Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
615a2185 by security tracker role at 2025-05-31T08:12:26+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2025-5371 (A vulnerability, which was classified as critical, has been
found in S ...)
+ TODO: check
+CVE-2025-5370 (A vulnerability classified as critical was found in PHPGurukul
News Po ...)
+ TODO: check
+CVE-2025-5369 (A vulnerability classified as critical has been found in
SourceCodeste ...)
+ TODO: check
+CVE-2025-5368 (A vulnerability was found in PHPGurukul Daily Expense Tracker
System 1 ...)
+ TODO: check
+CVE-2025-5367 (A vulnerability was found in PHPGurukul Online Shopping Portal
Project ...)
+ TODO: check
+CVE-2025-5365 (A vulnerability was found in Campcodes Online Hospital
Management Syst ...)
+ TODO: check
+CVE-2025-5364 (A vulnerability was found in Campcodes Online Hospital
Management Syst ...)
+ TODO: check
+CVE-2025-5363 (A vulnerability has been found in Campcodes Online Hospital
Management ...)
+ TODO: check
+CVE-2025-5362 (A vulnerability, which was classified as critical, was found in
Campco ...)
+ TODO: check
+CVE-2025-5292 (The Element Pack Addons for Elementor \u2013 Best Elementor
addons wit ...)
+ TODO: check
+CVE-2025-5290 (The Borderless \u2013 Elementor Addons and Templates plugin for
WordPr ...)
+ TODO: check
+CVE-2025-5285 (The Product Subtitle for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-5016 (The Relevanssi \u2013 A Better Search plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2025-4672 (The Offsprout Page Builder plugin for WordPress is vulnerable
to Privi ...)
+ TODO: check
+CVE-2025-4631 (The Profitori plugin for WordPress is vulnerable to Privilege
Escalati ...)
+ TODO: check
+CVE-2025-4607 (The PSW Front-end Login & Registration plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-4595 (The FastSpring plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2025-4590 (The Daisycon prijsvergelijkers plugin for WordPress is
vulnerable to S ...)
+ TODO: check
+CVE-2025-4103 (The WP-GeoMeta plugin for WordPress is vulnerable to Privilege
Escalat ...)
+ TODO: check
+CVE-2025-3813 (The Royal Elementor Addons and Templates plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2018-25111 (django-helpdesk before 1.0.0 allows Sensitive Data Exposure
because of ...)
+ TODO: check
CVE-2025-5361 (A vulnerability, which was classified as critical, has been
found in C ...)
NOT-FOR-US: Campcodes
CVE-2025-5360 (A vulnerability classified as critical was found in Campcodes
Online H ...)
@@ -6097,7 +6139,8 @@ CVE-2025-4441 (A vulnerability was found in D-Link
DIR-605L 2.13B01. It has been
NOT-FOR-US: D-Link
CVE-2025-4440 (A vulnerability was found in H3C GR-1800AX up to 100R008 and
classifie ...)
NOT-FOR-US: H3C
-CVE-2025-4434 (The Remote Images Grabber plugin for WordPress is vulnerable to
Reflec ...)
+CVE-2025-4434
+ REJECTED
NOT-FOR-US: WordPress plugin
CVE-2025-4403 (The Drag and Drop Multiple File Upload for WooCommerce plugin
for Word ...)
NOT-FOR-US: WordPress plugin
@@ -23951,6 +23994,7 @@ CVE-2024-6986 (A Cross-site Scripting (XSS)
vulnerability exists in the Settings
CVE-2024-6982 (A remote code execution vulnerability exists in the Calculate
function ...)
NOT-FOR-US: parisneo/lollms
CVE-2024-6866 (corydolphin/flask-cors version 4.01 contains a vulnerability
where the ...)
+ {DLA-4197-1}
- python-flask-cors 6.0.0-1 (bug #1100988)
[bookworm] - python-flask-cors <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6
@@ -23963,6 +24007,7 @@ CVE-2024-6854 (In h2oai/h2o-3 version 3.46.0, the
endpoint for exporting models
CVE-2024-6851 (In version 3.22.0 of aimhubio/aim, the
LocalFileManager._cleanup funct ...)
NOT-FOR-US: aimhubio/aim
CVE-2024-6844 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows
for inc ...)
+ {DLA-4197-1}
- python-flask-cors 6.0.0-1 (bug #1100988)
[bookworm] - python-flask-cors <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0
@@ -23974,6 +24019,7 @@ CVE-2024-6842 (In version 1.5.5 of
mintplex-labs/anything-llm, the `/setup-compl
CVE-2024-6841 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the
latest ...)
NOT-FOR-US: Vanna-ai
CVE-2024-6839 (corydolphin/flask-cors version 4.0.1 contains an improper regex
path m ...)
+ {DLA-4197-1}
- python-flask-cors 6.0.0-1 (bug #1100988)
[bookworm] - python-flask-cors <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4
@@ -121888,6 +121934,7 @@ CVE-2024-21872 (The device allows an unauthenticated
attacker to bypass authenti
CVE-2024-21846 (An unauthenticated attacker can reset the board and stop
transmitter ...)
NOT-FOR-US: Electrolink
CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the
log lev ...)
+ {DLA-4197-1}
- python-flask-cors 4.0.1-1 (bug #1069764)
[bookworm] - python-flask-cors <no-dsa> (Minor issue)
[buster] - python-flask-cors <postponed> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/615a218580340b6cc2e0ffb0609253b39809343c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/615a218580340b6cc2e0ffb0609253b39809343c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
