Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c0e3b21 by Salvatore Bonaccorso at 2025-08-27T05:44:27+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26,9 +26,9 @@ CVE-2025-6366 (The Event List plugin for WordPress is
vulnerable to privilege es
CVE-2025-6247 (The WordPress Automatic Plugin plugin for WordPress is
vulnerable to C ...)
NOT-FOR-US: WordPress plugin
CVE-2025-57818 (Firecrawl turns entire websites into LLM-ready markdown or
structured ...)
- TODO: check
+ NOT-FOR-US: Firecrawl
CVE-2025-57813 (traQ is a messenger application built for Digital Creators
Club traP. ...)
- TODO: check
+ NOT-FOR-US: traQ
CVE-2025-57810 (jsPDF is a library to generate PDFs in JavaScript. Prior to
3.0.2, use ...)
- jspdf <itp> (bug #998381)
CVE-2025-57803 (ImageMagick is free and open-source software used for editing
and mani ...)
@@ -41,7 +41,7 @@ CVE-2025-57425 (A Stored Cross-Site Scripting (XSS)
vulnerability in SourceCodes
CVE-2025-56432 (A cross-site scripting (XSS) vulnerability exists in Nagios XI
2024R2. ...)
NOT-FOR-US: Nagios XI
CVE-2025-55526 (n8n-workflows Main Commit ee25413 allows attackers to execute
a direct ...)
- TODO: check
+ NOT-FOR-US: n8n-workflows
CVE-2025-55443 (Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive
administrato ...)
NOT-FOR-US: Telpo MDM
CVE-2025-53813 (The configuration of Nozbe on macOS, specifically the
"RunAsNode" fuse ...)
@@ -57,7 +57,7 @@ CVE-2025-52218 (SelectZero Data Observability Platform before
2025.5.2 is vulner
CVE-2025-52217 (SelectZero Data Observability Platform before 2025.5.2 is
vulnerable t ...)
NOT-FOR-US: SelectZero
CVE-2025-52184 (Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows
a remote ...)
- TODO: check
+ NOT-FOR-US: Helpy
CVE-2025-52037 (A vulnerability has been found in NotesCMS and classified as
medium. A ...)
NOT-FOR-US: NotesCMS
CVE-2025-52036 (A vulnerability has been found in NotesCMS and classified as
medium. A ...)
@@ -111,7 +111,7 @@ CVE-2025-23307 (NVIDIA NeMo Curator for all platforms
contains a vulnerability w
CVE-2025-1994 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a
local ...)
NOT-FOR-US: IBM
CVE-2025-1501 (An access control vulnerability was discovered in the Request
Trace an ...)
- TODO: check
+ NOT-FOR-US: CMC
CVE-2025-1494 (IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a
remote att ...)
NOT-FOR-US: IBM
CVE-2024-47853 (An issue was discovered in Mahara 23.04.8 and 24.04.4.
Attackers may u ...)
@@ -194,7 +194,7 @@ CVE-2025-6188 (On affected platforms running Arista EOS,
maliciously formed UDP
CVE-2025-5931 (The Dokan Pro plugin for WordPress is vulnerable to privilege
escalati ...)
NOT-FOR-US: WordPress plugin
CVE-2025-57814 (request-filtering-agent is an http(s).Agent implementation
that blocks ...)
- TODO: check
+ NOT-FOR-US: request-filtering-agent
CVE-2025-57809 (XGrammar is an open-source library for efficient, flexible,
and portab ...)
NOT-FOR-US: XGrammar
CVE-2025-57805 (The Scratch Channel is a news website. In versions 1 and 1.1,
a POST r ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0e3b21acc6702f4868f4aad1351d8d663b43b5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0e3b21acc6702f4868f4aad1351d8d663b43b5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
