Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a83b3ea1 by security tracker role at 2025-12-12T08:12:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,323 @@
+CVE-2025-67780 (SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620
(e.g., o ...)
+ TODO: check
+CVE-2025-67779 (It was found that the fix addressing CVE-2025-55184 in React
Server Co ...)
+ TODO: check
+CVE-2025-67737 (AzuraCast is a self-hosted, all-in-one web radio management
suite. Ver ...)
+ TODO: check
+CVE-2025-67731 (Servify Express is a Node.js package to start an Express
server and lo ...)
+ TODO: check
+CVE-2025-67730 (Frappe Learning Management System (LMS) is a learning system
that help ...)
+ TODO: check
+CVE-2025-67728 (Fireshare facilitates self-hosted media and link sharing.
Versions 1.2 ...)
+ TODO: check
+CVE-2025-67727 (Parse Server is an open source backend that can be deployed to
any inf ...)
+ TODO: check
+CVE-2025-67726 (Tornado is a Python web framework and asynchronous networking
library. ...)
+ TODO: check
+CVE-2025-67725 (Tornado is a Python web framework and asynchronous networking
library. ...)
+ TODO: check
+CVE-2025-67724 (Tornado is a Python web framework and asynchronous networking
library. ...)
+ TODO: check
+CVE-2025-67508 (gardenctl is a command-line client for the Gardener which
configures a ...)
+ TODO: check
+CVE-2025-66590 (In AzeoTech DAQFactory release 20.7 (Build 2555), an
Out-of-bounds Wri ...)
+ TODO: check
+CVE-2025-66589 (In AzeoTech DAQFactory release 20.7 (Build 2555), an
Out-of-bounds Rea ...)
+ TODO: check
+CVE-2025-66588 (In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of
Uniniti ...)
+ TODO: check
+CVE-2025-66587 (In AzeoTech DAQFactory release 20.7 (Build 2555), the affected
applica ...)
+ TODO: check
+CVE-2025-66586 (In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of
Resourc ...)
+ TODO: check
+CVE-2025-66585 (In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After
Free vul ...)
+ TODO: check
+CVE-2025-66584 (In AzeoTech DAQFactory release 20.7 (Build 2555), a
Stack-Based Buffer ...)
+ TODO: check
+CVE-2025-66492 (Masa CMS is an open source Enterprise Content Management
platform. Ver ...)
+ TODO: check
+CVE-2025-66452 (LibreChat is a ChatGPT clone with additional features. In
versions 0.8 ...)
+ TODO: check
+CVE-2025-66451 (LibreChat is a ChatGPT clone with additional features. In
versions 0.8 ...)
+ TODO: check
+CVE-2025-66450 (LibreChat is a ChatGPT clone with additional features. In
versions 0.8 ...)
+ TODO: check
+CVE-2025-66446 (MaxKB is an open-source AI assistant for enterprise. Versions
2.3.1 an ...)
+ TODO: check
+CVE-2025-66429 (An issue was discovered in cPanel 110 through 132. A directory
travers ...)
+ TODO: check
+CVE-2025-66419 (MaxKB is an open-source AI assistant for enterprise. In
versions 2.3.1 ...)
+ TODO: check
+CVE-2025-66284 (Stored cross-site scripting vulnerabilities exist in
GroupSession Free ...)
+ TODO: check
+CVE-2025-65120 (Reflected cross-site scripting vulnerability exists in
GroupSession Fr ...)
+ TODO: check
+CVE-2025-64781 (In GroupSession Free edition prior to ver5.7.1, GroupSession
byCloud p ...)
+ TODO: check
+CVE-2025-64721 (Sandboxie is a sandbox-based isolation software for 32-bit and
64-bit ...)
+ TODO: check
+CVE-2025-64702 (quic-go is an implementation of the QUIC protocol in Go.
Versions 0.56 ...)
+ TODO: check
+CVE-2025-62192 (SQL Injection vulnerability exists in GroupSession Free
edition prior ...)
+ TODO: check
+CVE-2025-61987 (GroupSession Free edition prior to ver5.3.0, GroupSession
byCloud prio ...)
+ TODO: check
+CVE-2025-61950 (In GroupSession, a Circular notice can be created with its
memo field ...)
+ TODO: check
+CVE-2025-58576 (Cross-site request forgery vulnerability exists in
GroupSession Free e ...)
+ TODO: check
+CVE-2025-57883 (Reflected cross-site scripting vulnerability exists in
GroupSession Fr ...)
+ TODO: check
+CVE-2025-55816 (HotelDruid v3.0.7 and before is vulnerable to Cross Site
Scripting (XS ...)
+ TODO: check
+CVE-2025-55184 (A pre-authentication denial of service vulnerability exists in
React S ...)
+ TODO: check
+CVE-2025-55183 (An information leak vulnerability exists in specific
configurations of ...)
