Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f7b4528e by Salvatore Bonaccorso at 2025-08-14T23:28:37+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-9043 (The service executable path in Seagate Toolkit on Versions
prior to 2. ...)
- TODO: check
+ NOT-FOR-US: Seagate
CVE-2025-9042 (A security issue exists due to improper handling of CIP Class
32\u2019 ...)
NOT-FOR-US: Rockwell Automation
CVE-2025-9041 (A security issue exists due to improper handling of CIP Class
32\u2019 ...)
@@ -17,11 +17,11 @@ CVE-2025-8979 (A vulnerability was identified in Tenda AC15
15.13.07.13. Affecte
CVE-2025-8978 (A vulnerability was determined in D-Link DIR-619L 6.02CN02.
Affected i ...)
NOT-FOR-US: D-Link
CVE-2025-8976 (A vulnerability has been found in givanz Vvveb up to 1.0.5.
This vulne ...)
- TODO: check
+ NOT-FOR-US: givanz Vvveb
CVE-2025-8975 (A vulnerability was identified in givanz Vvveb up to 1.0.5.
This affec ...)
- TODO: check
+ NOT-FOR-US: givanz Vvveb
CVE-2025-8974 (A vulnerability was determined in linlinjava litemall up to
1.8.0. Aff ...)
- TODO: check
+ NOT-FOR-US: linlinjava litemall
CVE-2025-8973 (A vulnerability has been found in SourceCodester Cashier
Queuing Syste ...)
NOT-FOR-US: SourceCodester
CVE-2025-8972 (A vulnerability was identified in itsourcecode Online Tour and
Travel ...)
@@ -39,11 +39,11 @@ CVE-2025-8967 (A vulnerability was determined in
itsourcecode Online Tour and Tr
CVE-2025-8966 (A vulnerability was found in itsourcecode Online Tour and
Travel Manag ...)
NOT-FOR-US: itsourcecode System
CVE-2025-8965 (A vulnerability has been found in linlinjava litemall up to
1.8.0. Thi ...)
- TODO: check
+ NOT-FOR-US: linlinjava litemall
CVE-2025-8964 (A vulnerability was identified in code-projects Hostel
Management Syst ...)
NOT-FOR-US: code-projects
CVE-2025-8963 (A vulnerability was determined in jeecgboot JimuReport up to
2.1.1. Af ...)
- TODO: check
+ NOT-FOR-US: jeecgboot JimuReport
CVE-2025-8962 (A vulnerability was found in code-projects Hostel Management
System 1. ...)
NOT-FOR-US: code-projects
CVE-2025-8961 (A vulnerability was identified in LibTIFF 4.7.0. This issue
affects th ...)
@@ -67,11 +67,11 @@ CVE-2025-8952 (A vulnerability was found in Campcodes
Online Flight Booking Mana
CVE-2025-8951 (A vulnerability has been found in PHPGurukul Teachers Record
Managemen ...)
NOT-FOR-US: PHPGurukul
CVE-2025-8943 (The Custom MCPs feature is designed to execute OS commands, for
instan ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-8876 (Improper Input Validation vulnerability in N-able N-central
allows OS ...)
- TODO: check
+ NOT-FOR-US: N-able N-central
CVE-2025-8875 (Deserialization of Untrusted Data vulnerability in N-able
N-central al ...)
- TODO: check
+ NOT-FOR-US: N-able N-central
CVE-2025-8047 (The disable-right-click-powered-by-pixterme through v1.2 and
pixter-im ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7973 (A security issue exists in FactoryTalk ViewPoint version 14.0
or below ...)
@@ -85,7 +85,7 @@ CVE-2025-7774 (A security issue exists within the 5032 16pt
Digital Configurable
CVE-2025-7773 (A security issue exists within the 5032 16pt Digital
Configurable modu ...)
NOT-FOR-US: Rockwell Automation
CVE-2025-7761 (Lepszy BIP is vulnerable to Reflected Cross-Site Scripting
(XSS). Impr ...)
