Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2687c722 by Salvatore Bonaccorso at 2025-10-04T18:14:22+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,23 +31,23 @@ CVE-2025-61888
CVE-2025-61887
REJECTED
CVE-2025-61685 (Mastra is a Typescript framework for building AI agents and
assistants ...)
- TODO: check
+ NOT-FOR-US: Mastra
CVE-2025-61681 (KUNO CMS is a fully deployable full-stack blog application.
Versions 1 ...)
- TODO: check
+ NOT-FOR-US: KUNO CMS
CVE-2025-61680 (Minecraft RCON Terminal is a VS Code extension that
streamlines Minecr ...)
- TODO: check
+ NOT-FOR-US: Minecraft RCON Terminal
CVE-2025-61679 (Anyquery is an SQL query engine built on top of SQLite.
Versions 0.4.3 ...)
- TODO: check
+ NOT-FOR-US: Anyquery
CVE-2025-61677 (DataChain is a Python-based AI-data warehouse for transforming
and ana ...)
- TODO: check
+ NOT-FOR-US: DataChain
CVE-2025-61673 (Karapace is an open-source implementation of Kafka REST and
Schema Reg ...)
- TODO: check
+ NOT-FOR-US: Karapace
CVE-2025-61585
REJECTED
CVE-2025-59944 (Cursor is a code editor built for programming with AI.
Versions 1.6.23 ...)
- TODO: check
+ NOT-FOR-US: Cursor
CVE-2025-59943 (phpMyFAQ is an open source FAQ web application. Versions
4.0-nightly-2 ...)
- TODO: check
+ NOT-FOR-US: phpMyFAQ
CVE-2025-43825 (A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and
Liferay ...)
NOT-FOR-US: Liferay
CVE-2025-39953 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
@@ -150,15 +150,15 @@ CVE-2025-11228 (The GiveWP \u2013 Donation Plugin and
Fundraising Platform plugi
CVE-2025-11227 (The GiveWP \u2013 Donation Plugin and Fundraising Platform
plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10751 (MacForge contains an insecure XPC service that allows local,
unprivile ...)
- TODO: check
+ NOT-FOR-US: MacForge
CVE-2025-10746 (The Integrate Dynamics 365 CRM plugin for WordPress is
vulnerable to u ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10696 (OpenSupports exposes an endpoint that allows the list of
'supervised u ...)
- TODO: check
+ NOT-FOR-US: OpenSupports
CVE-2025-10695 (Two unauthenticated diagnostic endpoints allow arbitrary
backend-initi ...)
- TODO: check
+ NOT-FOR-US: OpenSupports
CVE-2025-10692 (The endpoint POST /api/staff/get-new-tickets concatenates the
user-con ...)
- TODO: check
+ NOT-FOR-US: OpenSupports
CVE-2025-10383 (The Contest Gallery \u2013 Upload, Vote & Sell with PayPal and
Stripe ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9945 (The Optimize More! \u2013 CSS plugin for WordPress is
vulnerable to Cr ...)
@@ -417,11 +417,11 @@ CVE-2025-10728 (When the module renders a Svg file that
contains a <pattern> ele
CVE-2025-10726 (The WPRecovery plugin for WordPress is vulnerable to SQL
Injection via ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10609 (Use of Hard-coded Credentials vulnerability in Logo Software
Inc. Tige ...)
- TODO: check
+ NOT-FOR-US: Logo Software Inc. TigerWings ERP
CVE-2025-10582 (The WP Dispatcher plugin for WordPress is vulnerable to SQL
Injection ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10547 (An uninitialized variable in the HTTP CGI request arguments
processing ...)
- TODO: check
+ NOT-FOR-US: Draytek
CVE-2025-10311 (The Comment Info Detector plugin for WordPress is vulnerable
to Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10309 (The PayPal Forms plugin for WordPress is vulnerable to
Cross-Site Requ ...)
@@ -439,9 +439,9 @@ CVE-2025-10165 (The AP Background plugin for WordPress is
vulnerable to Stored C
CVE-2025-10053 (The TableGen \u2013 Data Table Generator plugin for WordPress
is vulne ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0876 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: IT's Workif
CVE-2025-0616 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: B2B Netsis Panel
CVE-2024-56804 (An SQL injection vulnerability has been reported to affect
Video Stati ...)
NOT-FOR-US: QNAP
CVE-2025-61962 [fetchmail-SA-2025-01: SMTP AUTH denial of service]
@@ -522,7 +522,7 @@ CVE-2025-11241 (The Yoast SEO Premium plugin for WordPress
is vulnerable to Stor
CVE-2025-10895
REJECTED
CVE-2025-10653 (An unauthenticated debug port may allow access to the device
file syst ...)
- TODO: check
+ NOT-FOR-US: Raise3D
CVE-2025-61653 [Add authorizeRead check for extracts endpoint]
- mediawiki <unfixed>
NOTE: http://phabricator.wikimedia.org/T397577
@@ -352928,7 +352928,7 @@ CVE-2021-42195 (An issue was discovered in swftools
through 20201222. A heap-buf
CVE-2021-42194 (The wechat_return function in /controller/Index.php of EyouCms
V1.5.4- ...)
NOT-FOR-US: Eyoucms
CVE-2021-42193 (nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at
/Admin/ ...)
- TODO: check
+ NOT-FOR-US: nopCommerce
CVE-2021-42192 (Konga v0.14.9 is affected by an incorrect access control
vulnerability ...)
NOT-FOR-US: KONGA
CVE-2021-42191
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2687c722bca6721424f1b0eacf2bdc965df07efd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2687c722bca6721424f1b0eacf2bdc965df07efd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
