[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 26 Sep 2025 01:13:19 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
eee61395 by security tracker role at 2025-09-26T08:13:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,129 @@
+CVE-2025-9985 (The Featured Image from URL (FIFU) plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2025-9984 (The Featured Image from URL (FIFU) plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2025-9490 (The Popup Maker plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2025-9044 (The Mapster WP Maps plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2025-8906 (The Widgets for Tiktok Feed plugin for WordPress is vulnerable 
to Stor ...)
+       TODO: check
+CVE-2025-8200 (The Mega Elements \u2013 Addons for Elementor plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2025-60251 (Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept 
any hand ...)
+       TODO: check
+CVE-2025-60250 (Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt 
BLE pac ...)
+       TODO: check
+CVE-2025-60033
+       REJECTED
+CVE-2025-60032
+       REJECTED
+CVE-2025-60031
+       REJECTED
+CVE-2025-60030
+       REJECTED
+CVE-2025-60029
+       REJECTED
+CVE-2025-60028
+       REJECTED
+CVE-2025-60027
+       REJECTED
+CVE-2025-60026
+       REJECTED
+CVE-2025-60017 (Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow 
root OS c ...)
+       TODO: check
+CVE-2025-59408 (Flock Safety Bravo Edge AI Compute Device 
BRAVO_00.00_local_20241017 s ...)
+       TODO: check
+CVE-2025-59404 (Flock Safety Bravo Edge AI Compute Device 
BRAVO_00.00_local_20241017 s ...)
+       TODO: check
+CVE-2025-59402 (Flock Safety Bravo Edge AI Compute Device 
BRAVO_00.00_local_20241017 a ...)
+       TODO: check
+CVE-2025-56769 (An issue was discovered in chinabugotech hutool before 5.8.4 
allowing  ...)
+       TODO: check
+CVE-2025-54831 (Apache Airflow 3 introduced a change to the handling of 
sensitive info ...)
+       TODO: check
+CVE-2025-43816 (A memory leak in the headless API for StructuredContents in 
Liferay Po ...)
+       TODO: check
+CVE-2025-35027 (Multiple robotic products by Unitree sharing a common 
firmware, includ ...)
+       TODO: check
+CVE-2025-26482 (Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, 
contains an  ...)
+       TODO: check
+CVE-2025-1396 (A username enumeration vulnerability exists in multiple WSO2 
products  ...)
+       TODO: check
+CVE-2025-11005 (Improper Neutralization of Special Elements used in an OS 
Command ('OS ...)
+       TODO: check
+CVE-2025-11000 (A vulnerability was determined in Open Babel up to 3.1.1. This 
affects ...)
+       TODO: check
+CVE-2025-10999 (A vulnerability was found in Open Babel up to 3.1.1. The 
impacted elem ...)
+       TODO: check
+CVE-2025-10998 (A vulnerability has been found in Open Babel up to 3.1.1. The 
affected ...)
+       TODO: check
+CVE-2025-10997 (A flaw has been found in Open Babel up to 3.1.1. Impacted is 
the funct ...)
+       TODO: check
+CVE-2025-10996 (A vulnerability was detected in Open Babel up to 3.1.1. This 
issue aff ...)
+       TODO: check
+CVE-2025-10995 (A security vulnerability has been detected in Open Babel up to 
3.1.1.  ...)
+       TODO: check
+CVE-2025-10994 (A weakness has been identified in Open Babel up to 3.1.1. This 
affects ...)
+       TODO: check
+CVE-2025-10993 (A security flaw has been discovered in MuYuCMS up to 2.7. 
Affected by  ...)
+       TODO: check
+CVE-2025-10992 (A vulnerability was determined in roncoo roncoo-pay up to 
9428382af21c ...)
+       TODO: check
+CVE-2025-10989 (A security flaw has been discovered in yangzongzhuan RuoYi up 
to 4.8.1 ...)
+       TODO: check
+CVE-2025-10988 (A vulnerability was identified in YunaiV ruoyi-vue-pro up to 
2025.09.  ...)
+       TODO: check
+CVE-2025-10987 (A vulnerability was determined in YunaiV yudao-cloud up to 
2025.09. Af ...)
+       TODO: check
+CVE-2025-10981 (A vulnerability was detected in JeecgBoot up to 3.8.2. This 
impacts an ...)
