[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 06 Dec 2025 00:13:11 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
438fc3ee by security tracker role at 2025-12-06T08:12:50+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2025-8148 (An Improper Access Control in the SFTP service in Fortra's 
GoAnywhere  ...)
+       TODO: check
+CVE-2025-66629 (HedgeDoc is an open source, real-time, collaborative, markdown 
notes a ...)
+       TODO: check
+CVE-2025-34291 (Langflow versions up to and including 1.6.9 contain a chained 
vulnerab ...)
+       TODO: check
+CVE-2025-14117 (A vulnerability has been found in fit2cloud Halo 2.21.10. 
Impacted is  ...)
+       TODO: check
+CVE-2025-14116 (A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. 
This vu ...)
+       TODO: check
+CVE-2025-14111 (A security vulnerability has been detected in Rarlab RAR App 
up to 7.1 ...)
+       TODO: check
+CVE-2025-14108 (A weakness has been identified in ZSPACE Q2C NAS up to 
1.1.0210050. Af ...)
+       TODO: check
+CVE-2025-14107 (A security flaw has been discovered in ZSPACE Q2C NAS up to 
1.1.021005 ...)
+       TODO: check
+CVE-2025-14106 (A vulnerability was identified in ZSPACE Q2C NAS up to 
1.1.0210050. Af ...)
+       TODO: check
+CVE-2025-14105 (A vulnerability was determined in TOZED ZLT M30S and ZLT M30S 
PRO 1.47 ...)
+       TODO: check
+CVE-2025-13922 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger 
with Open ...)
+       TODO: check
+CVE-2025-13907 (The CSS3 Buttons plugin for WordPress is vulnerable to Stored 
Cross-Si ...)
+       TODO: check
+CVE-2025-13899 (The TR Timthumb plugin for WordPress is vulnerable to Stored 
Cross-Sit ...)
+       TODO: check
+CVE-2025-13898 (The Ultra Skype Button plugin for WordPress is vulnerable to 
Stored Cr ...)
+       TODO: check
+CVE-2025-13896 (The Social Feed Gallery Portfolio plugin for WordPress is 
vulnerable t ...)
+       TODO: check
+CVE-2025-13894 (The CSV Sumotto plugin for WordPress is vulnerable to 
Reflected Cross- ...)
+       TODO: check
+CVE-2025-13863 (The RevInsite plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
+       TODO: check
+CVE-2025-13857 (The Yet Another WebClap for WordPress plugin for WordPress is 
vulnerab ...)
+       TODO: check
+CVE-2025-13856 (The Extra Post Images plugin for WordPress is vulnerable to 
Stored Cro ...)
+       TODO: check
+CVE-2025-13748 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, 
Quiz, & Co ...)
+       TODO: check
+CVE-2025-13666 (The Helloprint plugin for WordPress is vulnerable to Missing 
Authoriza ...)
+       TODO: check
+CVE-2025-13656 (The Cute News Ticker plugin for WordPress is vulnerable to 
Stored Cros ...)
+       TODO: check
+CVE-2025-13629 (The WP Landing Page plugin for WordPress is vulnerable to 
Cross-Site R ...)
+       TODO: check
+CVE-2025-13626 (The myLCO plugin for WordPress is vulnerable to Reflected 
Cross-Site S ...)
+       TODO: check
+CVE-2025-13426 (A vulnerability exists in Google  Apigee's JavaCallout policy 
https:// ...)
+       TODO: check
+CVE-2025-13377 (The 10Web Booster \u2013 Website speed optimization, Cache & 
Page Spee ...)
+       TODO: check
+CVE-2025-13358 (The Accessiy By CodeConfig Accessibility plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2025-13309 (The Accessiy By CodeConfig Accessibility \u2013 Easy One-Click 
Accessi ...)
+       TODO: check
+CVE-2025-13308 (The Application Passwords plugin for WordPress is vulnerable 
to Reflec ...)
+       TODO: check
+CVE-2025-13292 (A vulnerability in Apigee-X allowed an attacker to gain 
unauthorized r ...)
+       TODO: check
+CVE-2025-13137 (The Live Sales Notification for Woocommerce \u2013 Woomotiv 
plugin for ...)
+       TODO: check
+CVE-2025-12721 (The g-FFL Cockpit plugin for WordPress is vulnerable to 
Sensitive Info ...)
+       TODO: check
+CVE-2025-12720 (The g-FFL Cockpit plugin for WordPress is vulnerable to 
unauthorized m ...)
+       TODO: check
+CVE-2025-12717 (The List Attachments Shortcode plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2025-12715 (The Canadian Nutrition Facts Label plugin for WordPress is 
vulnerable  ...)
+       TODO: check
+CVE-2025-12673 (The Flex QR Code Generator plugin for WordPress is vulnerable 
to arbit ...)
+       TODO: check
+CVE-2025-12577 (The Listar \u2013 Directory Listing & Classifieds WordPress 
Plugin plu ...)
+       TODO: check
+CVE-2025-12574 (The Listar \u2013 Directory Listing & Classifieds WordPress 
Plugin plu ...)
+       TODO: check
+CVE-2025-12510 (The Widgets for Google Reviews plugin for WordPress is 
vulnerable to S ...)
+       TODO: check
+CVE-2025-12505 (The weDocs plugin for WordPress is vulnerable to unauthorized 
access i ...)
+       TODO: check
+CVE-2025-12499 (The Rich Shortcodes for Google Reviews plugin for WordPress is 
vulnera ...)
+       TODO: check
+CVE-2025-12091 (The Search, Filters & Merchandising for WooCommerce plugin for 
WordPre ...)
+       TODO: check
+CVE-2025-11263 (The Link Whisper Free plugin for WordPress is vulnerable to 
Reflected  ...)
+       TODO: check
 CVE-2025-6966 (NULL pointer dereference in TagSection.keys() in python-apt on 
APT-bas ...)
        - python-apt <unfixed>
        NOTE: https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865
@@ -1019,7 +1105,8 @@ CVE-2024-32641 (Masa CMS is an open source Enterprise 
Content Management platfor
        NOT-FOR-US: Masa CMS
 CVE-2025-12548
        NOT-FOR-US: Eclipse Che
-CVE-2025-65955 (ImageMagick is free and open-source software used for editing 
and mani ...)
+CVE-2025-65955
+       REJECTED
        - imagemagick <unfixed> (bug #1121845)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
        NOTE: Introduced with: 
https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8
 (7.0.1-0)
@@ -1097,7 +1184,7 @@ CVE-2025-65877 (Lvzhou CMS before commit 
c4ea0eb9cab5f6739b2c87e77d9ef304017ed61
        NOT-FOR-US: Lvzhou CMS
 CVE-2025-65858 (A Stored Cross-Site Scripting (XSS) vulnerability in 
Calibre-Web v0.6. ...)
        - calibre-web <itp> (bug #982690)
-CVE-2025-65844 (EverShop 2.0.1 allows an unauthenticated user to upload files 
and crea ...)
+CVE-2025-65844 (EverShop 2.0.1 allows a remote unauthenticated attacker to 
upload arbi ...)
        NOT-FOR-US: EverShop
 CVE-2025-65656 (dcat-admin v2.2.3-beta and before is vulnerable to file 
inclusion in a ...)
        NOT-FOR-US: dcat-admin



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438fc3ee72870df3b792932d7144d52b7ee9e460

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438fc3ee72870df3b792932d7144d52b7ee9e460
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to