Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6f96cc5c by security tracker role at 2026-06-26T19:14:38+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,17 +11,17 @@ CVE-2026-5757 (Unauthenticated remote information
disclosure vulnerability in Ol
CVE-2026-57940 (HTMLy 3.1.1 contains a Server-Side Request Forgery (SSRF)
vulnerabilit ...)
TODO: check
CVE-2026-57926 (In JetBrains YouTrack before 2026.2.16593 the websandbox
bridge was vu ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-57925 (In JetBrains YouTrack before 2026.2.16593 improper access
control allo ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-57924 (In JetBrains YouTrack before 2026.2.16593 default role
configuration e ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-57923 (In JetBrains YouTrack before 2026.2.16593 improper
authorisation in th ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-57922 (In JetBrains YouTrack before 2026.2.16593 project settings
disclosure ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-57921 (In JetBrains YouTrack before 2026.2.16593 improper access
control allo ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-57920 (Peplink InControl 2 through 2.14.2 before 2026-06-03 allows
use of a s ...)
TODO: check
CVE-2026-57918 (libnfs through 6.0.2 before 935b8db has an xid integer
underflow in RE ...)
@@ -55,91 +55,91 @@ CVE-2026-57873 (An unauthenticated NULL pointer dereference
vulnerability exists
CVE-2026-57872 (An unauthenticated directory traversal vulnerability exists in
get_fco ...)
TODO: check
CVE-2026-57667 (Sales Representative SQL Injection in Groundhogg <= 4.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57665 (Unauthenticated Insecure Direct Object References (IDOR) in
GravityVie ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57664 (Unauthenticated Sensitive Data Exposure in Bopo \u2013
WooCommerce Pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57663 (Contributor SQL Injection in Recipe Maker For Your Food Blog
from Zip ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57662 (Contributor SQL Injection in Contest Gallery <= 30.0.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57661 (Subscriber Broken Access Control in WPComplete <= 2.9.5.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57660 (Unauthenticated Broken Access Control in Booking and Rental
Manager <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57659 (Unauthenticated Cross Site Request Forgery (CSRF) in Paid
Memberships ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57658 (Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57657 (Unauthenticated Cross Site Request Forgery (CSRF) in Gmail
SMTP <= 1.2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57656 (Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57655 (Unauthenticated Cross Site Request Forgery (CSRF) in Child
Theme Wizar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57654 (Affiliate Broken Access Control in Affiliates Manager <=
2.9.49 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57653 (Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57652 (Unauthenticated Insecure Direct Object References (IDOR) in JS
Help De ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57651 (Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57650 (Contributor Cross Site Scripting (XSS) in Magazine Blocks <=
1.8.3 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57649 (Subscriber Broken Access Control in Shoppable Images Lite <=
1.3 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57648 (Contributor Broken Access Control in Nelio Content <= 4.3.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57647 (Contributor Local File Inclusion in Panorama Viewer \u2013 360
Degree ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57646 (Subscriber Insecure Direct Object References (IDOR) in
Majestic Suppor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57645 (newsletters_subscribers Broken Access Control in Newsletters
<= 4.13 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57644 (Contributor SQL Injection in Restaurant Menu by MotoPress <=
2.4.10 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57643 (Contributor SQL Injection in WP Post Author <= 3.9.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57642 (Contributor SQL Injection in Gallery <= 4.7.8 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57641 (Unauthenticated Cross Site Request Forgery (CSRF) in Real
Estate 7 <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57640 (Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57638 (Contributor Cross Site Scripting (XSS) in Fluent Booking <=
2.1.0 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57637 (Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned
Cart Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57636 (Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57635 (Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit
Payment ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57634 (Contributor Insecure Direct Object References (IDOR) in PPWP
<= 1.9.19 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57633 (Unauthenticated Sensitive Data Exposure in WCBoost –
Products Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57632 (Subscriber Broken Access Control in Email Marketing for
WooCommerce by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57631 (Administrator SQL Injection in Popup box <= 6.0.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57630 (Unauthenticated Insecure Direct Object References (IDOR) in
Blocksy Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57629 (Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57628 (Administrator SQL Injection in WP All Import <= 4.0.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57627 (Subscriber Server Side Request Forgery (SSRF) in Kirki <=
6.0.11 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57622 (Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57620 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57618 (Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57617 (Contributor Cross Site Scripting (XSS) in SeedProd Pro <
6.19.5 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57527 (Zed Attack Proxy (ZAP) ViewState add-on before version 4
contains an i ...)
TODO: check
CVE-2026-57518 (Pagekit CMS 1.0.18 contains a privilege escalation
vulnerability that ...)
@@ -147,35 +147,35 @@ CVE-2026-57518 (Pagekit CMS 1.0.18 contains a privilege
escalation vulnerability
CVE-2026-57473 (A vulnerability exists in the netclient and factory services
of Reolin ...)
