Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a7672ceb by security tracker role at 2025-11-18T20:13:52+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-9977 (Value provided in one of POST parameters sent during the
process of lo ...)
TODO: check
CVE-2025-9625 (The Coil Web Monetization plugin for WordPress is vulnerable to
Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9312 (A missing authentication enforcement vulnerability exists in
the mutua ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2025-8609 (The RTMKit Addons for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8605 (The Gutenify \u2013 Visual Site Builder Blocks & Site
Templates. plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8084 (The AI Engine plugin for WordPress is vulnerable to Server-Side
Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6670 (A Cross-Site Request Forgery (CSRF) vulnerability exists in
multiple W ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2025-64996 (In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all
versions of 2 ...)
TODO: check
CVE-2025-64076 (Multiple vulnerabilities exist in cbor2 through version 5.7.0
in the d ...)
@@ -19,9 +19,9 @@ CVE-2025-64076 (Multiple vulnerabilities exist in cbor2
through version 5.7.0 in
CVE-2025-63994 (An arbitrary file upload vulnerability in the
/php/UploadHandler.php c ...)
TODO: check
CVE-2025-63955 (A Cross-Site Request Forgery (CSRF) vulnerability in the
manage-studen ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-63892 (A vulnerability was determined in SourceCodester Student
Grades Manage ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-63883 (A DOM-based cross-site scripting vulnerability exists in
electic-shop ...)
TODO: check
CVE-2025-63829 (eProsima Fast-DDS v3.3 and before has an infinite loop
vulnerability c ...)
@@ -63,7 +63,7 @@ CVE-2025-63226 (The Sencore SMP100 SMP Media Platform
(firmware versions V4.2.16
CVE-2025-63225 (The Eurolab ELTS100_UBX device (firmware version
ELTS100v1.UBX) is vul ...)
TODO: check
CVE-2025-61713 (A Cleartext Storage of Sensitive Information in Memory
vulnerability [ ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-61664 (A vulnerability in the GRUB2 bootloader has been identified in
the nor ...)
TODO: check
CVE-2025-61663 (A vulnerability has been identified in the GRUB2 bootloader's
normal c ...)
@@ -75,7 +75,7 @@ CVE-2025-61661 (A vulnerability has been identified in the
GRUB (Grand Unified B
CVE-2025-60455 (Unsafe Deserialization vulnerability in Modular Max Serve
before 25.6, ...)
TODO: check
CVE-2025-59669 (A use of hard-coded credentials vulnerability in Fortinet
FortiWeb 7.6 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-59117 (Windu CMS is vulnerable to multiple Stored Cross-Site
Scripting (XSS) ...)
TODO: check
CVE-2025-59116 (Windu CMS is vulnerable to User Enumeration. This issue occurs
during ...)
@@ -93,15 +93,15 @@ CVE-2025-59111 (Windu CMS is vulnerable to Broken Access
Control in user editing
CVE-2025-59110 (Windu CMS is vulnerable to Cross-Site Request Forgery in user
editing ...)
TODO: check
CVE-2025-58692 (An improper neutralization of special elements used in an SQL
Command ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-58413 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0
through 7.6.3, ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-58122 (Insufficient permission validation in Checkmk 2.4.0 before
version 2.4 ...)
TODO: check
CVE-2025-58121 (Insufficient permission validation on multiple REST API
endpoints in C ...)
TODO: check
CVE-2025-58034 (An Improper Neutralization of Special Elements used in an OS
Command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-56643 (Requarks Wiki.js 2.5.307 does not properly revoke or
invalidate active ...)
TODO: check
CVE-2025-56527 (Plaintext password storage in Kotaemon 0.11.0 in the client's
localSto ...)
@@ -117,41 +117,41 @@ CVE-2025-55179 (Incomplete validation of rich response
messages in WhatsApp for
CVE-2025-55074 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail
to enfo ...)
TODO: check
CVE-2025-54972 (An improper neutralization of crlf sequences ('crlf
injection') in For ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54971 (An exposure of sensitive information to an unauthorized actor
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54821 (An Improper Privilege Management vulnerability [CWE-269] in
Fortinet F ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54771 (A use-after-free vulnerability has been identified in the GNU
GRUB (Gr ...)
TODO: check
CVE-2025-54770 (A vulnerability has been identified in the GRUB2 bootloader's
network ...)
TODO: check
CVE-2025-54660 (An active debug code vulnerability in Fortinet
FortiClientWindows 7.4. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54321 (In Ascertia SigningHub through 8.6.8, there is a lack of rate
limiting ...)
TODO: check
CVE-2025-54320 (In Ascertia SigningHub through 8.6.8, there is a lack of rate
limiting ...)
TODO: check
CVE-2025-53843 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0
through 7.6.3, ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-53360 (pluginsGLPI's Database Inventory Plugin "manages" the Teclib'
inventor ...)
TODO: check
CVE-2025-52639 (HCL Connections is vulnerable to a sensitive information
disclosure vu ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-4212 (The Checkout Files Upload for WooCommerce plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48839 (An Out-of-bounds Write vulnerability [CWE-787] in FortiADC
8.0.0, 7.6. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-47761 (An Exposed IOCTL with Insufficient Access Control
vulnerability [CWE-7 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46776 (A buffer copy without checking size of input ('classic buffer
overflow ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46775 (A debug messages revealing unnecessary information
vulnerability in Fo ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46373 (A Heap-based Buffer Overflow vulnerability [CWE-122] in
Fortinet Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46215 (An Improper Isolation or Compartmentalization vulnerability
[CWE-653] ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-41737 (Due to webserver misconfiguration an unauthenticated remote
attacker i ...)
