Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9038eb69 by security tracker role at 2026-02-18T20:14:47+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,27 +21,27 @@ CVE-2026-2654 (A weakness has been identified in
huggingface smolagents 1.24.0.
CVE-2026-2653 (A security flaw has been discovered in admesh up to 0.98.5.
This issue ...)
TODO: check
CVE-2026-2507 (When BIG-IP AFM or BIG-IP DDoS is provisioned, undisclosed
traffic can ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-2495 (The WPNakama \u2013 Team and multi-Client Collaboration,
Editorial and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2464 (Path traversal vulnerability in the AMR Printer Management 1.01
Beta w ...)
TODO: check
CVE-2026-2426 (The WP-DownloadManager plugin for WordPress is vulnerable to
Path Trav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2386 (The The Plus Addons for Elementor \u2013 Addons for Elementor,
Page Te ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2329 (An unauthenticated stack-based buffer overflow vulnerability
exists in ...)
TODO: check
CVE-2026-2230 (The Booking Calendar plugin for WordPress is vulnerable to
Insecure Di ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2127 (The SiteOrigin Widgets Bundle plugin for WordPress is
vulnerable to un ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-2126 (The User Submitted Posts \u2013 Enable Users to Submit Posts
from the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-27100 (Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run
Paramet ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-27099 (Jenkins 2.483 through 2.550 (both inclusive), LTS 2.492.1
through 2.54 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2026-25500 (Rack is a modular Ruby web server interface. Prior to versions
2.2.22, ...)
TODO: check
CVE-2026-23491 (InvoicePlane is a self-hosted open source application for
managing inv ...)
@@ -49,27 +49,27 @@ CVE-2026-23491 (InvoicePlane is a self-hosted open source
application for managi
CVE-2026-22860 (Rack is a modular Ruby web server interface. Prior to versions
2.2.22, ...)
TODO: check
CVE-2026-20144 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7,
9.3.8, and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20142 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7,
9.3.9, and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20141 (In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and
9.3.9, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20139 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8,
9.3.9, and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20138 (In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7,
9.3.9, and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20137 (In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5,
9.3.7, and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-1942 (The Blog2Social: Social Media Auto Post & Scheduler plugin for
WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1941 (The WP Event Aggregator plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1656 (The Business Directory Plugin for WordPress is vulnerable to
authoriza ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1649 (The Community Events plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1582 (The WP All Export plugin for WordPress is vulnerable to
Sensitive Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1441 (Reflected Cross-Site Scripting (XSS) vulnerability in the
Graylog Web ...)
TODO: check
CVE-2026-1440 (Reflected Cross-Site Scripting (XSS) vulnerability in the
Graylog Web ...)
@@ -85,17 +85,17 @@ CVE-2026-1436 (Improper Access Control (IDOR) in the
Graylog API, version 2.2.3,
CVE-2026-1435 (Not properly invalidated session vulnerability in Graylog Web
Interfac ...)
TODO: check
CVE-2026-1426 (The Advanced AJAX Product Filters plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1404 (The Ultimate Member \u2013 User Profile, Registration, Login,
Member D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-1317 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-0875 (A maliciously crafted MODEL file, when parsed through certain
Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2026-0874 (A maliciously crafted CATPART file, when parsed through certain
Autode ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-8781 (The Bookster \u2013 WordPress Appointment Booking Plugin plugin
for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8308 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-7630 (Improper Restriction of Excessive Authentication Attempts,
Improper Au ...)
@@ -103,27 +103,27 @@ CVE-2025-7630 (Improper Restriction of Excessive
Authentication Attempts, Improp
CVE-2025-70998 (UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was
discovered t ...)
TODO: check
CVE-2025-70152 (code-projects Community Project Scholars Tracking System 1.0
is vulner ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-70151 (code-projects Scholars Tracking System 1.0 allows an
authenticated att ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-70150 (CodeAstro Membership Management System 1.0 contains a missing
authenti ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-70149 (CodeAstro Membership Management System 1.0 is vulnerable to
SQL Inject ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-70148 (Missing authentication and authorization in
print_membership_card.php ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2025-70147 (Missing authentication in /admin/student.php and
/admin/teacher.php in ...)
TODO: check
CVE-2025-70146 (Missing authentication in multiple administrative action
scripts under ...)
TODO: check
CVE-2025-70141 (SourceCodester Customer Support System 1.0 contains an
incorrect acces ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-70064 (PHPGurukul Hospital Management System v4.0 contains a
Privilege Escala ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-70063 (The 'Medical History' module in PHPGurukul Hospital Management
System ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-70062 (PHPGurukul Hospital Management System v4.0 contains a
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-69287 (The BSV Blockchain SDK is a unified TypeScript SDK for
developing scal ...)
TODO: check
CVE-2025-65791 (ZoneMinder v1.36.34 is vulnerable to Command Injection in
web/views/im ...)
@@ -133,47 +133,47 @@ CVE-2025-65519 (mayswind ezbookkeeping versions 1.2.0 and
earlier contain a crit
CVE-2025-61982 (An arbitrary code execution vulnerability exists in the Code
Stream di ...)
TODO: check
CVE-2025-60038 (A vulnerabilityhas been identified in Rexroth IndraWorks. This
flaw al ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2025-60037 (A vulnerabilityhas been identified in Rexroth IndraWorks. This
flaw al ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2025-60036 (A vulnerability has been identified in the UA.Testclient
utility, whic ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2025-60035 (A vulnerabilityhas been identified in the OPC.Testclient
utility, whic ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2025-59920 (When hours are entered in time@work, version 7.0.5, it
performs a quer ...)
TODO: check
CVE-2025-33253 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33252 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33251 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33250 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33249 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in a ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33246 (NVIDIA NeMo Framework for all platforms contains a
vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33245 (NVIDIA NeMo Framework contains a vulnerability where malicious
data co ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33243 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33241 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33240 (NVIDIA Megatron Bridge contains a vulnerability in a data
shuffling tu ...)
TODO: check
CVE-2025-33239 (NVIDIA Megatron Bridge contains a vulnerability in a data
merging tuto ...)
TODO: check
CVE-2025-33236 (NVIDIA NeMo Framework contains a vulnerability where malicious
data cr ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-15579 (Deserialization of Untrusted Data vulnerability in
OpenText\u2122 Dire ...)
- TODO: check
+ NOT-FOR-US: OpenText
CVE-2025-14799 (The Brevo - Email, SMS, Web Push, Chat, and more. plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14444 (The RegistrationMagic \u2013 Custom Registration Forms, User
Registrat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14340 (Cross-site scripting in REST Management Interface in Payara
Server <4. ...)
- TODO: check
+ NOT-FOR-US: Payara
CVE-2025-14009 (A critical vulnerability exists in the NLTK downloader
component of nl ...)
TODO: check
CVE-2025-13965
@@ -181,11 +181,11 @@ CVE-2025-13965
CVE-2025-13933
REJECTED
CVE-2025-13727 (The Video Share VOD \u2013 Turnkey Video Site Builder Script
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13602
REJECTED
CVE-2025-11185 (The Complianz \u2013 GDPR/CCPA Cookie Consent plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-23230 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
{DSA-6141-1}
- linux 6.18.12-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9038eb6940d746e4af5c020adcc15d9577ce5b78
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9038eb6940d746e4af5c020adcc15d9577ce5b78
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
