Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
407b06ba by security tracker role at 2025-11-18T20:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,303 @@
+CVE-2025-9977 (Value provided in one of POST parameters sent during the
process of lo ...)
+ TODO: check
+CVE-2025-9625 (The Coil Web Monetization plugin for WordPress is vulnerable to
Cross- ...)
+ TODO: check
+CVE-2025-9312 (A missing authentication enforcement vulnerability exists in
the mutua ...)
+ TODO: check
+CVE-2025-8609 (The RTMKit Addons for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-8605 (The Gutenify \u2013 Visual Site Builder Blocks & Site
Templates. plugi ...)
+ TODO: check
+CVE-2025-8084 (The AI Engine plugin for WordPress is vulnerable to Server-Side
Reques ...)
+ TODO: check
+CVE-2025-6670 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
multiple W ...)
+ TODO: check
+CVE-2025-64996 (In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all
versions of 2 ...)
+ TODO: check
+CVE-2025-64076 (Multiple vulnerabilities exist in cbor2 through version 5.7.0
in the d ...)
+ TODO: check
+CVE-2025-63994 (An arbitrary file upload vulnerability in the
/php/UploadHandler.php c ...)
+ TODO: check
+CVE-2025-63955 (A Cross-Site Request Forgery (CSRF) vulnerability in the
manage-studen ...)
+ TODO: check
+CVE-2025-63892 (A vulnerability was determined in SourceCodester Student
Grades Manage ...)
+ TODO: check
+CVE-2025-63883 (A DOM-based cross-site scripting vulnerability exists in
electic-shop ...)
+ TODO: check
+CVE-2025-63829 (eProsima Fast-DDS v3.3 and before has an infinite loop
vulnerability c ...)
+ TODO: check
+CVE-2025-63828 (Host Header Injection vulnerability in Backdrop CMS 1.32.1
allows atta ...)
+ TODO: check
+CVE-2025-63800 (The password change endpoint in Open Source Point of Sale
3.4.1 allows ...)
+ TODO: check
+CVE-2025-63749 (pnetlab 5.3.11 is vulnerable to Command Injection via the
qemu_options ...)
+ TODO: check
+CVE-2025-63695 (DzzOffice v2.3.7 and before is vulnerable to Arbitrary File
Upload in ...)
+ TODO: check
+CVE-2025-63694 (DzzOffice v2.3.7 and before is vulnerable to SQL Injection in
explorer ...)
+ TODO: check
+CVE-2025-63693 (The comment editing template
(dzz/comment/template/edit_form.htm) in D ...)
+ TODO: check
+CVE-2025-63604 (A code injection vulnerability exists in
baryhuang/mcp-server-aws-reso ...)
+ TODO: check
+CVE-2025-63603 (A command injection vulnerability exists in the MCP Data
Science Serve ...)
+ TODO: check
+CVE-2025-63602 (A vulnerability was discovered in Awesome Miner thru 11.2.4
that allow ...)
+ TODO: check
+CVE-2025-63514 (kishan0725 Hospital Management System has a Cross-Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2025-63513 (kishan0725 Hospital Management System v4 has an Insecure
Direct Object ...)
+ TODO: check
+CVE-2025-63512 (kishan0725 Hospital Management System/ v4 is vulnerable to SQL
Injecti ...)
+ TODO: check
+CVE-2025-63408 (Local Agent DVR versions thru 6.6.1.0 are vulnerable to
directory trav ...)
+ TODO: check
+CVE-2025-63258 (A remote command execution (RCE) vulnerability was discovered
in all H ...)
+ TODO: check
+CVE-2025-63228 (The Mozart FM Transmitter web management interface on version
WEBMOZZI ...)
+ TODO: check
+CVE-2025-63227 (The Mozart FM Transmitter web management interface on version
WEBMOZZI ...)
+ TODO: check
+CVE-2025-63226 (The Sencore SMP100 SMP Media Platform (firmware versions
V4.2.160, V60 ...)
+ TODO: check
+CVE-2025-63225 (The Eurolab ELTS100_UBX device (firmware version
ELTS100v1.UBX) is vul ...)
