[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 24 21:13:46 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
05b46322 by security tracker role at 2025-04-24T20:13:39+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -25,61 +25,61 @@ CVE-2025-46528 (Cross-Site Request Forgery (CSRF) vulnerability in Steve Availab
CVE-2025-46525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46524 (Cross-Site Request Forgery (CSRF) vulnerability in stesvis WP Filter P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46523 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46522 (Cross-Site Request Forgery (CSRF) vulnerability in Billy Bryant Tabs a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46521 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46520 (Cross-Site Request Forgery (CSRF) vulnerability in alphasis Related Po ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46519 (Missing Authorization vulnerability in Michael Revellin-Clerc Media Li ...)
TODO: check
CVE-2025-46517 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46516 (Cross-Site Request Forgery (CSRF) vulnerability in silencecm Twitter C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46514 (Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46513 (Cross-Site Request Forgery (CSRF) vulnerability in Codebangers All in ...)
TODO: check
CVE-2025-46512 (Cross-Site Request Forgery (CSRF) vulnerability in Shamim Hasan Custom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46511 (Server-Side Request Forgery (SSRF) vulnerability in Derek Springer Bee ...)
TODO: check
CVE-2025-46510 (Cross-Site Request Forgery (CSRF) vulnerability in harrysudana Contact ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46508 (Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao Advanced ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46507 (Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimet ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46506 (Cross-Site Request Forgery (CSRF) vulnerability in Lora77 WpZon \u2013 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46504 (Cross-Site Request Forgery (CSRF) vulnerability in Olar Marius Vasaio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46503 (Server-Side Request Forgery (SSRF) vulnerability in josheli Simple Goo ...)
TODO: check
CVE-2025-46502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46499 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46498 (Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Offic ...)
TODO: check
CVE-2025-46497 (Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46496 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46495 (Cross-Site Request Forgery (CSRF) vulnerability in tomontoast Drop Cap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46492 (Cross-Site Request Forgery (CSRF) vulnerability in Pham Thanh Call Now ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46491 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46489 (Missing Authorization vulnerability in vinodvaswani9 Bulk Assign Linke ...)
@@ -117,9 +117,9 @@ CVE-2025-46469 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-46467 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46466 (Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Poll ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46465 (Cross-Site Request Forgery (CSRF) vulnerability in John Weissberg Prin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46462 (Cross-Site Request Forgery (CSRF) vulnerability in Tr\xe2n Minh-Qu\xe2 ...)
TODO: check
CVE-2025-46461 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -127,15 +127,15 @@ CVE-2025-46461 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-46459 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46457 (Cross-Site Request Forgery (CSRF) vulnerability in digontoahsan Wp Cus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46453 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46452 (Cross-Site Request Forgery (CSRF) vulnerability in Olav Kolbu Google N ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46451 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46450 (Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46449 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46447 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -145,15 +145,15 @@ CVE-2025-46445 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-46443 (Server-Side Request Forgery (SSRF) vulnerability in Adam Pery Animate ...)
TODO: check
CVE-2025-46442 (Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46439 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46438 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-46436 (Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry ...)
TODO: check
CVE-2025-46435 (Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Ba ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46421 (A flaw was found in libsoup. When libsoup clients encounter an HTTP re ...)
TODO: check
CVE-2025-46420 (A flaw was found in libsoup. It is vulnerable to memory leaks in the s ...)
@@ -161,19 +161,19 @@ CVE-2025-46420 (A flaw was found in libsoup. It is vulnerable to memory leaks in
CVE-2025-46264 (Unrestricted Upload of File with Dangerous Type vulnerability in Angel ...)
TODO: check
CVE-2025-46261 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46260 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46248 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-46234 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46230 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-44135 (A vulnerability was found in code-projects Online Class and Exam Sched ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-44134 (A vulnerability was found in Code-Projects Online Class and Exam Sched ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-43859 (h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a ...)
TODO: check
CVE-2025-43858 (YoutubeDLSharp is a wrapper for the command-line video downloaders you ...)
@@ -183,97 +183,97 @@ CVE-2025-43855 (tRPC allows users to build & consume fully typesafe APIs without
CVE-2025-3872 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-3832 (The FuseDesk plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3793 (The Buddypress Force Password Change plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3776 (The Verification SMS with TargetSMS plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3607 (The Frontend Login and Registration Blocks plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3604 (The Flynax Bridge plugin for WordPress is vulnerable to privilege esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3603 (The Flynax Bridge plugin for WordPress is vulnerable to privilege esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3300 (The WPMasterToolKit (WPMTK) \u2013 All in one plugin plugin for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3280 (The ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3101 (The Configurator Theme Core plugin for WordPress is vulnerable to priv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3065 (The Database Toolset plugin is vulnerable to arbitrary file deletion d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3058 (The Xelion Webchat plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39408 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39404 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in H ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39400 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39399 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39397 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39391 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39390 (Missing Authorization vulnerability in magepeopleteam Booking and Rent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39387 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39385 (Missing Authorization vulnerability in VW Themes Sirat allows Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39384 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39383 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39382 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39381 (Cross-Site Request Forgery (CSRF) vulnerability in Kiotviet KiotViet S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39379 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39378 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39377 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39360 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39359 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32921 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31324 (SAP NetWeaver Visual Composer Metadata Uploader is not protected with ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2025-30409 (Denial of service due to allocation of resources without limits. The f ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-30408 (Local privilege escalation due to insecure folder permissions. The fol ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2025-2579 (The Lottie Player plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2543 (The Advanced Accordion Gutenberg Block plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29568 (A vulnerability has been discovered in the code-projects Online Class ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-27820 (A bug in PSL validation logic in Apache HttpClient 5.4.x disables doma ...)
TODO: check
CVE-2025-26382 (Under certain circumstances the iSTAR Configuration Utility (ICU) tool ...)
TODO: check
CVE-2025-1284 (The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Goog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-30148 (Improper access control of endpoint in HCL Leap allows certain admin u ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-30147 (Multiple vectors in HCL Leap allow client-side script injection in the ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-30114 (Insufficient sanitization in HCL Leap allows client-side script inject ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-30113 (Insufficient sanitization policy in HCL Leap allows client-side script ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-13307 (The Reales WP - Real Estate WordPress Theme theme for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45720 (Insufficient default configuration in HCL Leap allows anonymous access ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2023-37534 (Insufficient URI protocol whitelist in HCL Leap allows script injectio ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2021-47664 (Due to improper authentication mechanism an unauthenticated remote att ...)
TODO: check
CVE-2021-47663 (Due to improperJSON Web Tokens implementation an unauthenticated remot ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05b463224b696ee35d4bf0687fbe3afde21742ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05b463224b696ee35d4bf0687fbe3afde21742ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250424/51426deb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list