Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6afb76c2 by Salvatore Bonaccorso at 2025-04-17T22:27:26+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,11 +15,11 @@ CVE-2025-3764 (A vulnerability classified as critical was
found in SourceCodeste
CVE-2025-3763 (A vulnerability classified as critical has been found in
SourceCodeste ...)
NOT-FOR-US: SourceCodester
CVE-2025-3762 (A vulnerability was found in PCMan FTP Server 2.0.7. It has
been rated ...)
- TODO: check
+ NOT-FOR-US: PCMan FTP Server
CVE-2025-3760 (A stored cross-site scripting (XSS) vulnerability exists with
radio bu ...)
NOT-FOR-US: Liferay
CVE-2025-3651 (Improper Verification of Source of a Communication Channel in
Work Des ...)
- TODO: check
+ NOT-FOR-US: Work Desktop for Mac
CVE-2025-3487 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3479 (The Forminator Forms \u2013 Contact Form, Payment Form & Custom
Form B ...)
@@ -27,29 +27,29 @@ CVE-2025-3479 (The Forminator Forms \u2013 Contact Form,
Payment Form & Custom F
CVE-2025-3453 (The Password Protected \u2013 Password Protect your WordPress
Site, Pa ...)
NOT-FOR-US: WordPress plugin
CVE-2025-39596 (Weak Authentication vulnerability in Quentn.com GmbH Quentn WP
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39595 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39594 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39588 (Deserialization of Untrusted Data vulnerability in bdthemes
Ultimate S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39587 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39586 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39583 (Missing Authorization vulnerability in berthaai BERTHA AI
allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39580 (Missing Authorization vulnerability in jidaikobo Dashi allows
Accessin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39569 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39568 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39567 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39562 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39559 (Missing Authorization vulnerability in Eivin Landa Bring
Fraktguiden f ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39558 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -57,19 +57,19 @@ CVE-2025-39558 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-39554 (Missing Authorization vulnerability in Elliot Sowersby /
RelyWP AI Tex ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39551 (Deserialization of Untrusted Data vulnerability in Mahmudul
Hasan Arif ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39550 (Deserialization of Untrusted Data vulnerability in Shahjahan
Jewel Flu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39542 (Incorrect Privilege Assignment vulnerability in Jauhari Xelion
Xelion ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39535 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39533 (Missing Authorization vulnerability in Starfish Reviews
Starfish Revie ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39532 (Missing Authorization vulnerability in spicethemes Spice
Blocks allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39527 (Deserialization of Untrusted Data vulnerability in bestwebsoft
Rating ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39526 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39521 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -109,7 +109,7 @@ CVE-2025-39438 (Cross-Site Request Forgery (CSRF)
vulnerability in momen2009 The
CVE-2025-39437 (Cross-Site Request Forgery (CSRF) vulnerability in Boone
Gorges Anthol ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39436 (Unrestricted Upload of File with Dangerous Type vulnerability
in aidra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39435 (Cross-Site Request Forgery (CSRF) vulnerability in davidfcarr
My Margi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39434 (Authorization Bypass Through User-Controlled Key vulnerability
in Scot ...)
@@ -123,7 +123,7 @@ CVE-2025-39431 (Cross-Site Request Forgery (CSRF)
vulnerability in Aaron Forgue
CVE-2025-39430 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander
Rauscha m ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39429 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39428 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39427 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -155,7 +155,7 @@ CVE-2025-39415 (Cross-Site Request Forgery (CSRF)
vulnerability in Jayesh Pareji
CVE-2025-39414 (Cross-Site Request Forgery (CSRF) vulnerability in Mike
spam-stopper a ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32686 (Deserialization of Untrusted Data vulnerability in WP Speedo
Team Memb ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32682 (Unrestricted Upload of File with Dangerous Type vulnerability
in Roman ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32674 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -325,13 +325,13 @@ CVE-2025-32506 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-32504 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32490 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32415 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2,
xmlSchemaIDCFillNod ...)
TODO: check
CVE-2025-31380 (Weak Password Recovery Mechanism for Forgotten Password
vulnerability ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31030 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: jbhovik Ray Enterprise Translation
CVE-2025-31018 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31006 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -345,41 +345,41 @@ CVE-2025-2188 (There is a whitelist mechanism bypass in
GameCenter ,successful e
CVE-2025-29931 (A vulnerability has been identified in TeleControl Server
Basic (All v ...)
NOT-FOR-US: Siemens
CVE-2025-29722 (A CSRF vulnerability in Commercify v1.0 allows remote
attackers to per ...)
