[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Thu, 27 Nov 2025 00:13:17 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
70780a2f by security tracker role at 2025-11-27T08:12:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,103 @@
-CVE-2025-40934
+CVE-2025-7820 (The SKT PayPal for WooCommerce plugin for WordPress is 
vulnerable to P ...)
+       TODO: check
+CVE-2025-66314 (Improper Privilege Management vulnerability in ZTE ElasticNet 
UME R32  ...)
+       TODO: check
+CVE-2025-66040 (Spotipy is a Python library for the Spotify Web API. Prior to 
version  ...)
+       TODO: check
+CVE-2025-66035 (Angular is a development platform for building mobile and 
desktop web  ...)
+       TODO: check
+CVE-2025-66031 (Forge (also called `node-forge`) is a native implementation of 
Transpo ...)
+       TODO: check
+CVE-2025-66030 (Forge (also called `node-forge`) is a native implementation of 
Transpo ...)
+       TODO: check
+CVE-2025-65202 (TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS 
command inje ...)
+       TODO: check
+CVE-2025-64344 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
+       TODO: check
+CVE-2025-64335 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
+       TODO: check
+CVE-2025-64334 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
+       TODO: check
+CVE-2025-64333 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
+       TODO: check
+CVE-2025-64332 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
+       TODO: check
+CVE-2025-64331 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
+       TODO: check
+CVE-2025-64330 (Suricata is a network IDS, IPS and NSM engine developed by the 
OISF (O ...)
+       TODO: check
+CVE-2025-62593 (Ray is an AI compute engine. Prior to version 2.52.0, 
developers worki ...)
+       TODO: check
+CVE-2025-3784 (Cleartext Storage of Sensitive Information Vulnerability in GX 
Works2  ...)
+       TODO: check
+CVE-2025-34351 (Anyscale Ray 2.52.0 contains an insecure default configuration 
in whic ...)
+       TODO: check
+CVE-2025-13762 (Improper Input Validation vulnerability in CyberArk CyberArk 
Secure We ...)
+       TODO: check
+CVE-2025-13680 (The Tiger theme for WordPress is vulnerable to Privilege 
Escalation in ...)
+       TODO: check
+CVE-2025-13675 (The Tiger theme for WordPress is vulnerable to Privilege 
Escalation in ...)
+       TODO: check
+CVE-2025-13540 (The Tiare Membership plugin for WordPress is vulnerable to 
Privilege E ...)
+       TODO: check
+CVE-2025-13539 (The FindAll Membership plugin for WordPress is vulnerable to 
Authentic ...)
+       TODO: check
+CVE-2025-13538 (The FindAll Listing plugin for WordPress is vulnerable to 
Privilege Es ...)
+       TODO: check
+CVE-2025-13525 (The WP Directory Kit plugin for WordPress is vulnerable to 
Reflected C ...)
+       TODO: check
+CVE-2025-13441 (The Hide Category by User Role for WooCommerce plugin for 
WordPress is ...)
+       TODO: check
+CVE-2025-13157 (The QODE Wishlist for WooCommerce plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2025-13143 (The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin 
for WordP ...)
+       TODO: check
+CVE-2025-12758 (Versions of the package validator before 13.15.22 are 
vulnerable to In ...)
+       TODO: check
+CVE-2025-12713 (The Soundslides plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2025-12712 (The Shouty plugin for WordPress is vulnerable to Stored 
Cross-Site Scr ...)
+       TODO: check
+CVE-2025-12670 (The wp-twitpic plugin for WordPress is vulnerable to Stored 
Cross-Site ...)
+       TODO: check
+CVE-2025-12666 (The Google Drive upload and download link plugin for WordPress 
is vuln ...)
+       TODO: check
+CVE-2025-12649 (The SortTable Post plugin for WordPress is vulnerable to 
Stored Cross- ...)
+       TODO: check
+CVE-2025-12579 (The Reuters Direct plugin for WordPress is vulnerable to 
unauthorized  ...)
+       TODO: check
+CVE-2025-12578 (The Reuters Direct plugin for WordPress is vulnerable to 
Cross-Site Re ...)
+       TODO: check
+CVE-2025-12185 (The StaffList plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+       TODO: check
+CVE-2025-12151 (The Simple Folio plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2025-12123 (The Customer Reviews Collector for WooCommerce plugin for 
WordPress is ...)
+       TODO: check
+CVE-2025-0658 (A vulnerability in Automated Logic and Carrier's Zone 
Controllervia BA ...)
+       TODO: check
+CVE-2025-0657 (A weakness in Automated Logic and Carrier i-Vu Gen5 router on 
driver   ...)
+       TODO: check
+CVE-2024-5540 (The reflective cross-site scripting vulnerability found in ALC 
WebCTRL ...)
+       TODO: check
+CVE-2024-5539 (The Access Control Bypass vulnerability found in ALC WebCTRL 
and Carri ...)
+       TODO: check
+CVE-2020-36874 (ACE SECURITY WIP-90113 HD cameras contain an unauthenticated 
configura ...)
+       TODO: check
+CVE-2020-36873 (Astak CM-818T3 2.4GHz wireless security surveillance cameras 
contain a ...)
+       TODO: check
+CVE-2020-36872 (BACnet Test Server versions up to and including 1.01 contains 
a remote ...)
+       TODO: check
+CVE-2020-36871 (ESCAM QD-900 WIFI HD cameras contain an unauthenticated 
configuration  ...)
+       TODO: check
+CVE-2019-25227 (Tellion HN-2204AP routers contain an unauthenticated 
configuration dis ...)
+       TODO: check
+CVE-2019-25226 (Dongyoung Media DM-AP240T/W wireless access points contain an 
unauthen ...)
+       TODO: check
+CVE-2025-40934 (XML-Sig versions 0.27 through 0.67 for Perl incorrectly 
validates XML  ...)
        NOT-FOR-US: XML-Sig Perl module
 CVE-2025-66270
+       {DSA-6063-1}
        - kdeconnect 25.11.80+git20251121.7090b106-1
        [bookworm] - kdeconnect <not-affected> (Vulnerable code not present)
        [bullseye] - kdeconnect <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70780a2f88abb6f5503488e08828f82f66a40fda

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70780a2f88abb6f5503488e08828f82f66a40fda
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to