[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 2 12:58:36 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
885abb8f by Salvatore Bonaccorso at 2025-12-02T13:57:07+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,61 +5,61 @@ CVE-2025-66415 (fastify-reply-from is a Fastify plugin to forward the current HT
CVE-2025-66412 (Angular is a development platform for building mobile and desktop web ...)
TODO: check
CVE-2025-66410 (Gin-vue-admin is a backstage management system based on vue and gin. I ...)
- TODO: check
+ NOT-FOR-US: gin-vue-admin
CVE-2025-66405 (Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardr ...)
- TODO: check
+ NOT-FOR-US: Portkey.ai Gateway
CVE-2025-66403 (FileRise is a self-hosted web-based file manager with multi-file uploa ...)
- TODO: check
+ NOT-FOR-US: FileRise
CVE-2025-66401 (MCP Watch is a comprehensive security scanner for Model Context Protoc ...)
- TODO: check
+ NOT-FOR-US: MCP Watch
CVE-2025-66400 (mdast-util-to-hast is an mdast utility to transform to hast. From 13.0 ...)
- TODO: check
+ NOT-FOR-US: mdast-util-to-hast
CVE-2025-66313 (ChurchCRM is an open-source church management system. In ChurchCRM 6.2 ...)
- TODO: check
+ NOT-FOR-US: ChurchCRM
CVE-2025-66312 (This admin plugin for Grav is an HTML user interface that provides a c ...)
- TODO: check
+ NOT-FOR-US: Grav plugin
CVE-2025-66311 (This admin plugin for Grav is an HTML user interface that provides a c ...)
- TODO: check
+ NOT-FOR-US: Grav plugin
CVE-2025-66310 (This admin plugin for Grav is an HTML user interface that provides a c ...)
- TODO: check
+ NOT-FOR-US: Grav plugin
CVE-2025-66309 (This admin plugin for Grav is an HTML user interface that provides a c ...)
- TODO: check
+ NOT-FOR-US: Grav plugin
CVE-2025-66308 (This admin plugin for Grav is an HTML user interface that provides a c ...)
- TODO: check
+ NOT-FOR-US: Grav plugin
CVE-2025-66307 (This admin plugin for Grav is an HTML user interface that provides a c ...)
- TODO: check
+ NOT-FOR-US: Grav plugin
CVE-2025-66306 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66305 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66304 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66303 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66302 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path trav ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66301 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to impr ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66300 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privi ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66299 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66298 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a si ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66297 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66296 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66295 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66294 (Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Si ...)
- TODO: check
+ NOT-FOR-US: Grav CMS
CVE-2025-66206 (Frappe is a full-stack web application framework. Prior to 15.86.0 and ...)
TODO: check
CVE-2025-66205 (Frappe is a full-stack web application framework. Prior to 15.86.0 and ...)
TODO: check
CVE-2025-65840 (PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSR ...)
- TODO: check
+ NOT-FOR-US: PublicCMS
CVE-2025-65622 (Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" fi ...)
TODO: check
CVE-2025-65621 (Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged aut ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/885abb8f312a8ca622cf91ad4fa6554eb96b19b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/885abb8f312a8ca622cf91ad4fa6554eb96b19b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251202/7fae2574/attachment.htm>
More information about the debian-security-tracker-commits
mailing list