Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
206707dd by security tracker role at 2025-09-09T20:12:58+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,517 @@
+CVE-2025-9994 (The Amp\u2019ed RF BT-AP 111 Bluetooth access point's HTTP
admin inter ...)
+ TODO: check
+CVE-2025-9951 (A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which
allows ...)
+ TODO: check
+CVE-2025-9872 (Insufficient filename validation in Ivanti Endpoint Manager
before 202 ...)
+ TODO: check
+CVE-2025-9712 (Insufficient filename validation in Ivanti Endpoint Manager
before 202 ...)
+ TODO: check
+CVE-2025-9364 (An open database issue exists in the affected product and
version. The ...)
+ TODO: check
+CVE-2025-9269 (A Server-Side Request Forgery (SSRF) vulnerability has been
identified ...)
+ TODO: check
+CVE-2025-9166 (A denial-of-service security issue exists in the affected
product and ...)
+ TODO: check
+CVE-2025-9161 (A security issue exists within FactoryTalk Optix MQTT broker
due to th ...)
+ TODO: check
+CVE-2025-9160 (A code execution security issue exists in the affected product.
An att ...)
+ TODO: check
+CVE-2025-9065 (A server-side request forgery security issue exists within
Rockwell Au ...)
+ TODO: check
+CVE-2025-8712 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
+ TODO: check
+CVE-2025-8711 (CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti
Policy ...)
+ TODO: check
+CVE-2025-8277 (A flaw was found in libssh's handling of key exchange (KEX)
processes ...)
+ TODO: check
+CVE-2025-8008 (A security issue exists in the protected mode of EN4TR devices,
where ...)
+ TODO: check
+CVE-2025-8007 (A security issue exists in the protected mode of 1756-EN4TR and
1756-E ...)
+ TODO: check
+CVE-2025-7970 (A security issue exists within FactoryTalk Activation Manager.
An err ...)
+ TODO: check
+CVE-2025-7635 (Unauthenticated Telnet access vulnerability in Calix GigaCenter
ONT al ...)
+ TODO: check
+CVE-2025-7350 (A security issue affecting multiple Cisco devices also directly
impact ...)
+ TODO: check
+CVE-2025-5500 (A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on
Android. ...)
+ TODO: check
+CVE-2025-5005 (A vulnerability was detected in Shanghai Lingdang Information
Technolo ...)
+ TODO: check
+CVE-2025-59019 (Missing authorization checks in the CSV download feature of
TYPO3 CMS ...)
+ TODO: check
+CVE-2025-59018 (Missing authorization checks in the Workspace Module of TYPO3
CMS vers ...)
+ TODO: check
+CVE-2025-59017 (Missing authorization checks in the Backend Routing of TYPO3
CMS versi ...)
+ TODO: check
+CVE-2025-59016 (Error messages containing sensitive information in the File
Abstractio ...)
+ TODO: check
+CVE-2025-59015 (A deterministic three\u2011character prefix in the Password
Generation ...)
+ TODO: check
+CVE-2025-59014 (An uncaught exception in the Bookmark Toolbar of TYPO3 CMS
versions 11 ...)
+ TODO: check
+CVE-2025-59013 (An open\u2011redirect vulnerability in
GeneralUtility::sanitizeLocalUr ...)
+ TODO: check
+CVE-2025-59008 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-59005 (Missing Authorization vulnerability in frenify Categorify
allows Explo ...)
+ TODO: check
+CVE-2025-58997 (Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow
allows ...)
+ TODO: check
+CVE-2025-58993 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-58991 (Cross-Site Request Forgery (CSRF) vulnerability in Cristiano
Zanca Woo ...)
+ TODO: check
+CVE-2025-58990 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58989 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58988 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58987 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58985 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58984 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58983 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58982 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58981 (Missing Authorization vulnerability in Equalize Digital
Accessibility ...)
+ TODO: check
+CVE-2025-58980 (Missing Authorization vulnerability in recorp Export WP Page
to Static ...)
+ TODO: check
+CVE-2025-58979 (Missing Authorization vulnerability in BerqWP BerqWP allows
Exploiting ...)
+ TODO: check
+CVE-2025-58978 (Missing Authorization vulnerability in WP Swings PDF Generator
for Wor ...)