+       TODO: check
+CVE-2025-10980 (A security vulnerability has been detected in JeecgBoot up to 
3.8.2. T ...)
+       TODO: check
+CVE-2025-10979 (A weakness has been identified in JeecgBoot up to 3.8.2. The 
impacted  ...)
+       TODO: check
+CVE-2025-10978 (A security flaw has been discovered in JeecgBoot up to 3.8.2. 
The affe ...)
+       TODO: check
+CVE-2025-10977 (A vulnerability was identified in JeecgBoot up to 3.8.2. 
Impacted is a ...)
+       TODO: check
+CVE-2025-10976 (A vulnerability was determined in JeecgBoot up to 3.8.2. This 
issue af ...)
+       TODO: check
+CVE-2025-10975 (A vulnerability was found in GuanxingLu vlarl up to 
31abc0baf53ef8f5db ...)
+       TODO: check
+CVE-2025-10974 (A vulnerability has been found in giantspatula SewKinect up to 
7fd963c ...)
+       TODO: check
+CVE-2025-10973 (A flaw has been found in JackieDYH Resume-management-system up 
to fb6b ...)
+       TODO: check
+CVE-2025-10967 (A vulnerability was detected in MuFen-mker PHP-Usermm up to 
37f2d24e51 ...)
+       TODO: check
+CVE-2025-10965 (A security vulnerability has been detected in LazyAGI LazyLLM 
up to 0. ...)
+       TODO: check
+CVE-2025-10752 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for 
WordPres ...)
+       TODO: check
+CVE-2025-10747 (The WP-DownloadManager plugin for WordPress is vulnerable to 
arbitrary ...)
+       TODO: check
+CVE-2025-10745 (The Banhammer \u2013 Monitor Site Traffic, Block Bad Users and 
Bots pl ...)
+       TODO: check
+CVE-2025-10490 (The Zephyr Project Manager plugin for WordPress is vulnerable 
to Store ...)
+       TODO: check
+CVE-2025-10377 (The System Dashboard plugin for WordPress is vulnerable to 
Cross-Site  ...)
+       TODO: check
+CVE-2025-10307 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin 
for Word ...)
+       TODO: check
+CVE-2025-10180 (The Markdown Shortcode plugin for WordPress is vulnerable to 
Stored Cr ...)
+       TODO: check
+CVE-2025-10178 (The CM Business Directory plugin for WordPress is vulnerable 
to Stored ...)
+       TODO: check
+CVE-2025-10173 (The ShopEngine Elementor WooCommerce Builder Addon \u2013 All 
in One W ...)
+       TODO: check
+CVE-2025-10137 (The Snow Monkey theme for WordPress is vulnerable to 
Server-Side Reque ...)
+       TODO: check
+CVE-2025-10136 (The TweetThis Shortcode plugin for WordPress is vulnerable to 
Stored C ...)
+       TODO: check
+CVE-2025-10037 (The Featured Image from URL (FIFU) plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2025-10036 (The Featured Image from URL (FIFU) plugin for WordPress is 
vulnerable  ...)
+       TODO: check
 CVE-2025-60249 (vulnerability-lookup 2.16.0 allows XSS in bundle.py, 
comment.py, and u ...)
        NOT-FOR-US: vulnerability-lookup
 CVE-2025-60019 (glib-networking's OpenSSL backend fails to properly check the 
return v ...)
@@ -4205,7 +4331,7 @@ CVE-2022-50339 (In the Linux kernel, the following 
vulnerability has been resolv
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/f74ca25d6d6629ffd4fd80a1a73037253b57d06b (6.1-rc1)
 CVE-2025-10537 (Memory safety bugs present in Firefox ESR 140.2, Thunderbird 
ESR 140.2 ...)
-       {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+       {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
        - firefox 143.0-1
        - firefox-esr 140.3.0esr-1
        - thunderbird 1:140.3.0esr-1
@@ -4213,7 +4339,7 @@ CVE-2025-10537 (Memory safety bugs present in Firefox ESR 
140.2, Thunderbird ESR
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10537
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10537
 CVE-2025-10536 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, 
Thunder ...)
-       {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+       {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
        - firefox 143.0-1
        - firefox-esr 140.3.0esr-1
        - thunderbird 1:140.3.0esr-1
@@ -4227,7 +4353,7 @@ CVE-2025-10534 (This vulnerability affects Firefox < 143 
and Thunderbird < 143.)
        - firefox 143.0-1
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10534
 CVE-2025-10533 (This vulnerability affects Firefox < 143, Firefox ESR < 
115.28, Firefo ...)
