[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 29 Dec 2025 12:14:43 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bdaf6b2c by security tracker role at 2025-12-29T20:14:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2025-69211 (Nest is a framework for building scalable Node.js server-side 
applicat ...)
+       TODO: check
+CVE-2025-69206 (Hemmelig is a messing app with with client-side encryption and 
self-de ...)
+       TODO: check
+CVE-2025-69202 (Axios Cache Interceptor is a cache interceptor for axios. 
Prior to ver ...)
+       TODO: check
+CVE-2025-69201 (Tugtainer is a self-hosted app for automating updates of 
docker contai ...)
+       TODO: check
+CVE-2025-69200 (phpMyFAQ is an open source FAQ web application. In versions 
prior to 4 ...)
+       TODO: check
+CVE-2025-68951 (phpMyFAQ is an open source FAQ web application. Versions 
4.0.14 and 4. ...)
+       TODO: check
+CVE-2025-68929 (Frappe is a full-stack web application framework. Prior to 
versions 14 ...)
+       TODO: check
+CVE-2025-68928 (Frappe CRM is an open-source customer relationship management 
tool. Pr ...)
+       TODO: check
+CVE-2025-68897 (Improper Control of Generation of Code ('Code Injection') 
vulnerabilit ...)
+       TODO: check
+CVE-2025-68893 (Server-Side Request Forgery (SSRF) vulnerability in HETWORKS 
WordPress ...)
+       TODO: check
+CVE-2025-68879 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-68878 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-68877 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-68876 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-68870 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
+       TODO: check
+CVE-2025-68868 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-68861 (Missing Authorization vulnerability in Plugin Optimizer allows 
Exploit ...)
+       TODO: check
+CVE-2025-68706 (A stack-based buffer overflow exists in the GoAhead-Webs HTTP 
daemon o ...)
+       TODO: check
+CVE-2025-68431 (libheif is an HEIF and AVIF file format decoder and encoder. 
Prior to  ...)
+       TODO: check
+CVE-2025-67255 (In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters 
lack pro ...)
+       TODO: check
+CVE-2025-67254 (NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to 
Directory Traver ...)
+       TODO: check
+CVE-2025-66877 (Buffer overflow vulnerability in function dcputchar in 
decompile.c in  ...)
+       TODO: check
+CVE-2025-66869 (Buffer overflow vulnerability in function strcat in 
asan_interceptors. ...)
+       TODO: check
+CVE-2025-66866 (An issue was discovered in function d_abi_tags in file 
cp-demangle.c i ...)
+       TODO: check
+CVE-2025-66865 (An issue was discovered in function d_print_comp_inner in file 
cp-dema ...)
+       TODO: check
+CVE-2025-66864 (An issue was discovered in function d_print_comp_inner in file 
cp-dema ...)
+       TODO: check
+CVE-2025-66863 (An issue was discovered in function d_discriminator in file 
cp-demangl ...)
+       TODO: check
+CVE-2025-66862 (A buffer overflow vulnerability in function gnu_special in 
file cplus- ...)
+       TODO: check
+CVE-2025-66861 (An issue was discovered in function d_unqualified_name in file 
cp-dema ...)
+       TODO: check
+CVE-2025-65570 (A type confusion in jsish 2.0 allows incorrect control flow 
during exe ...)
+       TODO: check
+CVE-2025-65442 (DOM-based Cross-Site Scripting (XSS) vulnerability in 
201206030 novel  ...)
+       TODO: check
+CVE-2025-60458 (UxPlay 1.72 contains a double free vulnerability in its RTSP 
request h ...)
+       TODO: check
+CVE-2025-57462 (Reflected Cross site scripting (xss) in machsol machpanel 
8.0.32 allow ...)
+       TODO: check
+CVE-2025-57460 (File upload vulnerability in machsol machpanel 8.0.32 allows 
attacker  ...)
+       TODO: check
+CVE-2025-56333 (An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows 
a remot ...)
+       TODO: check
+CVE-2025-55064 (CWE-79 Improper Neutralization of Input During Web Page 
Generation (XS ...)
+       TODO: check
+CVE-2025-55063 (CWE-79 Improper Neutralization of Input During Web Page 
Generation (XS ...)
+       TODO: check
+CVE-2025-55062 (CWE-79 Improper Neutralization of Input During Web Page 
Generation (XS ...)
+       TODO: check
+CVE-2025-55061 (CWE-434 Unrestricted Upload of File with Dangerous Type)
+       TODO: check
+CVE-2025-55060 (CWE-601 URL Redirection to Untrusted Site ('Open Redirect'))
+       TODO: check
+CVE-2025-53627 (Meshtastic is an open source mesh networking solution. The 
Meshtastic  ...)
+       TODO: check
+CVE-2025-15202 (A vulnerability has been found in SohuTV CacheCloud up to 
3.2.0. This  ...)
+       TODO: check
+CVE-2025-15201 (A flaw has been found in SohuTV CacheCloud up to 3.2.0. The 
impacted e ...)
+       TODO: check
+CVE-2025-15200 (A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. 
The aff ...)
+       TODO: check
+CVE-2025-15199 (A security vulnerability has been detected in code-projects 
College No ...)
+       TODO: check
+CVE-2025-15198 (A weakness has been identified in code-projects College Notes 
Uploadin ...)
+       TODO: check
+CVE-2025-15197 (A security flaw has been discovered in 
code-projects/anirbandutta9 Con ...)
+       TODO: check
+CVE-2025-15196 (A vulnerability was identified in code-projects Assessment 
Management  ...)
+       TODO: check
+CVE-2025-15195 (A vulnerability was determined in code-projects Assessment 
Management  ...)
+       TODO: check
+CVE-2025-15194 (A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. 
Affected  ...)
+       TODO: check
+CVE-2025-15193 (A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. 
This aff ...)
+       TODO: check
+CVE-2025-15192 (A security vulnerability has been detected in D-Link DWR-M920 
up to 1. ...)
+       TODO: check
+CVE-2025-15191 (A weakness has been identified in D-Link DWR-M920 up to 
1.1.50. The af ...)
+       TODO: check
+CVE-2025-15190 (A security flaw has been discovered in D-Link DWR-M920 up to 
1.1.50. I ...)
+       TODO: check
+CVE-2025-15189 (A vulnerability was identified in D-Link DWR-M920 up to 
1.1.50. This i ...)
+       TODO: check
+CVE-2025-15188 (A vulnerability was determined in Campcodes Complete Online 
Beauty Par ...)
+       TODO: check
+CVE-2025-15187 (A vulnerability was found in GreenCMS up to 2.3. This affects 
an unkno ...)
+       TODO: check
+CVE-2025-15186 (A vulnerability has been found in code-projects Refugee Food 
Managemen ...)
+       TODO: check
+CVE-2025-15185 (A flaw has been found in code-projects Refugee Food Management 
System  ...)
+       TODO: check
+CVE-2025-15184 (A vulnerability was detected in code-projects Refugee Food 
Management  ...)
+       TODO: check
+CVE-2025-15183 (A security vulnerability has been detected in code-projects 
Refugee Fo ...)
+       TODO: check
+CVE-2025-15182 (A weakness has been identified in code-projects Refugee Food 
Managemen ...)
+       TODO: check
+CVE-2025-15181 (A security flaw has been discovered in code-projects Refugee 
Food Mana ...)
+       TODO: check
+CVE-2025-15180 (A vulnerability was identified in Tenda WH450 1.0.0.18. The 
affected e ...)
+       TODO: check
+CVE-2025-14728 (Rapid7 Velociraptor versions before 0.75.6 contain a directory 
travers ...)
+       TODO: check
+CVE-2025-14280 (The PixelYourSite plugin for WordPress is vulnerable to 
Sensitive Info ...)
+       TODO: check
+CVE-2025-14175 (A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 
allows th ...)
+       TODO: check
+CVE-2025-13592 (The Advanced Ads plugin for WordPress is vulnerable to Remote 
Code Exe ...)
+       TODO: check
+CVE-2024-30855 (DedeCMS v5.7 was discovered to contain a Cross-Site Request 
Forgery (C ...)
+       TODO: check
+CVE-2024-25181 (A critical vulnerability has been identified in givanz VvvebJs 
1.7.2,  ...)
+       TODO: check
 CVE-2025-52691 (Successful exploitation of the vulnerability could allow an 
unauthenti ...)
        NOT-FOR-US: SmarterTools SmarterMail
 CVE-2025-15228 (BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary 
File Up ...)
@@ -50891,6 +51031,7 @@ CVE-2025-51629 (A cross-site scripting (XSS) 
vulnerability in the PdfViewer comp
 CVE-2025-51533 (An Insecure Direct Object Reference (IDOR) in Sage DPW 
v2024_12_004 an ...)
        NOT-FOR-US: Sage DPW
 CVE-2025-50952 (openjpeg v 2.5.0 was discovered to contain a NULL pointer 
dereference  ...)
+       {DLA-4424-1}
        - openjpeg2 2.5.3-1
        [bookworm] - openjpeg2 2.5.0-2+deb12u2
        NOTE: https://github.com/uclouvain/openjpeg/issues/1505



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdaf6b2c9465b8552316f2497551a09589ac0213

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdaf6b2c9465b8552316f2497551a09589ac0213
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to