Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c7b2c92c by Salvatore Bonaccorso at 2026-02-03T22:13:42+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -191,7 +191,7 @@ CVE-2026-1803 (A weakness has been identified in Ziroom
ZHOME A0101 1.0.1.0. Imp
CVE-2026-1802 (A security flaw has been discovered in Ziroom ZHOME A0101
1.0.1.0. Thi ...)
NOT-FOR-US: Ziroom ZHOME A0101
CVE-2026-1664 (Summary An Insecure Direct Object Reference has been found to
exist i ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Agents SDK
CVE-2026-1568 (Rapid7 InsightVM versions before8.34.0 contain a signature
verificatio ...)
NOT-FOR-US: Rapid7 InsightVM
CVE-2026-1432 (SQL injection vulnerability in the Buroweb platform version
2505.0.12, ...)
@@ -207,7 +207,7 @@ CVE-2025-7760 (Improper Neutralization of Input During Web
Page Generation (XSS
CVE-2025-71179 (Creativeitem Academy LMS 7.0 contains reflected Cross-Site
Scripting ( ...)
NOT-FOR-US: Creativeitem Academy LMS
CVE-2025-70849 (Arbitrary File Upload in podinfo thru 6.9.0 allows
unauthenticated att ...)
- TODO: check
+ NOT-FOR-US: podinfo
CVE-2025-70841 (Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2
allows unauth ...)
NOT-FOR-US: Dokans Multi-Tenancy Based eCommerce Platform SaaS
CVE-2025-70758 (chetans9 core-php-admin-panel through commit a94a780d6
contains an aut ...)
@@ -219,7 +219,7 @@ CVE-2025-70559 (pdfminer.six before 20251230 contains an
insecure deserializatio
CVE-2025-70311 (JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can
inject malici ...)
NOT-FOR-US: JEEWMS
CVE-2025-6397 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Ankara Hosting Website Design
CVE-2025-69983 (FUXA v1.2.7 allows Remote Code Execution (RCE) via the project
import ...)
NOT-FOR-US: FUXA
CVE-2025-69981 (FUXA v1.2.7 contains an Unrestricted File Upload vulnerability
in the ...)
@@ -265,19 +265,19 @@ CVE-2025-67187 (A stack-based buffer overflow
vulnerability was identified in TO
CVE-2025-67186 (TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer
overflow vul ...)
NOT-FOR-US: TOTOLINK
CVE-2025-66374 (CyberArk Endpoint Privilege Manager Agent through 25.10.0
allows a loc ...)
- TODO: check
+ NOT-FOR-US: CyberArk Endpoint Privilege Manager Agent
CVE-2025-65924 (ERPNext thru 15.88.1 does not sanitize or remove certain HTML
tags spe ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2025-65923 (A Stored Cross-Site Scripting (XSS) vulnerability was
discovered withi ...)
- TODO: check
+ NOT-FOR-US: ERPNext
CVE-2025-65875 (An arbitrary file upload vulnerability in the AddFont()
function of FP ...)
- TODO: check
+ NOT-FOR-US: FPDF
CVE-2025-65017 (Decidim is a participatory democracy framework. In versions
from 0.30. ...)
- TODO: check
+ NOT-FOR-US: Decidim
CVE-2025-63624 (SQL Injection vulnerability in Shandong Kede Electronics Co.,
Ltd IoT ...)
- TODO: check
+ NOT-FOR-US: Shandong Kede Electronics Co., Ltd IoT smart water meter
monitoring platform
CVE-2025-63372 (Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable
to Direc ...)
- TODO: check
+ NOT-FOR-US: Articentgroup Zip Rar Extractor Tool
CVE-2025-62673 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
NOT-FOR-US: TP-Link
CVE-2025-62501 (SSH Hostkey misconfiguration vulnerability in TP-Link Archer
AX53 v1.0 ...)