-       {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+       {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
        - firefox 143.0-1
        - firefox-esr 140.3.0esr-1
        - thunderbird 1:140.3.0esr-1
@@ -4235,7 +4361,7 @@ CVE-2025-10533 (This vulnerability affects Firefox < 143, 
Firefox ESR < 115.28,
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10533
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10533
 CVE-2025-10532 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, 
Thunder ...)
-       {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+       {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
        - firefox 143.0-1
        - firefox-esr 140.3.0esr-1
        - thunderbird 1:140.3.0esr-1
@@ -4249,7 +4375,7 @@ CVE-2025-10530 (This vulnerability affects Firefox < 143 
and Thunderbird < 143.)
        - firefox <not-affected> (Only affects Firefox on Android)
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/#CVE-2025-10530
 CVE-2025-10529 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, 
Thunder ...)
-       {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+       {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
        - firefox 143.0-1
        - firefox-esr 140.3.0esr-1
        - thunderbird 1:140.3.0esr-1
@@ -4257,7 +4383,7 @@ CVE-2025-10529 (This vulnerability affects Firefox < 143, 
Firefox ESR < 140.3, T
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10529
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10529
 CVE-2025-10528 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, 
Thunder ...)
-       {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+       {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
        - firefox 143.0-1
        - firefox-esr 140.3.0esr-1
        - thunderbird 1:140.3.0esr-1
@@ -4265,7 +4391,7 @@ CVE-2025-10528 (This vulnerability affects Firefox < 143, 
Firefox ESR < 140.3, T
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/#CVE-2025-10528
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/#CVE-2025-10528
 CVE-2025-10527 (This vulnerability affects Firefox < 143, Firefox ESR < 140.3, 
Thunder ...)
-       {DSA-6011-1 DSA-6003-1 DLA-4305-1}
+       {DSA-6011-1 DSA-6003-1 DLA-4311-1 DLA-4305-1}
        - firefox 143.0-1
        - firefox-esr 140.3.0esr-1
        - thunderbird 1:140.3.0esr-1
@@ -29701,6 +29827,7 @@ CVE-2025-36529 (An OS command injection issue exists in 
multiple versions of TB-
 CVE-2025-5731 (A flaw was found in Infinispan CLI. A sensitive password, 
decoded from ...)
        NOT-FOR-US: Infinispan
 CVE-2025-52555 (Ceph is a distributed object, block, and file storage 
platform. In ver ...)
+       {DLA-4310-1}
        - ceph 18.2.6-1 (bug #1108410)
        [bookworm] - ceph <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2374412
@@ -206848,7 +206975,7 @@ CVE-2023-2358 (Hitachi Vantara Pentaho Business 
Analytics Server prior to versio
 CVE-2023-29497 (A privacy issue was addressed with improved handling of 
temporary file ...)
        NOT-FOR-US: Apple
 CVE-2023-43040 (IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an 
attacker to ...)
-       {DSA-5825-1 DLA-3629-1}
+       {DSA-5825-1 DLA-4310-1 DLA-3629-1}
        - ceph 16.2.11+ds-5 (bug #1053690)
        NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10
        NOTE: https://tracker.ceph.com/issues/63004
@@ -270954,6 +271081,7 @@ CVE-2022-3652 (Type confusion in V8 in Google Chrome 
prior to 107.0.5304.62 allo
 CVE-2022-3651
        RESERVED
 CVE-2022-3650 (A privilege escalation flaw was found in Ceph. 
Ceph-crash.service allo ...)
+       {DLA-4310-1}
        - ceph 16.2.10+ds-4 (bug #1024932)
        [buster] - ceph <not-affected> (ceph-crash service added in Ceph 14)
        NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1
@@ -341264,7 +341392,7 @@ CVE-2021-3981 (A flaw in grub2 was found where its 
configuration file, known as
 CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information 
to an U ...)
        - elgg <itp> (bug #526197)
 CVE-2021-3979 (A key length flaw was found in Red Hat Ceph Storage. An 
attacker can e ...)
-       {DLA-3629-1}
+       {DLA-4310-1 DLA-3629-1}
        - ceph 16.2.9+ds-1
        [stretch] - ceph <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/5



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eee61395c9a3cd5dae28aaad01ffac29f529a3e1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eee61395c9a3cd5dae28aaad01ffac29f529a3e1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to