Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
61310c18 by security tracker role at 2025-12-16T20:14:07+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2025-9460 (A maliciously crafted SLDPRT file, when parsed through certain
Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9459 (A maliciously crafted SLDPRT file, when parsed through certain
Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9457 (A maliciously crafted PRT file, when parsed through certain
Autodesk p ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9456 (A maliciously crafted SLDPRT file, when parsed through certain
Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9455 (A maliciously crafted CATPRODUCT file, when parsed through
certain Aut ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9454 (A maliciously crafted PRT file, when parsed through certain
Autodesk p ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9453 (A maliciously crafted PRT file, when parsed through certain
Autodesk p ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9452 (A maliciously crafted SLDPRT file, when parsed through certain
Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9122 (Hitachi Vantara Pentaho Data Integration and Analytics
Community Dashb ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2025-9121 (Pentaho Data Integration and Analytics Community Dashboard
Editor plug ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2025-8872 (On affected platforms running Arista EOS with OSPFv3
configured, a spe ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-68322 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
TODO: check
CVE-2025-68321 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
@@ -109,9 +109,9 @@ CVE-2025-68270 (The Open edX Platform is a learning
management platform. Prior t
CVE-2025-68269 (In JetBrains IntelliJ IDEA before 2025.3 missing confirmation
allowed ...)
TODO: check
CVE-2025-68268 (In JetBrains TeamCity before 2025.11.1 reflected XSS was
possible on t ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68267 (In JetBrains TeamCity before 2025.11.1 excessive privileges
were possi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68266 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
TODO: check
CVE-2025-68265 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
@@ -313,15 +313,15 @@ CVE-2025-68168 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-68167 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
TODO: check
CVE-2025-68166 (In JetBrains TeamCity before 2025.11 a DOM-based XSS was
possible on t ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68165 (In JetBrains TeamCity before 2025.11 reflected XSS was
possible on VCS ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68164 (In JetBrains TeamCity before 2025.11 port enumeration was
possible via ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68163 (In JetBrains TeamCity before 2025.11 stored XSS was possible
on agentp ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68162 (In JetBrains TeamCity before 2025.11 maven embedder allowed
loading ex ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68156 (Expr is an expression language and expression evaluation for
Go. Prior ...)
TODO: check
CVE-2025-68155 (@vitejs/plugin-rs provides React Server Components (RSC)
support for V ...)
@@ -335,7 +335,7 @@ CVE-2025-68146 (filelock is a platform-independent file
lock for Python. In vers
CVE-2025-68142 (PyMdown Extensions is a set of extensions for the
`Python-Markdown` ma ...)
TODO: check
CVE-2025-68130 (tRPC allows users to build and consume fully typesafe APIs
without sch ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-68116 (FileRise is a self-hosted web file manager / WebDAV server.
Versions p ...)
TODO: check
CVE-2025-68115 (Parse Server is an open source backend that can be deployed to
any inf ...)
@@ -343,79 +343,79 @@ CVE-2025-68115 (Parse Server is an open source backend
that can be deployed to a
CVE-2025-68113 (ALTCHA is privacy-first software for captcha and bot
protection. A cry ...)
TODO: check
CVE-2025-68088 (Missing Authorization vulnerability in merkulove Huger for
Elementor h ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68087 (Missing Authorization vulnerability in merkulove Modalier for
Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68086 (Missing Authorization vulnerability in merkulove Reformer for
Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68085 (Missing Authorization vulnerability in merkulove Buttoner for
Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68084 (Missing Authorization vulnerability in Nitesh Ultimate Auction
ultima ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68083 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks
Quick Plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68082 (Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY
LTD Semr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68080 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68079 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68078 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68077 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68076 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68071 (Authorization Bypass Through User-Controlled Key vulnerability
in g5th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68070 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68068 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68067 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68066 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68065 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68062 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68061 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68056 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68055 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68054 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68053 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67999 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67989 (Server-Side Request Forgery (SSRF) vulnerability in LMPixels
Kerge ker ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67986 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67985 (Authorization Bypass Through User-Controlled Key vulnerability
in Barn ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67983 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67976 (Missing Authorization vulnerability in Bob Watu Quiz watu
allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67965 (Missing Authorization vulnerability in favethemes Homey Core
homey-cor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67962 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67951 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67950 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67948 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67929 (Missing Authorization vulnerability in templateinvaders TI
WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67912 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67874 (ChurchCRM is an open-source church management system. Prior to
version ...)
TODO: check
CVE-2025-67751 (ChurchCRM is an open-source church management system. Prior to
version ...)
@@ -449,49 +449,49 @@ CVE-2025-66402 (Misskey is an open source, federated
social media platform. Star
CVE-2025-66357 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with
improper che ...)
TODO: check
CVE-2025-66167 (Missing Authorization vulnerability in merkulove Lottier
lottier-guten ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66166 (Missing Authorization vulnerability in merkulove Lottier for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66165 (Missing Authorization vulnerability in merkulove Lottier for
WPBakery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66164 (Missing Authorization vulnerability in merkulove Laser laser
allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66163 (Missing Authorization vulnerability in merkulove Masker for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66162 (Missing Authorization vulnerability in merkulove Spoter for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66161 (Missing Authorization vulnerability in merkulove Grider for
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66147 (Missing Authorization vulnerability in merkulove Coder for
Elementor c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66134 (Missing Authorization vulnerability in NinjaTeam FileBird Pro
filebird ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66133 (Missing Authorization vulnerability in WP Legal Pages WP
Cookie Notice ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66132 (Authorization Bypass Through User-Controlled Key vulnerability
in FAPI ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66131 (Missing Authorization vulnerability in yaadsarig Yaad Sarig
Payment Ga ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66130 (Missing Authorization vulnerability in etruel WP Views Counter
wpecoun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66129 (Missing Authorization vulnerability in wppochipp Pochipp
pochipp allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66128 (Missing Authorization vulnerability in Brevo Sendinblue for
WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66127 (Missing Authorization vulnerability in g5theme Essential Real
Estate e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66126 (Insertion of Sensitive Information Into Sent Data
vulnerability in wow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66125 (Insertion of Sensitive Information Into Sent Data
vulnerability in Nit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66124 (Missing Authorization vulnerability in ZEEN101 Leaky Paywall
leaky-pay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66122 (Missing Authorization vulnerability in Design Stylish Price
List styli ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66121 (Missing Authorization vulnerability in SiteGround SiteGround
Security ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66120 (Missing Authorization vulnerability in CatFolders CatFolders
catfolder ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-65834 (Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A
memory ...)
TODO: check
CVE-2025-65593 (nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery
(CSRF) ...)
@@ -521,53 +521,53 @@ CVE-2025-65074 (WaveView client allows users to execute
restricted set of predef
CVE-2025-64725 (Weblate is a web based localization tool. In versions prior to
5.15, i ...)
TODO: check
CVE-2025-64639 (Missing Authorization vulnerability in WP Compress WP Compress
for Mai ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64638 (Missing Authorization vulnerability in OnPay.io OnPay.io for
WooCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64635 (Missing Authorization vulnerability in Syed Balkhi Feeds for
YouTube f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64634 (Missing Authorization vulnerability in ThemeFusion Avada avada
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64633 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64632 (Missing Authorization vulnerability in Auctollo Google XML
Sitemaps go ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64631 (Missing Authorization vulnerability in WC Lovers WCFM
Marketplace wc-m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64630 (Missing Authorization vulnerability in Strategy11 Team
Business Direct ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64253 (Path Traversal: '.../...//' vulnerability in WordPress.org
Health Chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64251 (Missing Authorization vulnerability in azzaroco Ultimate
Learning Pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64250 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in w ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64249 (Missing Authorization vulnerability in WP-EXPERTS.IN Protect
WP Admin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64248 (Missing Authorization vulnerability in emarket-design Request
a Quote ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64247 (Missing Authorization vulnerability in edmon.parker Read More
& Accord ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64246 (Missing Authorization vulnerability in netopsae Accessibility
by Audio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64245 (Missing Authorization vulnerability in ryanpcmcquen Import
external at ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64244 (Missing Authorization vulnerability in Codexpert, Inc Restrict
Element ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64243 (Missing Authorization vulnerability in e-plugins Directory Pro
directo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64242 (Missing Authorization vulnerability in Merv Barrett Easy
Property List ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64241 (Missing Authorization vulnerability in Imtiaz Rayhan WP
Coupons and De ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64240 (Cross-Site Request Forgery (CSRF) vulnerability in freshchat
Freshchat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64239 (Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi
RTL Test ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64238 (Missing Authorization vulnerability in NicolasKulka WPS
Bidouille wps- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64237 (Cross-Site Request Forgery (CSRF) vulnerability in Graham
Quick Intere ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64012 (InvoicePlane commit debb446c is vulnerable to Incorrect Access
Control ...)
TODO: check
CVE-2025-63414 (A Path Traversal vulnerability in the Allsky WebUI version
v2024.12.06 ...)
@@ -579,15 +579,15 @@ CVE-2025-62863 (Ampere AmpereOne AC03 devices before
3.5.9.3, AmpereOne AC04 dev
CVE-2025-62862 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04
devices b ...)
TODO: check
CVE-2025-62849 (An SQL injection vulnerability has been reported to affect
several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62848 (A NULL pointer dereference vulnerability has been reported to
affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62847 (An improper neutralization of argument delimiters in a command
vulnera ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62330 (HCL DevOps Deploy is susceptible to a cleartext transmission
of sensit ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-62329 (HCL DevOps Deploy / HCL Launch is susceptible to a race
condition in h ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-61976 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with
improper che ...)
TODO: check
CVE-2025-59947 (NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions
prior to ...)
@@ -597,23 +597,23 @@ CVE-2025-59935 (GLPI is a free asset and IT management
software package. Startin
CVE-2025-59479 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with
improper res ...)
TODO: check
CVE-2025-59385 (An authentication bypass by spoofing vulnerability has been
reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-59009 (Cross-Site Request Forgery (CSRF) vulnerability in Astoundify
Listify ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59001 (Missing Authorization vulnerability in ThemeNectar Salient
Core salien ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58999 (Cross-Site Request Forgery (CSRF) vulnerability in loopus WP
Attractiv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58173 (FreshRSS is a self-hosted RSS feed aggregator. In versions
1.23.0 thro ...)
TODO: check
CVE-2025-55895 (TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE
V9.3.5u.6448_B20240 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-54045 (Missing Authorization vulnerability in CreativeMindsSolutions
CM On De ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54005 (Missing Authorization vulnerability in sonalsinha21 SKT Page
Builder s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54004 (Missing Authorization vulnerability in WC Lovers WCFM \u2013
Frontend ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52196 (Server-Side Request Forgery (SSRF) vulnerability in Ctera
Portal 8.1.x ...)
TODO: check
CVE-2025-50401 (Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable
to Buffe ...)
@@ -621,13 +621,13 @@ CVE-2025-50401 (Mercury D196G
d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to
CVE-2025-50398 (Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable
to Buffe ...)
TODO: check
CVE-2025-49300 (Insertion of Sensitive Information Into Sent Data
vulnerability in shi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46296 (An authorization bypass vulnerability in FileMaker Server
Admin Consol ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46295 (Apache Commons Text versions prior to 1.10.0 included
interpolation fe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46294 (To enhance security, the FileMaker Server 22.0.4 installer now
include ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-40363 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
TODO: check
CVE-2025-40362 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
@@ -665,19 +665,19 @@ CVE-2025-40347 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-40346 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
TODO: check
CVE-2025-37164 (A remote code execution issue exists in HPE OneView.)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-33235 (NVIDIA Resiliency Extension for Linux contains a vulnerability
in the ...)
TODO: check
CVE-2025-33226 (NVIDIA NeMo Framework for all platforms contains a
vulnerability where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33225 (NVIDIA Resiliency Extension for Linux contains a vulnerability
in log ...)
TODO: check
CVE-2025-33212 (NVIDIA NeMo Framework contains a vulnerability in model
loading that c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33210 (NVIDIA Isaac Lab contains a deserialization vulnerability. A
successf ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-29231 (A stored cross-site scripting (XSS) vulnerability in the
page_save com ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-14780 (A vulnerability was detected in Xiongwei Smart Catering Cloud
Platform ...)
TODO: check
CVE-2025-14777 (A flaw was found in Keycloak. An IDOR (Broken Access Control)
vulnerab ...)
@@ -701,61 +701,61 @@ CVE-2025-14729 (A vulnerability was identified in CTCMS
Content Management Syste
CVE-2025-14722 (A vulnerability was determined in vion707 DMadmin up to
3403cafdb42537 ...)
TODO: check
CVE-2025-14593 (A maliciously crafted CATPART file, when parsed through
certain Autode ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-14553 (Exposure of password hashes through an unauthenticated API
response in ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-14443 (A flaw was found in ose-openshift-apiserver. This
vulnerability allows ...)
TODO: check
CVE-2025-14432 (In limited scenarios, sensitive data might be written to the
log file ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-14252 (An Improper Access Control vulnerability in Advantech SUSI
driver (sus ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-14002 (The WPCOM Member plugin for WordPress is vulnerable to
authentication ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13956 (The LearnPress \u2013 WordPress LMS Plugin plugin for
WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13794 (The Auto Featured Image (Auto Post Thumbnail) plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13741 (The Schedule Post Changes With PublishPress Future: Unpublish,
Delete, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13532 (Insecure defaults in the Server Agent component of Fortra's
Core Privi ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2025-13474 (Authorization Bypass Through User-Controlled Key vulnerability
in Menu ...)
TODO: check
CVE-2025-13439 (The Fancy Product Designer plugin for WordPress is vulnerable
to Infor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13231 (The Fancy Product Designer plugin for WordPress is vulnerable
to Serve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12809 (The Dokan Pro plugin for WordPress is vulnerable to
unauthorized acces ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11991 (The JetFormBuilder \u2014 Dynamic Blocks Form Builder plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11220 (The Elementor plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10900 (AA maliciously crafted MODEL file, when parsed through certain
Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10899 (AA maliciously crafted MODEL file, when parsed through certain
Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10898 (AA maliciously crafted MODEL file, when parsed through certain
Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10889 (A maliciously crafted CATPART file, when parsed through
certain Autode ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10888 (AA maliciously crafted MODEL file, when parsed through certain
Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10887 (A maliciously crafted MODEL file, when parsed through certain
Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10886 (A maliciously crafted MODEL file, when parsed through certain
Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10884 (AA maliciously crafted CATPART file, when parsed through
certain Autod ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10883 (A maliciously crafted CATPRODUCT file, when parsed through
certain Aut ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10882 (AA maliciously crafted X_T file, when parsed through certain
Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10881 (A maliciously crafted CATPRODUCT file, when parsed through
certain Aut ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10450 (Exposure of Private Personal Information to an Unauthorized
Actor vuln ...)
- TODO: check
+ NOT-FOR-US: RTI Connext
CVE-2025-0836 (Missing Authorization vulnerability in Milestone Systems
XProtect VMS ...)
TODO: check
CVE-2023-53903 (WebsiteBaker 2.13.3 contains a stored cross-site scripting
vulnerabili ...)
@@ -773,7 +773,7 @@ CVE-2023-53898 (Rukovoditel 3.4.1 contains a stored
cross-site scripting vulnera
CVE-2023-53897 (Rukovoditel 3.4.1 contains multiple stored cross-site
scripting vulner ...)
TODO: check
CVE-2023-53896 (D-Link DAP-1325 firmware version 1.01 contains a broken access
control ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-53895 (PimpMyLog 1.7.14 contains an improper access control
vulnerability tha ...)
TODO: check
CVE-2023-53894 (phpfm 1.7.9 contains an authentication bypass vulnerability
that allow ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61310c185ab0ff1a63e3b1f35c3cd490760ade79
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61310c185ab0ff1a63e3b1f35c3cd490760ade79
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
