Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
730f1c07 by security tracker role at 2025-09-27T08:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,71 @@
+CVE-2025-9944 (The Professional Contact Form plugin for WordPress is
vulnerable to Cr ...)
+ TODO: check
+CVE-2025-9899 (The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb
and oth ...)
+ TODO: check
+CVE-2025-9898 (The cForms \u2013 Light speed fast Form Builder plugin for
WordPress i ...)
+ TODO: check
+CVE-2025-9896 (The HidePost plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2025-9894 (The Sync Feedly plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2025-9893 (The VM Menu Reorder plugin plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2025-9816 (The WP Statistics \u2013 The Most Popular Privacy-Friendly
Analytics P ...)
+ TODO: check
+CVE-2025-8440 (The Team Members plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2025-59945 (SysReptor is a fully customizable pentest reporting platform.
In versi ...)
+ TODO: check
+CVE-2025-59939 (WeGIA is a Web manager for charitable institutions. Prior to
version 3 ...)
+ TODO: check
+CVE-2025-59938 (Wazuh is a free and open source platform used for threat
prevention, d ...)
+ TODO: check
+CVE-2025-59936 (get-jwks contains fetch utils for JWKS keys. In versions prior
to 11.0 ...)
+ TODO: check
+CVE-2025-59934 (Formbricks is an open source qualtrics alternative. Prior to
version 4 ...)
+ TODO: check
+CVE-2025-59932 (Flag Forge is a Capture The Flag (CTF) platform. From versions
2.0.0 t ...)
+ TODO: check
+CVE-2025-59845 (Apollo Studio Embeddable Explorer & Embeddable Sandbox are
website emb ...)
+ TODO: check
+CVE-2025-50879
+ REJECTED
+CVE-2025-3193 (Versions of the package algoliasearch-helper from 2.0.0-rc1 and
before ...)
+ TODO: check
+CVE-2025-36239 (IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is
vulnerable to cr ...)
+ TODO: check
+CVE-2025-36144 (IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive
informat ...)
+ TODO: check
+CVE-2025-11052 (A security flaw has been discovered in kidaze
CourseSelectionSystem 1. ...)
+ TODO: check
+CVE-2025-11051 (A vulnerability has been found in SourceCodester Pet Grooming
Manageme ...)
+ TODO: check
+CVE-2025-11050 (A flaw has been found in Portabilis i-Educar up to 2.10. This
affects ...)
+ TODO: check
+CVE-2025-11049 (A vulnerability was detected in Portabilis i-Educar up to
2.10. Affect ...)
+ TODO: check
+CVE-2025-11048 (A security vulnerability has been detected in Portabilis
i-Educar up t ...)
+ TODO: check
+CVE-2025-11047 (A weakness has been identified in Portabilis i-Educar up to
2.10. Affe ...)
+ TODO: check
+CVE-2025-11046 (A security flaw has been discovered in Tencent WeKnora 0.1.0.
This imp ...)
+ TODO: check
+CVE-2025-11045 (A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06,
LQ_07 and ...)
+ TODO: check
+CVE-2025-11041 (A vulnerability has been found in itsourcecode Open Source Job
Portal ...)
+ TODO: check
+CVE-2025-11040 (A vulnerability was detected in code-projects Hostel
Management System ...)
+ TODO: check
+CVE-2025-10954 (Versions of the package github.com/nyaruka/phonenumbers before
1.2.2 a ...)
+ TODO: check
+CVE-2025-10657 (In a hardened Docker environment, with Enhanced Container
Isolation ( ...)
+ TODO: check
+CVE-2025-10499 (The Ninja Forms \u2013 The Contact Form Builder That Grows
With You pl ...)
+ TODO: check
+CVE-2025-10498 (The Ninja Forms \u2013 The Contact Form Builder That Grows
With You pl ...)
+ TODO: check
+CVE-2024-43192 (IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable
to cros ...)
+ TODO: check
CVE-2025-9958 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
- gitlab <unfixed>
CVE-2025-9642 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
@@ -1178,6 +1246,7 @@ CVE-2025-10892 (Integer overflow in V8 in Google Chrome
prior to 140.0.7339.207
- chromium 140.0.7339.207-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-60020 (nncp before 8.12.0 allows path traversal (for reading or
writing) duri ...)
+ {DSA-6012-1}
- nncp 8.12.1-1 (bug #1115848)
NOTE: http://www.nncpgo.org/Release-8_005f12_005f0.html
NOTE:
http://lists.cypherpunks.su/archive/nncp-devel/CAO-d-4riai9EZx4gVfekow-BCtTn07k8BB1ZdsopPVw=scw...@mail.gmail.com/T/#md678a00df1020bb811f47f42ef33c54b789cddd7
@@ -23626,7 +23695,7 @@ CVE-2023-47356 (Mingyu Security Gateway before
v3.0-5.3p was discovered to conta
NOT-FOR-US: Mingyu Security Gateway
CVE-2023-41566 (OA EKP v16 was discovered to contain an arbitrary download
vulnerabili ...)
NOT-FOR-US: OA EKP
-CVE-2025-54874 (OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3
and earl ...)
+CVE-2025-54874 (OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from
2.5.1 thr ...)
- openjpeg2 2.5.3-2.1 (bug #1110443)
[trixie] - openjpeg2 2.5.3-2.1~deb13u1
[bookworm] - openjpeg2 <not-affected> (Vulnerable code introduced later)
@@ -23635,7 +23704,7 @@ CVE-2025-54874 (OpenJPEG is an open-source JPEG 2000
codec. In OpenJPEG 2.5.3 an
NOTE: Introduced with:
https://github.com/uclouvain/openjpeg/commit/0f528e95788863608aa1772f5370659edf618793
(v2.5.1)
NOTE: Fixed by:
https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d
(master)
NOTE: https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/
-CVE-2025-53644 (OpenCV is an Open Source Computer Vision Library. Versions
prior to 4. ...)
+CVE-2025-53644 (OpenCV is an Open Source Computer Vision Library. Versions
4.10.0 and ...)
- opencv 3.2.0+dfsg-1
NOTE: https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/
NOTE: https://github.com/opencv/opencv/issues/27271
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/730f1c076fecfd30713c68a5da6a15f5bca062e5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/730f1c076fecfd30713c68a5da6a15f5bca062e5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
