[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 20 09:14:09 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ce48937 by security tracker role at 2025-08-20T08:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-9225 (Stored cross-site scripting (XSS) in the web interface of MiR software ...)
TODO: check
CVE-2025-9202 (The ColorMag theme for WordPress is vulnerable to unauthorized modific ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9193 (A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted i ...)
TODO: check
CVE-2025-9176 (A security flaw has been discovered in neurobin shc up to 4.0.3. Impac ...)
@@ -21,15 +21,15 @@ CVE-2025-9168 (A vulnerability was found in SolidInvoice up to 2.4.0. This issue
CVE-2025-9167 (A vulnerability has been found in SolidInvoice up to 2.4.0. This vulne ...)
TODO: check
CVE-2025-8618 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8364 (A crafted URL using a blob: URI could have hidden the true origin of t ...)
TODO: check
CVE-2025-8289 (The Redirection for Contact Form 7 plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8145 (The Redirection for Contact Form 7 plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8141 (The Redirection for Contact Form 7 plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-57791 (An issue was discovered in Commvault before 11.36.60. A security vulne ...)
TODO: check
CVE-2025-57790 (An issue was discovered in Commvault before 11.36.60. A security vulne ...)
@@ -53,21 +53,21 @@ CVE-2025-57743
CVE-2025-57742
REJECTED
CVE-2025-55715 (Insertion of Sensitive Information Into Sent Data vulnerability in The ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-55706 (URL redirection to untrusted site ('Open Redirect') issue exists in M ...)
TODO: check
CVE-2025-54750 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54735 (Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54726 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54713 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54677 (Unrestricted Upload of File with Dangerous Type vulnerability in vcita ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54670 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54551 (Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege ...)
TODO: check
CVE-2025-54364 (Microsoft Knack 0.12.0 allows Regular expression Denial of Service (Re ...)
@@ -87,13 +87,13 @@ CVE-2025-54055 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-54053 (Deserialization of Untrusted Data vulnerability in Adrian Tobey Ground ...)
TODO: check
CVE-2025-54052 (Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54049 (Incorrect Privilege Assignment vulnerability in miniOrange Custom API ...)
TODO: check
CVE-2025-54048 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-54046 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54044 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-54040 (Missing Authorization vulnerability in Webba Appointment Booking Webba ...)
@@ -101,15 +101,15 @@ CVE-2025-54040 (Missing Authorization vulnerability in Webba Appointment Booking
CVE-2025-54034 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-54032 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54031 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-54028 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54027 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-54025 (Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54021 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2025-54019 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
@@ -119,11 +119,11 @@ CVE-2025-54017 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-54014 (Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCe ...)
TODO: check
CVE-2025-54012 (Deserialization of Untrusted Data vulnerability in nanbu Welcart e-Com ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54008 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
TODO: check
CVE-2025-54007 (Deserialization of Untrusted Data vulnerability in PickPlugins Post Gr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53998 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
TODO: check
CVE-2025-53993 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
@@ -139,9 +139,9 @@ CVE-2025-53985 (Insertion of Sensitive Information Into Sent Data vulnerability
CVE-2025-53983 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
TODO: check
CVE-2025-53580 (Incorrect Privilege Assignment vulnerability in quantumcloud Simple Bu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53577 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53567 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-53565 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -153,109 +153,109 @@ CVE-2025-53563 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-53562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-53561 (Path Traversal vulnerability in miniOrange Prevent files / folders acc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53560 (Deserialization of Untrusted Data vulnerability in rascals Noisa allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-53522 (Movable Type contains an issue with use of less trusted source. If exp ...)
TODO: check
CVE-2025-53319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53299 (Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53226 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53213 (Unrestricted Upload of File with Dangerous Type vulnerability in ELEXt ...)
TODO: check
CVE-2025-53212 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-53210 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53208 (Authorization Bypass Through User-Controlled Key vulnerability in paym ...)
TODO: check
CVE-2025-53207 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53205 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-53204 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53201 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-53198 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53196 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
TODO: check
CVE-2025-53195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53194 (Improper Neutralization of Special Elements Used in a Template Engine ...)
TODO: check
CVE-2025-49896 (Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP Discord ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49894 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49893 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49892 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49891 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49890 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49438 (Deserialization of Untrusted Data vulnerability in Max Chirkov Simple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49426 (Cross-Site Request Forgery (CSRF) vulnerability in Dourou Cookie Warni ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49424 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49422 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49420 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49413 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49412 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49411 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49410 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49409 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49408 (Insertion of Sensitive Information Into Sent Data vulnerability in WPD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49406 (Missing Authorization vulnerability in favethemes Houzez allows Access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49400 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49399 (Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49397 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49396 (Missing Authorization vulnerability in themifyme Themify Builder allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49395 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49392 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49391 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49389 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49382 (Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49381 (Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.tx ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48302 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48298 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-48297 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -267,11 +267,11 @@ CVE-2025-48171 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-48170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-48169 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48168 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-48165 (Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48164 (Incorrect Privilege Assignment vulnerability in Brainstorm Force SureD ...)
TODO: check
CVE-2025-48163 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -281,21 +281,21 @@ CVE-2025-48162 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-48160 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-48159 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48158 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48157 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-48154 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48152 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48151 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-48149 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-48148 (Unrestricted Upload of File with Dangerous Type vulnerability in Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48142 (Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify all ...)
TODO: check
CVE-2025-47650 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
@@ -303,7 +303,7 @@ CVE-2025-47650 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
CVE-2025-30975 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
TODO: check
CVE-2025-28977 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2024-12223 (Prism Central versions prior to 2024.3.1 are vulnerable to a stored cr ...)
TODO: check
CVE-2025-9162
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce489374dbc379dc4a946bcfb17146d36afd086
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce489374dbc379dc4a946bcfb17146d36afd086
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250820/5e8d7bfd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list