Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b41c94c8 by Salvatore Bonaccorso at 2025-06-06T22:27:12+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -259,7 +259,7 @@ CVE-2025-49068 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-49067 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49011 (SpiceDB is an open source database for storing and querying
fine-grain ...)
- TODO: check
+ NOT-FOR-US: SpiceDB
CVE-2025-48784 (A missing authorization vulnerability in Soar Cloud HRD Human
Resource ...)
NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48783 (An external control of file name or path vulnerability in the
delete f ...)
@@ -285,23 +285,23 @@ CVE-2025-47586 (Improper Control of Filename for
Include/Require Statement in PH
CVE-2025-47584 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Photogra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-41646 (An unauthorized remote attacker can bypass the authentication
of the a ...)
- TODO: check
+ NOT-FOR-US: Kunbus
CVE-2025-41367 (Stored Cross-Site Scripting (XSS) vulnerability in IDF
v0.10.0-0C03-03 ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41366 (In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a
configuration error ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41365 (Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF
v0.10.0-0C ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41364 (Stored Cross-Site Scripting (XSS) vulnerability in IDF
v0.10.0-0C03-03 ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41363 (In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a
configuration error ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41362 (Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF
v0.10.0-0C ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41361 (Uncontrolled resource consumption vulnerability in IDF
v0.10.0-0C03-03 ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41360 (Uncontrolled resource consumption vulnerability in IDF
v0.10.0-0C03-03 ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-3485 (Allegra extractFileFromZip Directory Traversal Remote Code
Execution V ...)
TODO: check
CVE-2025-3365 (A missing protection against path traversal allows to access
any file ...)
@@ -311,117 +311,117 @@ CVE-2025-3322 (An improper neutralization of inputs
used in expression language
CVE-2025-3321 (A predefined administrative account is not documented and
cannot be de ...)
TODO: check
CVE-2025-39358 (Deserialization of Untrusted Data vulnerability in
Teastudio.Pl WP Pos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-33035 (A path traversal vulnerability has been reported to affect
File Statio ...)
NOT-FOR-US: QNAP
CVE-2025-33031 (An improper certificate validation vulnerability has been
reported to ...)
NOT-FOR-US: QNAP
CVE-2025-31025 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31000 (Missing Authorization vulnerability in Miguel Fuentes Payment
QR WooCo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30999 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30997 (Server-Side Request Forgery (SSRF) vulnerability in
SmartDataSoft Car ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30995 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes
Widgetize ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30994 (Cross-Site Request Forgery (CSRF) vulnerability in Emraan
Cheema CubeW ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30991 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30990 (Missing Authorization vulnerability in ThemeHunk ThemeHunk
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30989 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30986 (Cross-Site Request Forgery (CSRF) vulnerability in
_CreativeMedia_ Eli ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30981 (Cross-Site Request Forgery (CSRF) vulnerability in tggfref
WP-Recall a ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30980 (Cross-Site Request Forgery (CSRF) vulnerability in Alessandro
Piconi S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30978 (Missing Authorization vulnerability in Dor Zuberi Slack
Notifications ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30977 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30976 (Server-Side Request Forgery (SSRF) vulnerability in wpdive
Nexa Blocks ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30974 (Missing Authorization vulnerability in Akhtarujjaman Shuvo
Post Grid M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30968 (Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313
Advanced ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30958 (Missing Authorization vulnerability in onOffice GmbH onOffice
for WP-W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30957 (Missing Authorization vulnerability in BuddyDev Activity Plus
Reloaded ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30956 (Cross-Site Request Forgery (CSRF) vulnerability in Booqable
Rental Sof ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30954 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30953 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30952 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30951 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30950 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30948 (Cross-Site Request Forgery (CSRF) vulnerability in Giraphix
Creative L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30946 (Cross-Site Request Forgery (CSRF) vulnerability in Michael
Cannon Cust ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30945 (Missing Authorization vulnerability in taskbuilder Taskbuilder
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30942 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30941 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30940 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30939 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30938 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30937 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30935 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30934 (Missing Authorization vulnerability in OLIVESYSTEM
\u8a3a\u65ad\u30b8\ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30932 (Missing Authorization vulnerability in WP Compress WP Compress
for Mai ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30931 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30930 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30928 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30927 (Missing Authorization vulnerability in Wordapp Team Wordapp
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30638 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30637 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30636 (Missing Authorization vulnerability in Ability, Inc
Accessibility Suit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30634 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30632 (Cross-Site Request Forgery (CSRF) vulnerability in pozzad
Global Trans ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30630 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30629 (Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli
Bitly UR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30627 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30625 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30624 (Missing Authorization vulnerability in WordLift WordLift
allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30279 (An improper certificate validation vulnerability has been
reported to ...)
