[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 19 21:40:10 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dfc34258 by Salvatore Bonaccorso at 2025-08-19T22:39:48+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16,37 +16,37 @@ CVE-2025-9154 (A flaw has been found in itsourcecode Online Tour and Travel Mana
CVE-2025-9153 (A vulnerability was detected in itsourcecode Online Tour and Travel Ma ...)
NOT-FOR-US: itsourcecode System
CVE-2025-9151 (A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to ...)
- TODO: check
+ NOT-FOR-US: LiuYuYang01 ThriveX-Blog
CVE-2025-9150 (A vulnerability was identified in Surbowl dormitory-management-php up ...)
- TODO: check
+ NOT-FOR-US: Surbowl dormitory-management-php
CVE-2025-9149 (A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. Th ...)
NOT-FOR-US: Wavlink
CVE-2025-9148 (A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This aff ...)
- TODO: check
+ NOT-FOR-US: CodePhiliaX Chat2DB
CVE-2025-9147 (A vulnerability has been found in jasonclark getsemantic up to 040c96e ...)
- TODO: check
+ NOT-FOR-US: getsemantic
CVE-2025-9146 (A flaw has been found in Linksys E5600 1.1.0.26. The affected element ...)
NOT-FOR-US: Linksys
CVE-2025-9145 (A security vulnerability has been detected in Scada-LTS 2.7.8.1. This ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9144 (A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9143 (A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9140 (A vulnerability was identified in Shanghai Lingdang Information Techno ...)
- TODO: check
+ NOT-FOR-US: Shanghai Lingdang Information Technology Lingdang CRM
CVE-2025-9139 (A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9138 (A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9137 (A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an u ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9136 (A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This ...)
TODO: check
CVE-2025-9135 (A vulnerability was detected in Verkehrsauskunft \xd6sterreich SmartRi ...)
- TODO: check
+ NOT-FOR-US: Verkehrsauskunft Oesterreich SmartRide, cleVVVer and BusBahnBim
CVE-2025-9134 (A security vulnerability has been detected in AfterShip Package Tracke ...)
- TODO: check
+ NOT-FOR-US: AfterShip Package Tracker App
CVE-2025-8783 (The Contact Manager plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8782
@@ -56,25 +56,25 @@ CVE-2025-8567 (The Nexter Blocks plugin for WordPress is vulnerable to Stored Cr
CVE-2025-8450 (Improper Access Control issue in the Workflow component of Fortra's Fi ...)
NOT-FOR-US: Fortra
CVE-2025-55740 (nginx-defender is a high-performance, enterprise-grade Web Application ...)
- TODO: check
+ NOT-FOR-US: nginx-defender
CVE-2025-55737 (flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when d ...)
- TODO: check
+ NOT-FOR-US: flaskBlog
CVE-2025-55736 (flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arb ...)
- TODO: check
+ NOT-FOR-US: flaskBlog
CVE-2025-55735 (flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when c ...)
- TODO: check
+ NOT-FOR-US: flaskBlog
CVE-2025-55734 (flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the co ...)
- TODO: check
+ NOT-FOR-US: flaskBlog
CVE-2025-55733 (DeepChat is a smart assistant that connects powerful AI to your person ...)
- TODO: check
+ NOT-FOR-US: DeepChat
CVE-2025-55306 (GenX_FX is an advance IA trading platform that will focus on forex tra ...)
- TODO: check
+ NOT-FOR-US: GenX_FX
CVE-2025-55303 (Astro is a web framework for content-driven websites. In versions of a ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2025-55295 (qBit Manage is a tool that helps manage tedious tasks in qBittorrent a ...)
- TODO: check
+ NOT-FOR-US: qBit Manage
CVE-2025-55294 (screenshot-desktop allows capturing a screenshot of your local machine ...)
- TODO: check
+ NOT-FOR-US: screenshot-desktop
CVE-2025-55153
REJECTED
CVE-2025-54881 (Mermaid is a JavaScript based diagramming and charting tool that uses ...)
@@ -84,35 +84,35 @@ CVE-2025-54880 (Mermaid is a JavaScript based diagramming and charting tool that
CVE-2025-54411 (Discourse is an open-source discussion platform. Welcome banner user n ...)
NOT-FOR-US: Discourse
CVE-2025-54336 (In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison ...)
- TODO: check
+ NOT-FOR-US: Plesk Obsidian
CVE-2025-52478 (n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2025-52338 (An issue in the default configuration of the password reset function i ...)
- TODO: check
+ NOT-FOR-US: LogicData eCommerce Framework
CVE-2025-52337 (An authenticated arbitrary file upload vulnerability in the Content Ex ...)
- TODO: check
+ NOT-FOR-US: LogicData eCommerce Framework
CVE-2025-51543 (An issue was discovered in Cicool builder 3.4.4 allowing attackers to ...)
- TODO: check
+ NOT-FOR-US: Cicool builder
CVE-2025-51540 (EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: m ...)
- TODO: check
+ NOT-FOR-US: EzGED3
CVE-2025-51539 (EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerabi ...)
- TODO: check
+ NOT-FOR-US: EzGED3
CVE-2025-51529 (Incorrect Access Control in the AJAX endpoint functionality in jonkast ...)
- TODO: check
+ NOT-FOR-US: onkastonka Cookies and Content Security Policy plugin
CVE-2025-51510 (MoonShine v3.12.5 was discovered to contain a SQL injection vulnerabil ...)
- TODO: check
+ NOT-FOR-US: MoonShine
CVE-2025-51506 (In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL inj ...)
- TODO: check
+ NOT-FOR-US: HRForecast Suite
CVE-2025-51489 (An arbitrary file upload vulnerability in MoonShine v3.12.4 allows att ...)
- TODO: check
+ NOT-FOR-US: MoonShine
CVE-2025-51488 (A stored cross-site scripting (XSS) vulnerability in the Create Admin ...)
- TODO: check
+ NOT-FOR-US: MoonShine
CVE-2025-51487 (A stored cross-site scripting (XSS) vulnerability in the Create Articl ...)
- TODO: check
+ NOT-FOR-US: MoonShine
CVE-2025-50938 (Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the ...)
- TODO: check
+ NOT-FOR-US: Hustoj
CVE-2025-50926 (Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel EHCP
CVE-2025-50897 (A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processo ...)
TODO: check
CVE-2025-50891 (Adform Site Tracking 1.1 allows attackers to inject HTML or execute ar ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfc34258ff7eba25b902ca693834dc6a4e16d95c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfc34258ff7eba25b902ca693834dc6a4e16d95c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250819/47000ec8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list