[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 9 20:13:13 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d574bdac by security tracker role at 2025-12-09T20:13:01+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,58 +1,846 @@
-CVE-2025-14333
+CVE-2025-9638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-9614 (An issue was discovered in the PCI Express (PCIe) Integrity and Data E ...)
+ TODO: check
+CVE-2025-9613 (A vulnerability was discovered in the PCI Express (PCIe) Integrity and ...)
+ TODO: check
+CVE-2025-9612 (An issue was discovered in the PCI Express (PCIe) Integrity and Data E ...)
+ TODO: check
+CVE-2025-9368 (A security issue exists within 432ES-IG3 Series A, which affects Guard ...)
+ TODO: check
+CVE-2025-6924 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-6923 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-67599 (Missing Authorization vulnerability in WebToffee WebToffee eCommerce M ...)
+ TODO: check
+CVE-2025-67598 (Cross-Site Request Forgery (CSRF) vulnerability in PSM Plugins Support ...)
+ TODO: check
+CVE-2025-67597 (Missing Authorization vulnerability in Shahjahan Jewel Fluent Booking ...)
+ TODO: check
+CVE-2025-67596 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Team Bus ...)
+ TODO: check
+CVE-2025-67595 (Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Quiz Maker ...)
+ TODO: check
+CVE-2025-67594 (Authorization Bypass Through User-Controlled Key vulnerability in Thim ...)
+ TODO: check
+CVE-2025-67593 (Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP use ...)
+ TODO: check
+CVE-2025-67592 (Missing Authorization vulnerability in Joe Dolson My Calendar my-calen ...)
+ TODO: check
+CVE-2025-67591 (Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Payw ...)
+ TODO: check
+CVE-2025-67590 (Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate ...)
+ TODO: check
+CVE-2025-67589 (Missing Authorization vulnerability in WP Overnight WooCommerce PDF In ...)
+ TODO: check
+CVE-2025-67588 (Missing Authorization vulnerability in Elementor Elementor Website Bui ...)
+ TODO: check
+CVE-2025-67587 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
+ TODO: check
+CVE-2025-67586 (Missing Authorization vulnerability in Ronald Huereca Highlight and Sh ...)
+ TODO: check
+CVE-2025-67585 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in f ...)
+ TODO: check
+CVE-2025-67584 (Missing Authorization vulnerability in rtCamp GoDAM godam allows Explo ...)
+ TODO: check
+CVE-2025-67583 (Missing Authorization vulnerability in ThemeAtelier IDonate idonate al ...)
+ TODO: check
+CVE-2025-67582 (Missing Authorization vulnerability in wbcomdesigns Wbcom Designs lock ...)
+ TODO: check
+CVE-2025-67581 (Missing Authorization vulnerability in themetechmount TrueBooker trueb ...)
+ TODO: check
+CVE-2025-67580 (Missing Authorization vulnerability in Constant Contact Constant Conta ...)
+ TODO: check
+CVE-2025-67579 (Missing Authorization vulnerability in vanquish User Extra Fields wp-u ...)
+ TODO: check
+CVE-2025-67578 (Missing Authorization vulnerability in Rhys Wynne WP Email Capture wp- ...)
+ TODO: check
+CVE-2025-67577 (Missing Authorization vulnerability in hassantafreshi Easy Form Builde ...)
+ TODO: check
+CVE-2025-67576 (Missing Authorization vulnerability in QuantumCloud Simple Link Direct ...)
+ TODO: check
+CVE-2025-67575 (Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP ...)
+ TODO: check
+CVE-2025-67574 (Missing Authorization vulnerability in wpdevart Booking calendar, Appo ...)
+ TODO: check
+CVE-2025-67573 (Missing Authorization vulnerability in ThimPress Sailing sailing allow ...)
+ TODO: check
+CVE-2025-67572 (Missing Authorization vulnerability in PenciDesign PenNews pennews all ...)
+ TODO: check
+CVE-2025-67571 (Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels a ...)
+ TODO: check
+CVE-2025-67570 (Missing Authorization vulnerability in GSheetConnector by WesternDeal ...)
+ TODO: check
+CVE-2025-67569 (Missing Authorization vulnerability in scriptsbundle AdForest adforest ...)
+ TODO: check
+CVE-2025-67568 (Missing Authorization vulnerability in xtemos Basel basel allows Explo ...)
+ TODO: check
+CVE-2025-67567 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-67566 (Missing Authorization vulnerability in WofficeIO Woffice Core woffice- ...)
+ TODO: check
+CVE-2025-67565 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-67564 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-67563 (Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp ...)
+ TODO: check
+CVE-2025-67562 (Missing Authorization vulnerability in WebCodingPlace Image Caption Ho ...)
+ TODO: check
+CVE-2025-67561 (Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewe ...)
+ TODO: check
+CVE-2025-67560 (Missing Authorization vulnerability in Webilia Inc. Listdom listdom al ...)
+ TODO: check
+CVE-2025-67559 (Missing Authorization vulnerability in vcita Online Booking & Scheduli ...)
+ TODO: check
+CVE-2025-67558 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67555 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67553 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67552 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67551 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67550 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67549 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67548 (Missing Authorization vulnerability in WP Delicious WP Delicious delic ...)
+ TODO: check
+CVE-2025-67545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67543 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67542 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67540 (Missing Authorization vulnerability in Wealcoder Animation Addons for ...)
+ TODO: check
+CVE-2025-67539 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67538 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67537 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67535 (Deserialization of Untrusted Data vulnerability in WePlugins - WordPre ...)
+ TODO: check
+CVE-2025-67534 (Cross-Site Request Forgery (CSRF) vulnerability in Jacques Malgrange R ...)
+ TODO: check
+CVE-2025-67533 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-67532 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67531 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67530 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67529 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67528 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67527 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67526 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67525 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67524 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67523 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67522 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67521 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67520 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-67519 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-67518 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-67517 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-67516 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-67515 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-67474 (Missing Authorization vulnerability in Ultimate Member ForumWP forumwp ...)
+ TODO: check
+CVE-2025-67473 (Cross-Site Request Forgery (CSRF) vulnerability in codeworkweb CWW Com ...)