@@ -291,43 +291,43 @@ CVE-2025-61983 (Heap-based Buffer Overflow vulnerability
in TP-Link Archer AX53
CVE-2025-61944 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
NOT-FOR-US: TP-Link
CVE-2025-61506 (An issue was discovered in MediaCrush thru 1.0.1 allowing
remote unaut ...)
- TODO: check
+ NOT-FOR-US: MediaCrush
CVE-2025-60865 (Insecure Permissions vulnerability in avanquest Driver Updater
v.9.1.5 ...)
- TODO: check
+ NOT-FOR-US: avanquest Driver Updater
CVE-2025-5319 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Efficiency Management System
CVE-2025-59902 (HTML injection vulnerability in NICE Chat. This vulnerability
allows a ...)
- TODO: check
+ NOT-FOR-US: NICE Chat
CVE-2025-59487 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
NOT-FOR-US: TP-Link
CVE-2025-59482 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
NOT-FOR-US: TP-Link
CVE-2025-59439 (An issue was discovered in Samsung Modem Exynos through
2025-08-29. In ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-58455 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
NOT-FOR-US: TP-Link
CVE-2025-58348 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-58347 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-58346 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-58345 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-58344 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-58343 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-58342 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-58341 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-58340 (An issue was discovered in the Wi-Fi driver in Samsung Mobile
Processo ...)
- TODO: check
+ NOT-FOR-US: Samsung
CVE-2025-58077 (Heap-based Buffer Overflow vulnerability in TP-Link Archer
AX53 v1.0 ( ...)
NOT-FOR-US: TP-Link
CVE-2025-57529 (YouDataSum CPAS Audit Management System <=v4.9 is vulnerable
to SQL In ...)
- TODO: check
+ NOT-FOR-US: YouDataSum CPAS Audit Management System
CVE-2025-52633 (HCL AION is affected by a Permanent Cookie Containing
Sensitive Sessio ...)
NOT-FOR-US: HCL
CVE-2025-52631 (HCL AION is affected by a Missing or Insecure HTTP
Strict-Transport-Se ...)
@@ -343,51 +343,51 @@ CVE-2025-52626 (A Potential Command Injection
vulnerability in HCL AION. An Th
CVE-2025-52623 (HCL AION is affected by an Autocomplete HTML Attribute Not
Disabled fo ...)
NOT-FOR-US: HCL
CVE-2025-46651 (Tiny File Manager through 2.6 contains a server-side request
forgery ( ...)
- TODO: check
+ NOT-FOR-US: Tiny File Manager
CVE-2025-41065 (Stored Cross-Site Scripting (XSS) vulnerability type in LUNA
software ...)
- TODO: check
+ NOT-FOR-US: LUNA software
CVE-2025-11598 (In mObywatel iOS applicationan unauthorized user can use the
App Switc ...)
- TODO: check
+ NOT-FOR-US: mObywatel iOS application
CVE-2025-10878 (A SQL injection vulnerability exists in the login
functionality of Fik ...)
- TODO: check
+ NOT-FOR-US: Fikir Odalari AdminPando
CVE-2020-37116 (GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by
default, which ...)
- TODO: check
+ NOT-FOR-US: GUnet OpenEclass
CVE-2020-37115 (GUnet OpenEclass 1.7.3 stores user credentials in plaintext,
allowing ...)
- TODO: check
+ NOT-FOR-US: GUnet OpenEclass
CVE-2020-37114 (GUnet OpenEclass 1.7.3 allows unauthenticated and
authenticated users ...)
- TODO: check
+ NOT-FOR-US: GUnet OpenEclass
CVE-2020-37113 (GUnet OpenEclass 1.7.3 allows authenticated users to bypass
file exten ...)
- TODO: check
+ NOT-FOR-US: GUnet OpenEclass
CVE-2020-37112 (GUnet OpenEclass 1.7.3 contains multiple SQL injection
vulnerabilities ...)
- TODO: check
+ NOT-FOR-US: GUnet OpenEclass
CVE-2020-37111 (60CycleCMS 2.5.2 contains a cross-site scripting (XSS)
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: 60CycleCMS
CVE-2020-37110 (60CycleCMS 2.5.2 contains an SQL injection vulnerability in
news.php a ...)
