[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 27 08:14:11 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
54ac944e by security tracker role at 2026-05-27T07:14:05+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,21 +13,21 @@ CVE-2026-9609 (A vulnerability was identified in QianFox FoxCMS up to 1.2.6. Thi
CVE-2026-9608 (A vulnerability was determined in QianFox FoxCMS up to 1.2.6. The impa ...)
TODO: check
CVE-2026-9607 (A vulnerability was found in itsourcecode Courier Management System 1. ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-9606 (A vulnerability has been found in itsourcecode Courier Management Syst ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-9605 (A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue af ...)
TODO: check
CVE-2026-9604 (A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerabil ...)
TODO: check
CVE-2026-9603 (A security vulnerability has been detected in SourceCodester eDoc Doct ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-9584 (A security vulnerability has been detected in code-projects Project Ma ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-9583 (A weakness has been identified in SourceCodester CET Automated Grading ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-9582 (A security flaw has been discovered in SourceCodester CET Automated Gr ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-9581 (A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted ...)
TODO: check
CVE-2026-9580 (A vulnerability was determined in JeecgBoot up to 3.9.1. The affected ...)
@@ -35,133 +35,133 @@ CVE-2026-9580 (A vulnerability was determined in JeecgBoot up to 3.9.1. The affe
CVE-2026-9579 (A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the fu ...)
TODO: check
CVE-2026-9575 (A vulnerability has been found in itsourcecode Student Transcript Proc ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-9574 (A flaw has been found in itsourcecode Student Transcript Processing Sy ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-9573 (A vulnerability was detected in itsourcecode Student Transcript Proces ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-9312 (A server-side request forgery (SSRF) vulnerability was identified in G ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-9236 (The CM Ad Changer \u2013 A simple tool to control and optimize your si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9207 (Tanium addressed an unauthorized code execution vulnerability in Conne ...)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2026-9200 (The Query Shortcode plugin for WordPress is vulnerable to Local File I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9156 (Tanium addressed a denial of service vulnerability in Tanium Server.)
- TODO: check
+ NOT-FOR-US: Tanium
CVE-2026-9022 (The Splide Carousel Block plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9014 (The WP Promoter plugin for WordPress is vulnerable to unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8994 (The Login with NEAR plugin for WordPress is vulnerable to Authenticati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8943 (The GoStats for WordPress plugin for WordPress is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8941 (The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8939 (The Search Simple Fields plugin for WordPress is vulnerable to Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8938 (The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8911 (The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8903 (The Two-factor authentication (formerly IP Vault) plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8899 (The Auto Thumbnail plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8898 (The Events In City plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8897 (The Shortcode Buddy plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8894 (The iWR Tooltip plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8891 (The BitForm plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8887 (The Listen Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8886 (The hk_shortcode plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8884 (The Instant-Quote.co Quotation Page plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8877 (The Responsive Video Embedder plugin for WordPress is vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8875 (The Easy Prism Syntax Highlighter plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8873 (The Content Slideshow plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8872 (The Animate Your Content plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8871 (The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8870 (The Team Master \u2013 A Modern WordPress Team Showcase plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8869 (The Mutual Funds Data plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8868 (The Single Mailchimp plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8867 (The Post Category Gallery plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8866 (The jQuery googleslides plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8847 (The Dideo plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8846 (The Tuxquote plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8845 (The Islamic Database plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8844 (The Responsive Check plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8842 (The Google+ Link Name plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8837 (The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8787 (The Firebase Support & Chat Management plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8760 (The Login with OTP plugin for WordPress is vulnerable to authenticatio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8708 (The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8707 (The NS Product icon badge plugin for WordPress is vulnerable to Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8703 (The Endless Scroll plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8702 (The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8701 (The GNTT Post Title Ticker plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8698 (The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8680
REJECTED
CVE-2026-8676 (An attacker is able to downgrade the security of a Bluetooth LE connec ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2026-8606 (A Server-Side Request Forgery (SSRF) vulnerability was identified in G ...)
- TODO: check
+ NOT-FOR-US: Github Enterprise Server
CVE-2026-8453
REJECTED
CVE-2026-8048 (The My Email Shortcode plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8040 (The faq shortocde plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7614 (The Old Posts Highlighter plugin for WordPress is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7493 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6565 (The Style Kits \u2013 Advanced Theme Styles for Elementor, Elementor K ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6287 (The ShopLentor - WooCommerce Builder for Elementor & Gutenberg plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6268 (The EventPress WordPress theme before 22.2 does not sanitize or escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-49017 (In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters a ...)
TODO: check
CVE-2026-49014 (In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF ...)
TODO: check
CVE-2026-49000 (An insecure password scheme refers to vulnerabilities arising from imp ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-48999 (Attackers carefully craft malicious scripts, such as JavaScript, and i ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-48593 (Uncontrolled Resource Consumption vulnerability in oban-bg oban_web (' ...)
TODO: check
CVE-2026-48592 (Missing Authorization vulnerability in oban-bg oban_web ('Elixir.Oban. ...)
@@ -247,19 +247,19 @@ CVE-2026-42335 (MaxKB is an open-source AI assistant for enterprise. Prior to 2.
CVE-2026-36239 (PbootCMS v.3.2.11 contains a code injection vulnerability in its site ...)
TODO: check
CVE-2026-2255 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2026-2254 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2026-2253 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 1 ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2026-27331 (Missing Authorization vulnerability in Magepeople inc. WpTravelly allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25444 (Missing Authorization vulnerability in Magepeople inc. WpBookingly all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-25426 (Missing Authorization vulnerability in Magepeople inc. Taxi Booking Ma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-24520 (Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68711 (AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.ap ...)
TODO: check
CVE-2025-68710 (Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applock ...)
@@ -269,23 +269,23 @@ CVE-2025-68709 (SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android all
CVE-2025-68708 (SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a ...)
TODO: check
CVE-2025-46307 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46284 (A race condition was addressed with additional validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46280 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43451 (A permissions issue was addressed by removing the vulnerable code. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43306 (A logic issue was addressed with improved checks. This issue is fixed ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43290 (A permissions issue was addressed with additional restrictions. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-43289 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-14481 (The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Ob ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14361 (Missing Authorization vulnerability in AA-Team Woocommerce Envato Affi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-46644 [insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels]
- php-symfony-polyfill <unfixed>
[bookworm] - php-symfony-polyfill <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ac944e53696e0676064be9b01ec6cf5d6da984
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ac944e53696e0676064be9b01ec6cf5d6da984
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/f56ebd54/attachment.htm>
More information about the debian-security-tracker-commits
mailing list