[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 12 08:13:00 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a83b3ea1 by security tracker role at 2025-12-12T08:12:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,323 @@
+CVE-2025-67780 (SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 (e.g., o ...)
+ TODO: check
+CVE-2025-67779 (It was found that the fix addressing CVE-2025-55184 in React Server Co ...)
+ TODO: check
+CVE-2025-67737 (AzuraCast is a self-hosted, all-in-one web radio management suite. Ver ...)
+ TODO: check
+CVE-2025-67731 (Servify Express is a Node.js package to start an Express server and lo ...)
+ TODO: check
+CVE-2025-67730 (Frappe Learning Management System (LMS) is a learning system that help ...)
+ TODO: check
+CVE-2025-67728 (Fireshare facilitates self-hosted media and link sharing. Versions 1.2 ...)
+ TODO: check
+CVE-2025-67727 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2025-67726 (Tornado is a Python web framework and asynchronous networking library. ...)
+ TODO: check
+CVE-2025-67725 (Tornado is a Python web framework and asynchronous networking library. ...)
+ TODO: check
+CVE-2025-67724 (Tornado is a Python web framework and asynchronous networking library. ...)
+ TODO: check
+CVE-2025-67508 (gardenctl is a command-line client for the Gardener which configures a ...)
+ TODO: check
+CVE-2025-66590 (In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Wri ...)
+ TODO: check
+CVE-2025-66589 (In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Rea ...)
+ TODO: check
+CVE-2025-66588 (In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uniniti ...)
+ TODO: check
+CVE-2025-66587 (In AzeoTech DAQFactory release 20.7 (Build 2555), the affected applica ...)
+ TODO: check
+CVE-2025-66586 (In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resourc ...)
+ TODO: check
+CVE-2025-66585 (In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vul ...)
+ TODO: check
+CVE-2025-66584 (In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer ...)
+ TODO: check
+CVE-2025-66492 (Masa CMS is an open source Enterprise Content Management platform. Ver ...)
+ TODO: check
+CVE-2025-66452 (LibreChat is a ChatGPT clone with additional features. In versions 0.8 ...)
+ TODO: check
+CVE-2025-66451 (LibreChat is a ChatGPT clone with additional features. In versions 0.8 ...)
+ TODO: check
+CVE-2025-66450 (LibreChat is a ChatGPT clone with additional features. In versions 0.8 ...)
+ TODO: check
+CVE-2025-66446 (MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 an ...)
+ TODO: check
+CVE-2025-66429 (An issue was discovered in cPanel 110 through 132. A directory travers ...)
+ TODO: check
+CVE-2025-66419 (MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 ...)
+ TODO: check
+CVE-2025-66284 (Stored cross-site scripting vulnerabilities exist in GroupSession Free ...)
+ TODO: check
+CVE-2025-65120 (Reflected cross-site scripting vulnerability exists in GroupSession Fr ...)
+ TODO: check
+CVE-2025-64781 (In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud p ...)
+ TODO: check
+CVE-2025-64721 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit ...)
+ TODO: check
+CVE-2025-64702 (quic-go is an implementation of the QUIC protocol in Go. Versions 0.56 ...)
+ TODO: check
+CVE-2025-62192 (SQL Injection vulnerability exists in GroupSession Free edition prior ...)
+ TODO: check
+CVE-2025-61987 (GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prio ...)
+ TODO: check
+CVE-2025-61950 (In GroupSession, a Circular notice can be created with its memo field ...)
+ TODO: check
+CVE-2025-58576 (Cross-site request forgery vulnerability exists in GroupSession Free e ...)
+ TODO: check
+CVE-2025-57883 (Reflected cross-site scripting vulnerability exists in GroupSession Fr ...)
+ TODO: check
+CVE-2025-55816 (HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XS ...)
+ TODO: check
+CVE-2025-55184 (A pre-authentication denial of service vulnerability exists in React S ...)
+ TODO: check
+CVE-2025-55183 (An information leak vulnerability exists in specific configurations of ...)
+ TODO: check
+CVE-2025-54407 (Stored cross-site scripting vulnerability exists in GroupSession Free ...)
+ TODO: check
+CVE-2025-53523 (Stored cross-site scripting vulnerabilities exist in GroupSession Free ...)
+ TODO: check
+CVE-2025-4970 (The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-34506 (WBCE CMS version 1.6.3 and prior contains an authenticated remote code ...)
+ TODO: check
+CVE-2025-34504 (KodExplorer 4.52 contains an open redirect vulnerability in the user l ...)
+ TODO: check
+CVE-2025-34499 (AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerabili ...)
+ TODO: check
+CVE-2025-14538 (A security vulnerability has been detected in yangshare warehouseManag ...)
+ TODO: check
+CVE-2025-14537 (A weakness has been identified in code-projects Class and Exam Timetab ...)
