Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c071cdda by Salvatore Bonaccorso at 2025-02-24T22:28:39+01:00
Process one NFU
- - - - -
1769600b by Salvatore Bonaccorso at 2025-02-24T22:40:55+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,111 +1,111 @@
CVE-2025-27364 (In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a
Remote Code ...)
- TODO: check
+ NOT-FOR-US: MITRE Caldera
CVE-2025-27357 (Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI
\xd6nceki ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27356 (Missing Authorization vulnerability in Hardik Sticky Header On
Scroll ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27355 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas
GRILLET Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27353 (Cross-Site Request Forgery (CSRF) vulnerability in Bob
Namaste! LMS al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27352 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27351 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27349 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27348 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27347 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27344 (Cross-Site Request Forgery (CSRF) vulnerability in
filipstepanov Phee' ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27342 (Cross-Site Request Forgery (CSRF) vulnerability in josesan
WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27341 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27340 (Cross-Site Request Forgery (CSRF) vulnerability in Marc
F12-Profiler a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27339 (Cross-Site Request Forgery (CSRF) vulnerability in Will
Anderson Minim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27336 (Cross-Site Request Forgery (CSRF) vulnerability in Alex
Prokopenko / J ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27335 (Cross-Site Request Forgery (CSRF) vulnerability in Free plug
in by SEO ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27332 (Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul
Smart Main ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27331 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27330 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27329 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27328 (Cross-Site Request Forgery (CSRF) vulnerability in queeez
WP-PostRatin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27327 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27325 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27323 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27321 (Cross-Site Request Forgery (CSRF) vulnerability in Blighty
Blightly Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27320 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27318 (Cross-Site Request Forgery (CSRF) vulnerability in ixiter
Simple Googl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27317 (Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS
RAYS Grid a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27316 (Cross-Site Request Forgery (CSRF) vulnerability in hosting.io
JPG, PNG ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27315 (Cross-Site Request Forgery (CSRF) vulnerability in wptom
All-In-One Cu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27312 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27311 (Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas
Bulk Con ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27307 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27306 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27305 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27304 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27303 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27301 (Deserialization of Untrusted Data vulnerability in Nazmul
Hasan Robin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27300 (Deserialization of Untrusted Data vulnerability in giuliopanda
ADFO al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27298 (Cross-Site Request Forgery (CSRF) vulnerability in cmstactics
WP Video ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27297 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27296 (Missing Authorization vulnerability in revenueflex Auto Ad
Inserter \u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27294 (Missing Authorization vulnerability in platcom WP-Asambleas
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27290 (Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir
Erima Z ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27280 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27277 (Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt
Add Linke ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27276 (Cross-Site Request Forgery (CSRF) vulnerability in lizeipe
Photo Galle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27272 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27266 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27265 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27133 (WeGIA is a Web manager for charitable institutions. A SQL
Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-27112 (Navidrome is an open source web-based music collection server
and stre ...)
TODO: check
CVE-2025-26883 (Missing Authorization vulnerability in bPlugins Animated Text
Block al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26803 (The http parser in Phusion Passenger 6.0.21 through 6.0.25
before 6.0. ...)
TODO: check
CVE-2025-26532 (Additional checks were required to ensure trusttext is applied
(when e ...)
@@ -125,21 +125,21 @@ CVE-2025-26526 (Separate Groups mode restrictions were
not factored into permiss
CVE-2025-26525 (Insufficient sanitizing in the TeX notation filter resulted in
an arb ...)
TODO: check
CVE-2025-26201 (Credential disclosure vulnerability via the /staff route in
GreaterWMS ...)
- TODO: check
+ NOT-FOR-US: GreaterWMS
CVE-2025-26200 (SQL injection in SLIMS v.9.6.1 allows a remote attacker to
escalate pr ...)
- TODO: check
+ NOT-FOR-US: SLIMS
CVE-2025-25460 (A stored Cross-Site Scripting (XSS) vulnerability was
identified in Fl ...)
TODO: check
CVE-2025-23017 (WorkOS Hosted AuthKit before 2025-01-07 allows a password
authenticati ...)
- TODO: check
+ NOT-FOR-US: WorkOS Hosted AuthKit
CVE-2025-22495 (An improper input validation vulnerability was discovered in
the NTP s ...)
TODO: check
CVE-2025-1632 (A vulnerability was found in libarchive up to 3.7.7. It has
been class ...)
TODO: check
CVE-2025-1488 (The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is
vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0545 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Tekrom Technology T-Soft E-Commerce
CVE-2024-5174 (A flaw in Gliffy results in broken authentication through the
reset fu ...)
TODO: check
CVE-2024-57026 (TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site
Scripting ( ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b59acad68820c8a51a054047a316773cb2daa61...1769600b582edacadf52c075e63ce20a1441421b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b59acad68820c8a51a054047a316773cb2daa61...1769600b582edacadf52c075e63ce20a1441421b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
