[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 31 Oct 2025 13:19:34 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b442c3fc by Salvatore Bonaccorso at 2025-10-31T21:19:02+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-8849 (LibreChat version 0.7.9 is vulnerable to a Denial of Service 
(DoS) att ...)
-       TODO: check
+       NOT-FOR-US: LibreChat
 CVE-2025-8489 (The King Addons for Elementor \u2013 Free Elements, Widgets, 
Templates ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-8385 (The Zombify plugin for WordPress is vulnerable to Path 
Traversal in al ...)
@@ -9,21 +9,21 @@ CVE-2025-8383 (The Depicter plugin for WordPress is 
vulnerable to Cross-Site Req
 CVE-2025-7846 (The WordPress User Extra Fields plugin for WordPress is 
vulnerable to  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-6520 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Abis Technology BAPSIS
 CVE-2025-6176 (Scrapy versions up to 2.13.2 are vulnerable to a denial of 
service (Do ...)
        TODO: check
 CVE-2025-6075 (If the value passed to os.path.expandvars() is user-controlled 
a  perf ...)
        TODO: check
 CVE-2025-64389 (The web server of the device performs exchanges of sensitive 
informati ...)
-       TODO: check
+       NOT-FOR-US: Circutor TCPRS1plus
 CVE-2025-64388 (Denial of service of the web server through specific requests 
to this  ...)
-       TODO: check
+       NOT-FOR-US: Circutor TCPRS1plus
 CVE-2025-64387 (The web application is vulnerable to a so-called 
\u2018clickjacking\u2 ...)
-       TODO: check
+       NOT-FOR-US: Circutor TCPRS1plus
 CVE-2025-64386 (The equipment grants a JWT token for each connection in the 
timeline,  ...)
-       TODO: check
+       NOT-FOR-US: Circutor TCPRS1plus
 CVE-2025-64385 (The equipment initially can be configured using the 
manufacturer's app ...)
-       TODO: check
+       NOT-FOR-US: Circutor TCPRS1plus
 CVE-2025-64368 (Cross-Site Request Forgery (CSRF) vulnerability in 
Mikado-Themes Bard  ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64367 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b442c3fc5e98694cc4493a451aaff93e418e306f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b442c3fc5e98694cc4493a451aaff93e418e306f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to