+ TODO: check
+CVE-2025-14536 (A security flaw has been discovered in code-projects Class and Exam Ti ...)
+ TODO: check
+CVE-2025-14467 (The WP Job Portal plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-14393 (The Wpik WordPress Basic Ajax Form plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-14392 (The Simple Theme Changer plugin for WordPress is vulnerable to unautho ...)
+ TODO: check
+CVE-2025-14391 (The Simple Theme Changer plugin for WordPress is vulnerable to Cross-S ...)
+ TODO: check
+CVE-2025-14356 (The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-14354 (The Resource Library for Logged In Users plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2025-14344 (The Multi Uploader for Gravity Forms plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-14293 (The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File ...)
+ TODO: check
+CVE-2025-14170 (The Vimeo SimpleGallery plugin for WordPress is vulnerable to Missing ...)
+ TODO: check
+CVE-2025-14169 (The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for Wor ...)
+ TODO: check
+CVE-2025-14166 (The WPMasterToolKit plugin for WordPress is vulnerable to PHP Code Inj ...)
+ TODO: check
+CVE-2025-14165 (The Kirim.Email WooCommerce Integration plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-14162 (The BMLT WordPress Plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2025-14161 (The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Requ ...)
+ TODO: check
+CVE-2025-14160 (The Upcoming for Calendly plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2025-14158 (The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Req ...)
+ TODO: check
+CVE-2025-14143 (The Ayo Shortcodes plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-14138 (The WPLG Default Mail From plugin for WordPress is vulnerable to Refle ...)
+ TODO: check
+CVE-2025-14137 (The Simple AL Slider plugin for WordPress is vulnerable to Reflected C ...)
+ TODO: check
+CVE-2025-14132 (The Category Dropdown List plugin for WordPress is vulnerable to Refle ...)
+ TODO: check
+CVE-2025-14129 (The Like DisLike Voting plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2025-14125 (The Complag plugin for WordPress is vulnerable to Reflected Cross-Site ...)
+ TODO: check
+CVE-2025-14119 (The App Landing Template Blocks for WPBakery (Visual Composer) Page Bu ...)
+ TODO: check
+CVE-2025-14068 (The WPNakama plugin for WordPress is vulnerable to time-based SQL Inje ...)
+ TODO: check
+CVE-2025-14064 (The BuddyTask plugin for WordPress is vulnerable to unauthorized acces ...)
+ TODO: check
+CVE-2025-14062 (The Animated Pixel Marquee Creator plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-14049 (The VikRentItems Flexible Rental Management System plugin for WordPres ...)
+ TODO: check
+CVE-2025-14048 (The SimplyConvert plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-14045 (The URL Media Uploader plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2025-14044 (The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Objec ...)
+ TODO: check
+CVE-2025-14035 (The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-14032 (The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-13989 (The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-13988 (The \u8bc4\u8bba\u5c0f\u79d8\u4e66 plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-13987 (The Purchase and Expense Manager plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-13975 (The Contact Form 7 with ChatWork plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-13972 (The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file ...)
+ TODO: check
+CVE-2025-13971 (The TWW Protein Calculator plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2025-13969 (The Reviews Sorted plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-13966 (The Paypal Payment Shortcode plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-13963 (The FX Currency Converter plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-13962 (The Divelogs Widget plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-13961 (The Data Visualizer plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-13960 (The GPXpress plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2025-13906 (The WP Flot plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2025-13904 (The WPGancio plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2025-13891 (The Image Gallery \u2013 Photo Grid & Video Gallery plugin for WordPre ...)
+ TODO: check
+CVE-2025-13889 (The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-13886 (The LT Unleashed plugin for WordPress is vulnerable to Local File Incl ...)
+ TODO: check
+CVE-2025-13885 (The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-13884 (The Hide Email Address plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-13866 (The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-13850 (The LS Google Map Router plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-13846 (The Easy Map Creator plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-13843 (The VigLink SpotLight By ShortCode plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-13840 (The BUKAZU Search widget plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-13839 (The LJUsers plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2025-13747 (The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-13670 (The High Level Synthesis Compiler i++ command for Windows is vulnerabl ...)
+ TODO: check
+CVE-2025-13669 (Uncontrolled Search Path Element vulnerability in Altera High Level Sy ...)
+ TODO: check
+CVE-2025-13668 (A potential security vulnerability in Quartus\xae Prime Pro Edition De ...)
+ TODO: check
+CVE-2025-13665 (The System Console Utility for Windows is vulnerable to a DLL planting ...)
+ TODO: check
+CVE-2025-13664 (A potential security vulnerability in Quartus\xae Prime Standard Editi ...)
+ TODO: check
+CVE-2025-13663 (Under certain circumstances, the Quartus Prime Pro Installer for Windo ...)