- TODO: check
+ NOT-FOR-US: Lepszy BIP
CVE-2025-7353 (A security issue exists due to the web-based debugger agent
enabled on ...)
NOT-FOR-US: Rockwell Automation
CVE-2025-5998 (The PPWP \u2013 Password Protect Pages WordPress plugin before
version ...)
@@ -115,13 +115,13 @@ CVE-2025-55673 (When a guest user accesses a chart in
Apache Superset, the API r
CVE-2025-55672 (A stored Cross-Site Scripting (XSS) vulnerability exists in
Apache Sup ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-55346 (User-controlled input flows to an unsafe implementation of a
dynamic F ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-55195 (@std/toml is the Deno Standard Library. Prior to version
1.0.9, an att ...)
TODO: check
CVE-2025-55192 (HomeAssistant-Tapo-Control offers Control for Tapo cameras as
a Home A ...)
- TODO: check
+ NOT-FOR-US: HomeAssistant-Tapo-Control
CVE-2025-54867 (Youki is a container runtime written in Rust. Prior to version
0.5.5, ...)
- TODO: check
+ NOT-FOR-US: Youki
CVE-2025-54749 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-54747 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -233,7 +233,7 @@ CVE-2025-54667 (Time-of-check Time-of-use (TOCTOU) Race
Condition vulnerability
CVE-2025-54054 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53631 (flaskBlog is a blog app built with Flask. In versions 2.8.1
and prior, ...)
- TODO: check
+ NOT-FOR-US: flaskBlog
CVE-2025-53587 (Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme
Findgo al ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53582 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -263,17 +263,17 @@ CVE-2025-53219 (Cross-Site Request Forgery (CSRF)
vulnerability in pl4g4 WP-Data
CVE-2025-52823 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52820 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52806 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52801 (Missing Authorization vulnerability in VonStroheim TheBooking
allows A ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52800 (Missing Authorization vulnerability in Unity Business
Technology Pty L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52797 (Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar
StoryMa ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52788 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52785 (Missing Authorization vulnerability in softnwords SMM API
allows Explo ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52775 (Missing Authorization vulnerability in Ronik@UnlimitedWP
Project Cost ...)
@@ -299,45 +299,45 @@ CVE-2025-52721 (Missing Authorization vulnerability in
LCweb Global Gallery allo
CVE-2025-52720 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52716 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52712 (Path Traversal vulnerability in BoldGrid Post and Page Builder
by Bold ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-52335 (EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in
index.php, ...)
- TODO: check
+ NOT-FOR-US: EyouCMS
CVE-2025-51986 (An issue was discovered in the demo/LINUXTCP implementation of
cwalter ...)
- TODO: check
+ NOT-FOR-US: cwalter-at freemodbus
CVE-2025-51965 (OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS)
via the ...)
- TODO: check
+ NOT-FOR-US: OURPHP
CVE-2025-50862 (The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8
has all ...)
- TODO: check
+ NOT-FOR-US: Lotus Cars Android app (com.lotus.carsdomestic.intl)
CVE-2025-50861 (The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8
contain ...)
- TODO: check
+ NOT-FOR-US: Lotus Cars Android app (com.lotus.carsdomestic.intl)
CVE-2025-50817 (A vulnerability in the Python-Future 1.0.0 module allows for
arbitrary ...)
TODO: check
CVE-2025-50518 (A use-after-free vulnerability exists in the
coap_delete_pdu_lkd funct ...)
TODO: check
CVE-2025-50515 (An issue was discovered in phome Empirebak 2010 in
ebak2008/upload/cla ...)
- TODO: check
+ NOT-FOR-US: phome Empirebak 2010
CVE-2025-50040 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-50031 (Missing Authorization vulnerability in syedamirhussain91 DB
Backup all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-50029 (Missing Authorization vulnerability in Ashish AI Tools allows
Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49887 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49869 (Deserialization of Untrusted Data vulnerability in Arraytics
Eventin a ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49437 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49433 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49271 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49267 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49264 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49065 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49064 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -377,7 +377,7 @@ CVE-2025-49037 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-49036 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49033 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48862 (Ambiguous wording in the web interface of the ctrlX OS setup
mechanism ...)
