Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
36d22f34 by security tracker role at 2025-04-24T20:12:46+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,285 @@
+CVE-2025-46542 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46541 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46540 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46538 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46536 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46534 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46533 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46532 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46531 (Server-Side Request Forgery (SSRF) vulnerability in Ankur
Vishwakarma ...)
+ TODO: check
+CVE-2025-46530 (Cross-Site Request Forgery (CSRF) vulnerability in HuangYe
WuDeng Hack ...)
+ TODO: check
+CVE-2025-46529 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46528 (Cross-Site Request Forgery (CSRF) vulnerability in Steve
Availability ...)
+ TODO: check
+CVE-2025-46525 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46524 (Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP
Filter P ...)
+ TODO: check
+CVE-2025-46523 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46522 (Cross-Site Request Forgery (CSRF) vulnerability in Billy
Bryant Tabs a ...)
+ TODO: check
+CVE-2025-46521 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46520 (Cross-Site Request Forgery (CSRF) vulnerability in alphasis
Related Po ...)
+ TODO: check
+CVE-2025-46519 (Missing Authorization vulnerability in Michael Revellin-Clerc
Media Li ...)
+ TODO: check
+CVE-2025-46517 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46516 (Cross-Site Request Forgery (CSRF) vulnerability in silencecm
Twitter C ...)
+ TODO: check
+CVE-2025-46514 (Cross-Site Request Forgery (CSRF) vulnerability in milat Milat
jQuery ...)
+ TODO: check
+CVE-2025-46513 (Cross-Site Request Forgery (CSRF) vulnerability in Codebangers
All in ...)
+ TODO: check
+CVE-2025-46512 (Cross-Site Request Forgery (CSRF) vulnerability in Shamim
Hasan Custom ...)
+ TODO: check
+CVE-2025-46511 (Server-Side Request Forgery (SSRF) vulnerability in Derek
Springer Bee ...)
+ TODO: check
+CVE-2025-46510 (Cross-Site Request Forgery (CSRF) vulnerability in harrysudana
Contact ...)
+ TODO: check
+CVE-2025-46509 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46508 (Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao
Advanced ...)
+ TODO: check
+CVE-2025-46507 (Cross-Site Request Forgery (CSRF) vulnerability in ldrumm
Unsafe Mimet ...)
+ TODO: check
+CVE-2025-46506 (Cross-Site Request Forgery (CSRF) vulnerability in Lora77
WpZon \u2013 ...)
+ TODO: check
+CVE-2025-46505 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46504 (Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius
Vasaio ...)
+ TODO: check
+CVE-2025-46503 (Server-Side Request Forgery (SSRF) vulnerability in josheli
Simple Goo ...)
+ TODO: check
+CVE-2025-46502 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46501 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46499 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46498 (Cross-Site Request Forgery (CSRF) vulnerability in nghialuu
Zalo Offic ...)
+ TODO: check
+CVE-2025-46497 (Cross-Site Request Forgery (CSRF) vulnerability in Navegg
Navegg Analy ...)
+ TODO: check
+CVE-2025-46496 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46495 (Cross-Site Request Forgery (CSRF) vulnerability in tomontoast
Drop Cap ...)
+ TODO: check
+CVE-2025-46492 (Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh
Call Now ...)
+ TODO: check
+CVE-2025-46491 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46489 (Missing Authorization vulnerability in vinodvaswani9 Bulk
Assign Linke ...)
+ TODO: check
+CVE-2025-46485 (Missing Authorization vulnerability in Carlo La Pera WP
Customize Logi ...)
+ TODO: check
+CVE-2025-46484 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46483 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46481 (Deserialization of Untrusted Data vulnerability in Michael
Cannon Flic ...)
+ TODO: check
+CVE-2025-46480 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46479 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46478 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46477 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46476 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46475 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46473 (Deserialization of Untrusted Data vulnerability in djjmz
Social Counte ...)
+ TODO: check
+CVE-2025-46472 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46471 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46470 (Missing Authorization vulnerability in Peter Raschendorfer
Smart Hasht ...)
+ TODO: check
+CVE-2025-46469 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46467 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46466 (Cross-Site Request Forgery (CSRF) vulnerability in felixtz
Modern Poll ...)