+ TODO: check
+CVE-2025-61713 (A Cleartext Storage of Sensitive Information in Memory
vulnerability [ ...)
+ TODO: check
+CVE-2025-61664 (A vulnerability in the GRUB2 bootloader has been identified in
the nor ...)
+ TODO: check
+CVE-2025-61663 (A vulnerability has been identified in the GRUB2 bootloader's
normal c ...)
+ TODO: check
+CVE-2025-61662 (A Use-After-Free vulnerability has been discovered in GRUB's
gettext m ...)
+ TODO: check
+CVE-2025-61661 (A vulnerability has been identified in the GRUB (Grand Unified
Bootloa ...)
+ TODO: check
+CVE-2025-60455 (Unsafe Deserialization vulnerability in Modular Max Serve
before 25.6, ...)
+ TODO: check
+CVE-2025-59669 (A use of hard-coded credentials vulnerability in Fortinet
FortiWeb 7.6 ...)
+ TODO: check
+CVE-2025-59117 (Windu CMS is vulnerable to multiple Stored Cross-Site
Scripting (XSS) ...)
+ TODO: check
+CVE-2025-59116 (Windu CMS is vulnerable to User Enumeration. This issue occurs
during ...)
+ TODO: check
+CVE-2025-59115 (Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS)
in the lo ...)
+ TODO: check
+CVE-2025-59114 (Windu CMS is vulnerable to Cross-Site Request Forgery in file
uploadin ...)
+ TODO: check
+CVE-2025-59113 (Windu CMS implements weak client-side brute-force protection
by using ...)
+ TODO: check
+CVE-2025-59112 (Windu CMS is vulnerable to Cross-Site Request Forgery in user
editing ...)
+ TODO: check
+CVE-2025-59111 (Windu CMS is vulnerable to Broken Access Control in user
editing funct ...)
+ TODO: check
+CVE-2025-59110 (Windu CMS is vulnerable to Cross-Site Request Forgery in user
editing ...)
+ TODO: check
+CVE-2025-58692 (An improper neutralization of special elements used in an SQL
Command ...)
+ TODO: check
+CVE-2025-58413 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0
through 7.6.3, ...)
+ TODO: check
+CVE-2025-58122 (Insufficient permission validation in Checkmk 2.4.0 before
version 2.4 ...)
+ TODO: check
+CVE-2025-58121 (Insufficient permission validation on multiple REST API
endpoints in C ...)
+ TODO: check
+CVE-2025-58034 (An Improper Neutralization of Special Elements used in an OS
Command ( ...)
+ TODO: check
+CVE-2025-56643 (Requarks Wiki.js 2.5.307 does not properly revoke or
invalidate active ...)
+ TODO: check
+CVE-2025-56527 (Plaintext password storage in Kotaemon 0.11.0 in the client's
localSto ...)
+ TODO: check
+CVE-2025-56526 (Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0
allowing a ...)
+ TODO: check
+CVE-2025-56499 (Incorrect access control in mihomo v1.19.11 allows
authenticated attac ...)
+ TODO: check
+CVE-2025-55796 (The openml/openml.org web application version v2.0.20241110
uses predi ...)
+ TODO: check
+CVE-2025-55179 (Incomplete validation of rich response messages in WhatsApp
for iOS pr ...)
+ TODO: check
+CVE-2025-55074 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail
to enfo ...)
+ TODO: check
+CVE-2025-54972 (An improper neutralization of crlf sequences ('crlf
injection') in For ...)
+ TODO: check
+CVE-2025-54971 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
+ TODO: check
+CVE-2025-54821 (An Improper Privilege Management vulnerability [CWE-269] in
Fortinet F ...)
+ TODO: check
+CVE-2025-54771 (A use-after-free vulnerability has been identified in the GNU
GRUB (Gr ...)
+ TODO: check
+CVE-2025-54770 (A vulnerability has been identified in the GRUB2 bootloader's
network ...)
+ TODO: check
+CVE-2025-54660 (An active debug code vulnerability in Fortinet
FortiClientWindows 7.4. ...)
+ TODO: check
+CVE-2025-54321 (In Ascertia SigningHub through 8.6.8, there is a lack of rate
limiting ...)
