Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fba6df17 by security tracker role at 2025-12-02T20:14:06+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2025-66399 (Cacti is an open source performance and fault
management framewo
CVE-2025-65896 (SQL injection vulnerability in long2ice assyncmy thru 0.2.10
allows at ...)
TODO: check
CVE-2025-65881 (Sourcecodester Zoo Management System v1.0 is vulnerable to
Cross Site ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-65877 (Lvzhou CMS before commit
c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (202 ...)
TODO: check
CVE-2025-65858 (A Stored Cross-Site Scripting (XSS) vulnerability in
Calibre-Web v0.6. ...)
@@ -29,11 +29,11 @@ CVE-2025-65844 (EverShop 2.0.1 allows an unauthenticated
user to upload files an
CVE-2025-65656 (dcat-admin v2.2.3-beta and before is vulnerable to file
inclusion in a ...)
TODO: check
CVE-2025-65379 (PHPGurukul Billing System 1.0 is vulnerable to SQL Injection
in the /a ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-65358 (Edoc-doctor-appointment-system v1.0.1 was discovered to
contain SQl in ...)
TODO: check
CVE-2025-65215 (Sourcecodester Web-based Pharmacy Product Management System
v1.0 is vu ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-65187 (A Stored Cross Site Scripting vulnerability exists in CiviCRM
before v ...)
TODO: check
CVE-2025-65186 (Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS).
The page ...)
@@ -43,13 +43,13 @@ CVE-2025-65105 (Apptainer is an open source container
platform. In Apptainer ver
CVE-2025-64750 (SingularityCE and SingularityPRO are open source container
platforms. ...)
TODO: check
CVE-2025-64070 (Sourcecodester Student Grades Management System v1.0 is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-63872 (DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability,
which al ...)
TODO: check
CVE-2025-61729 (Within HostnameError.Error(), when constructing an error
string, there ...)
TODO: check
CVE-2025-60854 (A vulnerability has been found in D-Link R15 (AX1500) 1.20.01
and belo ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2025-60736 (code-projects Online Medicine Guide 1.0 is vulnerable to SQL
Injection ...)
TODO: check
CVE-2025-59705 (Entrust nShield Connect XC, nShield 5c, and nShield HSMi
through 13.6. ...)
@@ -81,11 +81,11 @@ CVE-2025-59693 (The Chassis Management Board in Entrust
nShield Connect XC, nShi
CVE-2025-58386 (In Terminalfour 8 through 8.4.1.1, the userLevel parameter in
the user ...)
TODO: check
CVE-2025-58113 (An out-of-bounds read vulnerability exists in the EMF
functionality of ...)
- TODO: check
+ NOT-FOR-US: PDF-XChange
CVE-2025-57850 (A container privilege escalation flaw was found in certain
CodeReady W ...)
TODO: check
CVE-2025-52622 (The BigFix SaaS's HTTP responses were missing some security
headers. T ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-41744 (Sprecher Automations SPRECON-E seriesuses default
cryptographic keys t ...)
TODO: check
CVE-2025-41743 (Insufficient encryption strength in Sprecher Automation
SPRECON-E-C, S ...)
@@ -129,9 +129,9 @@ CVE-2025-13828 (SummaryA non privileged user can install
and remove arbitrary pa
CVE-2025-13827 (Summary Arbitrary files can be uploaded via the GrapesJS
Builder, as t ...)
TODO: check
CVE-2025-13731 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13724 (The VikRentCar Car Rental Management System plugin for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13721 (Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a
remote at ...)
TODO: check
CVE-2025-13720 (Bad cast in Loader in Google Chrome prior to 143.0.7499.41
allowed a r ...)
@@ -161,11 +161,11 @@ CVE-2025-13631 (Inappropriate implementation in Google
Updater in Google Chrome
CVE-2025-13630 (Type Confusion in V8 in Google Chrome prior to 143.0.7499.41
allowed a ...)
TODO: check
CVE-2025-13542 (The DesignThemes LMS plugin for WordPress is vulnerable to
Privilege E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13534 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13516 (The SureMail \u2013 SMTP and Email Logs Plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13510 (The Iskra iHUB and iHUB Lite smart metering gateway exposes
its web ma ...)
TODO: check
CVE-2025-13505 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
@@ -175,9 +175,9 @@ CVE-2025-13353 (In gokey versions <0.2.0, a flaw in the
seed decryption logic r
CVE-2025-13295 (Insertion of Sensitive Information Into Sent Data
vulnerability in Arg ...)
TODO: check
CVE-2025-13090 (The WP Directory Kit plugin for WordPress is vulnerable to SQL
Injecti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12630 (The Upload.am WordPress plugin before 1.0.1 is vulnerable to
arbitrar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12465 (A Blind SQL injection vulnerability has been identified in
QuickCMS. I ...)
TODO: check
CVE-2025-11789 (Out-of-bounds read vulnerability in Circutor
SGE-PLC1000/SGE-PLC50 v9. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fba6df17fa0108939c12923f3ca4659b97519fc9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fba6df17fa0108939c12923f3ca4659b97519fc9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
