Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d70e4190 by security tracker role at 2026-06-29T19:14:24+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2026-9267 (Eclipse tinydtls before
commitb3efd41ad111a4920f599f51ffa4f5e9f1e72221 ...)
TODO: check
CVE-2026-9105 (An authenticated stack-based buffer overflow vulnerability
exists in t ...)
- TODO: check
+ NOT-FOR-US: TPLink
CVE-2026-58000 (luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e,
contains a ...)
TODO: check
CVE-2026-57999 (luci-app-tailscale-community contains a command injection
vulnerabilit ...)
@@ -47,47 +47,47 @@ CVE-2026-57943 (LibrePhotos before 1.0.0 contains a broken
object level authoriz
CVE-2026-57942 (LibreTranslate through 1.9.7, fixed in commit 397fd22,
contains an IP ...)
TODO: check
CVE-2026-57676 (Authorization Bypass Through User-Controlled Key vulnerability
in Matt ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57525
REJECTED
CVE-2026-57523
REJECTED
CVE-2026-57346 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57341 (Unauthenticated Insecure Direct Object References (IDOR) in
Colissimo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57340 (Unauthenticated Broken Access Control in Japanized For
WooCommerce <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57339 (Unauthenticated Broken Access Control in Business Directory <=
6.4.23 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57338 (Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2
version ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57337 (Unauthenticated Cross Site Scripting (XSS) in Landing Page
Builder <= ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57336 (Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2
versions ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57335 (Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57334 (Unauthenticated Broken Access Control in WP User Frontend <=
4.3.7 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57333 (Unauthenticated Cross Site Scripting (XSS) in Link Whisper
Free <= 0.9 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57332 (Subscriber Broken Access Control in Wallet System for
WooCommerce <= 2 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57331 (Performer Arbitrary File Deletion in Paid Videochat Turnkey
Site <= 7. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57330 (Subscriber Cross Site Scripting (XSS) in MasterStudy LMS <=
3.7.27 ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57329 (Subscriber Cross Site Scripting (XSS) in WooCommerce Designer
Pro <= 1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57328 (Subscriber Cross Site Scripting (XSS) in Business Directory <=
6.4.22 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57327 (Subscriber Broken Access Control in MainWP <= 6.1.1 versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57326 (Unauthenticated Cross Site Scripting (XSS) in Business
Directory <= 6. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-57320 (Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8
versions.)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2026-56783 (Parseable before 2.9.2 contains an information disclosure
vulnerabilit ...)
TODO: check
CVE-2026-56782 (Gorse before 0.5.10 contains an authentication bypass
vulnerability in ...)
@@ -97,9 +97,9 @@ CVE-2026-56781 (Teable before 2026-06-15T04-43-24Z.1912
contains an improper acc
CVE-2026-56780 (Modoboa before 2.9.0 contains an insecure direct object
reference vuln ...)
TODO: check
CVE-2026-56457 (HCL DevOps Deploy / HCL Launch is susceptible to an exposure
of sensit ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2026-56290 (The Joomla extension Page Builder CK is vulnerable to an
unauthenticat ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-56285 (Nitter's /video media proxy endpoint fails to validate target
URLs aga ...)
TODO: check
CVE-2026-56124 (phpUploader before 2.0.2 contains an unauthenticated
information discl ...)
@@ -113,7 +113,7 @@ CVE-2026-53428 (Memory Allocation with Excessive Size Value
vulnerability in lea
CVE-2026-53427 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2026-49049 (The Helix3 plugin for Joomla exposes an ajax handler task,
that allows ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2026-46406 (Claude Code is an agentic coding tool. From 2.1.59 until
2.1.128, the ...)
TODO: check
CVE-2026-41992 (GNU gzip contains a global buffer overflow vulnerability in
the LZH de ...)
@@ -153,7 +153,7 @@ CVE-2026-13746 (Improper neutralization of local CLI
parameters in Snowflake CLI
CVE-2026-13744 (Improper neutralization of attacker-controlled content in
Snowflake CL ...)
TODO: check
CVE-2026-13742 (Honeywell IQ MultiAccess, all versions prior to and including
version ...)
- TODO: check
+ NOT-FOR-US: Honeywell
CVE-2026-13676 (fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to
canonicalize U ...)
