Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7c10bb0a by security tracker role at 2026-07-01T07:14:16+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
 CVE-2026-9836 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is 
affecte ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-9132 (A missing authorization vulnerability was identified in GitHub 
Enterpr ...)
-       TODO: check
+       NOT-FOR-US: Github Enterprise Server
 CVE-2026-9107 (The Kali Forms \u2014 Contact Form & Drag-and-Drop Builder 
plugin for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-9106 (A UI misrepresentation vulnerability was identified in GitHub 
Enterpri ...)
-       TODO: check
+       NOT-FOR-US: Github Enterprise Server
 CVE-2026-9002 (IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow 
an adj ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7874 (IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow 
disclosure  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7873 (IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated 
attackers t ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7871 (IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis 
access t ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7840 (UltraVNC repeater through 1.8.2.2 contains a global buffer 
overflow in ...)
        TODO: check
 CVE-2026-7839 (UltraVNC repeater through 1.8.2.2 initializes the HTTP 
administration  ...)
@@ -29,15 +29,15 @@ CVE-2026-7829 (UltraVNC repeater through 1.8.2.2 contains a 
post-authentication
 CVE-2026-7828 (UltraVNC repeater through 1.8.2.2 contains an integer overflow 
in the  ...)
        TODO: check
 CVE-2026-7803 (IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary 
code execu ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7663 (IBM Langflow OSS 1.0.0 through 1.9.6 could allow 
unauthenticated attac ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-7517 (The Custom Payment Gateways for WooCommerce plugin for 
WordPress is vu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-6070 (The WP-BusinessDirectory plugin for WordPress is vulnerable to 
Unauthe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-58519 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-58518 (Cross-Site request forgery (CSRF) vulnerability in The 
Wikimedia Found ...)
        TODO: check
 CVE-2026-58450 (Invoice Ninja through 5.13.26 contains an open redirect 
vulnerability  ...)
@@ -105,9 +105,9 @@ CVE-2026-56300 (Capgo before 12.128.2 contains 
unauthenticated security definer
 CVE-2026-56286 (Capgo before 12.128.2 contains an authentication bypass 
vulnerability  ...)
        TODO: check
 CVE-2026-56278 (Flowise before 3.1.0 (affected versions 3.0.13 and earlier) 
uses a wea ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2026-56277 (Flowise before 3.1.2 sets Access-Control-Allow-Origin to a 
hardcoded w ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2026-56264 (Crawl4AI before 0.8.7 contains an arbitrary JavaScript 
execution vulne ...)
        TODO: check
 CVE-2026-56249 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability i ...)
@@ -183,141 +183,141 @@ CVE-2026-44041 (UltraVNC through 1.8.2.2 contains an 
out-of-bounds read in the w
 CVE-2026-44040 (UltraVNC through 1.8.2.2 uses a cryptographically weak 
pseudo-random n ...)
        TODO: check
 CVE-2026-3602 (IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 
12.0.1.0 thr ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-37106 (An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a 
remote atta ...)
        TODO: check
 CVE-2026-35505 (An unauthenticated remote attacker can repeatedly send crafted 
connect ...)
        TODO: check
 CVE-2026-2387 (The Event Organiser plugin for WordPress is vulnerable to 
Stored Cross ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-28322 (SolarWinds Database Performance Analyzer was found to be 
affected by a ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds
 CVE-2026-20463 (In Modem, there is a possible escalation of privilege due to a 
permiss ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-20462 (In Telephony, there is a possible memory corruption due to a 
heap buff ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-20461 (In Modem, there is a possible out of bounds write due to a 
missing bou ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-20460 (In Modem, there is a possible information disclosure due to 
improper i ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-20459 (In Modem, there is a possible system crash due to improper 
input valid ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-20458 (In Modem, there is a possible memory corruption due to a 
missing bound ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-20457 (In Modem, there is a possible system crash due to improper 
input valid ...)
-       TODO: check
+       NOT-FOR-US: MediaTek
 CVE-2026-1239 (The Ninja Forms \u2013 The Contact Form Builder That Grows With 
You pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-14193 (DVP80ES300T with Improper Validation of Array Index 
Vulnerability)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2026-14191 (An out-of-bounds heap write exists in the RAR5 recovery-volume 
(.rev)  ...)
        TODO: check
 CVE-2026-13773 (IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 
Approximately 50 g ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-13772 (IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object 
Query La ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-13759 (IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships 
three Object ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-13731 (The WPBot \u2013 AI ChatBot for Live Support, Lead Generation, 
AI Serv ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13468 (The Visualizer \u2013 Tables & Charts Manager with Built-in AI 
Generat ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13449 (IBM Business Automation Manager Open Editions 9.0.0 through 
9.4.2 is v ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-13443 (The Tutor LMS \u2013 eLearning and online course solution 
plugin for W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13246 (The GiveWP \u2013 Donation Plugin and Fundraising Platform 
plugin for  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-13207 (FUXA versions 1.3.1 and prior contain an authentication bypass 
vulnera ...)
