[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 6 08:12:59 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
438fc3ee by security tracker role at 2025-12-06T08:12:50+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,89 @@
+CVE-2025-8148 (An Improper Access Control in the SFTP service in Fortra's GoAnywhere  ...)
+	TODO: check
+CVE-2025-66629 (HedgeDoc is an open source, real-time, collaborative, markdown notes a ...)
+	TODO: check
+CVE-2025-34291 (Langflow versions up to and including 1.6.9 contain a chained vulnerab ...)
+	TODO: check
+CVE-2025-14117 (A vulnerability has been found in fit2cloud Halo 2.21.10. Impacted is  ...)
+	TODO: check
+CVE-2025-14116 (A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vu ...)
+	TODO: check
+CVE-2025-14111 (A security vulnerability has been detected in Rarlab RAR App up to 7.1 ...)
+	TODO: check
+CVE-2025-14108 (A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Af ...)
+	TODO: check
+CVE-2025-14107 (A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.021005 ...)
+	TODO: check
+CVE-2025-14106 (A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Af ...)
+	TODO: check
+CVE-2025-14105 (A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47 ...)
+	TODO: check
+CVE-2025-13922 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with Open ...)
+	TODO: check
+CVE-2025-13907 (The CSS3 Buttons plugin for WordPress is vulnerable to Stored Cross-Si ...)
+	TODO: check
+CVE-2025-13899 (The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2025-13898 (The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2025-13896 (The Social Feed Gallery Portfolio plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2025-13894 (The CSV Sumotto plugin for WordPress is vulnerable to Reflected Cross- ...)
+	TODO: check
+CVE-2025-13863 (The RevInsite plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2025-13857 (The Yet Another WebClap for WordPress plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-13856 (The Extra Post Images plugin for WordPress is vulnerable to Stored Cro ...)
+	TODO: check
+CVE-2025-13748 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Co ...)
+	TODO: check
+CVE-2025-13666 (The Helloprint plugin for WordPress is vulnerable to Missing Authoriza ...)
+	TODO: check
+CVE-2025-13656 (The Cute News Ticker plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2025-13629 (The WP Landing Page plugin for WordPress is vulnerable to Cross-Site R ...)
+	TODO: check
+CVE-2025-13626 (The myLCO plugin for WordPress is vulnerable to Reflected Cross-Site S ...)
+	TODO: check
+CVE-2025-13426 (A vulnerability exists in Google  Apigee's JavaCallout policy https:// ...)
+	TODO: check
+CVE-2025-13377 (The 10Web Booster \u2013 Website speed optimization, Cache & Page Spee ...)
+	TODO: check
+CVE-2025-13358 (The Accessiy By CodeConfig Accessibility plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2025-13309 (The Accessiy By CodeConfig Accessibility \u2013 Easy One-Click Accessi ...)
+	TODO: check
+CVE-2025-13308 (The Application Passwords plugin for WordPress is vulnerable to Reflec ...)
+	TODO: check
+CVE-2025-13292 (A vulnerability in Apigee-X allowed an attacker to gain unauthorized r ...)
+	TODO: check
+CVE-2025-13137 (The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for ...)
+	TODO: check
+CVE-2025-12721 (The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Info ...)
+	TODO: check
+CVE-2025-12720 (The g-FFL Cockpit plugin for WordPress is vulnerable to unauthorized m ...)
+	TODO: check
+CVE-2025-12717 (The List Attachments Shortcode plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-12715 (The Canadian Nutrition Facts Label plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2025-12673 (The Flex QR Code Generator plugin for WordPress is vulnerable to arbit ...)
+	TODO: check
+CVE-2025-12577 (The Listar \u2013 Directory Listing & Classifieds WordPress Plugin plu ...)
+	TODO: check
+CVE-2025-12574 (The Listar \u2013 Directory Listing & Classifieds WordPress Plugin plu ...)
+	TODO: check
+CVE-2025-12510 (The Widgets for Google Reviews plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-12505 (The weDocs plugin for WordPress is vulnerable to unauthorized access i ...)
+	TODO: check
+CVE-2025-12499 (The Rich Shortcodes for Google Reviews plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-12091 (The Search, Filters & Merchandising for WooCommerce plugin for WordPre ...)
+	TODO: check
+CVE-2025-11263 (The Link Whisper Free plugin for WordPress is vulnerable to Reflected  ...)
+	TODO: check
 CVE-2025-6966 (NULL pointer dereference in TagSection.keys() in python-apt on APT-bas ...)
 	- python-apt <unfixed>
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865
@@ -1019,7 +1105,8 @@ CVE-2024-32641 (Masa CMS is an open source Enterprise Content Management platfor
 	NOT-FOR-US: Masa CMS
 CVE-2025-12548
 	NOT-FOR-US: Eclipse Che
-CVE-2025-65955 (ImageMagick is free and open-source software used for editing and mani ...)
+CVE-2025-65955
+	REJECTED
 	- imagemagick <unfixed> (bug #1121845)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
 	NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8 (7.0.1-0)
@@ -1097,7 +1184,7 @@ CVE-2025-65877 (Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed61
 	NOT-FOR-US: Lvzhou CMS
 CVE-2025-65858 (A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6. ...)
 	- calibre-web <itp> (bug #982690)
-CVE-2025-65844 (EverShop 2.0.1 allows an unauthenticated user to upload files and crea ...)
+CVE-2025-65844 (EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbi ...)
 	NOT-FOR-US: EverShop
 CVE-2025-65656 (dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in a ...)
 	NOT-FOR-US: dcat-admin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438fc3ee72870df3b792932d7144d52b7ee9e460

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/438fc3ee72870df3b792932d7144d52b7ee9e460
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251206/b7a9dcbf/attachment.htm>

More information about the debian-security-tracker-commits mailing list