+ TODO: check
+CVE-2025-46465 (Cross-Site Request Forgery (CSRF) vulnerability in John
Weissberg Prin ...)
+ TODO: check
+CVE-2025-46462 (Cross-Site Request Forgery (CSRF) vulnerability in Tr\xe2n
Minh-Qu\xe2 ...)
+ TODO: check
+CVE-2025-46461 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46459 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46457 (Cross-Site Request Forgery (CSRF) vulnerability in
digontoahsan Wp Cus ...)
+ TODO: check
+CVE-2025-46453 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46452 (Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu
Google N ...)
+ TODO: check
+CVE-2025-46451 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46450 (Cross-Site Request Forgery (CSRF) vulnerability in x000x
occupancyplan ...)
+ TODO: check
+CVE-2025-46449 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46447 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46445 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46443 (Server-Side Request Forgery (SSRF) vulnerability in Adam Pery
Animate ...)
+ TODO: check
+CVE-2025-46442 (Cross-Site Request Forgery (CSRF) vulnerability in Casey
Johnson Loan ...)
+ TODO: check
+CVE-2025-46439 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir
Prelovac P ...)
+ TODO: check
+CVE-2025-46438 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46436 (Cross-Site Request Forgery (CSRF) vulnerability in Sebastian
Echeverry ...)
+ TODO: check
+CVE-2025-46435 (Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani
Time Ba ...)
+ TODO: check
+CVE-2025-46421 (A flaw was found in libsoup. When libsoup clients encounter an
HTTP re ...)
+ TODO: check
+CVE-2025-46420 (A flaw was found in libsoup. It is vulnerable to memory leaks
in the s ...)
+ TODO: check
+CVE-2025-46264 (Unrestricted Upload of File with Dangerous Type vulnerability
in Angel ...)
+ TODO: check
+CVE-2025-46261 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46260 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46248 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-46234 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46230 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-44135 (A vulnerability was found in code-projects Online Class and
Exam Sched ...)
+ TODO: check
+CVE-2025-44134 (A vulnerability was found in Code-Projects Online Class and
Exam Sched ...)
+ TODO: check
+CVE-2025-43859 (h11 is a Python implementation of HTTP/1.1. Prior to version
0.16.0, a ...)
+ TODO: check
+CVE-2025-43858 (YoutubeDLSharp is a wrapper for the command-line video
downloaders you ...)
+ TODO: check
+CVE-2025-43855 (tRPC allows users to build & consume fully typesafe APIs
without schem ...)
+ TODO: check
+CVE-2025-3872 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-3832 (The FuseDesk plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2025-3793 (The Buddypress Force Password Change plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-3776 (The Verification SMS with TargetSMS plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-3607 (The Frontend Login and Registration Blocks plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2025-3604 (The Flynax Bridge plugin for WordPress is vulnerable to
privilege esca ...)
+ TODO: check
+CVE-2025-3603 (The Flynax Bridge plugin for WordPress is vulnerable to
privilege esca ...)
+ TODO: check
+CVE-2025-3300 (The WPMasterToolKit (WPMTK) \u2013 All in one plugin plugin for
WordPr ...)
+ TODO: check
+CVE-2025-3280 (The ELEX WooCommerce Advanced Bulk Edit Products, Prices &
Attributes ...)
+ TODO: check
+CVE-2025-3101 (The Configurator Theme Core plugin for WordPress is vulnerable
to priv ...)
+ TODO: check
+CVE-2025-3065 (The Database Toolset plugin is vulnerable to arbitrary file
deletion d ...)
+ TODO: check
+CVE-2025-3058 (The Xelion Webchat plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2025-39408 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-39404 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in H ...)
+ TODO: check
+CVE-2025-39400 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-39399 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39397 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-39391 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39390 (Missing Authorization vulnerability in magepeopleteam Booking
and Rent ...)
+ TODO: check
+CVE-2025-39387 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39385 (Missing Authorization vulnerability in VW Themes Sirat allows
Exploiti ...)
+ TODO: check
+CVE-2025-39384 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39383 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39382 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-39381 (Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet
KiotViet S ...)