TODO: check
CVE-2026-57431 (Author Cross Site Scripting (XSS) in Featured Image <= 2.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57430 (Contributor Broken Access Control in SEOPress PRO <= 9.1.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57325 (Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57324 (Unauthenticated Broken Access Control in GIFT4U <= 1.0.10
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57323 (Unauthenticated Broken Access Control in Flash & HTML5 Video
<= 2.11.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57322 (Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57321 (Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57319 (Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57318 (Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57317 (Unauthenticated Cross Site Scripting (XSS) in Simply Schedule
Appointm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57316 (Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57315 (Contributor Remote Code Execution (RCE) in Blocksy Companion
Pro <= 2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57314 (Unauthenticated Cross Site Scripting (XSS) in SureCart <=
4.3.2 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57313 (Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57312 (Unauthenticated Cross Site Scripting (XSS) in Everest Forms <=
3.4.8 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57231 (Podman is a tool for managing OCI containers and pods. From
1.8.1 unti ...)
TODO: check
CVE-2026-56876 (extract-zip does not validate symlink targets when extracting
zip arch ...)
@@ -187,85 +187,85 @@ CVE-2026-56773 (Teable's v2 REST API controller lacks
@Permissions metadata on O
CVE-2026-56663 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
TODO: check
CVE-2026-56072 (Unauthenticated Cross Site Scripting (XSS) in WoodMart <=
8.5.3 versio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56070 (Unauthenticated SQL Injection in Advance Product Search <=
1.4.4 versi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56069 (Unauthenticated Insecure Direct Object References (IDOR) in
Toolset Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56068 (Unauthenticated SQL Injection in JetEngine <= 3.8.10.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56067 (Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56066 (Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive
Images ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56064 (Subscriber SQL Injection in Tourfic <= 2.22.5 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56063 (Unauthenticated Broken Access Control in MailChimp Block <=
1.1.15 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56062 (Unauthenticated SQL Injection in Quotes llama <= 3.1.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56061 (Unauthenticated Broken Access Control in Subscriptions for
WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56060 (Unauthenticated Sensitive Data Exposure in Print Invoice &
Delivery No ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56059 (Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56058 (Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56057 (Subscriber PHP Object Injection in Uncanny Automator Pro <=
7.3.0.6 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56055 (Subscriber PHP Object Injection in RealHomes <= 4.5.3
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56048 (Unauthenticated Insecure Direct Object References (IDOR) in
Payment Ga ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56047 (Unauthenticated Cross Site Scripting (XSS) in perfmatters <=
2.6.3 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56046 (Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56045 (Unauthenticated Cross Site Scripting (XSS) in Automatic <
3.135.1 vers ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56044 (Unauthenticated Cross Site Scripting (XSS) in Blog2Social <=
8.9.2 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56043 (Unauthenticated Cross Site Scripting (XSS) in Customer Reviews
for Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56041 (Unauthenticated Cross Site Scripting (XSS) in Responsive
Lightbox <= 2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56040 (Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form
<= 2.4.7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56039 (Unauthenticated Cross Site Scripting (XSS) in Quick Interest
Slider <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56038 (Contributor Privilege Escalation in Frisbii Pay <= 1.8.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56036 (Unauthenticated SQL Injection in
\uc6cc\ub4dc\ud504\ub808\uc2a4 \uacb0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56035 (Unauthenticated Multiple Vulnerabilities in BitFire Security
<= 5.0.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56034 (Unauthenticated SQL Injection in Library Management System <=
3.5.7 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56033 (Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56032 (Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56031 (Unauthenticated PHP Object Injection in Uncanny Automator <=
7.3.1.2 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56030 (Unauthenticated Privilege Escalation in Paytium <= 5.0.2
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56029 (Unauthenticated Broken Authentication in CorvusPay WooCommerce
Payment ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56028 (Unauthenticated Privilege Escalation in Easy Elements for
Elementor &# ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56027 (Customer Arbitrary File Upload in Booster for WooCommerce <=
8.0.1 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56026 (Subscriber Server Side Request Forgery (SSRF) in utm.codes <=
1.9.0 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56025 (Unauthenticated Broken Access Control in Paymob for
WooCommerce <= 4.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56011 (Unauthenticated Cross Site Scripting (XSS) in MapPress Maps
for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56010 (Subscriber Privilege Escalation in Abandoned Cart Pro for
WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56008 (Contributor Privilege Escalation in Fusion Builder <= 3.15.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-55686 (Podman is a tool for managing OCI containers and pods. From
3.0.0 unti ...)
TODO: check
CVE-2026-55677 (Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's
router a ...)
@@ -275,35 +275,35 @@ CVE-2026-55448 (mise manages dev tools like node, python,
cmake, and terraform.
CVE-2026-55441 (mise manages dev tools like node, python, cmake, and
terraform. Prior ...)