TODO: check
CVE-2025-41736 (A low privileged remote attacker can upload a new or overwrite
an exis ...)
@@ -173,31 +173,31 @@ CVE-2025-41347 (Unlimited upload vulnerability for
dangerous file types in WinPl
CVE-2025-41346 (Faulty authorization control in software WinPlus v24.11.27 by
Inform\x ...)
TODO: check
CVE-2025-40549 (A Path Restriction Bypass vulnerability exists in Serv-U that
when abu ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-40548 (A missing validation process exists in Serv U when abused,
could give ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-40547 (A logic error vulnerability exists in Serv-U which when abused
could g ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-40545 (SolarWinds Observability Self-Hosted is susceptible to an open
redirec ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-37163 (A command injection vulnerability has been identified in the
command l ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37162 (A vulnerability in the command line interface of affected
devices coul ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37161 (A vulnerability in the web-based management interface of
affected prod ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37160 (A broken access control (BAC) vulnerability in the web-based
managemen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37159 (A vulnerability in the web management interface of the AOS-CX
OS user ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37158 (A command injection vulnerability exists in the AOS-CX
Operating Syste ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37157 (A command injection vulnerability exists in the AOS-CX
Operating Syste ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37156 (A platform-level denial-of-service (DoS) vulnerability exists
in Aruba ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37155 (A vulnerability in the SSH restricted shell interface of the
network m ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-34324 (GoSign Desktop versions 2.4.0 and earlier use an unsigned
update manif ...)
TODO: check
CVE-2025-33184 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability
in a Pyt ...)
@@ -205,97 +205,97 @@ CVE-2025-33184 (NVIDIA Isaac-GR00T for all platforms
contains a vulnerability in
CVE-2025-33183 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability
in a Pyt ...)
TODO: check
CVE-2025-26391 (SolarWinds Observability Self-Hosted XSS Vulnerability. The
SolarWinds ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-13349 (A vulnerability has been found in SourceCodester Student
Grades Manage ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13347 (A flaw has been found in SourceCodester Train Station
Ticketing System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13346 (A vulnerability was detected in SourceCodester Train Station
Ticketing ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13345 (A security vulnerability has been detected in SourceCodester
Train Sta ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13344 (A weakness has been identified in SourceCodester Train Station
Ticketi ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13343 (A security flaw has been discovered in SourceCodester
Interview Manage ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13196 (The Element Pack Addons for Elementor plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13133 (The Simple User Import Export plugin for WordPress is
vulnerable to CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13088 (The Category and Product Woocommerce Tabs plugin for WordPress
is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13083 (Use of Web Browser Cache Containing Sensitive Information
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13082 (User Interface (UI) Misrepresentation of Critical Information
vulnerab ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13081 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13080 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13069 (The Enable SVG, WebP, and ICO Upload plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12962 (The Local Syndication plugin for WordPress is vulnerable to
Server-Sid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12961 (The Download Panel plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12955 (The Live sales notification for WooCommerce plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12937 (The ACF Flexible Layouts Manager plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12827 (The Top Friends plugin for WordPress is vulnerable to
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12823 (The CSV to SortTable plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12775 (The WP Dropzone plugin for WordPress is vulnerable to
authenticated ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12761 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-12760 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-12691 (The Photonic Gallery & Lightbox for Flickr, SmugMug & Others
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12639 (The wModes \u2013 Catalog Mode, Product Pricing, Enquiry Forms
& Promo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12545 (The Pixel Manager for WooCommerce \u2013 Track Conversions and
Analyti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12528 (The Pie Forms for WP plugin for WordPress is vulnerable to
Arbitrary F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12481 (The WP Duplicate Page plugin for WordPress is vulnerable to
Missing Au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12457 (The Enable SVG, WebP, and ICO Upload plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12411 (The Premmerce Wholesale Pricing for WooCommerce plugin for
WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12406 (The Project Honey Pot Spam Trap plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12404 (The Like-it plugin for WordPress is vulnerable to Cross-Site
Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12392 (The Cryptocurrency Payment Gateway for WooCommerce plugin for
WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12391 (The Restrictions for BuddyPress plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12383 (In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race
condition can ca ...)
TODO: check
CVE-2025-12376 (The Icon List Block \u2013 Add Icon-Based Lists with Custom
Styles plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12372 (The Permalinks Cascade plugin for WordPress is vulnerable to
Missing A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12173 (The WP Admin Microblog plugin for WordPress is vulnerable to
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12088 (The Meta Display Block plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12079 (The WP Twitter Auto Publish plugin for WordPress is vulnerable
to Refl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12078 (The ArtiBot Free Chat Bot for WebSites plugin for WordPress is
vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11868 (The everviz plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11734 (The Broken Link Checker by AIOSEO \u2013 Easily Fix/Monitor
Internal a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11620 (The Multiple Roles per User plugin for WordPress is vulnerable
to unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11427 (The WP Migrate Lite \u2013 WordPress Migration Made Easy
plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10158 (A malicious client acting as the receiver of an rsync file
transfer ca ...)
TODO: check
CVE-2025-8727 (There is a vulnerability in the Supermicro BMC web function at
Supermi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7672ceb16d84646ea6e952b11cc355471853f1a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7672ceb16d84646ea6e952b11cc355471853f1a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