+ TODO: check
+CVE-2025-54407 (Stored cross-site scripting vulnerability exists in
GroupSession Free ...)
+ TODO: check
+CVE-2025-53523 (Stored cross-site scripting vulnerabilities exist in
GroupSession Free ...)
+ TODO: check
+CVE-2025-4970 (The BSK PDF Manager plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-34506 (WBCE CMS version 1.6.3 and prior contains an authenticated
remote code ...)
+ TODO: check
+CVE-2025-34504 (KodExplorer 4.52 contains an open redirect vulnerability in
the user l ...)
+ TODO: check
+CVE-2025-34499 (AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path
vulnerabili ...)
+ TODO: check
+CVE-2025-14538 (A security vulnerability has been detected in yangshare
warehouseManag ...)
+ TODO: check
+CVE-2025-14537 (A weakness has been identified in code-projects Class and Exam
Timetab ...)
+ TODO: check
+CVE-2025-14536 (A security flaw has been discovered in code-projects Class and
Exam Ti ...)
+ TODO: check
+CVE-2025-14467 (The WP Job Portal plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-14393 (The Wpik WordPress Basic Ajax Form plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-14392 (The Simple Theme Changer plugin for WordPress is vulnerable to
unautho ...)
+ TODO: check
+CVE-2025-14391 (The Simple Theme Changer plugin for WordPress is vulnerable to
Cross-S ...)
+ TODO: check
+CVE-2025-14356 (The Ultra Addons for Contact Form 7 plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-14354 (The Resource Library for Logged In Users plugin for WordPress
is vulne ...)
+ TODO: check
+CVE-2025-14344 (The Multi Uploader for Gravity Forms plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-14293 (The WP Job Portal plugin for WordPress is vulnerable to
Arbitrary File ...)
+ TODO: check
+CVE-2025-14170 (The Vimeo SimpleGallery plugin for WordPress is vulnerable to
Missing ...)
+ TODO: check
+CVE-2025-14169 (The FunnelKit - Funnel Builder for WooCommerce Checkout plugin
for Wor ...)
+ TODO: check
+CVE-2025-14166 (The WPMasterToolKit plugin for WordPress is vulnerable to PHP
Code Inj ...)
+ TODO: check
+CVE-2025-14165 (The Kirim.Email WooCommerce Integration plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2025-14162 (The BMLT WordPress Plugin for WordPress is vulnerable to
Cross-Site Re ...)
+ TODO: check
+CVE-2025-14161 (The Truefy Embed plugin for WordPress is vulnerable to
Cross-Site Requ ...)
+ TODO: check
+CVE-2025-14160 (The Upcoming for Calendly plugin for WordPress is vulnerable
to Cross- ...)
+ TODO: check
+CVE-2025-14158 (The Coding Blocks plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2025-14143 (The Ayo Shortcodes plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-14138 (The WPLG Default Mail From plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2025-14137 (The Simple AL Slider plugin for WordPress is vulnerable to
Reflected C ...)
+ TODO: check
+CVE-2025-14132 (The Category Dropdown List plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2025-14129 (The Like DisLike Voting plugin for WordPress is vulnerable to
Reflecte ...)
+ TODO: check
+CVE-2025-14125 (The Complag plugin for WordPress is vulnerable to Reflected
Cross-Site ...)
+ TODO: check
+CVE-2025-14119 (The App Landing Template Blocks for WPBakery (Visual Composer)
Page Bu ...)
+ TODO: check
+CVE-2025-14068 (The WPNakama plugin for WordPress is vulnerable to time-based
SQL Inje ...)
+ TODO: check
+CVE-2025-14064 (The BuddyTask plugin for WordPress is vulnerable to
unauthorized acces ...)
+ TODO: check
+CVE-2025-14062 (The Animated Pixel Marquee Creator plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-14049 (The VikRentItems Flexible Rental Management System plugin for
WordPres ...)
+ TODO: check
+CVE-2025-14048 (The SimplyConvert plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2025-14045 (The URL Media Uploader plugin for WordPress is vulnerable to
unauthori ...)
+ TODO: check
+CVE-2025-14044 (The Visitor Logic Lite plugin for WordPress is vulnerable to
PHP Objec ...)
+ TODO: check
+CVE-2025-14035 (The DebateMaster plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2025-14032 (The Bold Timeline Lite plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-13989 (The WP Dropzone plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-13988 (The \u8bc4\u8bba\u5c0f\u79d8\u4e66 plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-13987 (The Purchase and Expense Manager plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-13975 (The Contact Form 7 with ChatWork plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-13972 (The WatchTowerHQ plugin for WordPress is vulnerable to
arbitrary file ...)
+ TODO: check
+CVE-2025-13971 (The TWW Protein Calculator plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2025-13969 (The Reviews Sorted plugin for WordPress is vulnerable to
Stored Cross- ...)
+ TODO: check
+CVE-2025-13966 (The Paypal Payment Shortcode plugin for WordPress is
vulnerable to Sto ...)
+ TODO: check
+CVE-2025-13963 (The FX Currency Converter plugin for WordPress is vulnerable
to Stored ...)
+ TODO: check
+CVE-2025-13962 (The Divelogs Widget plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-13961 (The Data Visualizer plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2025-13960 (The GPXpress plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2025-13906 (The WP Flot plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2025-13904 (The WPGancio plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2025-13891 (The Image Gallery \u2013 Photo Grid & Video Gallery plugin for
WordPre ...)
+ TODO: check
+CVE-2025-13889 (The Simple Nivo Slider plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-13886 (The LT Unleashed plugin for WordPress is vulnerable to Local
File Incl ...)
+ TODO: check
+CVE-2025-13885 (The Zenost Shortcodes plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2025-13884 (The Hide Email Address plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2025-13866 (The Flow-Flow Social Feed Stream plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-13850 (The LS Google Map Router plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-13846 (The Easy Map Creator plugin for WordPress is vulnerable to
Stored Cros ...)
+ TODO: check
+CVE-2025-13843 (The VigLink SpotLight By ShortCode plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-13840 (The BUKAZU Search widget plugin for WordPress is vulnerable to
Stored ...)
+ TODO: check
+CVE-2025-13839 (The LJUsers plugin for WordPress is vulnerable to Stored
Cross-Site Sc ...)
+ TODO: check
+CVE-2025-13747 (The NewStatPress plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2025-13670 (The High Level Synthesis Compiler i++ command for Windows is
vulnerabl ...)
+ TODO: check
+CVE-2025-13669 (Uncontrolled Search Path Element vulnerability in Altera High
Level Sy ...)
+ TODO: check
+CVE-2025-13668 (A potential security vulnerability in Quartus\xae Prime Pro
Edition De ...)
+ TODO: check
+CVE-2025-13665 (The System Console Utility for Windows is vulnerable to a DLL
planting ...)
+ TODO: check
+CVE-2025-13664 (A potential security vulnerability in Quartus\xae Prime
Standard Editi ...)
+ TODO: check
+CVE-2025-13663 (Under certain circumstances, the Quartus Prime Pro Installer
for Windo ...)
+ TODO: check
+CVE-2025-13660 (The Guest Support plugin for WordPress is vulnerable to User
Email Dis ...)
+ TODO: check
+CVE-2025-13440 (The Premmerce Wishlist for WooCommerce plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-13408 (The Foxtool All-in-One: Contact chat button, Custom login,
Media optim ...)
+ TODO: check
+CVE-2025-13366 (The Rabbit Hole plugin for WordPress is vulnerable to
Cross-Site Reque ...)
+ TODO: check
+CVE-2025-13363 (The IMAQ Core plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2025-13334 (The Blaze Demo Importer plugin for WordPress is vulnerable to
unauthor ...)
+ TODO: check
+CVE-2025-13320 (The WP User Manager plugin for WordPress is vulnerable to
Arbitrary Fi ...)
+ TODO: check
+CVE-2025-13314 (The Product Filtering by Categories, Tags, Price Range for
WooCommerce ...)
+ TODO: check
+CVE-2025-13053 (When a user configures the NAS to retrieve UPS status or
control the U ...)
+ TODO: check
+CVE-2025-13052 (When the user set the Notification's sender to send emails to
the SMTP ...)
+ TODO: check
+CVE-2025-12968 (The Infility Global plugin for WordPress is vulnerable to
arbitrary fi ...)
+ TODO: check
+CVE-2025-12963 (The LazyTasks \u2013 Project & Task Management with
Collaboration, Kan ...)
+ TODO: check
+CVE-2025-12883 (The Campay Woocommerce Payment Gateway plugin for WordPress is
vulnera ...)
+ TODO: check
+CVE-2025-12834 (The Accept Stripe Payments Using Contact Form 7 plugin for
WordPress i ...)
+ TODO: check
+CVE-2025-12830 (The Better Elementor Addons plugin for WordPress is vulnerable
to Stor ...)
+ TODO: check
+CVE-2025-12824 (The Player Leaderboard plugin for WordPress is vulnerable to
Local Fil ...)
+ TODO: check
+CVE-2025-12783 (The Premmerce Brands for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2025-12655 (The Hippoo Mobile App for WooCommerce plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2025-12650 (The Simple post listing plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2025-12570 (The Fancy Product Designer plugin for WordPress is vulnerable
to Store ...)
+ TODO: check
+CVE-2025-11876 (The Mailgun Subscriptions plugin for WordPress is vulnerable
to Stored ...)
