server on BIG-IP Virtua ...)
TODO: check
CVE-2026-40462 (Incorrect permission assignment vulnerabilities exist in iControl REST ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40435 (When configured, IP-based access restrictions for httpddo not cover al ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40423 (When a SIP profile is configured on a virtual server, undisclosed traf ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40328
REJECTED
CVE-2026-40327
REJECTED
CVE-2026-40067 (When a BIG-IP APM access policy is configured on a virtual server, und ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40061 (When BIG-IP DNS is provisioned, a vulnerability exists in an undisclos ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40060 (When a BIG-IP Advanced WAF or ASM security policy is configured on a v ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-3892 (The Motors \u2013 Car Dealership & Classified Listings Plugin plugin f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3829 (The WP Encryption \u2013 One Click Free SSL Certificate & SSL / HTTPS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3718 (The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3694 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3607 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-3426 (The RTMKit Addons for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3425 (The RTMKit Addons for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3160 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-3074 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -431,17 +431,17 @@ CVE-2026-3074 (GitLab has remediated an issue in GitLab CE/EE affecting all vers
CVE-2026-3073 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-3004 (The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-39806 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
TODO: check
CVE-2026-39803 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
TODO: check
CVE-2026-39459 (A vulnerability exists in iControl REST and the TMOS Shell (tmsh) wher ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-39458 (When a BIG-IP DNS profile enabled with DNS cache is configured on a vi ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-39455 (When the BIG-IP Configuration utility is configured to use Lightweight ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-39428 (CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored C ...)
TODO: check
CVE-2026-39358 (CubeCart is an ecommerce software solution. Prior to 6.6.0, Authentica ...)
@@ -461,11 +461,11 @@ CVE-2026-36738 (U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vul
CVE-2026-35506 (ELECOM wireless LAN access point devices contain an OS command injecti ...)
TODO: check
CVE-2026-35062 (An authenticated iControl SOAP user may be able to obtain information ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-34176 (When running in Appliance mode, an authenticated remote command inject ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-34019 (When Bidirectional Forwarding Detection (BFD) is configured in Static ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-33585 (Improper management of the idle timeout parameterin the Keycloak inter ...)
TODO: check
CVE-2026-33584 (Exposed Keycloak management service in the Arqit Symmetric Key Agreem ...)
@@ -489,29 +489,29 @@ CVE-2026-32992 (SSL verification is disabled in the DNS Cluster system. This cou
CVE-2026-32991 (Improper authorization checks of team members privileges allow a team ...)
TODO: check
CVE-2026-32673 (A vulnerability exists in BIG-IP scripted monitors that may allow an a ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-32643 (A vulnerability exists in BIG-IP and BIG-IQ systems where a highly pri ...)
TODO: check
CVE-2026-31156 (A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f ...)
TODO: check
CVE-2026-30906 (Untrusted search path in the installer for Zoom Rooms for Windows befo ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-30905 (External Control of File Name or Path in the Zoom Workplace VDI Plugin ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-30904 (Protection Mechanism Failure in Zoom Workplace for iOS before version ...)
- TODO: check
+ NOT-FOR-US: Zoom
CVE-2026-2900 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
TODO: check
CVE-2026-2695 (A command injection vulnerability was discoveredin TeamViewer DEX Plat ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2026-2515 (The Hostinger Reach \u2013 AI-Powered Email Marketing for WordPress pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-29206 (Insufficient sanitization of SQL queries in the `sqloptimizer` utility ...)
TODO: check
CVE-2026-29205 (Incorrect privileges management and insufficient path filtering allow ...)
TODO: check
CVE-2026-28758 (When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_adda ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-28383 (A request to the Grafana plugin resources endpoint can cause unbounded ...)
TODO: check
CVE-2026-28380 (Any Editor could delete any snapshot, even if they have no access to r ...)