+ TODO: check
+CVE-2025-54320 (In Ascertia SigningHub through 8.6.8, there is a lack of rate
limiting ...)
+ TODO: check
+CVE-2025-53843 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0
through 7.6.3, ...)
+ TODO: check
+CVE-2025-53360 (pluginsGLPI's Database Inventory Plugin "manages" the Teclib'
inventor ...)
+ TODO: check
+CVE-2025-52639 (HCL Connections is vulnerable to a sensitive information
disclosure vu ...)
+ TODO: check
+CVE-2025-4212 (The Checkout Files Upload for WooCommerce plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2025-48839 (An Out-of-bounds Write vulnerability [CWE-787] in FortiADC
8.0.0, 7.6. ...)
+ TODO: check
+CVE-2025-47761 (An Exposed IOCTL with Insufficient Access Control
vulnerability [CWE-7 ...)
+ TODO: check
+CVE-2025-46776 (A buffer copy without checking size of input ('classic buffer
overflow ...)
+ TODO: check
+CVE-2025-46775 (A debug messages revealing unnecessary information
vulnerability in Fo ...)
+ TODO: check
+CVE-2025-46373 (A Heap-based Buffer Overflow vulnerability [CWE-122] in
Fortinet Forti ...)
+ TODO: check
+CVE-2025-46215 (An Improper Isolation or Compartmentalization vulnerability
[CWE-653] ...)
+ TODO: check
+CVE-2025-41737 (Due to webserver misconfiguration an unauthenticated remote
attacker i ...)
+ TODO: check
+CVE-2025-41736 (A low privileged remote attacker can upload a new or overwrite
an exis ...)
+ TODO: check
+CVE-2025-41735 (A low privileged remote attacker can upload any file to an
arbitrary l ...)
+ TODO: check
+CVE-2025-41734 (An unauthenticated remote attacker can execute arbitrary php
files and ...)
+ TODO: check
+CVE-2025-41733 (The commissioning wizard on the affected devices does not
validate if ...)
+ TODO: check
+CVE-2025-41350 (Stored Cross-site Scripting (XSS)vylnerability type in WinPlus
v24.11. ...)
+ TODO: check
+CVE-2025-41349 (Stored Cross-site Scripting (XSS)vylnerability type in WinPlus
v24.11. ...)
+ TODO: check
+CVE-2025-41348 (SQL injection vulnerability in WinPlus v24.11.27 by
Inform\xe1tica del ...)
+ TODO: check
+CVE-2025-41347 (Unlimited upload vulnerability for dangerous file types in
WinPlus v24 ...)
+ TODO: check
+CVE-2025-41346 (Faulty authorization control in software WinPlus v24.11.27 by
Inform\x ...)
+ TODO: check
+CVE-2025-40549 (A Path Restriction Bypass vulnerability exists in Serv-U that
when abu ...)
+ TODO: check
+CVE-2025-40548 (A missing validation process exists in Serv U when abused,
could give ...)
+ TODO: check
+CVE-2025-40547 (A logic error vulnerability exists in Serv-U which when abused
could g ...)
+ TODO: check
+CVE-2025-40545 (SolarWinds Observability Self-Hosted is susceptible to an open
redirec ...)
+ TODO: check
+CVE-2025-37163 (A command injection vulnerability has been identified in the
command l ...)
+ TODO: check
+CVE-2025-37162 (A vulnerability in the command line interface of affected
devices coul ...)
+ TODO: check
+CVE-2025-37161 (A vulnerability in the web-based management interface of
affected prod ...)
+ TODO: check
+CVE-2025-37160 (A broken access control (BAC) vulnerability in the web-based
managemen ...)
+ TODO: check
+CVE-2025-37159 (A vulnerability in the web management interface of the AOS-CX
OS user ...)
+ TODO: check
+CVE-2025-37158 (A command injection vulnerability exists in the AOS-CX
Operating Syste ...)
+ TODO: check
+CVE-2025-37157 (A command injection vulnerability exists in the AOS-CX
Operating Syste ...)
+ TODO: check
+CVE-2025-37156 (A platform-level denial-of-service (DoS) vulnerability exists
in Aruba ...)
