[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 22 08:13:33 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
89d5af11 by security tracker role at 2026-05-22T07:13:28+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2026-9264 (A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic ...)
TODO: check
CVE-2026-9104 (The Draft List plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9054 (An attacker sending tcp, il, rudp, rudp, or gre packets with a length ...)
TODO: check
CVE-2026-9053 (Mothra would respect a default value given by a website for HTML file ...)
TODO: check
CVE-2026-9018 (The Easy Elements for Elementor \u2013 Addons & Website Templates plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8435 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forger ...)
TODO: check
CVE-2026-8434 (Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forger ...)
@@ -91,27 +91,27 @@ CVE-2026-7881 (Concrete CMS 9.5.0 and below is subject toInsecure Direct Object
CVE-2026-7879 (In Concrete CMS 9.5.0 and below, the submit_password() method in concr ...)
TODO: check
CVE-2026-7509 (The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7249 (The Location Weather plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6960 (The BookingPress Pro plugin for WordPress is vulnerable to arbitrary f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6864 (The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6826 (Concrete CMS 9.5.0 and below is vulnerable tounauthenticated file usag ...)
TODO: check
CVE-2026-5297
REJECTED
CVE-2026-4929 (Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scri ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-4843 (The GSheet For Woo Importer plugin for WordPress is vulnerable to unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4834 (The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-4093 (In the Drupal 7 Term Reference Tree module, two stored XSS vectors exi ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-4070 (The Alfie \u2013 Feed Plugin plugin for WordPress is vulnerable to Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-47114 (IINA before 1.4.3 contains a user-assisted command execution vulnerabi ...)
TODO: check
CVE-2026-47102 (LiteLLM prior to 1.83.10 allows a user to modify their own user_role v ...)
@@ -125,11 +125,11 @@ CVE-2026-46597 (An incorrectly placed cast from bytes to int allowed for server-
CVE-2026-46595 (Previously, CVE-2024-45337 fixed an authorization bypass for misused s ...)
TODO: check
CVE-2026-44409 (There is an an information disclosure vulnerability in ZTE MU5250. Due ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-42508 (Previously, a revoked 'SignatureKey' belonging to a CA was not correct ...)
TODO: check
CVE-2026-3481 (The WP Blockade plugin for WordPress is vulnerable to Reflected Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-39835 (SSH servers which use CertChecker as a public key callback without set ...)
TODO: check
CVE-2026-39834 (When writing data larger than 4GB in a single Write call on an SSH cha ...)
@@ -159,7 +159,7 @@ CVE-2026-34908 (A malicious actor with access to the network could exploit an Im
CVE-2026-33000 (A malicious actor with access to the network and high privileges could ...)
TODO: check
CVE-2026-2518 (The FastX theme for WordPress is vulnerable to unauthorized limited pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-22678 (Webmin before 2.641 contains a stored cross-site scripting vulnerabili ...)
TODO: check
CVE-2026-5091 (Catalyst::Plugin::Authentication versions through 0.10024 for Perl is ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d5af1157993fed7495d3120a1a751ca9608ade
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d5af1157993fed7495d3120a1a751ca9608ade
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/a3b4e91c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list