+ TODO: check
+CVE-2025-67472 (Cross-Site Request Forgery (CSRF) vulnerability in vcita Online Bookin ...)
+ TODO: check
+CVE-2025-67471 (Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Quick Co ...)
+ TODO: check
+CVE-2025-67470 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-67469 (Cross-Site Request Forgery (CSRF) vulnerability in kubiq PDF Thumbnail ...)
+ TODO: check
+CVE-2025-67468 (Missing Authorization vulnerability in CRM Perks Integration for Sales ...)
+ TODO: check
+CVE-2025-67467 (Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP gi ...)
+ TODO: check
+CVE-2025-67466 (Missing Authorization vulnerability in sergiotrinity Trinity Audio tri ...)
+ TODO: check
+CVE-2025-67465 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple ...)
+ TODO: check
+CVE-2025-66534 (Missing Authorization vulnerability in Elated-Themes The Aisle theaisl ...)
+ TODO: check
+CVE-2025-66533 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-66532 (Missing Authorization vulnerability in Mikado-Themes Powerlift powerli ...)
+ TODO: check
+CVE-2025-66531 (Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salo ...)
+ TODO: check
+CVE-2025-66530 (Missing Authorization vulnerability in Webba Appointment Booking Webba ...)
+ TODO: check
+CVE-2025-66529 (Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify ch ...)
+ TODO: check
+CVE-2025-66528 (Missing Authorization vulnerability in VillaTheme Thank You Page Custo ...)
+ TODO: check
+CVE-2025-66527 (Missing Authorization vulnerability in VanKarWai Lobo lobo allows Expl ...)
+ TODO: check
+CVE-2025-66526 (Missing Authorization vulnerability in Essekia Tablesome tablesome all ...)
+ TODO: check
+CVE-2025-66525 (Missing Authorization vulnerability in Elastic Email Elastic Email Sen ...)
+ TODO: check
+CVE-2025-66456 (Elysia is a Typescript framework for request validation, type inferenc ...)
+ TODO: check
+CVE-2025-66271 (Clone for Windows provided by ELECOM CO.,LTD. registers a Windows serv ...)
+ TODO: check
+CVE-2025-66214 (Ladybug adds message-based debugging, unit, system, and regression tes ...)
+ TODO: check
+CVE-2025-65882 (An issue was discovered in openmptcprouter thru 0.64 in file common/pa ...)
+ TODO: check
+CVE-2025-65741 (Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib In ...)
+ TODO: check
+CVE-2025-65594 (OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Stu ...)
+ TODO: check
+CVE-2025-65573 (Cross Site Request Forgery (CSRF) vulnerability in AllskyTeam AllSky v ...)
+ TODO: check
+CVE-2025-65572 (Cross Site Scripting (XSS) vulnerability in AllskyTeam AllSky v2024.12 ...)
+ TODO: check
+CVE-2025-65300 (A stored Cross-Site Scripting (XSS) vulnerability exists in the Coohom ...)
+ TODO: check
+CVE-2025-65289 (A stored Cross site scripting (XSS) vulnerability in the Mercury MR816 ...)
+ TODO: check
+CVE-2025-65288 (A buffer overflow in the Mercury MR816v2 (081C3114 4.8.7 Build 110427 ...)
+ TODO: check
+CVE-2025-65287 (An unauthenticated directory traversal vulnerability in cgi-bin/upload ...)
+ TODO: check
+CVE-2025-64894 (DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow ...)
+ TODO: check
+CVE-2025-64893 (DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Re ...)
+ TODO: check
+CVE-2025-64784 (DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer ...)
+ TODO: check
+CVE-2025-64783 (DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow ...)
+ TODO: check
+CVE-2025-64696 (Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improper ...)
+ TODO: check
+CVE-2025-64680 (Heap-based buffer overflow in Windows DWM Core Library allows an autho ...)
+ TODO: check
+CVE-2025-64679 (Heap-based buffer overflow in Windows DWM Core Library allows an autho ...)
+ TODO: check
+CVE-2025-64678 (Heap-based buffer overflow in Windows Routing and Remote Access Servic ...)
+ TODO: check
+CVE-2025-64673 (Improper access control in Storvsp.sys Driver allows an authorized att ...)
+ TODO: check
+CVE-2025-64672 (Improper neutralization of input during web page generation ('cross-si ...)
+ TODO: check
+CVE-2025-64671 (Improper neutralization of special elements used in a command ('comman ...)
+ TODO: check
+CVE-2025-64670 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
+ TODO: check
+CVE-2025-64667 (User interface (ui) misrepresentation of critical information in Micro ...)
+ TODO: check
+CVE-2025-64666 (Improper input validation in Microsoft Exchange Server allows an autho ...)
+ TODO: check
+CVE-2025-64661 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-64658 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-64471 (A use of password hash instead of password for authentication vulnerab ...)
+ TODO: check
+CVE-2025-64447 (A reliance on cookies without validation and integrity checking vulner ...)
+ TODO: check
+CVE-2025-64257 (Missing Authorization vulnerability in Joe Dolson My Tickets my-ticket ...)
+ TODO: check
+CVE-2025-64256 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple ...)
+ TODO: check
+CVE-2025-64255 (Missing Authorization vulnerability in Bowo Admin and Site Enhancement ...)
+ TODO: check
+CVE-2025-64254 (Missing Authorization vulnerability in Ronald Huereca Photo Block phot ...)
+ TODO: check
+CVE-2025-64156 (An improper neutralization of special elements used in an sql command ...)
+ TODO: check
+CVE-2025-64153 (A improper neutralization of special elements used in an os command (' ...)
+ TODO: check
+CVE-2025-64113 (Emby Server is a user-installable home media server. Versions below 4. ...)
+ TODO: check
+CVE-2025-64086 (A NULL pointer dereference vulnerability in the util.readFileIntoStrea ...)
+ TODO: check
+CVE-2025-64085 (A NULL pointer dereference vulnerability in the importDataObject() fun ...)
+ TODO: check
+CVE-2025-63742 (SQL Injection vulnerability in function setwxqyAction in file webmain/ ...)
+ TODO: check
+CVE-2025-63740 (SQL Injection vulnerability in function getselectdataAjax in file inpu ...)
