Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2d37f088 by security tracker role at 2025-12-20T08:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,73 @@
+CVE-2025-8065 (A buffer overflow vulnerability exists in the ONVIF XML parser
of Tapo ...)
+ TODO: check
+CVE-2025-68613 (n8n is an open source workflow automation platform. Versions
starting ...)
+ TODO: check
+CVE-2025-68481 (FastAPI Users allows users to quickly add a registration and
authentic ...)
+ TODO: check
+CVE-2025-67712 (There is an HTML injection issue in Esri ArcGIS Web AppBuilder
develop ...)
+ TODO: check
+CVE-2025-14968 (A security flaw has been discovered in code-projects Simple
Stock Syst ...)
+ TODO: check
+CVE-2025-14735 (The "Amazon affiliate lite Plugin" plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2025-14734 (The Amazon affiliate lite Plugin plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-14721 (The Responsive and Swipe slider plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2025-14633 (The F70 Lead Document Download plugin for WordPress is
vulnerable to u ...)
+ TODO: check
+CVE-2025-14591 (After a recent bug fix to correctly handle CR+LF (Windows and
DOS) End ...)
+ TODO: check
+CVE-2025-14300 (The HTTPS service on Tapo C200 V3 exposes a connectAP
interface withou ...)
+ TODO: check
+CVE-2025-14299 (The HTTPS server on Tapo C200 V3 does not properly validate
the Conten ...)
+ TODO: check
+CVE-2025-14168 (The WP DB Booster plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2025-14164 (The Quran Gateway plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2025-13624 (The Overstock Affiliate Links plugin for WordPress is
vulnerable to Re ...)
+ TODO: check
+CVE-2025-13619 (The Flex Store Users plugin for WordPress is vulnerable to
Privilege E ...)
+ TODO: check
+CVE-2025-13365 (The WP Hallo Welt plugin for WordPress is vulnerable to
Cross-Site Req ...)
+ TODO: check
+CVE-2025-13329 (The File Uploader for WooCommerce plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2025-12898 (The Pretty Google Calendar plugin for WordPress is vulnerable
to unaut ...)
+ TODO: check
+CVE-2025-12820 (The Pure WC Variation Swatches WordPress plugin through 1.1.7
does not ...)
+ TODO: check
+CVE-2025-12581 (The Attachments Handler plugin for WordPress is vulnerable to
Reflecte ...)
+ TODO: check
+CVE-2023-53959 (FileZilla Client 3.63.1 contains a DLL hijacking vulnerability
that al ...)
+ TODO: check
+CVE-2023-53958 (LDAP Tool Box Self Service Password 1.5.2 contains a password
reset vu ...)
+ TODO: check
+CVE-2023-53957 (Kimai 1.30.10 contains a SameSite cookie vulnerability that
allows att ...)
+ TODO: check
+CVE-2023-53956 (Flatnux 2021-03.25 contains an authenticated file upload
vulnerability ...)
+ TODO: check
+CVE-2023-53954 (ActFax 10.10 contains an unquoted service path vulnerability
that allo ...)
+ TODO: check
+CVE-2023-53953 (WebsiteBaker 2.13.3 contains a stored cross-site scripting
vulnerabili ...)
+ TODO: check
+CVE-2023-53952 (Dotclear 2.25.3 contains a remote code execution vulnerability
that al ...)
+ TODO: check
+CVE-2023-53951 (Ever Gauzy v0.281.9 contains a JWT authentication
vulnerability that a ...)
+ TODO: check
+CVE-2023-53950 (InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file
upload v ...)
+ TODO: check
+CVE-2023-53949 (AspEmail 5.6.0.2 contains a binary permission vulnerability
that allow ...)
+ TODO: check
+CVE-2023-53948 (Lilac-Reloaded for Nagios 2.0.8 contains a remote code
execution vulne ...)
+ TODO: check
+CVE-2023-53947 (OCS Inventory NG 2.3.0.0 contains an unquoted service path
vulnerabili ...)
+ TODO: check
+CVE-2023-53946 (Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service
path vulner ...)
+ TODO: check
+CVE-2023-53945 (BrainyCP 1.0 contains an authenticated remote code execution
vulnerabi ...)
+ TODO: check
CVE-2025-68478 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
NOT-FOR-US: Langflow
CVE-2025-68477 (Langflow is a tool for building and deploying AI-powered
agents and wo ...)
@@ -2975,12 +3045,12 @@ CVE-2025-14652 (A vulnerability was found in
itsourcecode Online Cake Ordering S
CVE-2025-14651 (A vulnerability has been found in MartialBE one-hub up to
0.14.27. Thi ...)
NOT-FOR-US: MartialBE one-hub
CVE-2025-68461 (Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone
to a Cr ...)
- {DLA-4415-1}
+ {DSA-6087-1 DLA-4415-1}
- roundcube 1.6.12+dfsg-1 (bug #1122899)
NOTE:
https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb
(1.6.12)
CVE-2025-68460 (Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone
to a in ...)
- {DLA-4415-1}
+ {DSA-6087-1 DLA-4415-1}
- roundcube 1.6.12+dfsg-1 (bug #1122899)
NOTE:
https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
NOTE: Fixed by:
https://github.com/roundcube/roundcubemail/commit/08de250fba731b634bed188bbe18d2f6ef3c7571
(1.6.12)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d37f088aed03173731bd36a14416c19ddbc91ce
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d37f088aed03173731bd36a14416c19ddbc91ce
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
