[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 29 08:14:18 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0b3a3079 by security tracker role at 2026-05-29T07:14:12+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -255,7 +255,7 @@ CVE-2026-9873 (Use after free in Network in Google Chrome prior to 148.0.7778.21
CVE-2026-9872 (Out of bounds write in GPU in Google Chrome on Android prior to 148.0. ...)
TODO: check
CVE-2026-9714 (The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9646 (A reflected cross-site scripting issue exists in URL handling.)
TODO: check
CVE-2026-9645 (Exposed methods allow authenticated users to create and execute arbitr ...)
@@ -269,29 +269,29 @@ CVE-2026-9038 (A stack-based buffer overflow vulnerability in the charging contr
CVE-2026-9037 (A firmware update mechanism in the affected charging controller fails ...)
TODO: check
CVE-2026-8995 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8809 (The Advanced Custom Fields: Extended plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8732 (The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escala ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8070 (Incorrect permission assignment for a critical resource in Armoury Cra ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-7480 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2026-7430 (The Post Snippets plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-6892 (Improper handling of symbolic links in the installer of CUPS Printer D ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-6891 (Improper handling of symbolic links in the installer of My Image Garde ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2026-6816 (An access bypass vulnerability in Drupal TFA Basic Plugins allows user ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-6324 (A flaw was found in libsoup. A remote attacker could exploit an unsign ...)
TODO: check
CVE-2026-6275 (The StatCounter \u2013 Free Real Time Visitor Stats plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5343 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2026-49299 (In OpenStack Neutron before 28.0.1, the tagging controller enforces pl ...)
TODO: check
CVE-2026-49130 (Music Player Daemon (MPD) before version 0.24.11 contains a CRLF injec ...)
@@ -313,27 +313,27 @@ CVE-2026-48116 (AnythingLLM is an application that turns pieces of content into
CVE-2026-47713 (AnythingLLM is an application that turns pieces of content into contex ...)
TODO: check
CVE-2026-46843 (Vulnerability in Oracle REST Data Services (component: Core). Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46842 (Vulnerability in Oracle REST Data Services (component: Core). Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46841 (Vulnerability in Oracle REST Data Services (component: General). Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46840 (Vulnerability in Oracle REST Data Services (component: Backend-as-a-Se ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46839 (Vulnerability in Oracle REST Data Services (component: Core). Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46837 (Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Bus ...)
TODO: check
CVE-2026-46835 (Vulnerability in the Net Service component of Oracle Database Server. ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46834 (Vulnerability in the Net Service component of Oracle Database Server. ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46833 (Vulnerability in the Net Service component of Oracle Database Server. ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46830 (Vulnerability in Oracle REST Data Services (component: Mongoapi). Sup ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46829 (Vulnerability in Oracle REST Data Services (component: Mongoapi). Sup ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46828 (Vulnerability in the Oracle Payroll product of Oracle E-Business Suite ...)
TODO: check
CVE-2026-46827 (Vulnerability in the Oracle Payroll product of Oracle E-Business Suite ...)
@@ -341,7 +341,7 @@ CVE-2026-46827 (Vulnerability in the Oracle Payroll product of Oracle E-Business
CVE-2026-46826 (Vulnerability in the Oracle Payroll product of Oracle E-Business Suite ...)
TODO: check
CVE-2026-46824 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-46823 (Vulnerability in the Oracle Public Sector Financials (International) p ...)
TODO: check
CVE-2026-46822 (Vulnerability in the Oracle iAssets product of Oracle E-Business Suite ...)
@@ -357,7 +357,7 @@ CVE-2026-46818 (Vulnerability in the Oracle Payments product of Oracle E-Busines
CVE-2026-46817 (Vulnerability in the Oracle Payments product of Oracle E-Business Suit ...)
TODO: check
CVE-2026-46775 (Vulnerability in Oracle REST Data Services (component: Core). Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-45410 (TREK is a collaborative travel planner. Prior to 3.0.18, early return ...)
TODO: check
CVE-2026-45403 (AnythingLLM is an application that turns pieces of content into contex ...)
@@ -415,11 +415,11 @@ CVE-2026-41897 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. F
CVE-2026-39929 (Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0 ...)
TODO: check
CVE-2026-35277 (Vulnerability in Oracle REST Data Services (component: Core). Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-35266 (Vulnerability in Oracle REST Data Services (component: Core). Support ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-34311 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2026-33590 (Insecure default settings of Portainer CE grant regular (non-admin) us ...)
TODO: check
CVE-2026-33464 (Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to a de ...)
@@ -431,7 +431,7 @@ CVE-2026-33462 (A path traversal vulnerability was identified in Kibana's dashbo
CVE-2026-32847 (DeepCode through commit c991dc2 contains a path traversal vulnerabilit ...)
TODO: check
CVE-2026-2128 (The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10044 (Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary fil ...)
TODO: check
CVE-2026-10028 (A flaw was found in glib-networking. A remote attacker can exploit thi ...)
@@ -483,9 +483,9 @@ CVE-2026-10001 (Use after free in PerformanceManager in Google Chrome prior to 1
CVE-2026-10000 (Use after free in Passwords in Google Chrome on Windows prior to 148.0 ...)
TODO: check
CVE-2025-14042 (The Automotive Car Dealership Business WordPress Theme for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11993 (The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-48756
- incus 7.0.0-2
[trixie] - incus <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3a30796cad7b5569d83df1f3cbcacc64e71cc4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0b3a30796cad7b5569d83df1f3cbcacc64e71cc4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/3c494fc8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list