[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 27 20:14:56 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4af48bc9 by security tracker role at 2026-05-27T19:14:50+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,79 +1,79 @@
CVE-2026-9712 (When creating an export through the pretix API, API clients are retur ...)
- TODO: check
+ NOT-FOR-US: rami.io products
CVE-2026-9704 (A flaw was found in Keycloak. An authenticated user with low privilege ...)
TODO: check
CVE-2026-9689 (A flaw was found in Keycloak, an open-source identity and access manag ...)
TODO: check
CVE-2026-9674 (A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-9617 (PostgreSQL Anonymizer contains a vulnerability that allows a user to g ...)
TODO: check
CVE-2026-9035 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8942 (The MetaMagic SEO Plugin plugin for WordPress is vulnerable to Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8906 (The WP Promoter plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8832 (The WPCode - Insert Headers and Footers + Custom Code Snippets - WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8716 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-8405 (IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of G ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8180 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8179 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8175 (IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-8143 (The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8054 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2026-8042 (The Github Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7876 (IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7618 (The Env\xedaloSimple: Email Marketing y Newsletters plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7528 (IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service d ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7524 (IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7365 (IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-7254 (IBM OPENBMC FW1110.00 through FW1110.11is vulnerable to denial of serv ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-6957 (Mattermost Plugins versions <=1.1.5 fail to sanitize filenames receive ...)
TODO: check
CVE-2026-6938 (IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass wh ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-6936 (IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attac ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-6713 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-6169 (The affiliate-toolkit plugin for WordPress is vulnerable to remote cod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6053 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-6052 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-6051 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-5516 (IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-5515 (IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentiall ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-5509 (An authenticated command injection vulnerability exists in the Archer ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-5296 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
TODO: check
CVE-2026-5065 (IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-4868 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
TODO: check
CVE-2026-4410 (IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-4392 (A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This ...)
TODO: check
CVE-2026-4391 (A security vulnerability has been detected in TeamSpeak 3 Server up to ...)
@@ -85,63 +85,63 @@ CVE-2026-49103 (Webmin before 2.640 does not safely construct a filename for sav
CVE-2026-49102 (Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG documen ...)
TODO: check
CVE-2026-49059 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49054 (Missing Authorization vulnerability in Mamunur Rashid The Post Grid al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49053 (Missing Authorization vulnerability in Wpmet ElementsKit Elementor add ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49052 (Missing Authorization vulnerability in Wpmet ElementsKit Elementor add ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49051 (Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Dat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49047 (Missing Authorization vulnerability in DearHive DearFlip allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49045 (Missing Authorization vulnerability in WP Media Adminimize allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49044 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-49002 (Access control failure means that an application does not effectively ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-49001 (Cross-site request forgery (CSRF) vulnerabilities allow attackers to e ...)
- TODO: check
+ NOT-FOR-US: ZTE
CVE-2026-48973 (Missing Authorization vulnerability in Benbodhi SVG Support allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48972 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48971 (Missing Authorization vulnerability in WebToffee Product Import Export ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48968 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48927 (Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the bui ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48926 (Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not per ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48925 (A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub In ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48924 (Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48923 (Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permiss ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48922 (Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48921 (Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and ea ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48920 (Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows i ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48919 (Jenkins Active Directory Plugin 2.41 and earlier deserializes data fro ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48918 (Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referral ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48917 (Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data fr ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48916 (Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referra ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-48906 (The vulnerability in the Tassos Framework Plugin allows users to delet ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-48877 (Insertion of Sensitive Information Into Sent Data vulnerability in Tom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-48545 (Gradio before version 6.15.0 contains a cookie injection vulnerability ...)
TODO: check
CVE-2026-48544 (Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulner ...)
@@ -197,7 +197,7 @@ CVE-2026-45570 (go-git is an extensible git implementation library written in pu
CVE-2026-45548 (Budibase is an open-source low-code platform. Prior to 3.34.8, the pro ...)
TODO: check
CVE-2026-45335 (WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-45090 (Dalfox is a powerful open-source XSS scanner and utility focused on au ...)
TODO: check
CVE-2026-45089 (Dalfox is a powerful open-source XSS scanner and utility focused on au ...)
@@ -215,7 +215,7 @@ CVE-2026-45047 (bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the ap
CVE-2026-45046 (Gryph provides a security layer for AI coding agents. Prior to 0.7.0, ...)
TODO: check
CVE-2026-45027 (WeGIA is a web manager for charitable institutions. In versions prior ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2026-45022 (go-git is an extensible git implementation library written in pure Go. ...)
TODO: check
CVE-2026-44988 (LibVNCClient is a library for easy implementation of a VNC client. In ...)
@@ -293,73 +293,73 @@ CVE-2026-42790 (Improper Certificate Validation vulnerability in Erlang OTP publ
CVE-2026-42789 (Improper Following of a Certificate's Chain of Trust vulnerability in ...)
