Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0e899a66 by Salvatore Bonaccorso at 2025-02-26T22:35:47+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,73 +1,73 @@
CVE-2025-26925 (Cross-Site Request Forgery (CSRF) vulnerability in Required
Admin Menu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26698 (Incorrect resource transfer between spheres issue exists in
RevoWorks ...)
- TODO: check
+ NOT-FOR-US: RevoWorks
CVE-2025-25827 (A Server-Side Request Forgery (SSRF) in the component sort.php
of Emlo ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2025-25825 (A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4
allows ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2025-25823 (A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4
allows ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2025-25818 (A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4
allows ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2025-25813 (SeaCMS v13.3 was discovered to contain a remote code execution
(RCE) v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-25802 (SeaCMS v13.3 was discovered to contain a remote code execution
(RCE) v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-25800 (SeaCMS 13.3 was discovered to contain an arbitrary file read
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-25799 (SeaCMS 13.3 was discovered to contain an arbitrary file read
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-25797 (SeaCMS v13.3 was discovered to contain a remote code execution
(RCE) v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-25796 (SeaCMS v13.3 was discovered to contain a remote code execution
(RCE) v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-25794 (SeaCMS v13.3 was discovered to contain a remote code execution
(RCE) v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-25793 (SeaCMS v13.3 was discovered to contain a remote code execution
(RCE) v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-25792 (SeaCMS v13.3 was discovered to contain a remote code execution
(RCE) v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2025-25791 (An arbitrary file upload vulnerability in the plugin
installation feat ...)
- TODO: check
+ NOT-FOR-US: YZNCMS
CVE-2025-25790 (An arbitrary file upload vulnerability in the component
\controller\Lo ...)
- TODO: check
+ NOT-FOR-US: FoxCMS
CVE-2025-25789 (FoxCMS v1.2.5 was discovered to contain a remote code
execution (RCE) ...)
- TODO: check
+ NOT-FOR-US: FoxCMS
CVE-2025-25785 (JizhiCMS v2.5.4 was discovered to contain a Server-Side
Request Forger ...)
- TODO: check
+ NOT-FOR-US: JizhiCMS
CVE-2025-25784 (An arbitrary file upload vulnerability in the component
\c\TemplateCon ...)
- TODO: check
+ NOT-FOR-US: Jizhicms
CVE-2025-25783 (An arbitrary file upload vulnerability in the component
admin\plugin.p ...)
- TODO: check
+ NOT-FOR-US: Emlog Pro
CVE-2025-25462 (A SQL Injection vulnerability was found in
/admin/add-propertytype.php ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul Land Record System Project in PHP
CVE-2025-20161 (A vulnerability in the software upgrade process of Cisco Nexus
3000 Se ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20119 (A vulnerability in the system file permission handling of
Cisco APIC c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20118 (A vulnerability in the implementation of the internal system
processes ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20117 (A vulnerability in the CLI of Cisco APIC could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20116 (A vulnerability in the web UI of Cisco APIC could allow an
authenticat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20111 (A vulnerability in the health monitoring diagnostics of Cisco
Nexus 30 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-1726 (There is a SQL injection issuein Esri ArcGIS Monitor versions
2023.0 t ...)
- TODO: check
+ NOT-FOR-US: Esri ArcGIS Monitor
CVE-2025-1716 (picklescan before 0.0.21 does not treat 'pip' as an unsafe
global. An ...)
TODO: check
CVE-2025-1517 (The Sina Extension for Elementor (Slider, Gallery, Form, Modal,
Data T ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1249 (Missing Authorization vulnerability in Pixelite Events Manager
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0941 (MET ONE 3400+ instruments running software v1.0.41 can, under
rare con ...)
- TODO: check
+ NOT-FOR-US: MET ONE 3400+ instruments
CVE-2025-0731 (An unauthenticated remote attacker can upload a .aspx file
instead of ...)
TODO: check
CVE-2025-0719 (IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2024-6810 (The Quiz Organizer plugin for WordPress is vulnerable to Stored
Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2024-53427 (jq v1.7.1 contains a stack-buffer-overflow in the
decNumberCopy functi ...)
@@ -79,7 +79,7 @@ CVE-2024-47053 (This advisory addresses an authorization
vulnerability in Mautic
CVE-2024-47051 (This advisory addresses two critical security vulnerabilities
present ...)
TODO: check
CVE-2024-46226 (A stored cross site scripting (XSS) vulnerability in HelpDeskZ
< v2.0. ...)
- TODO: check
+ NOT-FOR-US: HelpDeskZ
CVE-2024-13560 (The Subscriptions & Memberships for PayPal plugin for
WordPress is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8186
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e899a667723ee2850e4172e6c68e6573d37c104
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e899a667723ee2850e4172e6c68e6573d37c104
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