+ TODO: check
+CVE-2025-63739 (An issue was discovered in function phpinisaveAction in file webmain/s ...)
+ TODO: check
+CVE-2025-63738 (An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7 ...)
+ TODO: check
+CVE-2025-63737 (Cross-site scripting (XSS) vulnerability in function urltestAction in ...)
+ TODO: check
+CVE-2025-63077 (Missing Authorization vulnerability in HappyMonster Happy Addons for E ...)
+ TODO: check
+CVE-2025-63076 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-63075 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63074 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-63073 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63072 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63071 (Insertion of Sensitive Information Into Sent Data vulnerability in ave ...)
+ TODO: check
+CVE-2025-63070 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-63069 (Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-se ...)
+ TODO: check
+CVE-2025-63068 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-63067 (Missing Authorization vulnerability in p-themes Porto Theme - Function ...)
+ TODO: check
+CVE-2025-63066 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63065 (Authorization Bypass Through User-Controlled Key vulnerability in Davi ...)
+ TODO: check
+CVE-2025-63064 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63063 (Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica w ...)
+ TODO: check
+CVE-2025-63062 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-63061 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63060 (Cross-Site Request Forgery (CSRF) vulnerability in hogash Kallyas kall ...)
+ TODO: check
+CVE-2025-63059 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63058 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-63057 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63056 (Missing Authorization vulnerability in bestwebsoft Contact Form by Bes ...)
+ TODO: check
+CVE-2025-63055 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63054 (Missing Authorization vulnerability in ExpressTech Systems Quiz And Su ...)
+ TODO: check
+CVE-2025-63052 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63050 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63049 (Missing Authorization vulnerability in CridioStudio ListingPro Lead Fo ...)
+ TODO: check
+CVE-2025-63048 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63047 (Missing Authorization vulnerability in CridioStudio ListingPro listing ...)
+ TODO: check
+CVE-2025-63046 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63045 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63044 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63042 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63037 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63036 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-63035 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63034 (Missing Authorization vulnerability in Steve Truman Page View Count pa ...)
+ TODO: check
+CVE-2025-63033 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63030 (Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User ...)
+ TODO: check
+CVE-2025-63028 (Missing Authorization vulnerability in shinetheme Traveler traveler al ...)
+ TODO: check
+CVE-2025-63025 (Missing Authorization vulnerability in Xagio SEO Xagio SEO xagio-seo a ...)
+ TODO: check
+CVE-2025-63024 (Missing Authorization vulnerability in tychesoftwares Order Delivery D ...)
+ TODO: check
+CVE-2025-63023 (Missing Authorization vulnerability in Easy Payment Payment Gateway fo ...)
+ TODO: check
+CVE-2025-63015 (Missing Authorization vulnerability in paysera WooCommerce Payment Gat ...)
+ TODO: check
+CVE-2025-63013 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-63012 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel ...)
+ TODO: check
+CVE-2025-63011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-63010 (Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercu ...)
+ TODO: check
+CVE-2025-63009 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-63008 (Missing Authorization vulnerability in weDevs WP ERP erp allows Exploi ...)
+ TODO: check
+CVE-2025-63007 (Insertion of Sensitive Information Into Sent Data vulnerability in Met ...)
+ TODO: check
+CVE-2025-63006 (Missing Authorization vulnerability in Metagauss EventPrime eventprime ...)
+ TODO: check
+CVE-2025-63003 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-62999 (Missing Authorization vulnerability in themezaa Litho Addons litho-add ...)
+ TODO: check
+CVE-2025-62997 (Insertion of Sensitive Information Into Sent Data vulnerability in lev ...)
+ TODO: check
+CVE-2025-62996 (Missing Authorization vulnerability in Code Amp Custom Layouts \u2013 ...)
+ TODO: check
+CVE-2025-62995 (Missing Authorization vulnerability in multiparcels MultiParcels Shipp ...)
+ TODO: check
+CVE-2025-62994 (Insertion of Sensitive Information Into Sent Data vulnerability in WP ...)
+ TODO: check
+CVE-2025-62993 (Missing Authorization vulnerability in rainafarai Notification for Tel ...)
+ TODO: check
+CVE-2025-62873 (Cross-Site Request Forgery (CSRF) vulnerability in Flashyapp WP Flashy ...)
+ TODO: check
+CVE-2025-62872 (Cross-Site Request Forgery (CSRF) vulnerability in JK Social Photo Fet ...)
+ TODO: check
+CVE-2025-62871 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / J ...)
+ TODO: check
+CVE-2025-62870 (Missing Authorization vulnerability in Eupago Eupago Gateway For Wooco ...)
+ TODO: check
+CVE-2025-62869 (Missing Authorization vulnerability in Gravitec.net - Web Push Notific ...)
+ TODO: check
+CVE-2025-62867 (Missing Authorization vulnerability in ergonet Ergonet Cache ergonet-v ...)
+ TODO: check
+CVE-2025-62866 (Cross-Site Request Forgery (CSRF) vulnerability in Valerio Monti Auto ...)
+ TODO: check
+CVE-2025-62865 (Missing Authorization vulnerability in Evan Herman Post Cloner post-cl ...)
+ TODO: check
+CVE-2025-62762 (Cross-Site Request Forgery (CSRF) vulnerability in photoboxone SMTP Ma ...)
+ TODO: check
+CVE-2025-62740 (Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-c ...)
+ TODO: check
+CVE-2025-62739 (Cross-Site Request Forgery (CSRF) vulnerability in SaifuMak Add Custom ...)
+ TODO: check
+CVE-2025-62738 (Missing Authorization vulnerability in mmattax Formstack Online Forms ...)
+ TODO: check
+CVE-2025-62737 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-62736 (Missing Authorization vulnerability in opicron Image Cleanup image-cle ...)
+ TODO: check
+CVE-2025-62735 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-62734 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Revellin-Cl ...)
+ TODO: check
+CVE-2025-62733 (Cross-Site Request Forgery (CSRF) vulnerability in ProteusThemes Custo ...)
+ TODO: check
+CVE-2025-62631 (An insufficient session expiration vulnerability [CWE-613] in Fortinet ...)
