[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Fri, 28 Nov 2025 12:13:24 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3d9f2e95 by security tracker role at 2025-11-28T20:12:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2025-51736 (File upload vulnerability in HCL Technologies Ltd. Unica 
12.0.0.)
+       TODO: check
+CVE-2025-51735 (CSV formula injection vulnerability in HCL Technologies Ltd. 
Unica 12. ...)
+       TODO: check
+CVE-2025-51734 (Cross-site scripting (XSS) vulnerability in HCL Technologies 
Ltd. Unic ...)
+       TODO: check
+CVE-2025-51733 (Cross-Site Request Forgery (CSRF) vulnerability in HCL 
Technologies Lt ...)
+       TODO: check
+CVE-2025-13683 (Exposure of credentials in unintended requests in Devolutions 
Server,  ...)
+       TODO: check
+CVE-2025-12638 (Keras version 3.11.3 is affected by a path traversal 
vulnerability in  ...)
+       TODO: check
+CVE-2025-12183 (Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and 
earlier  ...)
+       TODO: check
+CVE-2025-12143 (Stack-based Buffer Overflow vulnerability in ABB Terra AC 
wallbox.This ...)
+       TODO: check
+CVE-2025-11156 (Netskope was notified about a potential gap in its agent (NS 
Client) o ...)
+       TODO: check
 CVE-2025-66386 (app/Model/EventReport.php in MISP before 2.5.27 allows path 
traversal  ...)
        NOT-FOR-US: MISP
 CVE-2025-66385 (UsersController::edit in Cerebrate before 1.30 allows an 
authenticated ...)
@@ -657,6 +675,7 @@ CVE-2025-64304 ("FOD" App uses hard-coded cryptographic 
keys, which may allow a
 CVE-2025-63674 (An issue in Blurams Lumi Security Camera (A31C) 
v23.1227.472.2926 allo ...)
        NOT-FOR-US: Blurams
 CVE-2025-63498 (alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) 
via the ...)
+       {DLA-4386-1}
        - sogo 5.12.4-1
        NOTE: 
https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c 
(SOGo-5.12.4)
        NOTE: https://github.com/xryptoh/CVE-2025-63498
@@ -21252,9 +21271,9 @@ CVE-2025-8079 (Improper Neutralization of Input During 
Web Page Generation (XSS
        NOT-FOR-US: Smart Trade E-Commerce
 CVE-2025-59797 (Profession Fit 5.0.99 Build 44910 allows authorization bypass 
via a di ...)
        NOT-FOR-US: Profession Fit
-CVE-2025-59792
+CVE-2025-59792 (Reveals plaintext credentials in the MONITOR command 
vulnerability in  ...)
        NOT-FOR-US: Apache Kvrocks
-CVE-2025-59790
+CVE-2025-59790 (Improper Privilege Management vulnerability in Apache Kvrocks. 
 This i ...)
        NOT-FOR-US: Apache Kvrocks
 CVE-2025-59592 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d9f2e95f0525a73c2a082bc21ec2033a11d5a62

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d9f2e95f0525a73c2a082bc21ec2033a11d5a62
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to