+ TODO: check
+CVE-2025-58977 (Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne
WP eBay ...)
+ TODO: check
+CVE-2025-58976 (Missing Authorization vulnerability in Equalize Digital
Accessibility ...)
+ TODO: check
+CVE-2025-58975 (Cross-Site Request Forgery (CSRF) vulnerability in Helmut
Wandl Advanc ...)
+ TODO: check
+CVE-2025-58762 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
+ TODO: check
+CVE-2025-58761 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
+ TODO: check
+CVE-2025-58760 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
+ TODO: check
+CVE-2025-58759 (TinyEnv is an environment variable loader for PHP
applications. In ver ...)
+ TODO: check
+CVE-2025-58758 (TinyEnv is an environment variable loader for PHP
applications. In ver ...)
+ TODO: check
+CVE-2025-58753 (Copyparty is a portable file server. In versions prior to
1.19.8, ther ...)
+ TODO: check
+CVE-2025-58442 (Saleor is an e-commerce platform. Starting in version 3.21.0
and prior ...)
+ TODO: check
+CVE-2025-58435 (Open OnDemand is an open-source HPC portal. Prior to versions
3.1.15 a ...)
+ TODO: check
+CVE-2025-58430 (listmonk is a standalone, self-hosted, newsletter and mailing
list man ...)
+ TODO: check
+CVE-2025-58215 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58180 (OctoPrint provides a web interface for controlling consumer 3D
printer ...)
+ TODO: check
+CVE-2025-58063 (CoreDNS is a DNS server that chains plugins. Starting in
version 1.2.0 ...)
+ TODO: check
+CVE-2025-57665 (Element Plus Link component (el-link) through 2.10.6
implements insuff ...)
+ TODO: check
+CVE-2025-57540 (A stored cross-site scripting (XSS) vulnerability exists in
the WebAut ...)
+ TODO: check
+CVE-2025-57539 (A stored cross-site scripting (XSS) vulnerability in the U2F
Origin fi ...)
+ TODO: check
+CVE-2025-57538 (A stored cross-site scripting (XSS) vulnerability in the HTTP
Proxy fi ...)
+ TODO: check
+CVE-2025-57278 (The LB-Link BL-CPE300M AX300 4G LTE Router firmware version
BL-R8800_B ...)
+ TODO: check
+CVE-2025-57087 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a
stack overfl ...)
+ TODO: check
+CVE-2025-57086 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a
stack overfl ...)
+ TODO: check
+CVE-2025-57085 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a
stack overfl ...)
+ TODO: check
+CVE-2025-57078 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-57072 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-57071 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-57070 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-57069 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-57064 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-57063 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-57062 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-57061 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple
stack o ...)
+ TODO: check
+CVE-2025-57060 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-57059 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-57058 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple
stack o ...)
+ TODO: check
+CVE-2025-57057 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
+ TODO: check
+CVE-2025-55730 (XWiki Remote Macros provides XWiki rendering macros that are
useful wh ...)
+ TODO: check
+CVE-2025-55729 (XWiki Remote Macros provides XWiki rendering macros that are
useful wh ...)
+ TODO: check
+CVE-2025-55728 (XWiki Remote Macros provides XWiki rendering macros that are
useful wh ...)
+ TODO: check
+CVE-2025-55727 (XWiki Remote Macros provides XWiki rendering macros that are
useful wh ...)
+ TODO: check
+CVE-2025-55317 (Improper link resolution before file access ('link following')
in Micr ...)
+ TODO: check
+CVE-2025-55316 (External control of file name or path in Azure Arc allows an
authorize ...)
+ TODO: check
+CVE-2025-55245 (Improper link resolution before file access ('link following')
in Xbox ...)
+ TODO: check
+CVE-2025-55243 (Exposure of sensitive information to an unauthorized actor in
Microsof ...)
+ TODO: check
+CVE-2025-55236 (Time-of-check time-of-use (toctou) race condition in Graphics
Kernel a ...)
+ TODO: check
+CVE-2025-55234 (SMB Server might be susceptible to relay attacks depending on
the conf ...)
+ TODO: check
+CVE-2025-55232 (Deserialization of untrusted data in Microsoft High
Performance Comput ...)
+ TODO: check
+CVE-2025-55228 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-55227 (Improper neutralization of special elements used in a command
('comman ...)
