Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e9994daa by security tracker role at 2025-10-03T20:13:47+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,77 +1,77 @@
CVE-2025-9945 (The Optimize More! \u2013 CSS plugin for WordPress is
vulnerable to Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9897 (The AP Background plugin for WordPress is vulnerable to
Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9895 (The Notification Bar plugin for WordPress is vulnerable to
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9892 (The Restrict User Registration plugin for WordPress is
vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9889 (The ContentMX Content Publisher plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9885 (The MPWizard \u2013 Create Mercado Pago Payment Links plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9884 (The Mobile Site Redirect plugin for WordPress is vulnerable to
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9876 (The Ird Slider plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9875 (The Event Tickets, RSVPs, Calendar plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9859 (The Fintelligence Calculator plugin for WordPress is vulnerable
to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9858 (The Auto Bulb Finder for WordPress plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9854 (The A Simple Multilanguage Plugin plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9630 (The WP SinoType plugin for WordPress is vulnerable to
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9561 (The AP Background plugin for WordPress is vulnerable to
arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9372 (The Ultimate Multi Design Video Carousel plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9333 (The Smart Docs plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9332 (The Interactive Human Anatomy with Clickable Body Parts plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9286 (The Appy Pie Connect for WooCommerce plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9213 (The TextBuilder plugin for WordPress is vulnerable to
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9212 (The WP Dispatcher plugin for WordPress is vulnerable to
arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9209 (The RestroPress \u2013 Online Food Ordering System plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9206 (The Meks Easy Maps plugin for WordPress is vulnerable to Stored
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9204 (The X Addons for Elementor plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9200 (The Blappsta Mobile App Plugin \u2013 Your native, mobile
iPhone App a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9199 (The Woo superb slideshow transition gallery with random effect
plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9198 (The Wp cycle text announcement plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9194 (The Constructor theme for WordPress is vulnerable to
unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9130 (The Unify plugin for WordPress is vulnerable to Stored
Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9129 (The Flexi plugin for WordPress is vulnerable to Stored
Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9080 (The Generic Elements plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9077 (The Ultra Addons Lite for Elementor plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9045 (The Easy Elementor Addons plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8776 (The Epic Bootstrap Buttons plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8669 (The Customify theme for WordPress is vulnerable to Cross-Site
Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7825 (The Schema Plugin For Divi, Gutenberg & Shortcodes plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7721 (The JoomSport \u2013 for Sports: Team & League, Football,
Hockey & mor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6388 (The Spirit Framework plugin for WordPress is vulnerable to
authenticat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-61593 (Cursor is a code editor built for programming with AI. In
versions 1.7 ...)
TODO: check
CVE-2025-61592 (Cursor is a code editor built for programming with AI. In
versions 1.7 ...)
@@ -105,7 +105,7 @@ CVE-2025-59829 (Claude Code is an agentic coding tool.
Versions below 1.0.120 fa
CVE-2025-59489 (Unity Runtime before 2025-10-02 on Android, Windows, macOS,
and Linux ...)
TODO: check
CVE-2025-57714 (An unquoted search path or element vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-57423 (A SQL injection vulnerability was discovered in the /articles
endpoint ...)
TODO: check
CVE-2025-56551 (An issue in DirectAdmin v1.680 allows unauthorized attackers
to manipu ...)
@@ -117,81 +117,81 @@ CVE-2025-55971 (TCL 65C655 Smart TV, running firmware
version V8-R75PT01-LF1V269
CVE-2025-54374 (Eidos is an extensible framework for Personal Data Management.
Version ...)
TODO: check
CVE-2025-54154 (An improper authentication vulnerability has been reported to
affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54153 (An SQL injection vulnerability has been reported to affect
Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-53595 (An SQL injection vulnerability has been reported to affect
Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-53407 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-53406 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-53354 (NiceGUI is a Python-based UI framework. Versions 2.24.2 and
below are ...)
TODO: check
CVE-2025-52867 (An uncontrolled resource consumption vulnerability has been
reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52866 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52862 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52860 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52859 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52858 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52857 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52855 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52854 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52853 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52658 (HCL MyXalytics 6.6. product is affected by Use of
Vulnerable/Outdate ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52656 (HCL MyXalytics: 6.6.is affected by Mass Assignment
vulnerability. Mass ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52654 (A vulnerability in HCL HCL MyXalytics allows HTML
InjectionThis issue ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52653 (HCL MyXalytics product is affected by Cross Site Scripting
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52433 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52432 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52429 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52428 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52427 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52424 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-49844 (Redis is an open source, in-memory database that persists on
disk. Ver ...)
TODO: check
CVE-2025-49641 (A regular Zabbix user with no permission to the Monitoring ->
Problems ...)
TODO: check
CVE-2025-48730 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48729 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48728 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48727 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48726 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47214 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47213 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47212 (A command injection vulnerability has been reported to affect
several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47211 (A path traversal vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47210 (A NULL pointer dereference vulnerability has been reported to
affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-46819 (Redis is an open source, in-memory database that persists on
disk. Ver ...)
TODO: check
CVE-2025-46818 (Redis is an open source, in-memory database that persists on
disk. Ver ...)
@@ -199,31 +199,31 @@ CVE-2025-46818 (Redis is an open source, in-memory
database that persists on dis
CVE-2025-46817 (Redis is an open source, in-memory database that persists on
disk. Ver ...)
TODO: check
CVE-2025-44014 (An out-of-bounds write vulnerability has been reported to
affect Qsync ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44012 (An allocation of resources without limits or throttling
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44011 (A NULL pointer dereference vulnerability has been reported to
affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44010 (A NULL pointer dereference vulnerability has been reported to
affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44009 (A NULL pointer dereference vulnerability has been reported to
affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44008 (A NULL pointer dereference vulnerability has been reported to
affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44007 (An allocation of resources without limits or throttling
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44006 (An allocation of resources without limits or throttling
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-40636 (SQL injection vulnerability in Joomla module
mod_vvisit_counter v2.0.4 ...)
TODO: check
CVE-2025-34226 (OpenPLC Runtime v3 contains an input validation flaw in the
/upload-pr ...)
TODO: check
CVE-2025-33040 (An allocation of resources without limits or throttling
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-33039 (An allocation of resources without limits or throttling
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-33034 (A path traversal vulnerability has been reported to affect
Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-27237 (In Zabbix Agent and Agent 2 on Windows, the OpenSSL
configuration file ...)
TODO: check
CVE-2025-27236 (A regular Zabbix user can search other users in their user
group via Z ...)
@@ -233,41 +233,41 @@ CVE-2025-27231 (The LDAP 'Bind password' value cannot be
read after saving, but
CVE-2025-11234 (A flaw was found in QEMU. If the QIOChannelWebsock object is
freed whi ...)
TODO: check
CVE-2025-11223 (Installer of Panasonic AutoDownloader version 1.2.8
contains ...)
- TODO: check
+ NOT-FOR-US: Panasonic
CVE-2025-10729 (The module will parse a <pattern> node which is not a child of
a struc ...)
TODO: check
CVE-2025-10728 (When the module renders a Svg file that contains a <pattern>
element, ...)
TODO: check
CVE-2025-10726 (The WPRecovery plugin for WordPress is vulnerable to SQL
Injection via ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10609 (Use of Hard-coded Credentials vulnerability in Logo Software
Inc. Tige ...)
TODO: check
CVE-2025-10582 (The WP Dispatcher plugin for WordPress is vulnerable to SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10547 (An uninitialized variable in the HTTP CGI request arguments
processing ...)
TODO: check
CVE-2025-10311 (The Comment Info Detector plugin for WordPress is vulnerable
to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10309 (The PayPal Forms plugin for WordPress is vulnerable to
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10306 (The Backup Bolt plugin for WordPress is vulnerable to
arbitrary file d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10302 (The Ultimate Viral Quiz plugin for WordPress is vulnerable to
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10212 (The SiteAlert (Formerly WP Health) plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10192 (The WP Photo Effects plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10165 (The AP Background plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10053 (The TableGen \u2013 Data Table Generator plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0876 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-0616 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2024-56804 (An SQL injection vulnerability has been reported to affect
Video Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-XXXX [fetchmail-SA-2025-01: SMTP AUTH denial of service]
- fetchmail 6.5.6-1 (bug #1117136)
[trixie] - fetchmail <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9994daa77676788478054283a468c6c2683aaa2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9994daa77676788478054283a468c6c2683aaa2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