@@ -523,15 +523,15 @@ CVE-2026-28376 (The Grafana Live push endpoint can be exploited to cause unbound
CVE-2026-28374 (Editors could delete any annotation, even those they do not have read ...)
TODO: check
CVE-2026-25705 (A vulnerability has been identified in [Rancher's Extensions](https:// ...)
- TODO: check
+ NOT-FOR-US: SUSE
CVE-2026-25107 (ELECOM wireless LAN access point devices use a hard-coded cryptographi ...)
TODO: check
CVE-2026-24464 (When running in Appliance mode, a directory traversal vulnerability ex ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-22677 (Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vu ...)
TODO: check
CVE-2026-21821 (The HCL BigFix SCM Reporting site contains an outdated and unsupported ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-20916 (An authenticated iControl REST user with low privileges can create or ...)
TODO: check
CVE-2026-1659 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
@@ -543,57 +543,57 @@ CVE-2026-1322 (GitLab has remediated an issue in GitLab CE/EE affecting all vers
CVE-2026-1184 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
TODO: check
CVE-2026-0265 (An authentication bypass vulnerability in Palo Alto Networks PAN-OS\xa ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0264 (A buffer overflow vulnerability in the DNS proxy and DNS Server featur ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0263 (A buffer overflow vulnerability in the IKEv2 processing of Palo Alto N ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0262 (Multiple denial of service vulnerabilities in Palo Alto Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0261 (Multiple command injection vulnerabilities in Palo Alto Networks PAN-O ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0259 (An arbitrary File Read and Delete Vulnerability in Palo Alto Networks ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0258 (A server-side request forgery (SSRF) vulnerability in the IKEv2 implem ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0257 (Authentication bypass vulnerabilities in the GlobalProtect portal and ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0256 (A stored cross-site scripting (XSS) vulnerability in Palo Alto Network ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0251 (Multiple local privilege escalation vulnerabilities in the Palo Alto N ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0250 (A buffer overflow vulnerability exists in the Palo Alto Networks Globa ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0249 (Multiple improper certificate validation vulnerabilities in the Palo A ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0248 (An improper certificate validation vulnerability in the Prisma Access ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0247 (Multiple authorization bypass vulnerabilities in the Endpoint DLP comp ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0246 (A vulnerability with a privilege management mechanism in the Palo Alto ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0245 (Multiple information disclosure vulnerabilities in Prisma Access Agent ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0244 (An improper certificate validation vulnerability in the Palo Alto Netw ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0243 (A denial of service (DoS) vulnerability in Palo Alto Networks Prisma S ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0242 (A SQL injection vulnerability in Trust Protection Foundation allows an ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0241 (Incorrect Authorization vulnerabilities in Trust Protection Foundation ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0240 (An information disclosure vulnerability in Trust Protection Foundation ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0239 (An information disclosure vulnerability in the Chronosphere Chronocoll ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0238 (A vulnerability in Palo Alto Networks Broker VM allows an authenticate ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0237 (An improper protection of alternate path vulnerability in Palo Alto Ne ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0236 (A code injection vulnerability in Palo Alto Networks Prisma\xae Browse ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2026-0235 (A race condition vulnerability in Palo Alto Networks Prisma\xae Browse ...)
- TODO: check
+ NOT-FOR-US: Palo Alto Networks
CVE-2025-32425 (AutoGPT is a platform that allows users to create, deploy, and manage ...)
TODO: check
CVE-2025-29338 (NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To ...)
@@ -611,13 +611,13 @@ CVE-2025-27851 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5
CVE-2025-27850 (The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) al ...)
TODO: check
CVE-2025-15345 (The MapGeo \u2013 Interactive Geo Maps plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14870 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2025-14869 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2025-14767 (The WPC Badge Management for WooCommerce plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13874 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2025-12669 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7322e774cc209fb2200ffa782a22798658f77faf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7322e774cc209fb2200ffa782a22798658f77faf
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/27a29292/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list