[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3f6374f by security tracker role at 2025-08-16T08:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,74 @@
-CVE-2025-38501 [ksmbd: limit repeated connections from clients with the same IP]
+CVE-2025-8959 (HashiCorp's go-getter library subdirectory download feature is vulnera ...)
+	TODO: check
+CVE-2025-8898 (The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress  ...)
+	TODO: check
+CVE-2025-8896 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...)
+	TODO: check
+CVE-2025-8464 (The Drag and Drop Multiple File Upload for Contact Form 7 plugin for W ...)
+	TODO: check
+CVE-2025-8293 (The Intl DateTime Calendar plugin for WordPress is vulnerable to Store ...)
+	TODO: check
+CVE-2025-8113 (The Ebook Store WordPress plugin before 5.8015 does not escape the $_S ...)
+	TODO: check
+CVE-2025-8089 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2025-7686 (The weichuncai(WP\u4f2a\u6625\u83dc) plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2025-7684 (The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-7683 (The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Re ...)
+	TODO: check
+CVE-2025-7668 (The Linux Promotional Plugin plugin for WordPress is vulnerable to Cro ...)
+	TODO: check
+CVE-2025-7664 (The AL Pack plugin for WordPress is vulnerable to unauthorized access  ...)
+	TODO: check
+CVE-2025-7651 (The Earnware Connect plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2025-7649 (The Surbma | Recent Comments Shortcode plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-7499 (The BetterDocs \u2013 Advanced AI-Driven Documentation, FAQ & Knowledg ...)
+	TODO: check
+CVE-2025-7441 (The StoryChief plugin for WordPress is vulnerable to arbitrary file up ...)
+	TODO: check
+CVE-2025-7440 (The Anber Elementor Addon plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2025-7439 (Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2025-6221 (The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2025-6080 (The WPGYM - Wordpress Gym Management System plugin for WordPress is vu ...)
+	TODO: check
+CVE-2025-6079 (The School Management System for Wordpress plugin for WordPress is vul ...)
+	TODO: check
+CVE-2025-55286 (z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new  ...)
+	TODO: check
+CVE-2025-55284 (Claude Code is an agentic coding tool. Prior to version 1.0.4, it's po ...)
+	TODO: check
+CVE-2025-52621 (HCL BigFix SaaS Authentication Service is vulnerable to cache poisonin ...)
+	TODO: check
+CVE-2025-52620 (HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scr ...)
+	TODO: check
+CVE-2025-52619 (HCL BigFix SaaS Authentication Service is affected by a sensitive info ...)
+	TODO: check
+CVE-2025-52618 (HCL BigFix SaaS Authentication Service is affected by a SQL injection  ...)
+	TODO: check
+CVE-2025-49895 (Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy ...)
+	TODO: check
+CVE-2025-44201
+	REJECTED
+CVE-2025-43201 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	TODO: check
+CVE-2025-3671 (The WPGYM - Wordpress Gym Management System plugin for WordPress is vu ...)
+	TODO: check
+CVE-2024-8393 (The Woocommerce Blocks \u2013 Woolook plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2024-12612 (The School Management System for Wordpress plugin for WordPress is vul ...)
+	TODO: check
+CVE-2024-12575 (The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugi ...)
+	TODO: check
+CVE-2017-20199 (A vulnerability was found in Buttercup buttercup-browser-extension up  ...)
+	TODO: check
+CVE-2025-38501 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/e6bb9193974059ddbb0ce7763fa3882bd60d4dc3 (6.17-rc1)
 CVE-2025-9060 (A vulnerability has been found in the MSoft MFlash   application that  ...)
@@ -4229,7 +4299,7 @@ CVE-2025-8375 (A vulnerability was found in code-projects Vehicle Management 1.0
 	NOT-FOR-US: code-projects Vehicle Management
 CVE-2025-8374 (A vulnerability was found in code-projects Vehicle Management 1.0. It  ...)
 	NOT-FOR-US: code-projects Vehicle Management
-CVE-2025-8286 (G\xfcralp FMUS series seismic monitoring devicesexpose an unauthentica ...)
+CVE-2025-8286 (The affected products expose an unauthenticated Telnet-based command l ...)
 	NOT-FOR-US: Guralp FMUS series seismic monitoring devices
 CVE-2025-8213 (The NinjaScanner \u2013 Virus & Malware scan plugin for WordPress is v ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3f6374f9df14aafa09bb155a0063ce9017a87d7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3f6374f9df14aafa09bb155a0063ce9017a87d7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250816/0fe9316d/attachment.htm>