+ TODO: check
+CVE-2025-39379 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39378 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39377 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-39360 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-39359 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-32921 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-31324 (SAP NetWeaver Visual Composer Metadata Uploader is not
protected with ...)
+ TODO: check
+CVE-2025-30409 (Denial of service due to allocation of resources without
limits. The f ...)
+ TODO: check
+CVE-2025-30408 (Local privilege escalation due to insecure folder permissions.
The fol ...)
+ TODO: check
+CVE-2025-2579 (The Lottie Player plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-2543 (The Advanced Accordion Gutenberg Block plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-29568 (A vulnerability has been discovered in the code-projects
Online Class ...)
+ TODO: check
+CVE-2025-27820 (A bug in PSL validation logic in Apache HttpClient 5.4.x
disables doma ...)
+ TODO: check
+CVE-2025-26382 (Under certain circumstances the iSTAR Configuration Utility
(ICU) tool ...)
+ TODO: check
+CVE-2025-1284 (The Woocommerce Automatic Order Printing | ( Formerly
WooCommerce Goog ...)
+ TODO: check
+CVE-2024-30148 (Improper access control of endpoint in HCL Leap allows certain
admin u ...)
+ TODO: check
+CVE-2024-30147 (Multiple vectors in HCL Leap allow client-side script
injection in the ...)
+ TODO: check
+CVE-2024-30114 (Insufficient sanitization in HCL Leap allows client-side
script inject ...)
+ TODO: check
+CVE-2024-30113 (Insufficient sanitization policy in HCL Leap allows
client-side script ...)
+ TODO: check
+CVE-2024-13307 (The Reales WP - Real Estate WordPress Theme theme for
WordPress is vul ...)
+ TODO: check
+CVE-2023-45720 (Insufficient default configuration in HCL Leap allows
anonymous access ...)
+ TODO: check
+CVE-2023-37534 (Insufficient URI protocol whitelist in HCL Leap allows script
injectio ...)
+ TODO: check
+CVE-2021-47664 (Due to improper authentication mechanism an unauthenticated
remote att ...)
+ TODO: check
+CVE-2021-47663 (Due to improperJSON Web Tokens implementation an
unauthenticated remot ...)
+ TODO: check
+CVE-2021-47662 (Due to missing authorization an unauthenticated remote
attackercan cau ...)
+ TODO: check
CVE-2025-46419 (Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed
ESP pac ...)
NOT-FOR-US: Westermo WeOS
CVE-2025-46417 (The unsafe globals in Picklescan before 0.0.25 do not include
ssl. Con ...)
@@ -220965,6 +221247,7 @@ CVE-2022-3608 (Cross-site Scripting (XSS) - Stored in
GitHub repository thorsten
CVE-2022-3607 (Failure to Sanitize Special Elements into a Different Plane
(Special E ...)
- octoprint <itp> (bug #718591)
CVE-2022-3606 (A vulnerability was found in Linux Kernel. It has been
classified as p ...)
+ {DLA-4137-1}
- libbpf 1.1.0-1 (bug #1023717)
NOTE: Introduced by:
https://github.com/libbpf/libbpf/commit/a3abae5122f30b83baebd4e4dd8ba4578a87cd4b
(v0.2)
NOTE: Fixed by:
https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671
(v1.1.0)
@@ -222238,6 +222521,7 @@ CVE-2022-42970 (A CWE-306: Missing Authentication for
Critical Function The soft
CVE-2022-3535
REJECTED
CVE-2022-3534 (A vulnerability classified as critical has been found in Linux
Kernel. ...)
+ {DLA-4137-1}
- libbpf 1.1.0-1 (bug #1023717)
NOTE: Introduced by:
https://github.com/libbpf/libbpf/commit/7ac1547f32f060d84b06c74edbb2c6896cc07949
(v0.2)
NOTE: Fixed by:
https://github.com/libbpf/libbpf/commit/54caf920db0e489de90f3aaaa41e2a51ddbcd084
(v1.1.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36d22f34bca3ffde95018fbf84b8e4b16925d51d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/36d22f34bca3ffde95018fbf84b8e4b16925d51d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
