[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 5 08:14:22 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
961d8363 by security tracker role at 2025-12-05T08:14:09+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-6946 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-66576 (Remote Keyboard Desktop 1.0.1 enables remote attackers to execute syst ...)
TODO: check
CVE-2025-66575 (VeeVPN 1.6.1 contains an unquoted service path vulnerability in the Ve ...)
@@ -59,7 +59,7 @@ CVE-2025-65899 (Kalmia CMS version 0.2.0 contains a user enumeration vulnerabili
CVE-2025-63896 (An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch C ...)
TODO: check
CVE-2025-62223 (User interface (ui) misrepresentation of critical information in Micro ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-55948 (This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6. ...)
TODO: check
CVE-2025-53704 (The password reset mechanism for the Pivot client application is weak, ...)
@@ -75,65 +75,65 @@ CVE-2025-27935 (The OTP Integration Kit for PingFederate fails to enforce HTTP m
CVE-2025-27389 (A flaw exists in the verification of application installation sources ...)
TODO: check
CVE-2025-1910 (The WatchGuard Mobile VPN with SSL Client on Windows allows a locally ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-1547 (A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fi ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-1545 (An XPath Injection vulnerability in WatchGuard Fireware OS may allow a ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-14052 (A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. ...)
TODO: check
CVE-2025-14051 (A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected ...)
TODO: check
CVE-2025-13940 (An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard F ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-13939 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-13938 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-13937 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-13936 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-13932 (The SolisCloud API suffers from a Broken Access Control vulnerability, ...)
TODO: check
CVE-2025-13860 (The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13684 (The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13625 (The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13623 (The Twitscription plugin for WordPress is vulnerable to Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13622 (The Jabbernotification plugin for WordPress is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13621 (The dream gallery plugin for WordPress is vulnerable to Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13543 (The PostGallery plugin for WordPress is vulnerable to arbitrary file u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13528 (The Feedback Modal for Website plugin for WordPress is vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13515 (The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflecte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13512 (The CoSign Single Signon plugin for WordPress is vulnerable to Reflect ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13494 (The SSP Debug plugin for WordPress is vulnerable to Sensitive Informat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13373 (Advantech iView versions 5.7.05.7057 and prior do not properly sanitiz ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-13362 (The Norby AI plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13360 (The Quantic Social Image Hover plugin for WordPress is vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13313 (The CRM Memberships plugin for WordPress is vulnerable to privilege es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13312 (The CRM Memberships plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13144 (The ContentStudio plugin for WordPress is vulnerable to Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13066 (The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13006 (The SurveyFunnel \u2013 Survey Plugin for WordPress plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12997 (Insecure Direct Object Reference vulnerability in Medtronic CareLink N ...)
TODO: check
CVE-2025-12996 (Medtronic CareLink Network allows a local attacker with access to log ...)
@@ -143,67 +143,67 @@ CVE-2025-12995 (Medtronic CareLink Network allows an unauthenticated remote atta
CVE-2025-12994 (Medtronic CareLink Network allows an unauthenticated remote attacker t ...)
TODO: check
CVE-2025-12986 (When a WF200/WGM160P device is configured to operate as an Access Poin ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2025-12850 (The My auctions allegro plugin for WordPress is vulnerable to SQL Inje ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12804 (The Booking Calendar plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12417 (The SurveyFunnel \u2013 Survey Plugin for WordPress plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12374 (The Email Verification, Email OTP, Block Spam Email, Passwordless logi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12373 (The Torod \u2013 The smart shipping and delivery portal for e-shops an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12370 (The Takeads plugin for WordPress is vulnerable to authorization bypass ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12368 (The Sermon Manager plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12355 (The Payaza plugin for WordPress is vulnerable to unauthorized modifica ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12354 (The Live CSS Preview plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12196 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI c ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-12195 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI c ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-12191 (The PDF Catalog for WooCommerce plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12190 (The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12189 (The Bread & Butter: Gate content + Capture leads + Collect first-party ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12186 (The Weekly Planner plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12181 (The ContentStudio plugin for WordPress is vulnerable to arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12165 (The Webcake \u2013 Landing Page Builder plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12163 (The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12154 (The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12153 (The Featured Image via URL plugin for WordPress is vulnerable to arbit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12133 (The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12130 (The WC Vendors \u2013 WooCommerce Multivendor, WooCommerce Marketplace ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12128 (The Hide Categories Or Products On Shop Page plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12124 (The FitVids for WordPress plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12093 (The Voidek Employee Portal plugin for WordPress is vulnerable to unaut ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12026 (An Out-of-bounds Write vulnerability in WatchGuard Fireware OS\u2019s ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-11838 (A memory corruption vulnerability in WatchGuard Fireware OS may allow ...)
- TODO: check
+ NOT-FOR-US: WatchGuard
CVE-2025-11759 (The Backup, Restore and Migrate your sites with XCloner plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10285 (The web interface of the Silicon Labs Simplicity Device Manager is exp ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2025-10055 (The Time Sheets plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-58278 (perl2exe <= V30.10C contains an arbitrary code execution vulnerability ...)
TODO: check
CVE-2024-58277 (R Radio Network FM Transmitter 1.07 allows unauthenticated attackers t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/961d8363c0843303d84d1a3d5713cbdc9e35dfe9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/961d8363c0843303d84d1a3d5713cbdc9e35dfe9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251205/31851e47/attachment.htm>
More information about the debian-security-tracker-commits
mailing list