Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f05232e7 by security tracker role at 2026-06-24T07:14:11+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,65 +1,65 @@
CVE-2026-9724 (The MotorDesk plugin for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9721 (The Book a Room Event Calendar plugin for WordPress is
vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9710 (The Cornerstone WordPress plugin before 7.8.8 does not enforce
capabil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9709 (The Cornerstone WordPress plugin before 7.8.9 does not enforce
capabil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9643 (The WP Meta SEO plugin for WordPress is vulnerable to
Unauthenticated ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9620 (The WP Latest Posts plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9619 (The Reviews and Rating \u2013 Docplanner plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9616 (The Generate Security.txt plugin for WordPress is vulnerable to
author ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9612 (The WhatsOrder \u2013 Instant Checkout for WooCommerce plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9539 (An out-of-bounds heap read and integer underflow in the TCP
urgent dat ...)
TODO: check
CVE-2026-9184 (The 24liveblog - live blog tool plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9183 (The 24liveblog - live blog tool plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9179 (The WP Forms Connector plugin for WordPress is vulnerable to
SQL Injec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9178 (The WP Forms Connector plugin for WordPress is vulnerable to
Informati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9175 (The Devs Accounting \u2013 Simple Accounting and Invoicing
Solution pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9172 (The Devs Accounting \u2013 Simple Accounting and Invoicing
Solution pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-9073 (A flaw was found in foreman-mcp-server. This component utilizes
two di ...)
TODO: check
CVE-2026-8905 (The Osiris Signature Banner plugin for WordPress is vulnerable
to Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8896 (The MIR blocks and shortcodes plugin for WordPress is
vulnerable to St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8865 (The Avalon23 Products Filter for WooCommerce plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8705 (The ClearSale Total plugin for WordPress is vulnerable to SQL
Injectio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8690 (The RentMy Real-Time Rental Management Plugin plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8688 (The Advance Nav Menu Manager plugin for WordPress is vulnerable
to aut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8628 (The EntreDroppers plugin for WordPress is vulnerable to
Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8622 (The Image Sizes on Demand plugin for WordPress is vulnerable to
Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8617 (The SearchPlus plugin for WordPress is vulnerable to
unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-8614 (The Assistio plugin for WordPress is vulnerable to unauthorized
modifi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7617 (The Secufor_OAuth plugin for WordPress is vulnerable to
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7574 (Anthropic Claude Desktop Cowork VM image handling (confirmed
across v1 ...)
TODO: check
CVE-2026-6458 (Missing cryptographic step in Caliptra Core Firmware
(aes_256_gcm_upda ...)
TODO: check
CVE-2026-6292 (The MP Customize Login Page plugin for WordPress is vulnerable
to Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-5818 (Incorrect check of function return value in Caliptra Core
Runtime Firm ...)
TODO: check
CVE-2026-56785 (FlatPress versions prior to commit 10be83c, contains a stored
cross-si ...)
@@ -115,7 +115,7 @@ CVE-2026-53622 (Traefik is an HTTP reverse proxy and load
balancer. Prior to 3.7
CVE-2026-50193 (jackson-databind contains the general-purpose data-binding
functionali ...)
TODO: check
CVE-2026-4297 (The Welcome Software Publishing plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-48493 (Snipe-IT is an IT asset/license management system. In versions
prior t ...)
TODO: check
CVE-2026-48491 (Traefik is an HTTP reverse proxy and load balancer. From 3.7.0
until 3 ...)
@@ -175,7 +175,7 @@ CVE-2026-45792 (rtk filters and compresses command outputs
before they reach you
CVE-2026-41862 (Spring Statemachine's Kryo-based persistence backends (JPA,
MongoDB, R ...)
TODO: check
CVE-2026-3652 (The ARForms plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-39253 (An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker
to execut ...)
TODO: check
CVE-2026-23513 (FOSSBilling is a free, open-source billing and client
management syste ...)
@@ -207,23 +207,23 @@ CVE-2026-12486 (Multiple OS command injection
vulnerabilities exist in the libNe
CVE-2026-12485 (GV-I/O Box 4E is a smart embedded device with 4 input and 4
relays out ...)
TODO: check
CVE-2026-12417 (The SignUp & SignIn plugin for WordPress is vulnerable to
Authenticati ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12416 (The Invoice Generator plugin for WordPress is vulnerable to
Account Ta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12164 (Fortra File Integrity Monitoring (FIM), formerly Tripwire
Enterprise, ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2026-12163 (Fortra File Integrity Monitoring (FIM), formerly Tripwire
Enterprise, ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2026-12112 (A flaw was found in the foreman-mcp-server. A session
management vulne ...)
TODO: check
CVE-2026-12100 (The URL Preview plugin for WordPress is vulnerable to
Server-Side Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12095 (The Kargo Takip plugin for WordPress is vulnerable to
Server-Side Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-12094 (The Advanced Contact Form 7 - Compact DB plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11997 (The Bulk SEO Image plugin for WordPress is vulnerable to
Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11972 (When using the "tarfile" module with a file opened in
"streaming mode" ...)
TODO: check
CVE-2026-11820 (Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM \u2014
AV:N/AC: ...)
@@ -233,23 +233,23 @@ CVE-2026-11819 (Module: plugins/modules/keyring_info.py
CVSS 3.1: 5.5 MEDIUM \
CVE-2026-11807 (A missing authorization vulnerability was found in the
Event-Driven An ...)
TODO: check
CVE-2026-11614 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-11370 (The WP Meta SEO plugin for WordPress is vulnerable to
Server-Side Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10753 (The Site Kit by Google WordPress plugin before 1.176.0 does
not prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10749 (The Post Duplicator WordPress plugin before 3.0.15 does not
safely han ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10735 (Multiple Shapedsmart-post-show-pro WordPress plugin before
4.0.2, Real ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10552 (The Blue Captcha plugin for WordPress is vulnerable to
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10531 (The AI Share & Summarize WordPress plugin before 2.0.4 does
not saniti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10092 (The Cincopa video and media plug-in plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10091 (The Email JavaScript Cloak plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-64105 (FOSSBilling is a billing and client management system that
automates i ...)
TODO: check
CVE-2026-8286
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f05232e732cf34f4e234a2775cdcadd318d18966
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f05232e732cf34f4e234a2775cdcadd318d18966
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits