[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 19 Nov 2025 00:13:34 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bba6120f by security tracker role at 2025-11-19T08:13:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2025-6251 (The Royal Elementor Addons and Templates plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2025-65941
+       REJECTED
+CVE-2025-65940
+       REJECTED
+CVE-2025-65939
+       REJECTED
+CVE-2025-65938
+       REJECTED
+CVE-2025-65937
+       REJECTED
+CVE-2025-65936
+       REJECTED
+CVE-2025-65935
+       REJECTED
+CVE-2025-65934
+       REJECTED
+CVE-2025-65933
+       REJECTED
+CVE-2025-65093 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network 
monitorin ...)
+       TODO: check
+CVE-2025-65015 (joserfc is a Python library that provides an implementation of 
several ...)
+       TODO: check
+CVE-2025-65014 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network 
monitorin ...)
+       TODO: check
+CVE-2025-65013 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network 
monitorin ...)
+       TODO: check
+CVE-2025-65012 (Kirby is an open-source content management system. From 
versions 5.0.0 ...)
+       TODO: check
+CVE-2025-64515 (Open Forms allows users create and publish smart forms. Prior 
to versi ...)
+       TODO: check
+CVE-2025-64325 (Emby Server is a personal media server. Prior to version 
4.8.1.0 and p ...)
+       TODO: check
+CVE-2025-64324 (KubeVirt is a virtual machine management add-on for 
Kubernetes. The `h ...)
+       TODO: check
+CVE-2025-63229 (The Mozart FM Transmitter web management interface on version 
WEBMOZZI ...)
+       TODO: check
+CVE-2025-63217 (The Itel DAB MUX (IDMUX build c041640a) is vulnerable to 
Authenticatio ...)
+       TODO: check
+CVE-2025-63216 (The Itel DAB Gateway (IDGat build c041640a) is vulnerable to 
Authentic ...)
+       TODO: check
+CVE-2025-63215 (The Sound4 IMPACT web-based management interface is vulnerable 
to Remo ...)
+       TODO: check
+CVE-2025-62406 (Piwigo is a full featured open source photo gallery 
application for th ...)
+       TODO: check
+CVE-2025-54990 (XWiki AdminTools integrates administrative tools for managing 
a runnin ...)
+       TODO: check
+CVE-2025-13225 (Tanium addressed an arbitrary file deletion vulnerability in 
TanOS.)
+       TODO: check
+CVE-2025-13206 (The GiveWP \u2013 Donation Plugin and Fundraising Platform 
plugin for  ...)
+       TODO: check
+CVE-2025-13145 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress 
plugin fo ...)
+       TODO: check
+CVE-2025-13085 (The SiteSEO \u2013 SEO Simplified plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2025-13054 (The User Profile Builder \u2013 Beautiful User Registration 
Forms, Use ...)
+       TODO: check
+CVE-2025-13051 (When the service of ABP and AES is installed in a directory 
writable b ...)
+       TODO: check
+CVE-2025-13035 (The Code Snippets plugin for WordPress is vulnerable to PHP 
Code Injec ...)
+       TODO: check
+CVE-2025-12878 (The FunnelKit \u2013 Funnel Builder for WooCommerce Checkout 
plugin fo ...)
+       TODO: check
+CVE-2025-12852 (DLL Loading vulnerability in NEC Corporation RakurakuMusen 
Start EX Al ...)
+       TODO: check
+CVE-2025-12842 (The Booking Plugin for WordPress Appointments \u2013 Time Slot 
plugin  ...)
+       TODO: check
+CVE-2025-12822 (The WP Login and Register using JWT plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2025-12814 (The SiteSEO \u2013 SEO Simplified plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2025-12777 (The YITH WooCommerce Wishlist plugin for WordPress is 
vulnerable to au ...)
+       TODO: check
+CVE-2025-12770 (The New User Approve plugin for WordPress is vulnerable to 
unauthorize ...)
+       TODO: check
+CVE-2025-12751 (The WSChat \u2013 WordPress Live Chat plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2025-12710 (The Pet-Manager \u2013 Petfinder plugin for WordPress is 
vulnerable to ...)
+       TODO: check
+CVE-2025-12646 (The Community Events plugin for WordPress is vulnerable to SQL 
Injecti ...)
+       TODO: check
+CVE-2025-12535 (The SureForms plugin for WordPress is vulnerable to Cross-Site 
Request ...)
+       TODO: check
+CVE-2025-12484 (The Giveaways and Contests by RafflePress \u2013 Get More 
Website Traf ...)
+       TODO: check
+CVE-2025-12427 (The YITH WooCommerce Wishlist plugin for WordPress is 
vulnerable to In ...)
+       TODO: check
+CVE-2025-12426 (The Quiz Maker plugin for WordPress is vulnerable to Sensitive 
Informa ...)
+       TODO: check
+CVE-2025-12359 (The Responsive Lightbox & Gallery plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2025-12349 (The Icegram Express - Email Subscribers, Newsletters and 
Marketing Aut ...)
+       TODO: check
+CVE-2025-12174 (The Directorist: AI-Powered Business Directory Plugin with 
Classified  ...)
+       TODO: check
+CVE-2025-12119 (A mongoc_bulk_operation_t may read invalid memory if large 
options are ...)
+       TODO: check
+CVE-2025-12057 (The WavePlayer WordPress plugin before 3.8.0 does not have 
authorizati ...)
+       TODO: check
+CVE-2025-12056 (Out-of-bounds Read in Shelly Pro 3EM(before v1.4.4) allows 
Overread Bu ...)
+       TODO: check
+CVE-2025-11243 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
+       TODO: check
 CVE-2025-12106 [IPv6 address parsing: fix buffer overread on invalid input]
        - openvpn <not-affected> (Vulnerable code only in 2.7 upstream)
        NOTE: 
https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
@@ -2662,6 +2766,7 @@ CVE-2025-64518 (The CycloneDX core module provides a 
model representation of the
 CVE-2025-64513 (Milvus is an open-source vector database built for generative 
AI appli ...)
        NOT-FOR-US: Milvus
 CVE-2025-64512 (Pdfminer.six is a community maintained fork of the original 
PDFMiner,  ...)
+       {DLA-4374-1}
        - pdfminer 20221105+dfsg-1.1 (bug #1120642)
        NOTE: 
https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-wf5f-4jwr-ppcp
        NOTE: Fixed by: 
https://github.com/pdfminer/pdfminer.six/commit/b808ee05dd7f0c8ea8ec34bdf394d40e63501086
 (20251107)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bba6120fdf4b000188bcae3ad3171883aa7f5dc0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bba6120fdf4b000188bcae3ad3171883aa7f5dc0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to