NOT-FOR-US: Bosch
CVE-2025-48861 (A vulnerability in the Task API endpoint of the ctrlX OS setup
mechani ...)
@@ -385,23 +385,23 @@ CVE-2025-48861 (A vulnerability in the Task API endpoint
of the ctrlX OS setup m
CVE-2025-48860 (A vulnerability in the web application of the ctrlX OS setup
mechanism ...)
NOT-FOR-US: Bosch
CVE-2025-48332 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48293 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47689 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47610 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47536 (Deserialization of Untrusted Data vulnerability in keywordrush
Content ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-43984 (An issue was discovered on KuWFi GC111 devices (Hardware
Version: CPE- ...)
- TODO: check
+ NOT-FOR-US: KuWFi GC111 devices
CVE-2025-43983 (KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple
unauthentic ...)
- TODO: check
+ NOT-FOR-US: KuWFi devices
CVE-2025-40758 (A vulnerability has been identified in Mendix SAML (Mendix
10.12 compa ...)
NOT-FOR-US: Siemens
CVE-2025-3703 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39510 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39483 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
@@ -427,43 +427,43 @@ CVE-2025-31425 (Missing Authorization vulnerability in
kamleshyadav WP Lead Capt
CVE-2025-31007 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30998 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30993 (Missing Authorization vulnerability in VillaTheme Thank You
Page Custo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30639 (Missing Authorization vulnerability in ThemeAtelier IDonatePro
allows ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30635 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30626 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29014 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28999 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28987 (Server-Side Request Forgery (SSRF) vulnerability in
PressForward Press ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28979 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28975 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28962 (Missing Authorization vulnerability in stefanoai Advanced
Google Unive ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-27847 (In ESPEC North America Web Controller 3 before 3.3.8,
/api/v4/auth/ us ...)
- TODO: check
+ NOT-FOR-US: ESPEC North America Web Controller
CVE-2025-27846 (In ESPEC North America Web Controller 3 before 3.3.8, an
attacker with ...)
- TODO: check
+ NOT-FOR-US: ESPEC North America Web Controller
CVE-2025-27845 (In ESPEC North America Web Controller 3 before 3.3.4,
/api/v4/auth/ wi ...)
- TODO: check
+ NOT-FOR-US: ESPEC North America Web Controller
CVE-2025-26484 (Dell CloudLink, versions 8.0 through 8.1.1, contains an
Improper Restr ...)
NOT-FOR-US: Dell / EMC
CVE-2025-25174 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-25172 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24775 (Unrestricted Upload of File with Dangerous Type vulnerability
in Made ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24766 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-21110 (Dell Data Lakehouse, versions prior to 1.5.0.0, contains an
Execution ...)
NOT-FOR-US: Dell / EMC
CVE-2025-20306 (A vulnerability in the web-based management interface of Cisco
Secure ...)
@@ -645,7 +645,7 @@ CVE-2025-3414 (The Structured Content (JSON-LD) #wpsc
WordPress plugin before 1.
CVE-2025-34154 (UnForm Server Manager versions prior to 10.1.12 expose an
unauthentica ...)
NOT-FOR-US: UnForm Server Manager
CVE-2025-27388 (Loading arbitrary external URLs through WebView components
introduces ...)
- TODO: check
+ NOT-FOR-US: Oppo
CVE-2025-0309 (An insufficient validation on the server connection endpoint in
Netsko ...)
NOT-FOR-US: Netskope
CVE-2024-7402 (Netskope has identified a potential gap in its agent (Netskope
Client) ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b4528ee740f03953aaee54304e469cd1feb8c1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7b4528ee740f03953aaee54304e469cd1feb8c1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