+ TODO: check
+CVE-2025-55226 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-55225 (Out-of-bounds read in Windows Routing and Remote Access
Service (RRAS) ...)
+ TODO: check
+CVE-2025-55224 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-55223 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-55148 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
+ TODO: check
+CVE-2025-55147 (CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2,
Ivanti Policy ...)
+ TODO: check
+CVE-2025-55146 (An unchecked return value in Ivanti Connect Secure before
22.7R2.9 or ...)
+ TODO: check
+CVE-2025-55145 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
+ TODO: check
+CVE-2025-55144 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
+ TODO: check
+CVE-2025-55143 (Reflected text injection in Ivanti Connect Secure before
22.7R2.9 or 2 ...)
+ TODO: check
+CVE-2025-55142 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
+ TODO: check
+CVE-2025-55141 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
+ TODO: check
+CVE-2025-55139 (SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2,
Ivanti Policy ...)
+ TODO: check
+CVE-2025-55054 (CWE-79 Improper Neutralization of Input During Web Page
Generation (XS ...)
+ TODO: check
+CVE-2025-55053 (CWE-328: Use of Weak Hash)
+ TODO: check
+CVE-2025-55052 (CWE-200 Exposure of Sensitive Information to an Unauthorized
Actor)
+ TODO: check
+CVE-2025-55051 (CWE-1392: Use of Default Credentials)
+ TODO: check
+CVE-2025-55050 (CWE-1242: Inclusion of Undocumented Features)
+ TODO: check
+CVE-2025-55049 (Use of Default Cryptographic Key (CWE-1394))
+ TODO: check
+CVE-2025-55048 (Multiple CWE-78)
+ TODO: check
+CVE-2025-55047 (CWE-798 Use of Hard-coded Credentials)
+ TODO: check
+CVE-2025-54919 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-54918 (Improper authentication in Windows NTLM allows an authorized
attacker ...)
+ TODO: check
+CVE-2025-54917 (Protection mechanism failure in Windows MapUrlToZone allows an
unautho ...)
+ TODO: check
+CVE-2025-54916 (Stack-based buffer overflow in Windows NTFS allows an
authorized attac ...)
+ TODO: check
+CVE-2025-54915 (Access of resource using incompatible type ('type confusion')
in Windo ...)
+ TODO: check
+CVE-2025-54913 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-54912 (Use after free in Windows BitLocker allows an authorized
attacker to e ...)
+ TODO: check
+CVE-2025-54911 (Use after free in Windows BitLocker allows an authorized
attacker to e ...)
+ TODO: check
+CVE-2025-54910 (Heap-based buffer overflow in Microsoft Office allows an
unauthorized ...)
+ TODO: check
+CVE-2025-54908 (Use after free in Microsoft Office PowerPoint allows an
unauthorized a ...)
+ TODO: check
+CVE-2025-54907 (Heap-based buffer overflow in Microsoft Office Visio allows an
unautho ...)
+ TODO: check
+CVE-2025-54906 (Free of memory not on the heap in Microsoft Office allows an
unauthori ...)
+ TODO: check
+CVE-2025-54905 (Untrusted pointer dereference in Microsoft Office Word allows
an unaut ...)
+ TODO: check
+CVE-2025-54904 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-54903 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-54902 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
+ TODO: check
+CVE-2025-54901 (Buffer over-read in Microsoft Office Excel allows an
unauthorized atta ...)
+ TODO: check
+CVE-2025-54900 (Heap-based buffer overflow in Microsoft Office Excel allows an
unautho ...)
+ TODO: check
+CVE-2025-54899 (Free of memory not on the heap in Microsoft Office Excel
allows an una ...)
+ TODO: check
+CVE-2025-54898 (Out-of-bounds read in Microsoft Office Excel allows an
unauthorized at ...)
+ TODO: check
+CVE-2025-54897 (Deserialization of untrusted data in Microsoft Office
SharePoint allow ...)
+ TODO: check
+CVE-2025-54896 (Use after free in Microsoft Office Excel allows an
unauthorized attack ...)
+ TODO: check
+CVE-2025-54895 (Integer overflow or wraparound in Windows SPNEGO Extended
Negotiation ...)