TODO: check
CVE-2026-13601 (A flaw was found in Yelp due to an overly permissive Content
Security ...)
@@ -173,79 +173,79 @@ CVE-2026-13588 (A vulnerability was determined in seladb
PcapPlusPlus 25.05. The
CVE-2026-13587 (A vulnerability was found in seladb PcapPlusPlus 25.05. The
affected e ...)
TODO: check
CVE-2026-13583 (A vulnerability has been found in Edimax EW-7478APC 1.04.
Impacted is ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-13582 (A flaw has been found in Edimax EW-7478APC 1.04. This issue
affects th ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-13581 (A vulnerability was detected in Edimax EW-7478APC 1.04. This
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-13580 (A security vulnerability has been detected in Edimax
EW-7478APC 1.04. ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-13579 (A weakness has been identified in itsourcecode Hospital
Management Sys ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13578 (A security flaw has been discovered in itsourcecode Hospital
Managemen ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13574 (A vulnerability was determined in llvm llvm-project up to
22.1.6. This ...)
TODO: check
CVE-2026-13573 (A vulnerability was found in llvm llvm-project up to 22.1.6.
This affe ...)
TODO: check
CVE-2026-13572 (A vulnerability has been found in itsourcecode Hospital
Management Sys ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13571 (A flaw has been found in SourceCodester Simple Food Ordering
System 1. ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-13570 (A vulnerability was detected in SourceCodester Inventory
Management Sy ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-13569 (A security vulnerability has been detected in weng-xianhu
EyouCMS up t ...)
TODO: check
CVE-2026-13568 (A weakness has been identified in SourceCodester Inventory
Management ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-13567 (A security flaw has been discovered in code-projects Online
Music Site ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2026-13566 (A vulnerability was identified in SourceCodester Class and
Exam Timeta ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-13565 (A vulnerability was determined in SourceCodester Class and
Exam Timeta ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2026-13564 (A vulnerability was found in Edimax EW-7478APC 1.04. Affected
is the f ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-13563 (A vulnerability has been found in Edimax EW-7478APC 1.04. This
impacts ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-13562 (A flaw has been found in Edimax EW-7478APC 1.04. This affects
the func ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-13561 (A vulnerability was detected in Edimax EW-7478APC 1.04. The
impacted e ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-13560 (A security vulnerability has been detected in Edimax
EW-7478APC 1.04. ...)
- TODO: check
+ NOT-FOR-US: Edimax
CVE-2026-13559 (A weakness has been identified in code-projects Real State
Services 1. ...)
TODO: check
CVE-2026-13558 (A security flaw has been discovered in CodeAstro Complaint
Management ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-13557 (A vulnerability was identified in itsourcecode Online Hotel
Management ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13556 (A vulnerability was determined in itsourcecode Online Hotel
Management ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13555 (A vulnerability was found in itsourcecode Online Hotel
Management Syst ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13554 (A vulnerability has been found in itsourcecode Online Hotel
Management ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13553 (A flaw has been found in itsourcecode Online Hotel Management
System 1 ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13552 (A vulnerability was detected in itsourcecode Online Hotel
Management S ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13551 (A security vulnerability has been detected in itsourcecode
Baptism Inf ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13550 (A weakness has been identified in itsourcecode Baptism
Information Man ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13549 (A security flaw has been discovered in CodeAstro Complaint
Management ...)
- TODO: check
+ NOT-FOR-US: CodeAstro
CVE-2026-13548 (A vulnerability was identified in itsourcecode Hospital
Management Sys ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2026-13547 (A vulnerability was determined in Hanwang e-Face General
Management Pl ...)
TODO: check
CVE-2026-13546 (A vulnerability was found in Feehi CMS up to 2.1.1. This
vulnerability ...)
TODO: check
CVE-2026-13545 (A vulnerability has been found in D-Link DCS-935L 1.10.01.
This affect ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2026-13437 (Insertion of sensitive information into sent data in the AI
Agent job ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2026-13165 (SzafirHost verifies the downloaded native library archive with
one Jar ...)
TODO: check
CVE-2026-12912 (A flaw was found in libtiff. A remote attacker could exploit
this vuln ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d70e41905f2df091199591ce23c35dacfcf0c2ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d70e41905f2df091199591ce23c35dacfcf0c2ad
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits