Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8fef626f by Moritz Muehlenhoff at 2025-10-09T10:25:38+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,25 +9,25 @@ CVE-2025-7526 (The WP Travel Engine \u2013 Tour Booking
Plugin \u2013 Tour Opera
CVE-2025-6038 (The Lisfinity Core - Lisfinity Core plugin used for pebas\xae
Lisfinit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-61913 (Flowise is a drag & drop user interface to build a customized
large la ...)
- TODO: check
+ NOT-FOR-US: Flowise
CVE-2025-61906 (Opencast is a free, open-source platform to support the
management of ...)
- TODO: check
+ NOT-FOR-US: Opencast
CVE-2025-61788 (Opencast is a free, open-source platform to support the
management of ...)
- TODO: check
+ NOT-FOR-US: Opencast
CVE-2025-61672 (Synapse is an open source Matrix homeserver implementation.
Lack of va ...)
TODO: check
CVE-2025-61524 (An issue in the permission verification module and
organization/applic ...)
TODO: check
CVE-2025-61183 (Cross Site Scripting in vaahcms v.2.3.1 allows a remote
attacker to ex ...)
- TODO: check
+ NOT-FOR-US: vaahcms
CVE-2025-60834 (A fastjson deserialization vulnerability in uzy-ssm-mall
v1.1.0 allows ...)
- TODO: check
+ NOT-FOR-US: uzy-ssm-mall
CVE-2025-60833 (An XML External Entity (XXE) vulnerability in the
/mall/wxpay/pay comp ...)
TODO: check
CVE-2025-60830 (redragon-erp v1.0 was discovered to contain a Shiro
deserialization vu ...)
- TODO: check
+ NOT-FOR-US: redragon-erp
CVE-2025-60828 (WukongCRM-9.0-JAVA was discovered to contain a fastjson
deserializatio ...)
- TODO: check
+ NOT-FOR-US: WukongCRM-9.0-JAVA
CVE-2025-60318 (SourceCodester Pet Grooming Management Software 1.0 is
vulnerable to C ...)
NOT-FOR-US: SourceCodester
CVE-2025-60314 (Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a
Stored C ...)
@@ -35,19 +35,19 @@ CVE-2025-60314 (Configuroweb Sistema Web de Inventario 1.0
is vulnerable to a St
CVE-2025-60313 (Sourcecodester Link Status Checker 1.0 is vulnerable to a
Cross-Site S ...)
NOT-FOR-US: SourceCodester
CVE-2025-60311 (ProjectWorlds Gym Management System1.0 is vulnerable to SQL
Injection ...)
- TODO: check
+ NOT-FOR-US: ProjectWorlds Gym Management System
CVE-2025-60299 (Novel-Plus with 5.2.0 was discovered to contain a Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: Novel-Plus
CVE-2025-60298 (Novel-Plus up to 5.2.4 was discovered to contain a Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: Novel-Plus
CVE-2025-5009 (In Gemini iOS, when a user shared a snippet of a conversation,
it woul ...)
TODO: check
CVE-2025-59303 (HAProxy Kubernetes Ingress Controller before 3.1.13, when the
config-s ...)
- TODO: check
+ NOT-FOR-US: HAProxy Kubernetes Ingress Controller
CVE-2025-57457 (An OS Command Injection vulnerability in the Admin panel in
Curo UC300 ...)
- TODO: check
+ NOT-FOR-US: Curo UC300
CVE-2025-53967 (Framelink Figma MCP Server before 0.6.3 allows an
unauthenticated remo ...)
- TODO: check
+ NOT-FOR-US: Framelink Figma MCP Server
CVE-2025-47355 (Memory corruption while invoking remote procedure IOCTL calls.)
NOT-FOR-US: Qualcomm
CVE-2025-47354 (Memory corruption while allocating buffers in DSP service.)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fef626f11cddc325d003aa8526d5b7a155ddd8f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fef626f11cddc325d003aa8526d5b7a155ddd8f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