+ TODO: check
+CVE-2025-37155 (A vulnerability in the SSH restricted shell interface of the
network m ...)
+ TODO: check
+CVE-2025-34324 (GoSign Desktop versions 2.4.0 and earlier use an unsigned
update manif ...)
+ TODO: check
+CVE-2025-33184 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability
in a Pyt ...)
+ TODO: check
+CVE-2025-33183 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability
in a Pyt ...)
+ TODO: check
+CVE-2025-26391 (SolarWinds Observability Self-Hosted XSS Vulnerability. The
SolarWinds ...)
+ TODO: check
+CVE-2025-13349 (A vulnerability has been found in SourceCodester Student
Grades Manage ...)
+ TODO: check
+CVE-2025-13347 (A flaw has been found in SourceCodester Train Station
Ticketing System ...)
+ TODO: check
+CVE-2025-13346 (A vulnerability was detected in SourceCodester Train Station
Ticketing ...)
+ TODO: check
+CVE-2025-13345 (A security vulnerability has been detected in SourceCodester
Train Sta ...)
+ TODO: check
+CVE-2025-13344 (A weakness has been identified in SourceCodester Train Station
Ticketi ...)
+ TODO: check
+CVE-2025-13343 (A security flaw has been discovered in SourceCodester
Interview Manage ...)
+ TODO: check
+CVE-2025-13196 (The Element Pack Addons for Elementor plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2025-13133 (The Simple User Import Export plugin for WordPress is
vulnerable to CS ...)
+ TODO: check
+CVE-2025-13088 (The Category and Product Woocommerce Tabs plugin for WordPress
is vuln ...)
+ TODO: check
+CVE-2025-13083 (Use of Web Browser Cache Containing Sensitive Information
vulnerabilit ...)
+ TODO: check
+CVE-2025-13082 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
+ TODO: check
+CVE-2025-13081 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
+ TODO: check
+CVE-2025-13080 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
+ TODO: check
+CVE-2025-13069 (The Enable SVG, WebP, and ICO Upload plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-12962 (The Local Syndication plugin for WordPress is vulnerable to
Server-Sid ...)
+ TODO: check
+CVE-2025-12961 (The Download Panel plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2025-12955 (The Live sales notification for WooCommerce plugin for
WordPress is vu ...)
+ TODO: check
+CVE-2025-12937 (The ACF Flexible Layouts Manager plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-12827 (The Top Friends plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2025-12823 (The CSV to SortTable plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-12775 (The WP Dropzone plugin for WordPress is vulnerable to
authenticated ar ...)
+ TODO: check
+CVE-2025-12761 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
+ TODO: check
+CVE-2025-12760 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
+ TODO: check
+CVE-2025-12691 (The Photonic Gallery & Lightbox for Flickr, SmugMug & Others
plugin fo ...)
+ TODO: check
+CVE-2025-12639 (The wModes \u2013 Catalog Mode, Product Pricing, Enquiry Forms
& Promo ...)
+ TODO: check
+CVE-2025-12545 (The Pixel Manager for WooCommerce \u2013 Track Conversions and
Analyti ...)
+ TODO: check
+CVE-2025-12528 (The Pie Forms for WP plugin for WordPress is vulnerable to
Arbitrary F ...)
+ TODO: check
+CVE-2025-12481 (The WP Duplicate Page plugin for WordPress is vulnerable to
Missing Au ...)
+ TODO: check
+CVE-2025-12457 (The Enable SVG, WebP, and ICO Upload plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-12411 (The Premmerce Wholesale Pricing for WooCommerce plugin for
WordPress i ...)
+ TODO: check
+CVE-2025-12406 (The Project Honey Pot Spam Trap plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-12404 (The Like-it plugin for WordPress is vulnerable to Cross-Site
Request F ...)
+ TODO: check
+CVE-2025-12392 (The Cryptocurrency Payment Gateway for WooCommerce plugin for
WordPres ...)
+ TODO: check
+CVE-2025-12391 (The Restrictions for BuddyPress plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-12383 (In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race
condition can ca ...)
+ TODO: check
+CVE-2025-12376 (The Icon List Block \u2013 Add Icon-Based Lists with Custom
Styles plu ...)