- TODO: check
+ NOT-FOR-US: 60CycleCMS
CVE-2020-37108 (PhpIX 2012 Professional contains a SQL injection vulnerability
in the ...)
- TODO: check
+ NOT-FOR-US: PhpIX 2012 Professional
CVE-2020-37105 (PMB 5.6 contains a SQL injection vulnerability in the
administration d ...)
- TODO: check
+ NOT-FOR-US: PMB
CVE-2020-37103 (DotNetNuke 9.5 contains a persistent cross-site scripting
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: DNN (formerly DotNetNuke)
CVE-2020-37102 (Adaware Web Companion 4.9.2159 contains an unquoted service
path vulne ...)
- TODO: check
+ NOT-FOR-US: Adaware Web Companion
CVE-2020-37101 (VPN Unlimited 6.1 contains an unquoted service path
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: VPN Unlimited
CVE-2020-37100 (Sync Breeze Enterprise 12.4.18 contains an unquoted service
path vulne ...)
- TODO: check
+ NOT-FOR-US: Sync Breeze Enterprise
CVE-2020-37099 (Disk Savvy Enterprise 12.3.18 contains an unquoted service
path vulner ...)
- TODO: check
+ NOT-FOR-US: Disk Savvy Enterprise
CVE-2020-37098 (Disk Sorter Enterprise 12.4.16 contains an unquoted service
path vulne ...)
- TODO: check
+ NOT-FOR-US: Disk Sorter Enterprise
CVE-2019-25265 (Online Inventory Manager 3.2 contains a stored cross-site
scripting vu ...)
- TODO: check
+ NOT-FOR-US: Online Inventory Manager
CVE-2019-25264 (Snipe-IT 4.7.5 contains a persistent cross-site scripting
vulnerabilit ...)
TODO: check
CVE-2019-25263 (Zendesk SweetHawk Survey 1.6 contains a persistent cross-site
scriptin ...)
- TODO: check
+ NOT-FOR-US: Zendesk SweetHawk Survey
CVE-2019-25261 (AnyDesk 5.4.0 contains an unquoted service path vulnerability
in its W ...)
- TODO: check
+ NOT-FOR-US: AnyDesk
CVE-2026-1312 (An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11,
and 4. ...)
- python-django <unfixed>
NOTE:
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
@@ -523,9 +523,9 @@ CVE-2025-70959 (A stored cross-site scripting (XSS)
vulnerability in the Jobs mo
CVE-2025-70958 (Multiple reflected cross-site scripting (XSS) vulnerabilities
in the i ...)
NOT-FOR-US: Subrion CMS
CVE-2025-69207 (Khoj is a self-hostable artificial intelligence app. Prior to
2.0.0-be ...)
- TODO: check
+ NOT-FOR-US: Khoj
CVE-2025-66480 (Wildfire IM is an instant messaging and real-time audio/video
solution ...)
- TODO: check
+ NOT-FOR-US: Wildfire IM
CVE-2025-61650 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
TODO: check
CVE-2025-61649 (Vulnerability in Wikimedia Foundation CheckUser. This
vulnerability is ...)
@@ -553,7 +553,7 @@ CVE-2025-36238 (IBM PowerVM Hypervisor FW1110.00 through
FW1110.03, FW1060.00 th
CVE-2025-36194 (IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00
through ...)
NOT-FOR-US: IBM
CVE-2025-15556 (Notepad++ versions prior to 8.8.9, when using the WinGUp
updater, cont ...)
- TODO: check
+ NOT-FOR-US: Notepad++
CVE-2025-14274 (The Unlimited Elements for Elementor plugin for WordPress is
vulnerabl ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13096 (IBM Business Automation Workflow containers V25.0.0 through
V25.0.0-IF ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7b2c92c7299d9434c4346d48e3c2f416423066b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7b2c92c7299d9434c4346d48e3c2f416423066b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
