Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f672727 by security tracker role at 2026-06-26T07:14:06+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2026-8720 (wc_Blake2bHmacFinal and wc_Blake2sHmacFinal
discard the message w
CVE-2026-8661 (Server-Side Cross-Site Scripting and Server-Side Request
Forgery vulne ...)
TODO: check
CVE-2026-8380 (The Frontend File Manager Plugin WordPress plugin through 23.6
does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-7532 (iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is
not defi ...)
TODO: check
CVE-2026-7531 (Use-after-free in PQC hybrid key-share handling. This is an
incomplete ...)
@@ -121,7 +121,7 @@ CVE-2026-13282 (Use after free in Payments in Google Chrome
on Android prior to
CVE-2026-13281 (Integer overflow in Mojo in Google Chrome prior to
149.0.7827.201 allo ...)
TODO: check
CVE-2026-13226 (The Groundhogg \u2014 CRM, Newsletters, and Marketing
Automation plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13218 (A flaw was found in KubeVirt's virt-handler network cache
handling. Th ...)
TODO: check
CVE-2026-13083 (A flaw was found in the Pen Drive report generator.
Cluster-sourced da ...)
@@ -143,9 +143,9 @@ CVE-2026-11703 (Missing SNI/ALPN binding on stateful
(session-ID) resumption, wh
CVE-2026-11310 (X.509 trust-chain bypass in the OpenSSL compatibility
certificate veri ...)
TODO: check
CVE-2026-10835 (The SALESmanago & Leadoo WordPress plugin before 3.11.3 does
not prope ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10823 (The YMC Filter WordPress plugin before 3.11.3 does not
properly author ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-10592 (Certificates with wildcard DNS SANs (e.g. *.example.com)
bypassed CA n ...)
TODO: check
CVE-2026-10512 (The X25519 x86_64 assembly implementation fails to clear the
most sign ...)
@@ -177,11 +177,11 @@ CVE-2025-60465 (A use-after-free in the
gf_filter_pid_inst_swap function (/filte
CVE-2025-60464 (A use-after-free in the gf_sei_load_from_state_internal
function (/fil ...)
TODO: check
CVE-2025-10268 (The Printcart Web to Print Product Designer for WooCommerce
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-47987 (Parse Server before 4.10.0 was affected by a supply chain
incident in ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2021-47986 (Parse Server before 4.10.0 contains a supply chain
vulnerability where ...)
- TODO: check
+ NOT-FOR-US: Parse Server
CVE-2020-37256 (Grav before 1.6.30 contains a cross-site scripting
vulnerability in th ...)
TODO: check
CVE-2026-48750
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f672727cc669b30348a7125e35155aaa3700c1f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f672727cc669b30348a7125e35155aaa3700c1f
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits