Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6bd4d1b0 by security tracker role at 2026-01-07T20:14:08+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,7 +53,7 @@ CVE-2026-21496 (iccDEV provides a set of libraries and tools
that allow for the
CVE-2026-21495 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
TODO: check
CVE-2026-20029 (A vulnerability in the licensing features of Cisco
Identity Servi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20027 (Multiple Cisco products are affected by a vulnerability in the
process ...)
TODO: check
CVE-2026-20026 (Multiple Cisco products are affected by a vulnerability
in the pr ...)
@@ -65,19 +65,19 @@ CVE-2026-0669 (Improper Limitation of a Pathname to a
Restricted Directory ('Pat
CVE-2026-0668 (Inefficient Regular Expression Complexity vulnerability in
Wikimedia F ...)
TODO: check
CVE-2026-0618 (Cross-site Scripting vulnerability in Devolutions PowerShell
Universal ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-6225 (Kieback&Peter Neutrino-GLT product is used for building
management. It ...)
TODO: check
CVE-2025-69344 (Missing Authorization vulnerability in ThemeHunk Oneline Lite
allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69333 (Missing Authorization vulnerability in Crocoblock JetEngine
allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69082 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69081 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69080 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68637 (The Uniffle HTTP client is configured to trust all SSL
certificates an ...)
TODO: check
CVE-2025-67366 (@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that
provides file c ...)
@@ -97,7 +97,7 @@ CVE-2025-66560 (Quarkus is a Cloud Native, (Linux) Container
First framework for
CVE-2025-65805 (OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow
vulnerability ...)
TODO: check
CVE-2025-62327 (In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM
configur ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-61939 (An unused function in MicroServer can start a reverse SSH
connection t ...)
TODO: check
CVE-2025-61782 (OpenCTI is an open source platform for managing cyber threat
intellige ...)
@@ -109,145 +109,145 @@ CVE-2025-61489 (A command injection vulnerability in
the shell_exec function of
CVE-2025-58441 (Knowage is an open source analytics and business intelligence
suite. P ...)
TODO: check
CVE-2025-4677 (Insufficient Session Expiration vulnerability in ABB WebPro
SNMP Card ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-4676 (Incorrect Implementation of Authentication Algorithm
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-4675 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-49335 (Server-Side Request Forgery (SSRF) vulnerability in minnur
External Me ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47552 (Deserialization of Untrusted Data vulnerability in Digital
zoom studio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46494 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46434 (Missing Authorization vulnerability in POSIMYTH Innovation The
Plus Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46256 (Path Traversal: '.../...//' vulnerability in SigmaPlugin
Advanced Data ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32303 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32300 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31643 (Incorrect Privilege Assignment vulnerability in Dasinfomedia
WPCHURCH ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-15479 (Stored cross-site scripting (XSS, CWE-79) in the survey
content and ad ...)
TODO: check
CVE-2025-15158 (The WP Enable WebP plugin for WordPress is vulnerable to
arbitrary fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15058 (The Responsive Pricing Table plugin for WordPress is
vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15018 (The Optional Email plugin for WordPress is vulnerable to
Privilege Esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15000 (The Page Keys plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14999 (The Latest Tabs plugin for WordPress is vulnerable to
Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14796 (The My Album Gallery plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14626 (The QR Code for WooCommerce order emails, PDF invoices,
packing slips ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14465 (The Sticky Action Buttons plugin for WordPress is vulnerable
to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14460 (The Piraeus Bank WooCommerce Payment Gateway plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14453 (The My Album Gallery plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14352 (The Awesome Hotel Booking plugin for WordPress is vulnerable
to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14147 (The Easy GitHub Gist Shortcodes plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14145 (The Niche Hero | Beautifully-designed blocks in seconds plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14144 (The Mstoic Shortcodes plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14131 (The WP Widget Changer plugin for WordPress is vulnerable to
Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14130 (The Post Like Dislike plugin for WordPress is vulnerable to
Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14128 (The Stumble! for WordPress plugin for WordPress is vulnerable
to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14127 (The Testimonial Master plugin for WordPress is vulnerable to
Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14122 (The AD Sliding FAQ plugin for WordPress is vulnerable to
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14121 (The EDD Download Info plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14118 (The Starred Review plugin for WordPress is vulnerable to
Reflected Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14114 (The 1180px Shortcodes plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14113 (The Viitor Button Shortcodes plugin for WordPress is
vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14112 (The Snillrik Restaurant plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14110 (The WP Js List Pages Shortcodes plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14109 (The AH Shortcodes plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14077 (The Simcast plugin for WordPress is vulnerable to Cross-Site
Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14070 (The Reviewify plugin for WordPress is vulnerable to
unauthorized modif ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14057 (The Multi-column Tag Map plugin for WordPress is vulnerable to
Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14053 (The Wish To Go plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14028 (The Contact Us Simple Form plugin for WordPress is vulnerable
to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13990 (The Mamurjor Employee Info plugin for WordPress is vulnerable
to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13974 (The Email Customizer for WooCommerce plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13887 (The AI BotKit \u2013 AI Chatbot & Live Support for WordPress
plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13849 (The Cool YT Player plugin for WordPress is vulnerable to
Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13848 (The STM Gallery 1.9 plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13847 (The PhotoFade plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13841 (The Smart App Banners plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13801 (The Yoco Payments plugin for WordPress is vulnerable to Path
Traversal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13722 (The Fluent Forms \u2013 Customizable Contact Forms, Survey,
Quiz, & Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13694 (The AA Block Country plugin for WordPress is vulnerable to IP
Address ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13667 (The WP Recipe Manager plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13531 (The Stylish Order Form Builder plugin for WordPress is
vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13529 (The Unify plugin for WordPress is vulnerable to unauthorized
modificat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13527 (The xShare plugin for WordPress is vulnerable to Cross-Site
Request Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13521 (The WP Status Notifier plugin for WordPress is vulnerable to
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13520 (The MTCaptcha WordPress Plugin for WordPress is vulnerable to
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13519 (The SVG Map Plugin plugin for WordPress is vulnerable to
Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13497 (The Recras WordPress plugin for WordPress is vulnerable to
Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13496 (The Moosend Landing Pages plugin for WordPress is vulnerable
to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13493 (The Latest Registered Users plugin for WordPress is vulnerable
to unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13419 (The Guest posting / Frontend Posting / Front Editor \u2013 WP
Front Us ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13418 (The Responsive Pricing Table plugin for WordPress is
vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12958 (The Rankology SEO and Analytics Tool plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12543 (A flaw was found in the Undertow HTTP server core, which is
used in Wi ...)
TODO: check
CVE-2025-12540 (The ShareThis Dashboard for Google Analytics plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12030 (The ACF to REST API plugin for WordPress is vulnerable to
Insecure Dir ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11877 (The User Activity Log plugin is vulnerable to a limited
options update ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-67603 [Add PolicyKit authorization to D-Bus methods]
{DSA-6095-1}
- foomuuri 0.31-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bd4d1b0f45648b9ee77fbfc23c68602c8625ba6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bd4d1b0f45648b9ee77fbfc23c68602c8625ba6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