+ TODO: check
+CVE-2025-62573 (Use after free in Windows DirectX allows an authorized attacker to ele ...)
+ TODO: check
+CVE-2025-62572 (Out-of-bounds read in Application Information Services allows an autho ...)
+ TODO: check
+CVE-2025-62571 (Improper input validation in Windows Installer allows an authorized at ...)
+ TODO: check
+CVE-2025-62570 (Improper access control in Windows Camera Frame Server Monitor allows ...)
+ TODO: check
+CVE-2025-62569 (Use after free in Microsoft Brokering File System allows an authorized ...)
+ TODO: check
+CVE-2025-62567 (Integer underflow (wrap or wraparound) in Windows Hyper-V allows an au ...)
+ TODO: check
+CVE-2025-62565 (Use after free in Windows Shell allows an authorized attacker to eleva ...)
+ TODO: check
+CVE-2025-62564 (Out-of-bounds read in Microsoft Office Excel allows an unauthorized at ...)
+ TODO: check
+CVE-2025-62563 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-62562 (Use after free in Microsoft Office Outlook allows an unauthorized atta ...)
+ TODO: check
+CVE-2025-62561 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
+ TODO: check
+CVE-2025-62560 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
+ TODO: check
+CVE-2025-62559 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-62558 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-62557 (Use after free in Microsoft Office allows an unauthorized attacker to ...)
+ TODO: check
+CVE-2025-62556 (Untrusted pointer dereference in Microsoft Office Excel allows an unau ...)
+ TODO: check
+CVE-2025-62555 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
+ TODO: check
+CVE-2025-62554 (Access of resource using incompatible type ('type confusion') in Micro ...)
+ TODO: check
+CVE-2025-62553 (Use after free in Microsoft Office Excel allows an unauthorized attack ...)
+ TODO: check
+CVE-2025-62552 (Relative path traversal in Microsoft Office Access allows an unauthori ...)
+ TODO: check
+CVE-2025-62550 (Out-of-bounds write in Azure Monitor Agent allows an authorized attack ...)
+ TODO: check
+CVE-2025-62549 (Untrusted pointer dereference in Windows Routing and Remote Access Ser ...)
+ TODO: check
+CVE-2025-62474 (Improper access control in Windows Remote Access Connection Manager al ...)
+ TODO: check
+CVE-2025-62473 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
+ TODO: check
+CVE-2025-62472 (Use of uninitialized resource in Windows Remote Access Connection Mana ...)
+ TODO: check
+CVE-2025-62470 (Heap-based buffer overflow in Windows Common Log File System Driver al ...)
+ TODO: check
+CVE-2025-62469 (Concurrent execution using shared resource with improper synchronizati ...)
+ TODO: check
+CVE-2025-62468 (Out-of-bounds read in Windows Defender Firewall Service allows an auth ...)
+ TODO: check
+CVE-2025-62467 (Integer overflow or wraparound in Windows Projected File System allows ...)
+ TODO: check
+CVE-2025-62466 (Null pointer dereference in Windows Client-Side Caching (CSC) Service ...)
+ TODO: check
+CVE-2025-62465 (Null pointer dereference in Windows DirectX allows an authorized attac ...)
+ TODO: check
+CVE-2025-62464 (Buffer over-read in Windows Projected File System allows an authorized ...)
+ TODO: check
+CVE-2025-62463 (Null pointer dereference in Windows DirectX allows an authorized attac ...)
+ TODO: check
+CVE-2025-62462 (Buffer over-read in Windows Projected File System allows an authorized ...)
+ TODO: check
+CVE-2025-62461 (Buffer over-read in Windows Projected File System Filter Driver allows ...)
+ TODO: check
+CVE-2025-62458 (Heap-based buffer overflow in Windows Win32K - GRFX allows an authoriz ...)
+ TODO: check
+CVE-2025-62457 (Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an ...)
+ TODO: check
+CVE-2025-62456 (Heap-based buffer overflow in Windows Resilient File System (ReFS) all ...)
+ TODO: check
+CVE-2025-62455 (Improper input validation in Windows Message Queuing allows an authori ...)
+ TODO: check
+CVE-2025-62454 (Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver a ...)
+ TODO: check
+CVE-2025-62221 (Use after free in Windows Cloud Files Mini Filter Driver allows an aut ...)
+ TODO: check
+CVE-2025-62153 (Missing Authorization vulnerability in Graham Quick Interest Slider qu ...)
+ TODO: check
+CVE-2025-62152 (Missing Authorization vulnerability in ConveyThis ConveyThis conveythi ...)
+ TODO: check
+CVE-2025-62151 (Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / P ...)
+ TODO: check
+CVE-2025-62109 (Insertion of Sensitive Information Into Sent Data vulnerability in INF ...)
+ TODO: check
+CVE-2025-62103 (Cross-Site Request Forgery (CSRF) vulnerability in wpmediadownload Med ...)
+ TODO: check
+CVE-2025-62102 (Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollo ...)
+ TODO: check
+CVE-2025-62100 (Missing Authorization vulnerability in themerain ThemeRain Core themer ...)
+ TODO: check
+CVE-2025-62093 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-62090 (Missing Authorization vulnerability in Jegstudio Gutenverse News \u201 ...)
+ TODO: check
+CVE-2025-62086 (Missing Authorization vulnerability in akazanstev \u042f\u043d\u0434\u ...)
+ TODO: check
+CVE-2025-62085 (Missing Authorization vulnerability in berthaai BERTHA AI bertha-ai-fr ...)
+ TODO: check
+CVE-2025-62082 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-61258 (An issue was discovered in Outsystems Platform Server 11.18.1.37828 al ...)
+ TODO: check
+CVE-2025-61078 (Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM ...)
+ TODO: check
+CVE-2025-61075 (Multiple Incorrect Access Control vulnerabilities in adata Software Gm ...)
+ TODO: check
+CVE-2025-61074 (A stored Cross Site Scripting (XSS) vulnherability in the bulletin boa ...)
+ TODO: check
+CVE-2025-60024 (Multiple Improper Limitations of a Pathname to a Restricted Directory ...)
+ TODO: check
+CVE-2025-5471 (Uncontrolled Search Path Element vulnerability in Yandex Telemost on M ...)
+ TODO: check
+CVE-2025-5470 (Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS ...)
+ TODO: check
+CVE-2025-5469 (Uncontrolled Search Path Element vulnerability in Yandex Messenger on ...)
+ TODO: check
+CVE-2025-59923 (An improper access control vulnerability in Fortinet FortiAuthenticato ...)
+ TODO: check
+CVE-2025-59810 (An improper access control vulnerability in Fortinet FortiSOAR PaaS 7. ...)
+ TODO: check
+CVE-2025-59808 (An unverified password change vulnerability [CWE-620] vulnerability in ...)
+ TODO: check
+CVE-2025-59719 (An improper verification of cryptographic signature vulnerability in F ...)
+ TODO: check
+CVE-2025-59718 (A improper verification of cryptographic signature vulnerability in Fo ...)
+ TODO: check
+CVE-2025-59517 (Improper access control in Windows Storage VSP Driver allows an author ...)
+ TODO: check
+CVE-2025-59516 (Missing authentication for critical function in Windows Storage VSP Dr ...)
+ TODO: check
+CVE-2025-59132 (Cross-Site Request Forgery (CSRF) vulnerability in Badi Jones Duplicat ...)
+ TODO: check
+CVE-2025-57823 (A direct request ('forced browsing') vulnerability in Fortinet FortiAu ...)
+ TODO: check
+CVE-2025-56704 (LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerabilit ...)
+ TODO: check
+CVE-2025-55233 (Out-of-bounds read in Windows Projected File System allows an authoriz ...)
+ TODO: check
+CVE-2025-54838 (An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4. ...)
+ TODO: check
+CVE-2025-54353 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
+ TODO: check
+CVE-2025-54100 (Improper neutralization of special elements used in a command ('comman ...)
+ TODO: check
+CVE-2025-53949 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
+ TODO: check
+CVE-2025-53679 (An improper neutralization of special elements used in an OS command ( ...)
+ TODO: check
+CVE-2025-49351 (Cross-Site Request Forgery (CSRF) vulnerability in Valentin Agachi Cre ...)
+ TODO: check
+CVE-2025-49350 (Missing Authorization vulnerability in marcoingraiti Actionwear produc ...)
+ TODO: check
+CVE-2025-49348 (Missing Authorization vulnerability in Hype Hype pico allows Exploitin ...)
+ TODO: check
+CVE-2025-49347 (Cross-Site Request Forgery (CSRF) vulnerability in Jupitercow WP sIFR ...)
+ TODO: check
+CVE-2025-49341 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Furr PDF Creat ...)
+ TODO: check
+CVE-2025-46637 (Dell Encryption, versions prior to 11.12.1, contain an Improper Link R ...)
+ TODO: check
+CVE-2025-46636 (Dell Encryption, versions prior to 11.12.1, contain an Improper Link R ...)
+ TODO: check
+CVE-2025-41752 (An XSS vulnerability in pxc_portSfp.php can be used by an unauthentica ...)
+ TODO: check
+CVE-2025-41751 (An XSS vulnerability in pxc_portCntr.php can be used by an unauthentic ...)
+ TODO: check
+CVE-2025-41750 (An XSS vulnerability in pxc_PortCfg.php can be used by an unauthentica ...)
+ TODO: check
+CVE-2025-41749 (An XSS vulnerability in port_util.php can be used by an unauthenticate ...)
+ TODO: check
+CVE-2025-41748 (An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthentic ...)
+ TODO: check
+CVE-2025-41747 (An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthen ...)
+ TODO: check
+CVE-2025-41746 (An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthent ...)
+ TODO: check
+CVE-2025-41745 (An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenti ...)
+ TODO: check
+CVE-2025-41697 (An attacker can use an undocumented UART port on the PCB as a side-cha ...)
+ TODO: check
+CVE-2025-41696 (An attacker can use an undocumented UART port on the PCB as a side-cha ...)
+ TODO: check
+CVE-2025-41695 (An XSS vulnerability in dyn_conn.php can be used by an unauthenticated ...)
+ TODO: check
+CVE-2025-41694 (A low privileged remote attacker can run the webshell with an empty co ...)
+ TODO: check
+CVE-2025-41693 (A low privileged remote attacker can use the ssh feature to execute co ...)
+ TODO: check
+CVE-2025-41692 (A high privileged remote attacker with admin privileges for the webUI ...)
+ TODO: check
+CVE-2025-40941 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2025-40940 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2025-40939 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2025-40938 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2025-40937 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...)
+ TODO: check
+CVE-2025-40935 (A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All ver ...)
+ TODO: check
+CVE-2025-40831 (A vulnerability has been identified in SINEC Security Monitor (All ver ...)
+ TODO: check
+CVE-2025-40830 (A vulnerability has been identified in SINEC Security Monitor (All ver ...)
+ TODO: check
+CVE-2025-40820 (Affected products do not properly enforce TCP sequence number validati ...)
+ TODO: check
+CVE-2025-40819 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2025-40818 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...)
+ TODO: check
+CVE-2025-40807 (A vulnerability has been identified in Gridscale X Prepay (All version ...)
+ TODO: check
+CVE-2025-40806 (A vulnerability has been identified in Gridscale X Prepay (All version ...)
+ TODO: check
+CVE-2025-40801 (A vulnerability has been identified in COMOS V10.6 (All versions), COM ...)
+ TODO: check
+CVE-2025-40800 (A vulnerability has been identified in COMOS V10.6 (All versions), COM ...)
+ TODO: check
+CVE-2025-34414 (Entrust Instant Financial Issuance (IFI) On Premise software (formerly ...)
+ TODO: check
+CVE-2025-34413 (Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism f ...)
+ TODO: check
+CVE-2025-34409 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34408 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34407 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34406 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34404 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34403 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34402 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34401 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34400 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34399 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34398 (MailEnable versions prior to 10.54 containa reflected cross-site scrip ...)
+ TODO: check
+CVE-2025-34397 (MailEnable versions prior to 10.54 contain a reflected cross-site scri ...)
+ TODO: check
+CVE-2025-34396 (MailEnable versions prior to 10.54 contain an unsafe DLL loading vulne ...)
+ TODO: check
+CVE-2025-33214 (NVIDIA NVTabular for Linux contains a vulnerability in the Workflow co ...)
+ TODO: check
+CVE-2025-33213 (NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in t ...)
+ TODO: check
+CVE-2025-2296 (EDK2 contains a vulnerability in BIOS where an attacker may cause \u20 ...)
+ TODO: check
+CVE-2025-14345 (A post-authenticationflaw in the network two-phase commit protocol use ...)
+ TODO: check
+CVE-2025-14337 (A vulnerability was determined in itsourcecode Student Management Syst ...)
+ TODO: check
+CVE-2025-14336 (A vulnerability was found in itsourcecode Student Management System 1. ...)
+ TODO: check
+CVE-2025-14335 (A vulnerability has been found in itsourcecode Student Management Syst ...)
+ TODO: check
+CVE-2025-14334 (A flaw has been found in itsourcecode Student Management System 1.0. A ...)
+ TODO: check
+CVE-2025-13924 (The Advanced Product Fields (Product Addons) for WooCommerce plugin fo ...)
+ TODO: check
+CVE-2025-13662 (Improper verification of cryptographic signatures in the patch managem ...)
+ TODO: check
+CVE-2025-13661 (Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR ...)
+ TODO: check
+CVE-2025-13659 (Improper control of dynamically managed code resources in Ivanti Endpo ...)
+ TODO: check
+CVE-2025-13642 (The Paid Membership Plugin, Ecommerce, User Registration Form, Login F ...)
+ TODO: check
+CVE-2025-12946 (A vulnerability in the speedtest feature of affected NETGEAR Nighthawk ...)
+ TODO: check
+CVE-2025-12945 (A vulnerability in NETGEAR Nighthawk R7000P routers lets an authentica ...)
+ TODO: check
+CVE-2025-12941 (Denial of Service Vulnerability in NETGEARC6220andC6230(DOCSIS\xae 3.0 ...)
+ TODO: check
+CVE-2025-12807 (A security issue was discovered in DataMosaix Private Cloud, allowing ...)
+ TODO: check
+CVE-2025-12705 (The Social Reviews & Recommendations plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-12558 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress ...)
+ TODO: check
+CVE-2025-12504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-12381 (Improper Privilege Management vulnerability in AlgoSec Firewall Analyz ...)
+ TODO: check
+CVE-2025-11531 (HP System Event Utility and Omen Gaming Hub might allow execution of ...)
+ TODO: check
+CVE-2025-11022 (Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Pa ...)
+ TODO: check
+CVE-2025-10876 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-10655 (SQL Injection in Frappe HelpDesk in the dashboard get_dashboard_data d ...)
+ TODO: check
+CVE-2025-10573 (Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 al ...)
+ TODO: check
+CVE-2024-56840 (A vulnerability has been identified in RUGGEDCOM ROX II family (All ve ...)
+ TODO: check
+CVE-2024-56839 (A vulnerability has been identified in RUGGEDCOM ROX II family (All ve ...)
+ TODO: check
+CVE-2024-56838 (A vulnerability has been identified in RUGGEDCOM ROX II family (All ve ...)
+ TODO: check
+CVE-2024-56837 (A vulnerability has been identified in RUGGEDCOM ROX II family (All ve ...)
+ TODO: check
+CVE-2024-56836 (A vulnerability has been identified in RUGGEDCOM ROX II family (All ve ...)
+ TODO: check
+CVE-2024-56835 (A vulnerability has been identified in RUGGEDCOM ROX II family (All ve ...)
+ TODO: check
+CVE-2024-56464 (IBM QRadar SIEM7.5 - 7.5.0 UP14 IF01 is affected by an information dis ...)
+ TODO: check
+CVE-2024-47570 (An insertion of sensitive information into log file vulnerability [CWE ...)
+ TODO: check
+CVE-2024-38798 (EDK2 contains a vulnerability in BIOS where an attacker may cause \u20 ...)
+ TODO: check
+CVE-2025-14333 (Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5 ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14333
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14333
-CVE-2025-14332
+CVE-2025-14332 (Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14332
-CVE-2025-14331
+CVE-2025-14331 (Same-origin policy bypass in the Request Handling component. This vuln ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14331
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14331
-CVE-2025-14330
+CVE-2025-14330 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14330
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14330
-CVE-2025-14329
+CVE-2025-14329 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14329
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14329
-CVE-2025-14328
+CVE-2025-14328 (Privilege escalation in the Netmonitor component. This vulnerability a ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14328
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14328
-CVE-2025-14327
+CVE-2025-14327 (Spoofing issue in the Downloads Panel component. This vulnerability af ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14327
-CVE-2025-14326
+CVE-2025-14326 (Use-after-free in the Audio/Video: GMP component. This vulnerability a ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14326
-CVE-2025-14325
+CVE-2025-14325 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14325
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14325
-CVE-2025-14324
+CVE-2025-14324 (JIT miscompilation in the JavaScript Engine: JIT component. This vulne ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14324
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14324
-CVE-2025-14323
+CVE-2025-14323 (Privilege escalation in the DOM: Notifications component. This vulnera ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14323
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14323
-CVE-2025-14322
+CVE-2025-14322 (Sandbox escape due to incorrect boundary conditions in the Graphics: C ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14322
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/#CVE-2025-14322
-CVE-2025-14321
+CVE-2025-14321 (Use-after-free in the WebRTC: Signaling component. This vulnerability ...)
- firefox <unfixed>
- firefox-esr <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/#CVE-2025-14321
@@ -909,7 +1697,7 @@ CVE-2025-65230 (Barix Instreamer v04.06 and v04.05 contains a stored cross-site
NOT-FOR-US: Barix Instreamer
CVE-2025-64081 (SQL injection vulnerability in /php/api_patient_schedule.php in Source ...)
NOT-FOR-US: SourceCodester
-CVE-2025-63721 (HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component allow ...)
+CVE-2025-63721 (HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allo ...)
NOT-FOR-US: HummerRisk
CVE-2025-61318 (Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vu ...)