+ TODO: check
+CVE-2025-54894 (Local Security Authority Subsystem Service Elevation of
Privilege Vuln ...)
+ TODO: check
+CVE-2025-54709 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-54261 (ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are
affected ...)
+ TODO: check
+CVE-2025-54257 (Acrobat Reader versions 24.001.30254, 20.005.30774,
25.001.20672 and e ...)
+ TODO: check
+CVE-2025-54256 (Dreamweaver Desktop versions 21.5 and earlier are affected by
a Cross- ...)
+ TODO: check
+CVE-2025-54255 (Acrobat Reader versions 24.001.30254, 20.005.30774,
25.001.20672 and e ...)
+ TODO: check
+CVE-2025-54252 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-54251 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-54250 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-54249 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-54248 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-54247 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-54246 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
+ TODO: check
+CVE-2025-54242 (Premiere Pro versions 25.3, 24.6.5 and earlier are affected by
a Use A ...)
+ TODO: check
+CVE-2025-54236 (Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7,
2.4.6-p12, 2 ...)
+ TODO: check
+CVE-2025-54116 (Improper access control in Windows MultiPoint Services allows
an autho ...)
+ TODO: check
+CVE-2025-54115 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-54114 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-54113 (Heap-based buffer overflow in Windows Routing and Remote
Access Servic ...)
+ TODO: check
+CVE-2025-54112 (Use after free in Microsoft Virtual Hard Drive allows an
authorized at ...)
+ TODO: check
+CVE-2025-54111 (Use after free in Windows UI XAML Phone DatePickerFlyout
allows an aut ...)
+ TODO: check
+CVE-2025-54110 (Integer overflow or wraparound in Windows Kernel allows an
authorized ...)
+ TODO: check
+CVE-2025-54109 (Access of resource using incompatible type ('type confusion')
in Windo ...)
+ TODO: check
+CVE-2025-54108 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-54107 (Improper resolution of path equivalence in Windows
MapUrlToZone allows ...)
+ TODO: check
+CVE-2025-54106 (Integer overflow or wraparound in Windows Routing and Remote
Access Se ...)
+ TODO: check
+CVE-2025-54105 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-54104 (Access of resource using incompatible type ('type confusion')
in Windo ...)
+ TODO: check
+CVE-2025-54103 (Use after free in Windows Management Services allows an
unauthorized a ...)
+ TODO: check
+CVE-2025-54102 (Use after free in Windows Connected Devices Platform Service
allows an ...)
+ TODO: check
+CVE-2025-54101 (Use after free in Windows SMBv3 Client allows an authorized
attacker t ...)
+ TODO: check
+CVE-2025-54099 (Stack-based buffer overflow in Windows Ancillary Function
Driver for W ...)
+ TODO: check
+CVE-2025-54098 (Improper access control in Windows Hyper-V allows an
authorized attack ...)
+ TODO: check
+CVE-2025-54097 (Out-of-bounds read in Windows Routing and Remote Access
Service (RRAS) ...)
+ TODO: check
+CVE-2025-54096 (Out-of-bounds read in Windows Routing and Remote Access
Service (RRAS) ...)
+ TODO: check
+CVE-2025-54095 (Out-of-bounds read in Windows Routing and Remote Access
Service (RRAS) ...)
+ TODO: check
+CVE-2025-54094 (Access of resource using incompatible type ('type confusion')
in Windo ...)
+ TODO: check
+CVE-2025-54093 (Time-of-check time-of-use (toctou) race condition in Windows
TCP/IP al ...)
+ TODO: check
+CVE-2025-54092 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-54091 (Integer overflow or wraparound in Windows Hyper-V allows an
authorized ...)
+ TODO: check
+CVE-2025-53914 (Excessive Privilegesvulnerability in Calix GigaCenter ONT
(Broadcom So ...)
+ TODO: check
+CVE-2025-53913 (Excessive Privileges vulnerability in Calix GigaCenter ONT
(Quantenna ...)
+ TODO: check
+CVE-2025-53810 (Access of resource using incompatible type ('type confusion')
in Windo ...)
+ TODO: check
+CVE-2025-53809 (Improper input validation in Windows Local Security Authority
Subsyste ...)
+ TODO: check
+CVE-2025-53808 (Access of resource using incompatible type ('type confusion')
in Windo ...)