- TODO: check
+ NOT-FOR-US: Commercify
CVE-2025-29662 (A RCE vulnerability in the core application in LandChat
3.25.12.18 all ...)
- TODO: check
+ NOT-FOR-US: LandChat
CVE-2025-29661 (Litepubl CMS <= 7.0.9 is vulnerable to RCE in
admin/service/run.)
- TODO: check
+ NOT-FOR-US: Litepubl CMS
CVE-2025-29316 (An issue in DataPatrol Screenshot watermark, printing
watermark agent ...)
- TODO: check
+ NOT-FOR-US: DataPatrol Screenshot watermark
CVE-2025-29181 (FOXCMS <= V1.25 is vulnerable to SQL Injection via
$param['title'] in ...)
- TODO: check
+ NOT-FOR-US: FOXCMS
CVE-2025-29180 (In FOXCMS <=1.25, the installdb.php file has a time - based
blind SQL ...)
- TODO: check
+ NOT-FOR-US: FOXCMS
CVE-2025-29047 (Buffer Overflow vulnerability inALFA WiFi CampPro router
ALFA_CAMPRO-c ...)
- TODO: check
+ NOT-FOR-US: inALFA WiFi CampPro router
CVE-2025-29046 (Buffer Overflow vulnerability inALFA WiFi CampPro router
ALFA_CAMPRO-c ...)
- TODO: check
+ NOT-FOR-US: inALFA WiFi CampPro router
CVE-2025-29045 (Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a
remote a ...)
- TODO: check
+ NOT-FOR-US: inALFA WiFi CampPro router
CVE-2025-29044 (Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28
allows ...)
NOT-FOR-US: Netgear
CVE-2025-29043 (An issue in dlink DIR 832x 240802 allows a remote attacker to
execute ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-29042 (An issue in dlink DIR 832x 240802 allows a remote attacker to
execute ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-29041 (An issue in dlink DIR 832x 240802 allows a remote attacker to
execute ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-29040 (An issue in dlink DIR 832x 240802 allows a remote attacker to
execute ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-29039 (An issue in dlink DIR 832x 240802 allows a remote attacker to
execute ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-29015 (Code Astro Internet Banking System 2.0.0 is vulnerable to
Cross Site S ...)
NOT-FOR-US: CodeAstro
CVE-2025-28101 (An arbitrary file deletion vulnerability in the
/post/{postTitle} comp ...)
- TODO: check
+ NOT-FOR-US: flaskBlog
CVE-2025-28009 (A SQL Injection vulnerability exists in the `u` parameter of
the progr ...)
- TODO: check
+ NOT-FOR-US: Dietiqa App
CVE-2025-27354 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-27346 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -439,7 +439,7 @@ CVE-2025-27283 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2025-27282 (Unrestricted Upload of File with Dangerous Type vulnerability
in rockg ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-26968 (Missing Authorization vulnerability in webbernaut Cloak Front
End Emai ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26478 (Dell ECS version 3.8.1.4 and prior contain an Improper
Certificate Val ...)
NOT-FOR-US: Dell / EMC
CVE-2025-26477 (Dell ECS version 3.8.1.4 and prior contain an Improper Input
Validatio ...)
@@ -455,7 +455,7 @@ CVE-2025-25455 (Tenda AC10 V4.0si_V16.03.10.20 is
vulnerable to Buffer Overflow
CVE-2025-25454 (Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer
Overflow in Adv ...)
NOT-FOR-US: Tenda
CVE-2025-25234 (Omnissa UAG contains a Cross-Origin Resource Sharing (CORS)
bypass vul ...)
- TODO: check
+ NOT-FOR-US: Omnissa UAG
CVE-2025-24752 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-24745 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -533,11 +533,11 @@ CVE-2025-22340 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-1532 (Phoneservice module is affected by code injection
vulnerability, succe ...)
TODO: check
CVE-2024-56518 (Hazelcast Management Center through 6.0 allows remote code
execution v ...)
- TODO: check
+ NOT-FOR-US: Hazelcast Management Center
CVE-2024-55238 (OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An
attacker can e ...)
TODO: check
CVE-2024-55211 (An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows
attackers to ...)
- TODO: check
+ NOT-FOR-US: Think Router
CVE-2024-53924 (Pycel through 1.0b30, when operating on an untrusted
spreadsheet, allo ...)
TODO: check
CVE-2024-42177 (HCL MyXalytics is affected by SSL\u2215TLS Protocol affected
with BREA ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6afb76c238074a42147bf7fdf8774c730f8bf543
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6afb76c238074a42147bf7fdf8774c730f8bf543
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