NOT-FOR-US: Emlog Pro
@@ -1104,11 +1892,11 @@ CVE-2025-14223 (A vulnerability has been found in code-projects Simple Leave Man
NOT-FOR-US: code-projects Simple Leave Manager
CVE-2025-12956 (A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA ...)
NOT-FOR-US: Dassault Systemes
-CVE-2025-59030 [Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor]
+CVE-2025-59030 (An attacker can trigger the removal of cached records by sending a NOT ...)
- pdns-recursor 5.3.3-1 (bug #1122197)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html
-CVE-2025-59029 [Internal logic flaw in cache management can lead to a denial of service in Recursor]
+CVE-2025-59029 (An attacker can trigger an assertion failure by requesting crafted DNS ...)
- pdns-recursor 5.3.3-1 (bug #1122196)
[trixie] - pdns-recursor <not-affected> (Vulnerable code introduced later)
[bookworm] - pdns-recursor <not-affected> (Vulnerable code introduced later)
@@ -2563,6 +3351,7 @@ CVE-2025-40214 (In the Linux kernel, the following vulnerability has been resolv
CVE-2025-66404 (MCP Server Kubernetes is an MCP Server that can connect to a Kubernete ...)
NOT-FOR-US: MCP Server Kubernetes
CVE-2025-66287 (A flaw was found in WebKitGTK. Processing malicious web content can ca ...)
+ {DSA-6074-1}
- webkit2gtk 2.50.3-1
- wpewebkit 2.50.3-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -2717,6 +3506,7 @@ CVE-2025-13949 (A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1.
CVE-2025-13948 (A vulnerability was determined in opsre go-ldap-admin up to 20251011. ...)
NOT-FOR-US: opsre go-ldap-admin
CVE-2025-13947 (A flaw was found in WebKitGTK. This vulnerability allows remote, user- ...)
+ {DSA-6074-1}
- webkit2gtk 2.50.3-1
- wpewebkit 2.50.3-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -6822,11 +7612,11 @@ CVE-2025-47913 (SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed r
[bullseye] - golang-go.crypto <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://github.com/advisories/GHSA-hcg3-q754-cr77
NOTE: Fixed by: https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 (v0.35.0)
-CVE-2025-47222 (Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue ...)
+CVE-2025-47222 (A class name enumeration issue was found in Keyfactor SignServer versi ...)
NOT-FOR-US: Keyfactor SignServer
-CVE-2025-47221 (Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue ...)
+CVE-2025-47221 (A file write issue was found in Keyfactor SignServer versions prior to ...)
NOT-FOR-US: Keyfactor SignServer
-CVE-2025-47220 (Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue ...)
+CVE-2025-47220 (A file enumeration issue was found in Keyfactor SignServer versions pr ...)
NOT-FOR-US: Keyfactor SignServer
CVE-2025-41436 (Mattermost versions <11.0 fail to properly enforce the "Allow users to ...)
- mattermost-server <itp> (bug #823556)
@@ -10351,6 +11141,7 @@ CVE-2025-43460 (A logic issue was addressed with improved checks. This issue is
CVE-2025-43459 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
CVE-2025-43458 (This issue was addressed through improved state management. This issue ...)
+ {DSA-6074-1}
- webkit2gtk 2.50.3-1
- wpewebkit 2.50.3-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -10474,6 +11265,7 @@ CVE-2025-43423 (A logging issue was addressed with improved data redaction. This
CVE-2025-43422 (The issue was addressed by adding additional logic. This issue is fixe ...)
NOT-FOR-US: Apple
CVE-2025-43421 (Multiple issues were addressed by disabling array allocation sinking. ...)
+ {DSA-6074-1}
- webkit2gtk 2.50.3-1
- wpewebkit 2.50.3-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -18564,7 +19356,7 @@ CVE-2025-58187 (Due to the design of the name constraint checking algorithm, the
NOTE: https://github.com/golang/go/issues/75681
NOTE: https://github.com/golang/go/commit/f0c69db15aae2eb10bddd8b6745dff5c2932e8f5 (go1.25.2)
NOTE: https://github.com/golang/go/commit/f334417e71f8b078ad64035bddb6df7f8910da6c (go1.24.8)
-CVE-2025-61725 (The ParseAddress function constructeds domain-literal address componen ...)
+CVE-2025-61725 (The ParseAddress function constructs domain-literal address components ...)
- golang-1.25 1.25.2-1
- golang-1.24 1.24.8-1
[trixie] - golang-1.24 <no-dsa> (Minor issue)
@@ -64678,6 +65470,7 @@ CVE-2025-4999 (A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up
CVE-2025-4998 (A vulnerability has been found in H3C Magic R200G up to 100R002 and cl ...)
NOT-FOR-US: H3C
CVE-2025-4969 (A vulnerability was found in the libsoup package. This flaw stems from ...)
+ {DLA-4398-1}
- libsoup3 3.6.5-2 (bug #1106248)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-11 (bug #1106325)
@@ -65324,6 +66117,7 @@ CVE-2025-1308 (A vulnerability exists in PX Backup whereby sensitive information
CVE-2024-5878 (Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4948 (A flaw was found in the soup_multipart_new_from_message() function of ...)
+ {DLA-4398-1}
- libsoup3 3.6.5-2 (bug #1106204)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-11 (bug #1106337)
@@ -65332,6 +66126,7 @@ CVE-2025-4948 (A flaw was found in the soup_multipart_new_from_message() functio
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463
CVE-2025-4945 (A flaw was found in the cookie parsing logic of the libsoup HTTP libra ...)
+ {DLA-4398-1}
- libsoup3 3.6.5-2 (bug #1106205)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-11 (bug #1106375)
@@ -66912,6 +67707,7 @@ CVE-2023-5529 (The Advanced Page Visit Counter WordPress plugin before 8.0.6 do
CVE-2023-2334 (The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy D ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4476 (A denial-of-service vulnerability has been identified in the libsoup H ...)
+ {DLA-4398-1}
- libsoup3 3.6.5-2 (bug #1105887)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-11 (bug #1107757)
@@ -155546,7 +156342,7 @@ CVE-2024-6935 (A vulnerability classified as problematic was found in formtools.
