Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
829f5407 by Salvatore Bonaccorso at 2025-05-19T22:48:24+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2025-4945 (A flaw was found in the cookie parsing logic of
the libsoup HTTP
CVE-2025-4941 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4940 (A vulnerability, which was classified as critical, has been
found in 1 ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects Daily College Class Work Report Book
CVE-2025-4939 (A vulnerability classified as problematic was found in
PHPGurukul Cred ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4938 (A vulnerability was found in PHPGurukul Employee Record
Management Sys ...)
@@ -23,7 +23,7 @@ CVE-2025-4935 (A vulnerability was found in SourceCodester
Stock Management Syst
CVE-2025-4934 (A vulnerability has been found in PHPGurukul User Registration
& Login ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4933 (A vulnerability, which was classified as critical, was found in
ponara ...)
- TODO: check
+ NOT-FOR-US: ponaravindb Hospital-Management-System
CVE-2025-4932 (A vulnerability, which was classified as critical, has been
found in p ...)
NOT-FOR-US: Project Worlds
CVE-2025-4931 (A vulnerability classified as critical was found in
projectworlds Onli ...)
@@ -43,103 +43,103 @@ CVE-2025-4925 (A vulnerability has been found in
PHPGurukul Daily Expense Tracke
CVE-2025-4924 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester
CVE-2025-4876 (ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk
Assess ...)
- TODO: check
+ NOT-FOR-US: ConnectWise Risk Assessment
CVE-2025-48346 (Missing Authorization vulnerability in Etsy360 Embed and
Integrate Ets ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48344 (Cross-Site Request Forgery (CSRF) vulnerability in ed4becky
Rootsperso ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48342 (Cross-Site Request Forgery (CSRF) vulnerability in
RedefiningTheWeb Dy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48341 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48288 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48285 (Cross-Site Request Forgery (CSRF) vulnerability in sbouey
Falang multi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48284 (Cross-Site Request Forgery (CSRF) vulnerability in
shohei.tanaka Japan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48282 (Missing Authorization vulnerability in Majestic Support
Majestic Suppo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48280 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48278 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48277 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48276 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48272 (Missing Authorization vulnerability in wpjobportal WP Job
Portal allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48270 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48269 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48268 (Missing Authorization vulnerability in Guru Team Bot for
Telegram on W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48266 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48265 (Cross-Site Request Forgery (CSRF) vulnerability in Pektsekye
Year Make ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48264 (Cross-Site Request Forgery (CSRF) vulnerability in artiosmedia
Product ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48263 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48262 (Missing Authorization vulnerability in Michael Revellin-Clerc
Url Rewr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48260 (Missing Authorization vulnerability in Ninja Team GDPR CCPA
Compliance ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48259 (Cross-Site Request Forgery (CSRF) vulnerability in Juan Carlos
WP Mapa ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48258 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48257 (Missing Authorization vulnerability in Projectopia Projectopia
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48256 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48255 (Cross-Site Request Forgery (CSRF) vulnerability in
videowhisper Broadc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48254 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48253 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48252 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48251 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48250 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48249 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48248 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48247 (Missing Authorization vulnerability in Blair Williams
Shortlinks by Pr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48246 (Missing Authorization vulnerability in The Events Calendar The
Events ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48244 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48243 (Cross-Site Request Forgery (CSRF) vulnerability in Bill
Minozzi reCAPT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48242 (Missing Authorization vulnerability in wpWax Legal Pages
allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48240 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48239 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48238 (Cross-Site Request Forgery (CSRF) vulnerability in awcode
AWcode Toolk ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48237 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48236 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48235 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48234 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48233 (Cross-Site Request Forgery (CSRF) vulnerability in affmngr
Affiliates ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48232 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47949 (samlify is a Node.js library for SAML single sign-on. A
Signature Wrap ...)
TODO: check
CVE-2025-47946 (Symfony UX is an initiative and set of libraries to integrate
JavaScri ...)
@@ -153,11 +153,11 @@ CVE-2025-47934 (OpenPGP.js is a JavaScript implementation
of the OpenPGP protoco
CVE-2025-47583 (Unauthenticated Cross Site Request Forgery (CSRF) in Salon
booking sys ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47582 (Deserialization of Untrusted Data vulnerability in
QuantumCloud WPBot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47581 (Deserialization of Untrusted Data vulnerability in Elbisnero
WordPress ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47577 (Unrestricted Upload of File with Dangerous Type vulnerability
in Templ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47576 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47284 (Gardener implements the automated management and operation of
Kubernet ...)
@@ -183,11 +183,11 @@ CVE-2025-43840 (Cross-Site Request Forgery (CSRF)
vulnerability in Ref CheckBot
CVE-2025-43839 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-43838 (Missing Authorization vulnerability in ChoPlugins Custom PC
Builder Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-43837 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-43836 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-43835 (Cross-Site Request Forgery (CSRF) vulnerability in ktsvetkov
allows Cr ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-43834 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -199,7 +199,7 @@ CVE-2025-43832 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-43714 (The ChatGPT system through 2025-03-30 performs inline
rendering of SVG ...)
TODO: check
CVE-2025-41429 (a-blog cms multiple versions neutralize logs improperly. If
this vulne ...)
- TODO: check
+ NOT-FOR-US: a-blog cms
CVE-2025-3908 (The configuration initialization tool in OpenVPN 3 Linux v20
through v ...)
TODO: check
CVE-2025-39460 (Missing Authorization vulnerability in ThimPress Eduma allows
Exploiti ...)
@@ -211,19 +211,19 @@ CVE-2025-39458 (Improper Control of Filename for
Include/Require Statement in PH
CVE-2025-39454 (Missing Authorization vulnerability in Jeroen Peters Name
Directory.Th ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39451 (Missing Authorization vulnerability in Crocoblock JetBlocks
For Elemen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39450 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39449 (Missing Authorization vulnerability in Crocoblock
JetWooBuilder allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39448 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39447 (Missing Authorization vulnerability in Crocoblock JetElements
For Elem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39446 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39445 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39412 (Missing Authorization vulnerability in Averta Master
Slider.This issue ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39411 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -257,7 +257,7 @@ CVE-2025-39393 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-39392 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39389 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39388 (Missing Authorization vulnerability in Solid Plugins
AnalyticsWP allow ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39386 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -309,9 +309,9 @@ CVE-2025-39349 (Deserialization of Untrusted Data
vulnerability in Potenzaglobal
CVE-2025-39348 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Grand Re ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-36560 (Server-side request forgery vulnerability exists in a-blog cms
multipl ...)
- TODO: check
+ NOT-FOR-US: a-blog cms
CVE-2025-32999 (Cross-site scripting vulnerability exists in a-blog cms
versions prior ...)
- TODO: check
+ NOT-FOR-US: a-blog cms
CVE-2025-32928 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Altair a ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32927 (Deserialization of Untrusted Data vulnerability in Chimpstudio
FoodBak ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/829f54071c47fb0ff14206a2d37ec0398f5c9f49
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/829f54071c47fb0ff14206a2d37ec0398f5c9f49
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