+ TODO: check
+CVE-2025-12372 (The Permalinks Cascade plugin for WordPress is vulnerable to
Missing A ...)
+ TODO: check
+CVE-2025-12173 (The WP Admin Microblog plugin for WordPress is vulnerable to
Cross-Sit ...)
+ TODO: check
+CVE-2025-12088 (The Meta Display Block plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-12079 (The WP Twitter Auto Publish plugin for WordPress is vulnerable
to Refl ...)
+ TODO: check
+CVE-2025-12078 (The ArtiBot Free Chat Bot for WebSites plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-11868 (The everviz plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2025-11734 (The Broken Link Checker by AIOSEO \u2013 Easily Fix/Monitor
Internal a ...)
+ TODO: check
+CVE-2025-11620 (The Multiple Roles per User plugin for WordPress is vulnerable
to unau ...)
+ TODO: check
+CVE-2025-11427 (The WP Migrate Lite \u2013 WordPress Migration Made Easy
plugin for Wo ...)
+ TODO: check
+CVE-2025-10158 (A malicious client acting as the receiver of an rsync file
transfer ca ...)
+ TODO: check
CVE-2025-8727 (There is a vulnerability in the Supermicro BMC web function at
Supermi ...)
NOT-FOR-US: Supermicro
CVE-2025-8693 (A post-authentication command injection vulnerability in the
"priv" pa ...)
@@ -63,18 +363,23 @@ CVE-2025-13301 (A vulnerability was found in itsourcecode
Web-Based Internet Lab
CVE-2025-13300 (A vulnerability has been found in itsourcecode Web-Based
Internet Labo ...)
NOT-FOR-US: itsourcecode System
CVE-2025-13230 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59
allowed a ...)
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-13229 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59
allowed a ...)
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-13228 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59
allowed a ...)
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-13227 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59
allowed a ...)
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-13226 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59
allowed a ...)
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12974 (The Gravity Forms plugin for WordPress is vulnerable to
arbitrary file ...)
@@ -87,7 +392,7 @@ CVE-2025-11267 (The VK All in One Expansion Unit plugin for
WordPress is vulnera
NOT-FOR-US: WordPress plugin
CVE-2025-11265 (The VK All in One Expansion Unit plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-10089 (Malicious Code Execution Vulnerability in Setting and
Operation Applic ...)
+CVE-2025-10089 (Uncontrolled Search Path Element Vulnerability in Setting and
Operatio ...)
NOT-FOR-US: Mitsubishi
CVE-2025-13223 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.175
allowed ...)
- chromium <unfixed>
@@ -99,7 +404,7 @@ CVE-2025-65083 (GoSign Desktop through 2.4.1 disables TLS
certificate validation
NOT-FOR-US: GoSign Desktop
CVE-2025-64758 (@dependencytrack/frontend is a Single Page Application (SPA)
used in D ...)
NOT-FOR-US: DependencyTrack/frontend
-CVE-2025-64756 (Glob matches files using patterns the shell uses. From
versions 10.3.7 ...)
+CVE-2025-64756 (Glob matches files using patterns the shell uses. Starting in
version ...)
- node-glob <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2
NOTE: Fixed by:
https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146
(v11.1.0)
@@ -72980,7 +73285,7 @@ CVE-2024-41789 (A vulnerability has been identified in
SENTRON 7KT PAC1260 Data
NOT-FOR-US: Siemens
CVE-2024-41788 (A vulnerability has been identified in SENTRON 7KT PAC1260
Data Manage ...)
NOT-FOR-US: Siemens
-CVE-2024-32122 (A storing passwords in a recoverable format in Fortinet
FortiOS versio ...)
+CVE-2024-32122 (A storing passwords in a recoverable format in Fortinet
FortiOS 7.4.0 ...)
NOT-FOR-US: Fortinet
CVE-2024-26013 (A improper restriction of communication channel to intended
endpoints ...)
NOT-FOR-US: Fortinet
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/407b06ba8a3b623bd6b1511eb0623a0b5f6a9784
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/407b06ba8a3b623bd6b1511eb0623a0b5f6a9784
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
