[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 08 Nov 2025 00:13:04 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
182986f7 by security tracker role at 2025-11-08T08:12:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2025-9334 (The Better Find and Replace \u2013 AI-Powered Suggestions 
plugin for W ...)
+       TODO: check
+CVE-2025-7663 (The Ovatheme Events Manager plugin for WordPress is vulnerable 
to unau ...)
+       TODO: check
+CVE-2025-64496 (Open WebUI is a self-hosted artificial intelligence platform 
designed  ...)
+       TODO: check
+CVE-2025-64495 (Open WebUI is a self-hosted artificial intelligence platform 
designed  ...)
+       TODO: check
+CVE-2025-64494 (Soft Serve is a self-hostable Git server for the command line. 
In vers ...)
+       TODO: check
+CVE-2025-64493 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-64492 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-64491 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-64490 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-64489 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-64488 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
+       TODO: check
+CVE-2025-64486 (calibre is an e-book manager. In versions 8.13.0 and prior, 
calibre do ...)
+       TODO: check
+CVE-2025-64485 (CVAT is an open source interactive video and image annotation 
tool for ...)
+       TODO: check
+CVE-2025-64481 (Datasette is an open source multi-tool for exploring and 
publishing da ...)
+       TODO: check
+CVE-2025-64442 (HumHub is an Open Source Enterprise Social Network. Versions 
below 1.1 ...)
+       TODO: check
+CVE-2025-64439 (LangGraph SQLite Checkpoint is an implementation of LangGraph 
Checkpoi ...)
+       TODO: check
+CVE-2025-64437 (KubeVirt is a virtual machine management add-on for 
Kubernetes. In ver ...)
+       TODO: check
+CVE-2025-64436 (KubeVirt is a virtual machine management add-on for 
Kubernetes. In 1.5 ...)
+       TODO: check
+CVE-2025-64435 (KubeVirt is a virtual machine management add-on for 
Kubernetes. Prior  ...)
+       TODO: check
+CVE-2025-64434 (KubeVirt is a virtual machine management add-on for 
Kubernetes. Prior  ...)
+       TODO: check
+CVE-2025-64433 (KubeVirt is a virtual machine management add-on for 
Kubernetes. Prior  ...)
+       TODO: check
+CVE-2025-63544 (TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in 
/order_no ...)
+       TODO: check
+CVE-2025-63543 (TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in 
the /sear ...)
+       TODO: check
+CVE-2025-63420 (A stored cross-site scripting (XSS) vulnerability in the 
CrushFTP 11.3 ...)
+       TODO: check
+CVE-2025-60574 (A Local File Inclusion (LFI) vulnerability has been identified 
in tQua ...)
+       TODO: check
+CVE-2025-37736 (Improper Authorization in Elastic Cloud Enterprise can lead to 
Privile ...)
+       TODO: check
+CVE-2025-12911 (Inappropriate implementation in Permissions in Google Chrome 
prior to  ...)
+       TODO: check
+CVE-2025-12910 (Inappropriate implementation in Passkeys in Google Chrome 
prior to 140 ...)
+       TODO: check
+CVE-2025-12909 (Insufficient policy enforcement in Devtools in Google Chrome 
prior to  ...)
+       TODO: check
+CVE-2025-12908 (Insufficient validation of untrusted input in Downloads in 
Google Chro ...)
+       TODO: check
+CVE-2025-12907 (Insufficient validation of untrusted input in Devtools in 
Google Chrom ...)
+       TODO: check
+CVE-2025-12906 (Inappropriate implementation in Permissions in Google Chrome 
prior to  ...)
+       TODO: check
+CVE-2025-12905 (Inappropriate implementation in Downloads in Google Chrome on 
Windows  ...)
+       TODO: check
+CVE-2025-12902 (Improper resource management in firmware of some Solidigm DC 
Products  ...)
+       TODO: check
+CVE-2025-12896 (Improper resource management in firmware of some Solidigm DC 
Products  ...)
+       TODO: check
+CVE-2025-12875 (A weakness has been identified in mruby 3.4.0. This 
vulnerability affe ...)
+       TODO: check
+CVE-2025-12863 (A flaw was found in the xmlSetTreeDoc() function of the 
libxml2 XML pa ...)
+       TODO: check
+CVE-2025-12621 (The Flexible Refund and Return Order for WooCommerce plugin 
for WordPr ...)
+       TODO: check
+CVE-2025-12583 (The Simple Downloads List plugin for WordPress is vulnerable 
to unauth ...)
+       TODO: check
+CVE-2025-12498 (The EventPrime \u2013 Events Calendar, Bookings and Tickets 
plugin for ...)
+       TODO: check
+CVE-2025-12418 (Potential Denial of Service issue in all supported versions of 
Revener ...)
+       TODO: check
+CVE-2025-12353 (The WPFunnels \u2013 The Easiest Funnel Builder For WordPress 
And WooC ...)
+       TODO: check
+CVE-2025-12193 (The Mang Board WP plugin for WordPress is vulnerable to 
Reflected Cros ...)
+       TODO: check
+CVE-2025-12177 (The Download Manager plugin for WordPress is vulnerable to 
unauthorize ...)
+       TODO: check
+CVE-2025-12167 (The Contact Form 7 AWeber Extension plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2025-12161 (The Smart Auto Upload Images plugin for WordPress is 
vulnerable to arb ...)
+       TODO: check
+CVE-2025-12125 (The HTML Forms \u2013 Simple WordPress Forms Plugin plugin for 
WordPre ...)
+       TODO: check
+CVE-2025-12112 (The Insert Headers and Footers Code \u2013 HT Script plugin 
for WordPr ...)
+       TODO: check
+CVE-2025-12064 (The WP2Social Auto Publish plugin for WordPress is vulnerable 
to Refle ...)
+       TODO: check
+CVE-2025-12042 (The Course Booking System plugin for WordPress is vulnerable 
to unauth ...)
+       TODO: check
+CVE-2025-12000 (The WPFunnels plugin for WordPress is vulnerable to arbitrary 
file del ...)
+       TODO: check
+CVE-2025-11972 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger 
with Open ...)
+       TODO: check
+CVE-2025-11748 (The Groups plugin for WordPress is vulnerable to Insecure 
Direct Objec ...)
+       TODO: check
+CVE-2025-11452 (The Asgaros Forum plugin for WordPress is vulnerable to SQL 
Injection  ...)
+       TODO: check
+CVE-2020-36870 (Various Ruijie Gateway EG and NBR models firmware versions 
11.1(6)B9P1 ...)
+       TODO: check
 CVE-2025-9458 (A maliciously crafted PRT file, when parsed through certain 
Autodesk p ...)
        NOT-FOR-US: Autodesk
 CVE-2025-7719 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/182986f7bfe572561bf6d0e46d03c307d11817fb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/182986f7bfe572561bf6d0e46d03c307d11817fb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to