Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6de5a771 by Salvatore Bonaccorso at 2026-01-01T17:04:34+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,11 +5,11 @@ CVE-2025-69412 (KDE messagelib before 25.11.90 ignores SSL
errors for threatMatc
- kf5-messagelib <removed>
NOTE:
https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3
(v25.11.90)
CVE-2025-69288 (Titra is open source project time tracking software. Prior to
version ...)
- TODO: check
+ NOT-FOR-US: Titra
CVE-2025-69286 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation)
engine. ...)
- TODO: check
+ NOT-FOR-US: RAGFlow
CVE-2025-68700 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation)
engine. ...)
- TODO: check
+ NOT-FOR-US: RAGFlow
CVE-2025-67711 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
NOT-FOR-US: Esri
CVE-2025-67710 (There is a stored cross site scripting issue in Esri ArcGIS
Server 11. ...)
@@ -37,7 +37,7 @@ CVE-2025-50053 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-47566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-34469 (Cowrie versions prior to 2.9.0 contain a server-side request
forgery ( ...)
- TODO: check
+ NOT-FOR-US: Cowrie
CVE-2025-31054 (Cross-Site Request Forgery (CSRF) vulnerability in Themefy
Bloggie all ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30628 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
@@ -45,7 +45,7 @@ CVE-2025-30628 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-28973 (Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk
Watermar ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-28949 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress Media Library Folders
CVE-2025-22203
REJECTED
CVE-2025-22202
@@ -99,17 +99,17 @@ CVE-2025-22155
CVE-2025-22154
REJECTED
CVE-2025-15398 (A security vulnerability has been detected in Uasoft badaso up
to 2.9. ...)
- TODO: check
+ NOT-FOR-US: Uasoft badaso
CVE-2025-13820 (The Comments WordPress plugin before 7.6.40 does not properly
validat ...)
NOT-FOR-US: WordPress plugin
CVE-2025-11157 (A high-severity remote code execution vulnerability exists in
feast-de ...)
- TODO: check
+ NOT-FOR-US: feast-dev/feast
CVE-2023-7332 (PocketMine-MP versions prior to 4.18.1 contain an improper
input valid ...)
- TODO: check
+ NOT-FOR-US: PocketMine-MP
CVE-2023-7331 (A vulnerability was detected in PKrystian Full-Stack-Bank up to
bf73a0 ...)
- TODO: check
+ NOT-FOR-US: PKrystian Full-Stack-Bank
CVE-2015-10145 (Gargoyle router management utility versions 1.5.x contain an
authentic ...)
- TODO: check
+ NOT-FOR-US: Gargoyle router management utility
CVE-2025-66160 (Missing Authorization vulnerability in merkulove Select
Graphist for E ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-66159 (Missing Authorization vulnerability in merkulove Walker for
Elementor ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6de5a7714844b0981094be7abc5a2cd73f8b0bd0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6de5a7714844b0981094be7abc5a2cd73f8b0bd0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