+ TODO: check
+CVE-2025-53807 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-53806 (Buffer over-read in Windows Routing and Remote Access Service
(RRAS) a ...)
+ TODO: check
+CVE-2025-53805 (Out-of-bounds read in Windows Internet Information Services
allows an ...)
+ TODO: check
+CVE-2025-53804 (Exposure of sensitive information to an unauthorized actor in
Windows ...)
+ TODO: check
+CVE-2025-53803 (Generation of error message containing sensitive information
in Window ...)
+ TODO: check
+CVE-2025-53802 (Use after free in Windows Bluetooth Service allows an
authorized attac ...)
+ TODO: check
+CVE-2025-53801 (Untrusted pointer dereference in Windows DWM allows an
authorized atta ...)
+ TODO: check
+CVE-2025-53800 (No cwe for this issue in Microsoft Graphics Component allows
an author ...)
+ TODO: check
+CVE-2025-53799 (Use of uninitialized resource in Windows Imaging Component
allows an u ...)
+ TODO: check
+CVE-2025-53798 (Buffer over-read in Windows Routing and Remote Access Service
(RRAS) a ...)
+ TODO: check
+CVE-2025-53797 (Buffer over-read in Windows Routing and Remote Access Service
(RRAS) a ...)
+ TODO: check
+CVE-2025-53796 (Buffer over-read in Windows Routing and Remote Access Service
(RRAS) a ...)
+ TODO: check
+CVE-2025-53609 (A Relative Path Traversal vulnerability [CWE-23] in FortiWeb
7.6.0 thr ...)
+ TODO: check
+CVE-2025-53348 (Missing Authorization vulnerability in Laborator Kalium. This
issue af ...)
+ TODO: check
+CVE-2025-53340 (Missing Authorization vulnerability in awesomesupport Awesome
Support. ...)
+ TODO: check
+CVE-2025-53303 (Deserialization of Untrusted Data vulnerability in ThemeMove
ThemeMove ...)
+ TODO: check
+CVE-2025-53291 (Missing Authorization vulnerability in spoddev2021
Spreadconnect. This ...)
+ TODO: check
+CVE-2025-52915 (K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware
suite, al ...)
+ TODO: check
+CVE-2025-52322 (An issue in Open5GS v2.7.2 and before allows a remote attacker
to caus ...)
+ TODO: check
+CVE-2025-52277 (Cross Site Scripting vulnerability in YesWiki v.4.54 allows a
remote a ...)
+ TODO: check
+CVE-2025-49860 (Missing Authorization vulnerability in Majestic Support
Majestic Suppo ...)
+ TODO: check
+CVE-2025-49734 (Improper restriction of communication channel to intended
endpoints in ...)
+ TODO: check
+CVE-2025-49692 (Improper access control in Azure Windows Virtual Machine Agent
allows ...)
+ TODO: check
+CVE-2025-49430 (Server-Side Request Forgery (SSRF) vulnerability in FWDesign
Ultimate ...)
+ TODO: check
+CVE-2025-48208 (Improper Neutralization of Special Elements used in an LDAP
Query ('LD ...)
+ TODO: check
+CVE-2025-48101 (Deserialization of Untrusted Data vulnerability in
webdevstudios Const ...)
+ TODO: check
+CVE-2025-47997 (Concurrent execution using shared resource with improper
synchronizati ...)
+ TODO: check
+CVE-2025-47695 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47694 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47579 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Photogra ...)
+ TODO: check
+CVE-2025-47571 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-47570 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-47569 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-47437 (Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed
Technolo ...)
+ TODO: check
+CVE-2025-47416 (A vulnerability exists in the
ConsoleFindCommandMatchListfunction in l ...)
+ TODO: check
+CVE-2025-47415 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-44594 (halo v2.20.17 and before is vulnerable to server-side request
forgery ...)
+ TODO: check
+CVE-2025-43786 (Enumeration of ERC from object entry in Liferay Portal 7.4.0
through 7 ...)
+ TODO: check
+CVE-2025-43781 (Reflected cross-site scripting (XSS) vulnerability in Liferay
Portal 7 ...)
+ TODO: check
+CVE-2025-43776 (A Stored cross-site scripting vulnerability in the Liferay
Portal 7.4 ...)