TODO: check
CVE-2026-42762 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42761 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42760 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42758 (Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42757 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42756 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42755 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42754 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42753 (Missing Authorization vulnerability in WC Lovers WCFM Membership wc-mu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42751 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42750 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42749 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42748 (Unrestricted Upload of File with Dangerous Type vulnerability in WPify ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42747 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42746 (Insertion of Sensitive Information Into Sent Data vulnerability in ZAY ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42745 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42744 (Improper Validation of Specified Quantity in Input vulnerability in Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42740 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42739 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42738 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42737 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42736 (Authorization Bypass Through User-Controlled Key vulnerability in word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42735 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42734 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42733 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42732 (Improper Validation of Specified Quantity in Input vulnerability in Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42731 (Incorrect Privilege Assignment vulnerability in miniOrange miniorange ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42730 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42729 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42728 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42727 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42726 (Missing Authorization vulnerability in Strategy11 Team AWP Classifieds ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42725 (Authorization Bypass Through User-Controlled Key vulnerability in WP W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-42553 (Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated atta ...)
TODO: check
CVE-2026-42459 (free5GC is an open-source implementation of the 5G core network. Prior ...)
@@ -465,27 +465,27 @@ CVE-2026-40811 (An unauthenticated remote attacker can exploit an unauthenticate
CVE-2026-40810 (An unauthenticated remote attacker can exploit an unauthenticated SQL ...)
TODO: check
CVE-2026-3897 (The Livemesh Addons for Beaver Builder plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3896 (The Livemesh SiteOrigin Widgets plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3895 (The WPBakery Page Builder Addons by Livemesh plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3676 (IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3623 (IBM Netezza Performance Server Replication Services 3.0.2.0 through 3. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3375 (The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3366 (IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-3349 (The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3348 (The MinhNhut Link Gateway plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3279 (The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-3001 (The Gutenverse plugin for WordPress is vulnerable to Reflected Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-38945 (Command injection in Raynet rvia version 12.6 Update 8 and previous ve ...)
TODO: check
CVE-2026-38931 (A stored cross-site scripting (XSS) vulnerability in the /admin/config ...)
@@ -529,25 +529,25 @@ CVE-2026-31266 (Craft CMS 5.9.5 and earlier contains a Missing Authorization vul
CVE-2026-30498 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in th ...)
TODO: check
CVE-2026-2607 (IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-2601 (GitLab has remediated an issue in GitLab EE affecting all versions fro ...)
TODO: check
CVE-2026-2288 (The myLinksDump plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2280 (The rexCrawler plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2237 (A use of get request method with sensitive query strings vulnerability ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2026-2030 (The WPBakery Page Builder Addons by Livemesh plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-23679 (libusb before version 1.0.30 contains a NULL pointer dereference vulne ...)
TODO: check
CVE-2026-1718 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2026-1402 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
TODO: check
CVE-2026-1248 (IBM Business Automation Workflow containers and traditionalmay leak in ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-70116 (A NULL pointer dereference in GPAC MP4Box: when parsing certain trunca ...)
TODO: check
CVE-2025-70103 (Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM im ...)
@@ -559,57 +559,57 @@ CVE-2025-68712 (SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows
CVE-2025-67903 (Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic sign ...)
TODO: check
CVE-2025-66593 (An origin validation error vulnerability in Synology Assistant before ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-66592 (An origin validation error vulnerability in Synology Active Backup for ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-52747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-41670 (A local user with low privileges may be able to influence the behavior ...)
TODO: check
CVE-2025-41669 (The Web-based Management allows a remote low privileged Engineer user ...)
TODO: check
CVE-2025-3633 (IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos T ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-30028 (A vulnerability in Active Backup for Business allows unauthorized remo ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-22741 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-14713 (An Exposed Dangerous Method or Function vulnerability in Synology C2 I ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-13593 (Origin validation error vulnerability in Synology ActiveProtect Agent ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-13392 (Improper check for unusual or exceptional conditions vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-13167 (Improper neutralization of input during web page generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-12686 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-10466 (Improper neutralization of input during web page generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2025-0898 (The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-56462 (IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a priv ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-47272 (Incorrect authorization vulnerability in IO Module functionality in Sy ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47271 (Insufficiently protected credentials vulnerability in IPSpeaker compon ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47270 (Improper preservation of permissions vulnerability in Archiving Push f ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47269 (Cleartext transmission of sensitive information vulnerability in Expor ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47268 (Missing authorization vulnerability in AddOns functionality in Synolog ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-47267 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2024-40684 (IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-28765 (IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-11399 (Files or directories accessible to external parties vulnerability in r ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2023-52945 (Uncontrolled search path element vulnerability in OpenSSL DLL componen ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2026-48736
- symfony 7.4.13+dfsg-1
NOTE: https://symfony.com/blog/cve-2026-48736-iputils-private-subnets-omits-ipv6-transition-forms-ssrf-bypass-in-noprivatenetworkhttpclient
@@ -388345,7 +388345,7 @@ CVE-2022-41661 (A vulnerability has been identified in JT2Go (All versions < V1
CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...)
NOT-FOR-US: Siemens
CVE-2022-41656 (Missing Authorization vulnerability in Bizswoop Account Manager for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2022-41655 (Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Ord ...)
NOT-FOR-US: WordPress plugin
CVE-2022-41650 (Missing Authorization vulnerability in Paul Custom Content by Country ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af48bc9f5fa3e09c920cd923629e546b600cd36
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4af48bc9f5fa3e09c920cd923629e546b600cd36
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/7b50b699/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list