Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc23baeb by security tracker role at 2025-09-26T20:14:03+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,173 +9,173 @@ CVE-2025-7691 (A privilege escalation issue has been
discovered in GitLab EE aff
CVE-2025-6396 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-60219 (Unrestricted Upload of File with Dangerous Type vulnerability
in HaruT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60186 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60185 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60184 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60181 (Server-Side Request Forgery (SSRF) vulnerability in silence
Silencesof ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60179 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60177 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60173 (Cross-Site Request Forgery (CSRF) vulnerability in Ashwani
kumar GST f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60172 (Cross-Site Request Forgery (CSRF) vulnerability in flytedesk
Flytedesk ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60171 (Cross-Site Request Forgery (CSRF) vulnerability in yourplugins
Conditi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60170 (Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad
Swain HT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60169 (Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud
Technolog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60167 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60166 (Missing Authorization vulnerability in wpshuffle WP
Subscription Forms ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60165 (Missing Authorization vulnerability in HaruTheme Frames allows
Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60164 (Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN
NewsmanApp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60163 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60162 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60161 (Server-Side Request Forgery (SSRF) vulnerability in bdthemes
ZoloBlock ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60160 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60159 (Missing Authorization vulnerability in webmaniabr Nota Fiscal
Eletr\xf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60158 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60157 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60156 (Cross-Site Request Forgery (CSRF) vulnerability in webandprint
AR For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60155 (Missing Authorization vulnerability in loopus WP Virtual
Assistant all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60154 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60153 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60152 (Missing Authorization vulnerability in wpshuffle Subscribe To
Unlock a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60150 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60149 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60148 (Missing Authorization vulnerability in wpshuffle Subscribe to
Download ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60147 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60146 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60145 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre
Lenix scss ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60144 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60143 (Missing Authorization vulnerability in netgsm Netgsm allows
Exploiting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60142 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60141 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60140 (Insertion of Sensitive Information Into Sent Data
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60139 (Cross-Site Request Forgery (CSRF) vulnerability in Joovii
Sendle Shipp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60138 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60137 (Cross-Site Request Forgery (CSRF) vulnerability in Galaxy
Weblinks Pos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60136 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60133 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60130 (Missing Authorization vulnerability in wedos.com WEDOS Global
allows A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60129 (Missing Authorization vulnerability in Yext Yext allows
Accessing Func ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60128 (Missing Authorization vulnerability in WP Delicious Delisho
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60127 (Missing Authorization vulnerability in ArtistScope CopySafe
Web Protec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60126 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60125 (Insertion of Sensitive Information Into Sent Data
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60124 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60123 (Missing Authorization vulnerability in HivePress HivePress
Claim Listi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60122 (Missing Authorization vulnerability in HivePress HivePress
Claim Listi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60121 (Missing Authorization vulnerability in Ex-Themes WooEvents
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60120 (Missing Authorization vulnerability in wpdirectorykit WP
Directory Kit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60119 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60118 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60117 (Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP
Vehica C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60116 (Missing Authorization vulnerability in ThemeGoods Grand
Conference The ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60115 (Cross-Site Request Forgery (CSRF) vulnerability in
instapagedev Instap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60114 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60113 (Cross-Site Request Forgery (CSRF) vulnerability in grooni
Groovy Menu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60112 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60111 (Cross-Site Request Forgery (CSRF) vulnerability in javothemes
Javo Cor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60110 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60109 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60108 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60107 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60106 (Missing Authorization vulnerability in Roxnor EmailKit allows
Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60105 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60104 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60103 (Missing Authorization vulnerability in CridioStudio ListingPro
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60102 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60101 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60100 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60099 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60098 (Missing Authorization vulnerability in Jeff Farthing Theme My
Login al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60097 (Missing Authorization vulnerability in CodexThemes TheGem
allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60096 (Missing Authorization vulnerability in CodexThemes TheGem
(Elementor) ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60095 (Insertion of Sensitive Information Into Sent Data
vulnerability in Ben ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60094 (Missing Authorization vulnerability in Benjamin Intal
Stackable allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60093 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjada
Download M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60092 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60040 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-5069 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
TODO: check
CVE-2025-59844 (SonarQube Server and Cloud is a static analysis solution for
continuou ...)
@@ -187,19 +187,19 @@ CVE-2025-59842 (jupyterlab is an extensible environment
for interactive and repr
CVE-2025-59362 (Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs.
This oc ...)
TODO: check
CVE-2025-59012 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59011 (Missing Authorization vulnerability in shinetheme Traveler
allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59010 (Insertion of Sensitive Information Into Sent Data
vulnerability in Mac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59002 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58919 (Missing Authorization vulnerability in guihom Wide Banner
allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58917 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58914 (Cross-Site Request Forgery (CSRF) vulnerability in Di Themes
Di Themes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58385 (In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes
can be d ...)
TODO: check
CVE-2025-58384 (In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of
Untrusted Da ...)
@@ -215,35 +215,35 @@ CVE-2025-56383 (Notepad++ v8.8.3 has a DLL hijacking
vulnerability, which can re
CVE-2025-55848 (An issue was discovered in DIR-823 firmware 20250416. There is
an RCE ...)
TODO: check
CVE-2025-55847 (Wavlink M86X3A_V240730 contains a buffer overflow
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2025-55187 (In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and
25.1.2 be ...)
TODO: check
CVE-2025-4957 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48326 (Missing Authorization vulnerability in Acclectic Media
Acclectic Media ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48107 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-45994 (An issue in Aranda PassRecovery v1.0 allows attackers to
enumerate val ...)
TODO: check
CVE-2025-36326 (IBM Cognos Controller 11.0.0 through 11.0.1, and IBM
Controller 11.1.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36274 (IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive
informati ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-27006 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26258 (Sourcecodester Employee Management System v1.0 is vulnerable
to Cross ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-1862 (An arbitrary file upload vulnerability exists in multiple WSO2
product ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2025-11060 (A flaw was found in the live query subscription mechanism of
the datab ...)
TODO: check
CVE-2025-11042 (An issue was discovered in GitLab CE/EE affecting all versions
startin ...)
TODO: check
CVE-2025-11039 (A security vulnerability has been detected in Campcodes
Computer Sales ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-11038 (A weakness has been identified in itsourcecode Online Clinic
Managemen ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-11037 (A security flaw has been discovered in code-projects
E-Commerce Websit ...)
TODO: check
CVE-2025-11036 (A vulnerability was identified in code-projects E-Commerce
Website 1.0 ...)
@@ -257,7 +257,7 @@ CVE-2025-11033 (A vulnerability has been found in kidaze
CourseSelectionSystem u
CVE-2025-11032 (A flaw has been found in kidaze CourseSelectionSystem up to
42cd892b40 ...)
TODO: check
CVE-2025-11031 (A flaw has been found in DataTables up to 1.10.13. The
affected elemen ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-11030 (A vulnerability was detected in Tutorials-Website Employee
Management ...)
TODO: check
CVE-2025-11029 (A weakness has been identified in givanz Vvveb up to 1.0.7.2.
This vul ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc23baeb8cceb4fd9f1cbc2608bc7b3e6af343ed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc23baeb8cceb4fd9f1cbc2608bc7b3e6af343ed
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