+ TODO: check
+CVE-2025-43775 (Stored cross-site scripting (XSS) vulnerability in Liferay
Portal 7.4. ...)
+ TODO: check
+CVE-2025-41701 (An unauthenticated attacker can trick a local user into
executing arbi ...)
+ TODO: check
+CVE-2025-40804 (A vulnerability has been identified in SIMATIC Virtualization
as a Ser ...)
+ TODO: check
+CVE-2025-40803 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
+ TODO: check
+CVE-2025-40802 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
+ TODO: check
+CVE-2025-40798 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
+ TODO: check
+CVE-2025-40797 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
+ TODO: check
+CVE-2025-40796 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
+ TODO: check
+CVE-2025-40795 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
+ TODO: check
+CVE-2025-40757 (A vulnerability has been identified in APOGEE PXC Series
(BACnet) (All ...)
+ TODO: check
+CVE-2025-40594 (A vulnerability has been identified in SINAMICS G220 V6.4 (All
version ...)
+ TODO: check
+CVE-2025-39553 (Missing Authorization vulnerability in andy_moyle Church
Admin. This i ...)
+ TODO: check
+CVE-2025-39541 (Missing Authorization vulnerability in Roland Murg WP Simple
Booking C ...)
+ TODO: check
+CVE-2025-39523 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in G ...)
+ TODO: check
+CVE-2025-36125 (IBM Hardware Management Console - Power 10.3.1050.0 and
11.1.1110.0 is ...)
+ TODO: check
+CVE-2025-36011 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does
not set ...)
+ TODO: check
+CVE-2025-34175 (In pfSense CE/usr/local/www/suricata/suricata_filecheck.php,
the value ...)
+ TODO: check
+CVE-2025-34174 (In pfSense CE/usr/local/www/status_traffic_totals.php, the
value of th ...)
+ TODO: check
+CVE-2025-34173 (In pfSense CE/usr/local/www/snort/snort_ip_reputation.php, the
value o ...)
+ TODO: check
+CVE-2025-34172 (In pfSense CE/usr/local/www/haproxy/haproxy_stats.php, the
value of th ...)
+ TODO: check
+CVE-2025-33045 (APTIOV contains vulnerabilities in the BIOS where a privileged
user ma ...)
+ TODO: check
+CVE-2025-32689 (Improper Validation of Specified Quantity in Input
vulnerability in Th ...)
+ TODO: check
+CVE-2025-32688 (Missing Authorization vulnerability in Sovica Target Video
Easy Publis ...)
+ TODO: check
+CVE-2025-32486 (Weak Password Recovery Mechanism for Forgotten Password
vulnerability ...)
+ TODO: check
+CVE-2025-30875 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-29089 (An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130)
allows a rem ...)
+ TODO: check
+CVE-2025-24404 (XML Injection RCE by parse http sitemap xml response
vulnerability in ...)
+ TODO: check
+CVE-2025-10199 (A local privilege escalation vulnerability exists in Sunshine
for Wind ...)
+ TODO: check
+CVE-2025-10198 (Sunshine for Windows, version v2025.122.141614, contains a DLL
search- ...)
+ TODO: check
+CVE-2025-10183 (A blind XML External Entity (XXE) injection in the
OpenMessaging webse ...)
+ TODO: check
+CVE-2025-10164 (A security flaw has been discovered in lmsys sglang 0.4.6.
Affected by ...)
+ TODO: check
+CVE-2025-10134 (The Goza - Nonprofit Charity WordPress Theme theme for
WordPress is vu ...)
+ TODO: check
+CVE-2025-10107 (A vulnerability has been found in TRENDnet TEW-831DR 1.0
(601.130.1.14 ...)
+ TODO: check
+CVE-2025-10095 (A SQL injection vulnerability has been identified in the SMPP
server c ...)
+ TODO: check
+CVE-2024-45325 (An improper neutralization of special elements used in an OS
command ( ...)
+ TODO: check
CVE-2025-9542 (The AutomatorWP \u2013 Automator plugin for no-code
automations, webho ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9539 (The AutomatorWP \u2013 Automator plugin for no-code
automations, webho ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/206707dd064727870b81d2c8c0c085614d6bc4de
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/206707dd064727870b81d2c8c0c085614d6bc4de
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
