[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 22 08:38:23 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f29f9502 by Salvatore Bonaccorso at 2026-05-22T09:38:00+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -63,33 +63,33 @@ CVE-2026-8237 (Concrete CMS 9.5.0 and below is vulnerable to IDOR.The `/ccm/fron
CVE-2026-8236 (Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a mis ...)
NOT-FOR-US: Concrete CMS
CVE-2026-8205 (Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8204 (Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8203 (Concrete CMS 9.5.0 and below has Stored XSS on the height parameter.Th ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8197 (Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth int ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8140 (Concrete CMS 9.5.0 and below does not validate a CSRF token before pro ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8139 (Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external- ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8135 (Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution d ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-8134 (Concrete CMS 9.5.0 and below fails to sanitize path traversal sequence ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7890 (In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a fee ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7887 (For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7886 (Concrete CMS 9.5.0 and below is vulnerable toIDOR in AddMessage/Update ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7882 (Concrete CMS 9.5.0 and below is vulnerable to unauthorized file delet ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7881 (Concrete CMS 9.5.0 and below is subject toInsecure Direct Object Refer ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7879 (In Concrete CMS 9.5.0 and below, the submit_password() method in concr ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-7509 (The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2026-7249 (The Location Weather plugin for WordPress is vulnerable to unauthorize ...)
@@ -99,7 +99,7 @@ CVE-2026-6960 (The BookingPress Pro plugin for WordPress is vulnerable to arbitr
CVE-2026-6864 (The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to R ...)
NOT-FOR-US: WordPress plugin
CVE-2026-6826 (Concrete CMS 9.5.0 and below is vulnerable tounauthenticated file usag ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2026-5297
REJECTED
CVE-2026-4929 (Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scri ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f29f950211b896669dc60d01b05f390ec454224e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f29f950211b896669dc60d01b05f390ec454224e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/4798cb0c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list