NOT-FOR-US: Form Tools
CVE-2024-6934 (A vulnerability classified as problematic has been found in formtools. ...)
NOT-FOR-US: Form Tools
-CVE-2024-6933 (A vulnerability was found in LimeSurvey 6.5.14-240624. It has been rat ...)
+CVE-2024-6933 (A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this is ...)
- limesurvey <itp> (bug #472802)
CVE-2024-6932 (A vulnerability was found in ClassCMS 4.5. It has been declared as pro ...)
NOT-FOR-US: ClassCMS
@@ -272643,8 +273439,8 @@ CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme Wish
NOT-FOR-US: WordPress plugin
CVE-2023-23730 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-23729
- RESERVED
+CVE-2023-23729 (Missing Authorization vulnerability in Brainstorm Force Spectra allows ...)
+ TODO: check
CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwa ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23727 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Form ...)
@@ -276182,8 +276978,8 @@ CVE-2023-22677 (Improper Control of Generation of Code ('Code Injection') vulner
NOT-FOR-US: WordPress plugin
CVE-2023-22676 (Missing Authorization vulnerability in Anders Thorborg.This issue affe ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-22675
- RESERVED
+CVE-2023-22675 (Cross-Site Request Forgery (CSRF) vulnerability in Taylor Hawkes WP Fa ...)
+ TODO: check
CVE-2023-22674 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Mon ...)
@@ -281203,8 +281999,8 @@ CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dols
NOT-FOR-US: WordPress plugin
CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-47425
- RESERVED
+CVE-2022-47425 (Missing Authorization vulnerability in Repute Infosystems ARMember all ...)
+ TODO: check
CVE-2022-47424 (Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ...)
NOT-FOR-US: WordPress plugin
CVE-2022-47423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf ...)
@@ -283037,8 +283833,8 @@ CVE-2022-46847
RESERVED
CVE-2022-46846 (Missing Authorization vulnerability in WP OnlineSupport, Essential Plu ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-46845
- RESERVED
+CVE-2022-46845 (Missing Authorization vulnerability in Essential Plugin Slider a Slide ...)
+ TODO: check
CVE-2022-46844 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van T ...)
@@ -295791,7 +296587,7 @@ CVE-2022-43441 (A code execution vulnerability exists in the Statement Bindings
[buster] - node-sqlite3 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
NOTE: Fixed by: https://github.com/TryGhost/node-sqlite3/commit/edb1934dd222ae55632e120d8f64552d5191c781 (v5.1.5)
-CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
+CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501 ...)
NOT-FOR-US: Siemens
CVE-2022-43438 (The Administrator function of EasyTest has an Incorrect Authorization ...)
NOT-FOR-US: EasyTest
@@ -301131,7 +301927,7 @@ CVE-2022-41667 (A CWE-22: Improper Limitation of a Pathname to a Restricted Dire
NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
CVE-2022-41666 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...)
NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
-CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...)
+CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) ...)
NOT-FOR-US: Siemens
CVE-2022-41664 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...)
NOT-FOR-US: Siemens
@@ -304813,7 +305609,7 @@ CVE-2022-40228 (IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 throug
NOT-FOR-US: IBM
CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...)
NOT-FOR-US: Siemens
-CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...)
+CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) ...)
NOT-FOR-US: Siemens
CVE-2022-40225 (A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1M ...)
NOT-FOR-US: Siemens
@@ -327900,7 +328696,7 @@ CVE-2022-31809
RESERVED
CVE-2022-31808 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
NOT-FOR-US: SiPass
-CVE-2022-31807 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...)
+CVE-2022-31807 (A vulnerability has been identified in Building X - Security Manager E ...)
NOT-FOR-US: Siemens
CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...)
NOT-FOR-US: CODESYS
@@ -333878,29 +334674,29 @@ CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0
NOTE: https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890 (8.5.79)
CVE-2022-29884 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...)
NOT-FOR-US: Siemens
-CVE-2022-29883 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
+CVE-2022-29883 (A vulnerability has been identified in SICAM T (All versions < V3.0). ...)
NOT-FOR-US: Siemens
-CVE-2022-29882 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
+CVE-2022-29882 (A vulnerability has been identified in SICAM T (All versions < V3.0). ...)
NOT-FOR-US: Siemens
-CVE-2022-29881 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
+CVE-2022-29881 (A vulnerability has been identified in SICAM T (All versions < V3.0). ...)
NOT-FOR-US: Siemens
-CVE-2022-29880 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
+CVE-2022-29880 (A vulnerability has been identified in SICAM T (All versions < V3.0). ...)
NOT-FOR-US: Siemens
-CVE-2022-29879 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
+CVE-2022-29879 (A vulnerability has been identified in SICAM T (All versions < V3.0). ...)
NOT-FOR-US: Siemens
-CVE-2022-29878 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
+CVE-2022-29878 (A vulnerability has been identified in SICAM T (All versions < V3.0). ...)
NOT-FOR-US: Siemens
CVE-2022-29877 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
NOT-FOR-US: Siemens
-CVE-2022-29876 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
+CVE-2022-29876 (A vulnerability has been identified in SICAM T (All versions < V3.0). ...)
NOT-FOR-US: Siemens
CVE-2022-29875 (A vulnerability has been identified in Biograph Horizon PET/CT Systems ...)
NOT-FOR-US: Siemens
-CVE-2022-29874 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
+CVE-2022-29874 (A vulnerability has been identified in SICAM T (All versions < V3.0). ...)
NOT-FOR-US: Siemens
-CVE-2022-29873 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
+CVE-2022-29873 (A vulnerability has been identified in SICAM T (All versions < V3.0). ...)
NOT-FOR-US: Siemens
-CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...)
+CVE-2022-29872 (A vulnerability has been identified in SICAM T (All versions < V3.0). ...)
NOT-FOR-US: Siemens
CVE-2022-29518 (Screen Creator Advance2, HMI GC-A2 series, and Real time remote monito ...)
NOT-FOR-US: Koyo Screen Creator Advance2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d574bdacf56bda416a7888980f514e632fecf858
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d574bdacf56bda416a7888980f514e632fecf858
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/5fff3182/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list