[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 15 21:13:11 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44cdac9a by security tracker role at 2025-08-15T20:13:04+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,73 +1,73 @@
 CVE-2025-9060 (A vulnerability has been found in the MSoft MFlash   application that  ...)
 	TODO: check
 CVE-2025-9053 (A vulnerability has been found in projectworlds Travel Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2025-9052 (A vulnerability was identified in projectworlds Travel Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2025-9051 (A vulnerability was determined in projectworlds Travel Management Syst ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2025-9050 (A vulnerability was found in projectworlds Travel Management System 1. ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2025-9047 (A vulnerability has been found in projectworlds Visitor Management Sys ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds
 CVE-2025-9046 (A vulnerability was identified in Tenda AC20 16.03.08.12. This issue a ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-9028 (A vulnerability was found in code-projects Online Medicine Guide 1.0.  ...)
 	TODO: check
 CVE-2025-9027 (A vulnerability has been found in code-projects Online Medicine Guide  ...)
 	TODO: check
 CVE-2025-9026 (A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affec ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2025-9025 (A vulnerability was determined in code-projects Simple Cafe Ordering S ...)
-	TODO: check
+	NOT-FOR-US: code-projects
 CVE-2025-9024 (A vulnerability was found in PHPGurukul Beauty Parlour Management Syst ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-9023 (A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-8996 (Missing Authorization vulnerability in Drupal Layout Builder Advanced  ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-8995 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-8905 (The Inpersttion For Theme plugin for WordPress is vulnerable to Remote ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8720 (The Plugin README Parser plugin for WordPress is vulnerable to Stored  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8675 (Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-8362 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-8361 (Missing Authorization vulnerability in Drupal Config Pages allows Forc ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-8092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: Drupal core and addons
 CVE-2025-8091 (The EventON Lite plugin for WordPress is vulnerable to Information Exp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8080 (The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8066 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in B ...)
 	TODO: check
 CVE-2025-7961 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	TODO: check
 CVE-2025-7778 (The Icons Factory plugin for WordPress is vulnerable to Arbitrary File ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7688 (The Add User Meta plugin for WordPress is vulnerable to Cross-Site Req ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7662 (The Gestion de tarifs plugin for WordPress is vulnerable to SQL Inject ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7650 (The BizCalendar Web plugin for WordPress is vulnerable to Local File I ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7641 (The Assistant for NextGEN Gallery plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7507 (The elink \u2013 Embed Content plugin for WordPress is vulnerable to M ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5844 (The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5048 (A maliciously crafted DGN file, when linked or imported into Autodesk  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-5047 (A maliciously crafted DGN file, when parsed through Autodesk AutoCAD,  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-5046 (A maliciously crafted DGN file, when linked or imported into Autodesk  ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-55285 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...)
 	TODO: check
 CVE-2025-55207 (Astro is a web framework for content-driven websites. Following CVE-20 ...)
@@ -77,25 +77,25 @@ CVE-2025-55203 (Plane is open-source project management software. Prior to versi
 CVE-2025-54989 (Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, an ...)
 	TODO: check
 CVE-2025-54475 (A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4 ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2025-54474 (A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joom ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2025-54473 (An authenticated RCE vulnerability in Phoca Commander component 1.0.0- ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2025-54466 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	TODO: check
 CVE-2025-49898 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49897 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49432 (Missing Authorization vulnerability in FWDesign Ultimate Video Player  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-43490 (A potential security vulnerability has been identified in the HPAudioA ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2025-36088 (IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 w ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-26709 (There is an unauthorized access vulnerability in ZTE F50. Due to impro ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2025-24975 (Firebird is a relational database. Prior to snapshot versions 4.0.6.31 ...)
 	TODO: check
 CVE-2025-1929 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44cdac9a5baba51d664675053d24974ca37f8356

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44cdac9a5baba51d664675053d24974ca37f8356
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250815/273b9465/attachment.htm>

More information about the debian-security-tracker-commits mailing list