        TODO: check
 CVE-2026-13015 (The Wp Google Places Review Slider plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12923 (The Youtube Showcase plugin for WordPress is vulnerable to 
Arbitrary F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12904 (The Kadence Blocks \u2013 Gutenberg Blocks for Page Builder 
Features p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12902 (The Kadence Blocks \u2014 Page Builder Toolkit for Gutenberg 
Editor pl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12579 (AS228T with Authentication Bypass Vulnerability)
-       TODO: check
+       NOT-FOR-US: Delta Electronics
 CVE-2026-12135 (The FV Flowplayer Video Player plugin for WordPress is 
vulnerable to S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12133 (The JoomSport \u2013 for Sports: Team & League, Football, 
Hockey & mor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12127 (The WPForms \u2013 Easy Form Builder for WordPress \u2013 
Contact Form ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12113 (The Appointment Booking Calendar plugin for WordPress is 
vulnerable to ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12110 (The Taskbuilder \u2013 Project Management & Task Management 
Tool With  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12090 (The Taskbuilder \u2013 Project Management & Task Management 
Tool With  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-12086 (IBM UCD - IBM UrbanCode Deploy 7.2 through 7.2.3.23, and 7.3 
through 7 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-12085 (IBM UCD - IBM UrbanCode Deploy 7.3 through 7.3.2.18 and IBM 
UCD - IBM  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-12084 (IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 
through 8.2.1 ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11988 (The LearnPress \u2013 WordPress LMS Plugin for Create and Sell 
Online  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11981 (The GiveWP plugin for WordPress is vulnerable to Cross-Site 
Request Fo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11906 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for 
Linux, UN ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11887 (The Salon Booking System  WordPress plugin before 10.30.20 
does not ha ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11883 (The WebAuthn Provider for Two Factor WordPress plugin before 
2.5.6 doe ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11880 (The Fluent Forms  WordPress plugin before 6.2.1 does not 
properly veri ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11823 (The BookingPress Appointment Booking Pro plugin for WordPress 
is vulne ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11806 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 
26.0.0.6 i ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11794 (The Advanced Form Integration \u2014 Connect Forms to 200+ 
Apps WordPr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11714 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 
26.0.0.7 i ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11712 (IBM WebSphere Application Server 9.0, and 8.5 is affected by a 
cross-s ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11708 (IBM WebSphere Application Server 9.0, and 8.5 is affected by a 
cross-s ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11595 (IBM WebSphere Application Server 9.0, and 8.5 could allow a 
remote att ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11594 (IBM WebSphere Application Server 9.0, and 8.5 is affected by a 
cross-s ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11570 (The User Submitted Posts  WordPress plugin before 20260608 
does not es ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11568 (The Product Configurator for WooCommerce WordPress plugin 
before 1.7.3 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11562 (The WS Form LITE  WordPress plugin before 1.11.8 does not have 
a capab ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-11546 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 
26.0.0.7 i ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11541 (IBM WebSphere Application Server 9.0, and 8.5 and IBM 
WebSphere Applic ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-11380 (The JetWidgets For Elementor plugin for WordPress is 
vulnerable to Sto ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10750 (The Royal MCP  WordPress plugin before 1.4.26 does not perform 
capabil ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2026-10585 (A stored cross-site scripting vulnerability was identified in 
GitHub E ...)
-       TODO: check
+       NOT-FOR-US: Github Enterprise Server
 CVE-2026-10564 (IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side 
Request Fo ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-10562 (An unauthenticated URL redirection vulnerability has been 
identified i ...)
-       TODO: check
+       NOT-FOR-US: TPLink
 CVE-2026-10560 (IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing 
authentication ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-10546 (IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side 
Request Fo ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-10140 (IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains 
improper sha ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-10134 (IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to 
read every  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-10129 (IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side 
Request Fo ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-10109 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-71381 (Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its 
CORS middl ...)
        TODO: check
 CVE-2025-71374 (picklescan before 0.0.29 fails to detect the built-in python 
profile.P ...)
@@ -337,31 +337,31 @@ CVE-2025-71350 (picklescan before 0.0.28 fails to detect 
malicious pickle files
 CVE-2025-71349 (picklescan before 0.0.29 fails to detect the built-in 
trace.Trace.run  ...)
        TODO: check
 CVE-2025-36372 (IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for 
Linux, UN ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36359 (IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not 
invalid ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36336 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 
transmits dat ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36333 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could 
allow a ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36328 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could 
allow a ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36327 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could 
allow a ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36324 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36323 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36321 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36320 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-36319 (IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could 
allow a ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-15666 (A security vulnerability has been detected in Open Asset 
Import Librar ...)
        TODO: check
 CVE-2025-12530 (IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 
through patch ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2026-56016
        - libcgi-session-perl <unfixed>
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41439279/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c10bb0a6a53f86be09da14ac7848d530c8ae69b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c10bb0a6a53f86be09da14ac7848d530c8ae69b
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to