NOT-FOR-US: QNAP
CVE-2025-2766 (70mai A510 Use of Default Password Authentication Bypass
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: 70mai A510
CVE-2025-29892 (An SQL injection vulnerability has been reported to affect
Qsync Centr ...)
NOT-FOR-US: QNAP
CVE-2025-29885 (An improper certificate validation vulnerability has been
reported to ...)
@@ -441,33 +441,33 @@ CVE-2025-29872 (An allocation of resources without limits
or throttling vulnerab
CVE-2025-29871 (An out-of-bounds read vulnerability has been reported to
affect File S ...)
NOT-FOR-US: QNAP
CVE-2025-29013 (Missing Authorization vulnerability in faaiq Custom
Category/Post Type ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29011 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29010 (Missing Authorization vulnerability in eleopard Behance
Portfolio Mana ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29008 (Server-Side Request Forgery (SSRF) vulnerability in ShawonPro
SocialMa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29006 (Missing Authorization vulnerability in centangle Direct
Checkout for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29005 (Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR
Managem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29003 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28997 (Missing Authorization vulnerability in EXEIdeas International
WP AutoK ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28996 (Missing Authorization vulnerability in Thad Allender GPP
Slideshow all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28995 (Missing Authorization vulnerability in viralloops Viral Loops
WP Integ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28994 (Missing Authorization vulnerability in viralloops Viral Loops
WP Integ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28989 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28986 (Cross-Site Request Forgery (CSRF) vulnerability in
Webaholicson Epicwi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-28985 (Missing Authorization vulnerability in Elastic Email Elastic
Email Sub ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28984 (Cross-Site Request Forgery (CSRF) vulnerability in storepro
Subscripti ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-28981 (Cross-Site Request Forgery (CSRF) vulnerability in Soli WP
Mail Option ...)
@@ -483,35 +483,35 @@ CVE-2025-28958 (Cross-Site Request Forgery (CSRF)
vulnerability in Vadim Bogaisk
CVE-2025-28954 (Cross-Site Request Forgery (CSRF) vulnerability in wphobby
Backwp allo ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-28952 (Cross-Site Request Forgery (CSRF) vulnerability in Jonathan
Lau CubePo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28950 (Cross-Site Request Forgery (CSRF) vulnerability in David
Shabtai Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28948 (Cross-Site Request Forgery (CSRF) vulnerability in codedraft
Mediabay ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-27360 (Cross-Site Request Forgery (CSRF) vulnerability in WP Corner
Quick Eve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27359 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP
Media Fil ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-27334 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26593 (Cross-Site Request Forgery (CSRF) vulnerability in
FasterThemes FastBo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26590 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24778 (Missing Authorization vulnerability in De paragon No Spam At
All allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24776 (Missing Authorization vulnerability in codelobster Responsive
Flipbook ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24772 (Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds
Pay with C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24763 (Missing Authorization vulnerability in Pascal Casier bbPress
API allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24762 (Missing Authorization vulnerability in facturaone TicketBAI
Facturas p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23971 (Missing Authorization vulnerability in whassan KI Live Video
Conferenc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23969 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22490 (A NULL pointer dereference vulnerability has been reported to
affect F ...)
NOT-FOR-US: QNAP
CVE-2025-22486 (An improper certificate validation vulnerability has been
reported to ...)
@@ -204511,23 +204511,23 @@ CVE-2023-26005
CVE-2023-26004
RESERVED
CVE-2023-26003 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26002 (Missing Authorization vulnerability in 6Storage 6Storage
Rentals allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26001 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26000 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25999
RESERVED
CVE-2023-25998
RESERVED
CVE-2023-25997 (Missing Authorization vulnerability in SolaPlugins Sola
Support Ticket ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25996
RESERVED
CVE-2023-25995 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25994 (Cross-Site Request Forgery (CSRF) vulnerability in Alex
Benfica Publis ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25993 (Missing Authorization vulnerability in WebberZone Top 10
allows Exploi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b41c94c8f66a053ec6afcad2cf8fb402740e0b92
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b41c94c8f66a053ec6afcad2cf8fb402740e0b92
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
