[Git][security-tracker-team/security-tracker][master] automatic update

Sat Apr 19 09:12:11 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
433a67bd by security tracker role at 2025-04-19T08:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2025-43903 [Properly verify adbe.pkcs7.sha1 signatures]
+CVE-2025-43901
+	REJECTED
+CVE-2025-43900
+	REJECTED
+CVE-2025-43899
+	REJECTED
+CVE-2025-43898
+	REJECTED
+CVE-2025-43897
+	REJECTED
+CVE-2025-43896
+	REJECTED
+CVE-2025-43895
+	REJECTED
+CVE-2025-43894
+	REJECTED
+CVE-2025-43893
+	REJECTED
+CVE-2025-3809 (The Debug Log Manager plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2025-3797 (A vulnerability classified as critical was found in SeaCMS up to 13.3. ...)
+	TODO: check
+CVE-2025-3796 (A vulnerability classified as critical has been found in PHPGurukul Me ...)
+	TODO: check
+CVE-2025-3404 (The Download Manager plugin for WordPress is vulnerable to arbitrary f ...)
+	TODO: check
+CVE-2025-3284 (The User Registration & Membership \u2013 Custom Registration Form, Lo ...)
+	TODO: check
+CVE-2025-3278 (The UrbanGo Membership plugin for WordPress is vulnerable to privilege ...)
+	TODO: check
+CVE-2025-3275 (The Themesflat Addons For Elementor plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2025-3103 (The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - ...)
+	TODO: check
+CVE-2025-32953 (z80pack is a mature emulator of multiple platforms with 8080 and Z80 C ...)
+	TODO: check
+CVE-2025-2111 (The Insert Headers And Footers plugin for WordPress is vulnerable to C ...)
+	TODO: check
+CVE-2025-2010 (The JobWP \u2013 Job Board, Job Listing, Career Page and Recruitment P ...)
+	TODO: check
+CVE-2025-29058 (An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arb ...)
+	TODO: check
+CVE-2025-1457 (The Element Pack Addons for Elementor \u2013 Free Templates and Widget ...)
+	TODO: check
+CVE-2025-1093 (The AIHub theme for WordPress is vulnerable to arbitrary file uploads  ...)
+	TODO: check
+CVE-2024-53591 (An issue in the login page of Seclore v3.27.5.0 allows attackers to by ...)
+	TODO: check
+CVE-2024-13926 (The WP-Syntax WordPress plugin through 1.2 does not properly handle in ...)
+	TODO: check
+CVE-2021-4455 (The Wordpress Plugin Smart Product Review plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2025-43903 (NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the  ...)
 	- poppler 25.03.0-4 (bug #1103545)
 	[bookworm] - poppler <no-dsa> (Minor issue)
 	NOTE: Introduced with: https://gitlab.freedesktop.org/poppler/poppler/-/commit/c7c0207b1cfe49a4353d6cda93dbebef4508138f (poppler-0.42.0)
@@ -262,7 +314,7 @@ CVE-2025-29450 (An issue in twonav v.2.1.18-20241105 allows a remote attacker to
 	NOT-FOR-US: twonav
 CVE-2025-29449 (An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtai ...)
 	NOT-FOR-US: twonav
-CVE-2025-25427 (A Stored cross-site scripting (XSS) vulnerability in upnp page of the  ...)
+CVE-2025-25427 (A stored cross-site scripting (XSS) vulnerability in the upnp.htm page ...)
 	NOT-FOR-US: TP-Link
 CVE-2025-1863 (Insecure default settings have been found in recorder products provide ...)
 	NOT-FOR-US: Yokogawa



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/433a67bd40658cb1821f9abeb1d06cc32e054ec1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/433a67bd40658cb1821f9abeb1d06cc32e054ec1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250419/1b63e879/attachment.htm>