TODO: check
CVE-2026-54847 (Unauthenticated Broken Access Control in Stylish Cost
Calculator <= 8. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54846 (Unauthenticated Broken Access Control in Syncee Premium
Dropshipping & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54840 (Unauthenticated Broken Access Control in Newsletters <= 4.13
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54839 (Unauthenticated Sensitive Data Exposure in Trinity Backup
– Back ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54837 (Unauthenticated Broken Access Control in Intranet &
Private Site & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54835 (Unauthenticated Broken Access Control in Five Star Restaurant
Menu <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54834 (Unauthenticated Sensitive Data Exposure in Object Cache 4
everyone <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54833 (Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54832 (Unauthenticated Broken Access Control in Gutenverse Companion
<= 2.5.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54831 (Unauthenticated SQL Injection in GeoDirectory <= 2.8.162
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54827 (Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54826 (Subscriber Insecure Direct Object References (IDOR) in
SupportCandy <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54825 (Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54824 (Unauthenticated Sensitive Data Exposure in Ads by WPQuads <=
3.0.3 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54820 (Unauthenticated SQL Injection in JetBooking <= 4.0.4.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-54753 (Nx is a monorepo solution for TypeScript and polyglot
codebases. From ...)
TODO: check
CVE-2026-54636 (Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron
plugin utili ...)
@@ -313,9 +313,9 @@ CVE-2026-54557 (mise manages dev tools like node, python,
cmake, and terraform.
CVE-2026-54341 (Dragonfly is an in-memory data store built for modern
application work ...)
TODO: check
CVE-2026-53914 (In JetBrains Kotlin before 2.4.20 code execution was possible
via unsa ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2026-52701 (Unauthenticated Broken Access Control in User Registration <=
5.2.2 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-4339 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3,
11.5.x <= 1 ...)
TODO: check
CVE-2026-49486 (The Apache Airflow FTP provider's `FTPSHook.get_conn()`
created an `ft ...)
@@ -367,11 +367,11 @@ CVE-2026-45257 (The KTLS receive path decrypted each
record in place, assuming t
CVE-2026-45256 (When used to deliver a signal to a specific thread,
thr_kill2(2) calle ...)
TODO: check
CVE-2026-45195 (Kernel software installed and running inside a Host VM may
post improp ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-44018 (Docling simplifies document processing by parsing diverse
formats and ...)
TODO: check
CVE-2026-40711 (Dell Dell Container Storage Modules, version(s) csi-powerstore
v2.16.0 ...)
- TODO: check
+ NOT-FOR-US: Dell / EMC
CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3,
11.5.x <= 1 ...)
TODO: check
CVE-2026-33646 (mise manages dev tools like node, python, cmake, and
terraform. Prior ...)
@@ -381,21 +381,21 @@ CVE-2026-30041 (An integer overflow in the PSD parser
compnent of FastStone Imag
CVE-2026-30040 (A heap overflow in the FSViewer.exe process of FastStone Image
Viewer ...)
TODO: check
CVE-2026-2053 (The WSO2 API Manager's message flow component, when processing
WS-Addr ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2026-28385 (In Canonical LXD versions 4.12 through 6.9, a Server-Side
Request Forg ...)
TODO: check
CVE-2026-24547 (Unauthenticated Broken Access Control in SiteGround Email
Marketing <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-21734 (A web page that contains unusual GPU shader code is loaded
into the GP ...)
- TODO: check
+ NOT-FOR-US: Imagination Technologies
CVE-2026-1869 (The User Registration & Membership \u2013 Free & Paid
Memberships, Sub ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-13434 (A flaw was found in KubeVirt's network annotation generator.
When a te ...)
TODO: check
CVE-2026-13426 (The Mattermost Go module
github.com/mattermost/mattermost/server/publi ...)
TODO: check
CVE-2026-13372 (Incorrect link resolution by display name in the custom
PowerShell VPN ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-13325 (A flaw was found in KubeVirt's migration proxy. When
spec.configuratio ...)
TODO: check
CVE-2026-12411 (Broken Access Control in the devLXDInstancePatchHandler
component of C ...)
@@ -409,31 +409,31 @@ CVE-2026-0685 (Server side template inject (SSTI) in the
expression evaluation c
CVE-2025-7958 (A Code Injection vulnerability existed in Trellix Network
Security CM ...)
TODO: check
CVE-2025-68075 (Contributor Cross Site Scripting (XSS) in BNE Testimonials <=
2.0.8 ve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68074 (Contributor Cross Site Scripting (XSS) in Image Carousel <=
1.0.0.41 v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68064 (Contributor Local File Inclusion in Goya Core < 1.0.9.4
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68063 (Contributor Local File Inclusion in Splash - Sport Club
WordPress Them ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68052 (Unauthenticated Cross Site Request Forgery (CSRF) in Eagle
Booking <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66123 (Unauthenticated Insecure Direct Object References (IDOR) in
BookPro <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64637 (Unauthenticated Content Injection in Auros Core <= 5.3.1
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64636 (Unauthenticated Broken Access Control in Donation Thermometer
<= 2.2.7 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64152 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-63079 (Contributor Broken Access Control in Live Copy Paste for
Elementor <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63078 (Subscriber Broken Access Control in Restaurant Menu by
MotoPress <= 2. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-63041 (Contributor Broken Access Control in Forget About Shortcode
Buttons <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-55017 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-32423 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
TODO: check
CVE-2025-32394 (AutoGPT is a workflow automation platform for creating,
deploying, and ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f96cc5cf707c5c4d95e3476356dbd27ff42a24b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f96cc5cf707c5c4d95e3476356dbd27ff42a24b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits