Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
370b3c98 by security tracker role at 2025-12-18T08:13:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,649 @@
+CVE-2025-6326 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-6324 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-68463 (Bio.Entrez in Biopython through 186 allows doctype XXE.)
+ TODO: check
+CVE-2025-68459 (RG - AP180, Indoor Wall Plate Wireless AP AP180 series
provided by Rui ...)
+ TODO: check
+CVE-2025-68435 (Zerobyte is a backup automation tool Zerobyte versions prior
to 0.18.5 ...)
+ TODO: check
+CVE-2025-68434 (Open Source Point of Sale (opensourcepos) is a web based point
of sale ...)
+ TODO: check
+CVE-2025-68433 (Zed, a code editor, has an aribtrary code execution
vulnerability in v ...)
+ TODO: check
+CVE-2025-68432 (Zed, a code editor, has an aribtrary code execution
vulnerability in v ...)
+ TODO: check
+CVE-2025-68429 (Storybook is a frontend workshop for building user interface
component ...)
+ TODO: check
+CVE-2025-68401 (ChurchCRM is an open-source church management system. Prior to
version ...)
+ TODO: check
+CVE-2025-68400 (ChurchCRM is an open-source church management system. A SQL
Injection ...)
+ TODO: check
+CVE-2025-68399 (ChurchCRM is an open-source church management system. In
versions prio ...)
+ TODO: check
+CVE-2025-68275 (ChurchCRM is an open-source church management system. Versions
prior t ...)
+ TODO: check
+CVE-2025-68147 (Open Source Point of Sale (opensourcepos) is a web based point
of sale ...)
+ TODO: check
+CVE-2025-68145 (In mcp-server-git versions prior to 2025.12.17, when the
server is sta ...)
+ TODO: check
+CVE-2025-68144 (In mcp-server-git versions prior to 2025.12.17, the git_diff
and git_c ...)
+ TODO: check
+CVE-2025-68143 (Model Context Protocol Servers is a collection of reference
implementa ...)
+ TODO: check
+CVE-2025-68129 (Auth0-PHP is a PHP SDK for Auth0 Authentication and Management
APIs. I ...)
+ TODO: check
+CVE-2025-68118 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
+ TODO: check
+CVE-2025-68114 (Capstone is a disassembly framework. In versions 6.0.0-Alpha5
and prio ...)
+ TODO: check
+CVE-2025-68112 (ChurchCRM is an open-source church management system. In
versions prio ...)
+ TODO: check
+CVE-2025-68111 (ChurchCRM is an open-source church management system. In
versions prio ...)
+ TODO: check
+CVE-2025-68110 (ChurchCRM is an open-source church management system. Versions
prior t ...)
+ TODO: check
+CVE-2025-68109 (ChurchCRM is an open-source church management system. In
versions prio ...)
+ TODO: check
+CVE-2025-67877 (ChurchCRM is an open-source church management system. Versions
prior t ...)
+ TODO: check
+CVE-2025-67876 (ChurchCRM is an open-source church management system. A stored
cross-s ...)
+ TODO: check
+CVE-2025-67875 (ChurchCRM is an open-source church management system. A
privilege esca ...)
+ TODO: check
+CVE-2025-67873 (Capstone is a disassembly framework. In versions 6.0.0-Alpha5
and prio ...)
+ TODO: check
+CVE-2025-67794 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2
before ...)
+ TODO: check
+CVE-2025-67793 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2
through ...)
+ TODO: check
+CVE-2025-67792 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2
before 2 ...)
+ TODO: check
+CVE-2025-67791 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2
through ...)
+ TODO: check
+CVE-2025-67790 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2
before 2 ...)
+ TODO: check
+CVE-2025-67789 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2
before 2 ...)
+ TODO: check
+CVE-2025-67787 (An issue was discovered in 25.1.2 before 25.1.5. A Cross Site
Scriptin ...)
+ TODO: check
+CVE-2025-67781 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2
before 2 ...)
+ TODO: check
+CVE-2025-67546 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-67493 (Homarr is an open-source dashboard. Prior to version 1.45.3,
it was po ...)
+ TODO: check
+CVE-2025-66647 (RIOT is an open-source microcontroller operating system,
designed to m ...)
+ TODO: check
+CVE-2025-66119 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-66118 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-66117 (Missing Authorization vulnerability in Ays Pro Easy Form
easy-form all ...)
+ TODO: check
+CVE-2025-66116 (Insertion of Sensitive Information Into Sent Data
vulnerability in Use ...)
+ TODO: check
+CVE-2025-66104 (Missing Authorization vulnerability in Anton Vanyukov Offload,
AI & ...)
+ TODO: check
+CVE-2025-66102 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-66100 (Missing Authorization vulnerability in Magnigenie RestroPress
restropr ...)
+ TODO: check
+CVE-2025-66088 (Missing Authorization vulnerability in Property Hive
PropertyHive prop ...)
+ TODO: check
+CVE-2025-66078 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-66074 (Unrestricted Upload of File with Dangerous Type vulnerability
in Cozmo ...)
+ TODO: check
+CVE-2025-66070 (Missing Authorization vulnerability in Tomdever wpForo Forum
wpforo al ...)
+ TODO: check
+CVE-2025-66068 (Missing Authorization vulnerability in InstaWP InstaWP Connect
instawp ...)
+ TODO: check
+CVE-2025-66054 (Missing Authorization vulnerability in ThimPress LearnPress
learnpress ...)
+ TODO: check
+CVE-2025-66029 (Open OnDemand provides remote web access to supercomputers. In
version ...)
+ TODO: check
+CVE-2025-64378 (Missing Authorization vulnerability in CridioStudio ListingPro
listing ...)
+ TODO: check
+CVE-2025-64377 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64376 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64375 (Missing Authorization vulnerability in Mahmudul Hasan Arif WP
Social N ...)
+ TODO: check
+CVE-2025-64374 (Unrestricted Upload of File with Dangerous Type vulnerability
in Style ...)
+ TODO: check
+CVE-2025-64373 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64372 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64371 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-64295 (Insertion of Sensitive Information Into Sent Data
vulnerability in Sye ...)
+ TODO: check
+CVE-2025-64273 (Missing Authorization vulnerability in GetResponse Email
marketing for ...)
+ TODO: check
+CVE-2025-64272 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-64270 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-64268 (Missing Authorization vulnerability in Arraytics Timetics
timetics all ...)
+ TODO: check
+CVE-2025-64266 (Deserialization of Untrusted Data vulnerability in
magepeopleteam Book ...)
+ TODO: check
+CVE-2025-64260 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64258 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-64233 (Deserialization of Untrusted Data vulnerability in BoldThemes
Codiqa c ...)
+ TODO: check
+CVE-2025-64231 (Unrestricted Upload of File with Dangerous Type vulnerability
in Redef ...)
+ TODO: check
+CVE-2025-64230 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-64227 (Deserialization of Untrusted Data vulnerability in BoldGrid
Client Inv ...)
+ TODO: check
+CVE-2025-64225 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
+ TODO: check
+CVE-2025-64223 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64222 (Missing Authorization vulnerability in FantasticPlugins
WooCommerce Re ...)
+ TODO: check
+CVE-2025-64221 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64218 (Insertion of Sensitive Information Into Sent Data
vulnerability in WP ...)
+ TODO: check
+CVE-2025-64217 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64214 (Missing Authorization vulnerability in StylemixThemes
MasterStudy LMS ...)
+ TODO: check
+CVE-2025-64213 (Insertion of Sensitive Information Into Sent Data
vulnerability in Sty ...)
+ TODO: check
+CVE-2025-64209 (Missing Authorization vulnerability in StylemixThemes
Masterstudy mast ...)
+ TODO: check
+CVE-2025-64207 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64206 (Deserialization of Untrusted Data vulnerability in TieLabs
Jannah jann ...)
+ TODO: check
+CVE-2025-64205 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64203 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64193 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-64192 (Missing Authorization vulnerability in 8theme XStore xstore
allows Exp ...)
+ TODO: check
+CVE-2025-64191 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64189 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-64188 (Incorrect Privilege Assignment vulnerability in PenciDesign
Soledad so ...)
+ TODO: check
+CVE-2025-63039 (Missing Authorization vulnerability in CridioStudio ListingPro
listing ...)
+ TODO: check
+CVE-2025-60182 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-60180 (Deserialization of Untrusted Data vulnerability in CRM Perks
WP Gravit ...)
+ TODO: check
+CVE-2025-60178 (Deserialization of Untrusted Data vulnerability in CRM Perks
WP Gravit ...)
+ TODO: check
+CVE-2025-60174 (Deserialization of Untrusted Data vulnerability in CRM Perks
WP Gravit ...)
+ TODO: check
+CVE-2025-60091 (Deserialization of Untrusted Data vulnerability in CRM Perks
WP Gravit ...)
+ TODO: check
+CVE-2025-60090 (Deserialization of Untrusted Data vulnerability in CRM Perks
WP Gravit ...)
+ TODO: check
+CVE-2025-60089 (Deserialization of Untrusted Data vulnerability in CRM Perks
WP Gravit ...)
+ TODO: check
+CVE-2025-60088 (Missing Authorization vulnerability in Saleswonder Team:
Tobias Webina ...)
+ TODO: check
+CVE-2025-60086 (Missing Authorization vulnerability in Matt WP Voting Contest
wp-votin ...)
+ TODO: check
+CVE-2025-60084 (Deserialization of Untrusted Data vulnerability in add-ons.org
PDF for ...)
+ TODO: check
+CVE-2025-60083 (Deserialization of Untrusted Data vulnerability in add-ons.org
PDF Inv ...)
+ TODO: check
+CVE-2025-60082 (Deserialization of Untrusted Data vulnerability in add-ons.org
PDF for ...)
+ TODO: check
+CVE-2025-60081 (Deserialization of Untrusted Data vulnerability in add-ons.org
PDF for ...)
+ TODO: check
+CVE-2025-60080 (Deserialization of Untrusted Data vulnerability in add-ons.org
PDF for ...)
+ TODO: check
+CVE-2025-60079 (Missing Authorization vulnerability in bPlugins Parallax
Section block ...)
+ TODO: check
+CVE-2025-60078 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60077 (Missing Authorization vulnerability in YayCommerce YayPricing
yayprici ...)
+ TODO: check
+CVE-2025-60076 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60072 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60071 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60070 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-60069 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60068 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
+ TODO: check
+CVE-2025-60067 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60066 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60065 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60064 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60063 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60062 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-60061 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60060 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60059 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60058 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60057 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60056 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60055 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60054 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60053 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60052 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60051 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60050 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60049 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60048 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60047 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60046 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60045 (Missing Authorization vulnerability in ThemeAtelier IDonatePro
idonate ...)
+ TODO: check
+CVE-2025-60044 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60043 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-60042 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-59849 (Improper management of Content Security Policy in HCL BigFix
Remote Co ...)
+ TODO: check
+CVE-2025-59134 (Incorrect Privilege Assignment vulnerability in Jthemes Sale!
Immigrat ...)
+ TODO: check
+CVE-2025-58951 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-58950 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58949 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58948 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58947 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58946 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58945 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58944 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58943 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58942 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58941 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58940 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58938 (Missing Authorization vulnerability in ThemeAtelier IDonatePro
idonate ...)
+ TODO: check
+CVE-2025-58937 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58936 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58935 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58934 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58933 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58932 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58931 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58930 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58929 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58928 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58927 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58926 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58925 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58923 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58901 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58900 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58899 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58898 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58896 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58895 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58894 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58893 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58892 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58891 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58890 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58889 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58888 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58885 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58879 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58877 (Missing Authorization vulnerability in javothemes Javo Core
javo-core ...)
+ TODO: check
+CVE-2025-58803 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58710 (Incorrect Privilege Assignment vulnerability in e-plugins
Hotel Listin ...)
+ TODO: check
+CVE-2025-58709 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58708 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58706 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-58225 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-57897 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-55707 (Incorrect Privilege Assignment vulnerability in WPXPO PostX
ultimate-p ...)
+ TODO: check
+CVE-2025-55254 (Improper management of Path-relative stylesheet import in HCL
BigFix R ...)
+ TODO: check
+CVE-2025-54751 (Missing Authorization vulnerability in WPXPO PostX
ultimate-post allow ...)
+ TODO: check
+CVE-2025-54748 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
+ TODO: check
+CVE-2025-54745 (Missing Authorization vulnerability in miniOrange miniOrange's
Google ...)
+ TODO: check
+CVE-2025-54743 (Missing Authorization vulnerability in mkscripts Download
After Email ...)
+ TODO: check
+CVE-2025-54741 (Missing Authorization vulnerability in Tyler Moore Super Blank
super-b ...)
+ TODO: check
+CVE-2025-54723 (Deserialization of Untrusted Data vulnerability in BoldThemes
DentiCar ...)
+ TODO: check
+CVE-2025-53453 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53449 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53448 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53447 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53446 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53445 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53443 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53442 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53441 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53439 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53438 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53437 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53436 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53435 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53434 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53433 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53432 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53431 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53430 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53429 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-53000 (The nbconvert tool, jupyter nbconvert, converts Jupyter
notebooks to v ...)
+ TODO: check
+CVE-2025-52768 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-52745 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49943 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49942 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49941 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49919 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPC ...)
+ TODO: check
+CVE-2025-49918 (Insertion of Sensitive Information Into Sent Data
vulnerability in e4j ...)
+ TODO: check
+CVE-2025-49914 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
+ TODO: check
+CVE-2025-49902 (Missing Authorization vulnerability in A WP Life Login Page
Customizer ...)
+ TODO: check
+CVE-2025-49379 (Incorrect Privilege Assignment vulnerability in
silverplugins217 Custo ...)
+ TODO: check
+CVE-2025-49371 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49370 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49369 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49368 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49367 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49366 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49365 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49364 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49363 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49362 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49361 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49360 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49359 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2025-49041 (Missing Authorization vulnerability in The African Boss Get
Cash get-c ...)
+ TODO: check
+CVE-2025-47387 (Memory Corruption when processing IOCTLs for JPEG data without
verific ...)
+ TODO: check
+CVE-2025-47382 (Memory corruption while loading an invalid firmware in boot
loader.)
+ TODO: check
+CVE-2025-47372 (Memory Corruption when a corrupted ELF image with an oversized
file si ...)
+ TODO: check
+CVE-2025-47350 (Memory corruption while handling concurrent memory mapping and
unmappi ...)
+ TODO: check
+CVE-2025-47325 (Information disclosure while processing system calls with
invalid para ...)
+ TODO: check
+CVE-2025-47323 (Memory corruption while routing GPR packets between user and
root when ...)
+ TODO: check
+CVE-2025-47322 (Memory corruption while handling IOCTL calls to set mode.)
+ TODO: check
+CVE-2025-47321 (Memory corruption while copying packets received from unix
clients.)
+ TODO: check
+CVE-2025-47320 (Memory corruption while processing MFC channel configuration
during mu ...)
+ TODO: check
+CVE-2025-47319 (Information disclosure while exposing internal TA-to-TA
communication ...)
+ TODO: check
+CVE-2025-46292 (This issue was addressed with additional entitlement checks.
This issu ...)
+ TODO: check
+CVE-2025-46291 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
+CVE-2025-46288 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-46283 (A logic issue was addressed with improved validation. This
issue is fi ...)
+ TODO: check
+CVE-2025-46282 (The issue was addressed with additional permissions checks.
This issue ...)
+ TODO: check
+CVE-2025-46281 (A logic issue was addressed with improved checks. This issue
is fixed ...)
+ TODO: check
+CVE-2025-46279 (A permissions issue was addressed with additional
restrictions. This i ...)
+ TODO: check
+CVE-2025-46278 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2025-46277 (A logging issue was addressed with improved data redaction.
This issue ...)
+ TODO: check
+CVE-2025-43533 (Multiple memory corruption issues were addressed with improved
input v ...)
+ TODO: check
+CVE-2025-43526 (This issue was addressed with improved URL validation. This
issue is f ...)
+ TODO: check
+CVE-2025-43514 (The issue was addressed with improved handling of caches. This
issue i ...)
+ TODO: check
+CVE-2025-43475 (A logging issue was addressed with improved data redaction.
This issue ...)
+ TODO: check
+CVE-2025-43428 (A configuration issue was addressed with additional
restrictions. This ...)
+ TODO: check
+CVE-2025-27063 (Memory corruption during video playback when video session
open fails ...)
+ TODO: check
+CVE-2025-14856 (A security vulnerability has been detected in y_project RuoYi
up to 4. ...)
+ TODO: check
+CVE-2025-14841 (A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted
element ...)
+ TODO: check
+CVE-2025-14837 (A vulnerability has been found in ZZCMS 2025. Affected by this
issue i ...)
+ TODO: check
+CVE-2025-14836 (A flaw has been found in ZZCMS 2025. Affected by this
vulnerability is ...)
+ TODO: check
+CVE-2025-14834 (A weakness has been identified in code-projects Simple Stock
System 1. ...)
+ TODO: check
+CVE-2025-14833 (A security flaw has been discovered in code-projects Online
Appointmen ...)
+ TODO: check
+CVE-2025-14832 (A vulnerability was identified in itsourcecode Online Cake
Ordering Sy ...)
+ TODO: check
+CVE-2025-14764 (Missing cryptographic key commitment in the Amazon S3
Encryption Clien ...)
+ TODO: check
+CVE-2025-14763 (Missing cryptographic key commitment in the Amazon S3
Encryption Clien ...)
+ TODO: check
+CVE-2025-14762 (Missing cryptographic key commitment in the AWS SDK for Ruby
may allow ...)
+ TODO: check
+CVE-2025-14761 (Missing cryptographic key commitment in the AWS SDK for PHP
may allow ...)
+ TODO: check
+CVE-2025-14760 (Missing cryptographic key commitment in the AWS SDK for C++
may allow ...)
+ TODO: check
+CVE-2025-14759 (Missing cryptographic key commitment in the Amazon S3
Encryption Clien ...)
+ TODO: check
+CVE-2025-14319
+ REJECTED
+CVE-2025-14318 (Improper access checks in M-Files Server before 25.12 allows
users to ...)
+ TODO: check
+CVE-2025-14314 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-14268
+ REJECTED
+CVE-2025-14202 (A vulnerability in the file upload at bookmark + asset
rendering pipel ...)
+ TODO: check
+CVE-2025-13498 (The Download Manager plugin for WordPress is vulnerable to
unauthorize ...)
+ TODO: check
+CVE-2025-12976 (The Events Manager \u2013 Calendar, Bookings, Tickets, and
more! plugi ...)
+ TODO: check
+CVE-2025-12885 (The Embed Any Document \u2013 Embed PDF, Word, PowerPoint and
Excel Fi ...)
+ TODO: check
+CVE-2025-10019 (Authorization Bypass Through User-Controlled Key vulnerability
in code ...)
+ TODO: check
+CVE-2023-53933 (Serendipity 2.4.0 contains a remote code execution
vulnerability that ...)
+ TODO: check
+CVE-2023-53932 (Serendipity 2.4.0 contains a stored cross-site scripting
vulnerability ...)
+ TODO: check
+CVE-2023-53931 (Revive Adserver 5.4.1 contains a cross-site scripting
vulnerability in ...)
+ TODO: check
+CVE-2023-53930 (ProjectSend r1605 contains an insecure direct object reference
vulnera ...)
+ TODO: check
+CVE-2023-53929 (phpMyFAQ 3.1.12 contains a CSV injection vulnerability that
allows aut ...)
+ TODO: check
+CVE-2023-53928 (PHPFusion 9.10.30 contains a stored cross-site scripting
vulnerability ...)
+ TODO: check
+CVE-2023-53927 (PHPJabbers Simple CMS 5.0 contains a stored cross-site
scripting vulne ...)
+ TODO: check
+CVE-2023-53926 (PHPJabbers Simple CMS 5.0 contains a SQL injection
vulnerability in th ...)
+ TODO: check
+CVE-2023-53925 (UliCMS 2023.1 contains a stored cross-site scripting
vulnerability tha ...)
+ TODO: check
+CVE-2023-53924 (UliCMS 2023.1-sniffing-vicuna contains a remote code execution
vulnera ...)
+ TODO: check
+CVE-2023-53923 (UliCMS 2023.1 contains a privilege escalation vulnerability
that allow ...)
+ TODO: check
+CVE-2023-53922 (TinyWebGallery v2.5 contains a remote code execution
vulnerability in ...)
+ TODO: check
+CVE-2023-53921 (SitemagicCMS 4.4.3 contains a remote code execution
vulnerability that ...)
+ TODO: check
+CVE-2023-53920 (PodcastGenerator 3.2.9 contains a stored cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2023-53919 (PodcastGenerator 3.2.9 contains a stored cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2023-53918 (PodcastGenerator 3.2.9 contains a stored cross-site scripting
vulnerab ...)
+ TODO: check
+CVE-2023-53917 (Affiliate Me version 5.0.1 contains a SQL injection
vulnerability in t ...)
+ TODO: check
+CVE-2023-53916 (Zenphoto 1.6 contains a stored cross-site scripting
vulnerability in t ...)
+ TODO: check
+CVE-2023-53915 (Zenphoto 1.6 contains a stored cross-site scripting
vulnerability that ...)
+ TODO: check
+CVE-2023-53914 (UliCMS 2023.1 contains an authentication bypass vulnerability
that all ...)
+ TODO: check
+CVE-2023-53913 (Rukovoditel 3.3.1 contains a CSV injection vulnerability that
allows a ...)
+ TODO: check
+CVE-2023-53912 (USB Flash Drives Control 4.1.0.0 contains an unquoted service
path vul ...)
+ TODO: check
+CVE-2023-53911 (Textpattern CMS 4.8.8 contains a stored cross-site scripting
vulnerabi ...)
+ TODO: check
+CVE-2023-53910 (WBCE CMS 1.6.1 contains a stored cross-site scripting
vulnerability th ...)
+ TODO: check
+CVE-2023-53909 (WBCE CMS 1.6.1 contains a stored cross-site scripting
vulnerability th ...)
+ TODO: check
+CVE-2023-53908 (HiSecOS 04.0.01 contains a privilege escalation vulnerability
that all ...)
+ TODO: check
+CVE-2023-53907 (Bludit versions before 3.13.1 contain an authenticated file
download v ...)
+ TODO: check
+CVE-2023-53906 (projectSend r1605 contains a stored cross-site scripting
vulnerability ...)
+ TODO: check
+CVE-2023-53905 (ProjectSend r1605 contains a CSV injection vulnerability that
allows a ...)
+ TODO: check
+CVE-2023-53904 (Xenforo 2.2.13 contains a stored cross-site scripting
vulnerability th ...)
+ TODO: check
CVE-2025-67895 (Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache
Airflow ...)
NOT-FOR-US: Apache Airflow Providers Edge3
CVE-2025-67285 (A SQL injection vulnerability was found in the
'/cts/admin/?page=zone' ...)
@@ -223,7 +869,7 @@ CVE-2025-14177
- php8.2 <removed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7
-CVE-2025-68462 [backups: Set proper permissions for backups-data directory]
+CVE-2025-68462 (Freedombox before 25.17.1 does not set proper permissions for
the back ...)
- freedombox 25.17.1
[trixie] - freedombox <no-dsa> (Minor issue)
[bookworm] - freedombox <no-dsa> (Minor issue)
@@ -1698,11 +2344,11 @@ CVE-2025-14652 (A vulnerability was found in
itsourcecode Online Cake Ordering S
NOT-FOR-US: itsourcecode System
CVE-2025-14651 (A vulnerability has been found in MartialBE one-hub up to
0.14.27. Thi ...)
NOT-FOR-US: MartialBE one-hub
-CVE-2025-68461 [Cross-Site-Scripting vulnerability via SVG's animate tag]
+CVE-2025-68461 (Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone
to a Cr ...)
- roundcube 1.6.12+dfsg-1 (bug #1122899)
NOTE:
https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb
(1.6.12)
-CVE-2025-68460 [Information Disclosure vulnerability in the HTML style
sanitizer]
+CVE-2025-68460 (Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone
to a in ...)
- roundcube 1.6.12+dfsg-1 (bug #1122899)
NOTE:
https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/08de250fba731b634bed188bbe18d2f6ef3c7571
(1.6.12)
@@ -1865,7 +2511,8 @@ CVE-2025-46276 (An information disclosure issue was
addressed with improved priv
NOT-FOR-US: Apple
CVE-2025-43542 (This issue was addressed with improved state management. This
issue is ...)
NOT-FOR-US: Apple
-CVE-2025-43541 [Malicious web content may lead to an unexpected process crash]
+CVE-2025-43541 (A type confusion issue was addressed with improved state
handling. Thi ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -1876,14 +2523,16 @@ CVE-2025-43539 (The issue was addressed with improved
bounds checks. This issue
NOT-FOR-US: Apple
CVE-2025-43538 (A logging issue was addressed with improved data redaction.
This issue ...)
NOT-FOR-US: Apple
-CVE-2025-43536 [Malicious web content may lead to an unexpected process crash]
+CVE-2025-43536 (A use-after-free issue was addressed with improved memory
management. ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
-CVE-2025-43535 [Malicious web content may lead to an unexpected process crash]
+CVE-2025-43535 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -1892,7 +2541,8 @@ CVE-2025-43535 [Malicious web content may lead to an
unexpected process crash]
NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43532 (A memory corruption issue was addressed with improved bounds
checking. ...)
NOT-FOR-US: Apple
-CVE-2025-43531 [Malicious web content may lead to an unexpected process crash]
+CVE-2025-43531 (A race condition was addressed with improved state handling.
This issu ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -1901,7 +2551,8 @@ CVE-2025-43531 [Malicious web content may lead to an
unexpected process crash]
NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43530 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2025-43529 [Malicious web content may lead to arbitrary code execution]
+CVE-2025-43529 (A use-after-free issue was addressed with improved memory
management. ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -1938,7 +2589,8 @@ CVE-2025-43509 (This issue was addressed with improved
data protection. This iss
NOT-FOR-US: Apple
CVE-2025-43506 (A logic error was addressed with improved error handling. This
issue i ...)
NOT-FOR-US: Apple
-CVE-2025-43501 [Malicious web content may lead to an unexpected process crash]
+CVE-2025-43501 (A buffer overflow issue was addressed with improved memory
handling. T ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -2175,6 +2827,7 @@ CVE-2025-14565 (A vulnerability was identified in kidaze
CourseSelectionSystem u
CVE-2025-14442 (The Secure Copy Content Protection and Content Locking plugin
for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14174 (Out of bounds memory access in ANGLE in Google Chrome on Mac
prior to ...)
+ {DSA-6083-1}
- chromium <not-affected> (Only affects Chromium on MacOS)
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
@@ -14995,11 +15648,11 @@ CVE-2025-43496 (The issue was addressed by adding
additional logic. This issue i
NOT-FOR-US: Apple
CVE-2025-43495 (The issue was addressed with improved checks. This issue is
fixed in i ...)
NOT-FOR-US: Apple
-CVE-2025-43493 (The issue was addressed with improved checks. This issue is
fixed in i ...)
+CVE-2025-43493 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2025-43481 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2025-43480 (The issue was addressed with improved checks. This issue is
fixed in S ...)
+CVE-2025-43480 (The issue was addressed with improved checks. This issue is
fixed in t ...)
{DSA-5792-1}
- webkit2gtk 2.46.0-1
- wpewebkit 2.46.0-1
@@ -15070,7 +15723,7 @@ CVE-2025-43442 (A permissions issue was addressed with
additional restrictions.
NOT-FOR-US: Apple
CVE-2025-43441 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
-CVE-2025-43440 (This issue was addressed with improved checks This issue is
fixed in S ...)
+CVE-2025-43440 (This issue was addressed with improved checks This issue is
fixed in t ...)
{DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/370b3c98cc69385d8a0e8a0bdba63fdd2cc4e427
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/370b3c98cc69385d8a0e8a0bdba63fdd2cc4e427
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