+ TODO: check
+CVE-2025-10684 (The Construction Light WordPress theme before 1.6.8 does not
have auth ...)
+ TODO: check
+CVE-2025-10583 (The WP Fastest Cache plugin for WordPress is vulnerable to
Server-Side ...)
+ TODO: check
+CVE-2025-10451 (Unchecked output buffer may allowed arbitrary code execution
in SMM an ...)
+ TODO: check
+CVE-2024-58313 (xbtitFM 4.1.18 contains an insecure file upload vulnerability
that all ...)
+ TODO: check
+CVE-2024-58312 (xbtitFM 4.1.18 contains a path traversal vulnerability that
allows una ...)
+ TODO: check
+CVE-2024-58310 (APC Network Management Card 4 contains a path traversal
vulnerability ...)
+ TODO: check
+CVE-2024-58309 (xbtitFM 4.1.18 contains an unauthenticated SQL injection
vulnerability ...)
+ TODO: check
+CVE-2024-58308 (Quick.CMS 6.7 contains a SQL injection vulnerability that
allows unaut ...)
+ TODO: check
+CVE-2024-58307 (CSZCMS 1.3.0 contains an authenticated SQL injection
vulnerability in ...)
+ TODO: check
+CVE-2024-58306 (minaliC 2.0.0 contains a denial of service vulnerability that
allows r ...)
+ TODO: check
+CVE-2024-58304 (SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting
vulnerabil ...)
+ TODO: check
+CVE-2024-58303 (FoF Pretty Mail 1.1.2 contains a server-side template
injection vulner ...)
+ TODO: check
+CVE-2024-58302 (FoF Pretty Mail 1.1.2 contains a local file inclusion
vulnerability th ...)
+ TODO: check
+CVE-2024-58301 (Purei CMS 1.0 contains a time-based blind SQL injection
vulnerability ...)
+ TODO: check
+CVE-2024-58300 (Siklu MultiHaul TG series devices before version 2.0.0 contain
an unau ...)
+ TODO: check
+CVE-2024-58298 (Compuware iStrobe Web 20.13 contains a pre-authentication
remote code ...)
+ TODO: check
+CVE-2024-58297 (PyroCMS v3.0.1 contains a stored cross-site scripting
vulnerability in ...)
+ TODO: check
+CVE-2024-58296 (CE Phoenix v3.0.1 contains a stored cross-site scripting
vulnerability ...)
+ TODO: check
+CVE-2024-58295 (ElkArte Forum 1.1.9 contains a remote code execution
vulnerability tha ...)
+ TODO: check
+CVE-2024-58294 (FreePBX 16 contains an authenticated remote code execution
vulnerabili ...)
+ TODO: check
+CVE-2024-58293 (Akaunting 3.1.8 contains a server-side template injection
vulnerabilit ...)
+ TODO: check
+CVE-2024-58292 (XMB Forum 1.9.12.06 contains a persistent cross-site scripting
vulnera ...)
+ TODO: check
+CVE-2024-58291 (Flatboard 3.2 contains a stored cross-site scripting
vulnerability tha ...)
+ TODO: check
+CVE-2024-58290 (Xhibiter NFT Marketplace 1.10.2 contains a SQL injection
vulnerability ...)
+ TODO: check
+CVE-2024-58289 (Microweber 2.0.15 contains a stored cross-site scripting
vulnerability ...)
+ TODO: check
+CVE-2024-58288 (Genexus Protection Server 9.7.2.10 contains an unquoted
service path v ...)
+ TODO: check
+CVE-2024-58287 (reNgine 2.2.0 contains a command injection vulnerability in
the nmap_c ...)
+ TODO: check
+CVE-2024-58286 (dizqueTV 1.5.3 contains a remote code execution vulnerability
that all ...)
+ TODO: check
CVE-2025-67742 (In JetBrains TeamCity before 2025.11 path traversal was
possible via f ...)
NOT-FOR-US: JetBrains
CVE-2025-67741 (In JetBrains TeamCity before 2025.11 stored XSS was possible
via sessi ...)
@@ -4736,8 +5056,8 @@ CVE-2024-32641 (Masa CMS is an open source Enterprise
Content Management platfor
NOT-FOR-US: Masa CMS
CVE-2025-12548
NOT-FOR-US: Eclipse Che
-CVE-2025-65955
- REJECTED
+CVE-2025-65955 (ImageMagick is free and open-source software used for editing
and mani ...)
+ TODO: check
CVE-2025-65657 (FeehiCMS version 2.1.1 has a Remote Code Execution via
Unrestricted Fi ...)
NOT-FOR-US: FeehiCMS
CVE-2025-65380 (PHPGurukul Billing System 1.0 is vulnerable to SQL Injection
in the ad ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83b3ea18ba68598a30a35fb957a7c98bd9d10cf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83b3ea18ba68598a30a35fb957a7c98bd9d10cf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