+ TODO: check
+CVE-2025-13660 (The Guest Support plugin for WordPress is vulnerable to User Email Dis ...)
+ TODO: check
+CVE-2025-13440 (The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2025-13408 (The Foxtool All-in-One: Contact chat button, Custom login, Media optim ...)
+ TODO: check
+CVE-2025-13366 (The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2025-13363 (The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2025-13334 (The Blaze Demo Importer plugin for WordPress is vulnerable to unauthor ...)
+ TODO: check
+CVE-2025-13320 (The WP User Manager plugin for WordPress is vulnerable to Arbitrary Fi ...)
+ TODO: check
+CVE-2025-13314 (The Product Filtering by Categories, Tags, Price Range for WooCommerce ...)
+ TODO: check
+CVE-2025-13053 (When a user configures the NAS to retrieve UPS status or control the U ...)
+ TODO: check
+CVE-2025-13052 (When the user set the Notification's sender to send emails to the SMTP ...)
+ TODO: check
+CVE-2025-12968 (The Infility Global plugin for WordPress is vulnerable to arbitrary fi ...)
+ TODO: check
+CVE-2025-12963 (The LazyTasks \u2013 Project & Task Management with Collaboration, Kan ...)
+ TODO: check
+CVE-2025-12883 (The Campay Woocommerce Payment Gateway plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2025-12834 (The Accept Stripe Payments Using Contact Form 7 plugin for WordPress i ...)
+ TODO: check
+CVE-2025-12830 (The Better Elementor Addons plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-12824 (The Player Leaderboard plugin for WordPress is vulnerable to Local Fil ...)
+ TODO: check
+CVE-2025-12783 (The Premmerce Brands for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-12655 (The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2025-12650 (The Simple post listing plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2025-12570 (The Fancy Product Designer plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2025-11876 (The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-10684 (The Construction Light WordPress theme before 1.6.8 does not have auth ...)
+ TODO: check
+CVE-2025-10583 (The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side ...)
+ TODO: check
+CVE-2025-10451 (Unchecked output buffer may allowed arbitrary code execution in SMM an ...)
+ TODO: check
+CVE-2024-58313 (xbtitFM 4.1.18 contains an insecure file upload vulnerability that all ...)
+ TODO: check
+CVE-2024-58312 (xbtitFM 4.1.18 contains a path traversal vulnerability that allows una ...)
+ TODO: check
+CVE-2024-58310 (APC Network Management Card 4 contains a path traversal vulnerability ...)
+ TODO: check
+CVE-2024-58309 (xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability ...)
+ TODO: check
+CVE-2024-58308 (Quick.CMS 6.7 contains a SQL injection vulnerability that allows unaut ...)
+ TODO: check
+CVE-2024-58307 (CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in ...)
+ TODO: check
+CVE-2024-58306 (minaliC 2.0.0 contains a denial of service vulnerability that allows r ...)
+ TODO: check
+CVE-2024-58304 (SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerabil ...)
+ TODO: check
+CVE-2024-58303 (FoF Pretty Mail 1.1.2 contains a server-side template injection vulner ...)
+ TODO: check
+CVE-2024-58302 (FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability th ...)
+ TODO: check
+CVE-2024-58301 (Purei CMS 1.0 contains a time-based blind SQL injection vulnerability ...)
+ TODO: check
+CVE-2024-58300 (Siklu MultiHaul TG series devices before version 2.0.0 contain an unau ...)
+ TODO: check
+CVE-2024-58298 (Compuware iStrobe Web 20.13 contains a pre-authentication remote code ...)
+ TODO: check
+CVE-2024-58297 (PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in ...)
+ TODO: check
+CVE-2024-58296 (CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability ...)
+ TODO: check
+CVE-2024-58295 (ElkArte Forum 1.1.9 contains a remote code execution vulnerability tha ...)
+ TODO: check
+CVE-2024-58294 (FreePBX 16 contains an authenticated remote code execution vulnerabili ...)
+ TODO: check
+CVE-2024-58293 (Akaunting 3.1.8 contains a server-side template injection vulnerabilit ...)
+ TODO: check
+CVE-2024-58292 (XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnera ...)
+ TODO: check
+CVE-2024-58291 (Flatboard 3.2 contains a stored cross-site scripting vulnerability tha ...)
+ TODO: check
+CVE-2024-58290 (Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability ...)
+ TODO: check
+CVE-2024-58289 (Microweber 2.0.15 contains a stored cross-site scripting vulnerability ...)
+ TODO: check
+CVE-2024-58288 (Genexus Protection Server 9.7.2.10 contains an unquoted service path v ...)
+ TODO: check
+CVE-2024-58287 (reNgine 2.2.0 contains a command injection vulnerability in the nmap_c ...)
+ TODO: check
+CVE-2024-58286 (dizqueTV 1.5.3 contains a remote code execution vulnerability that all ...)
+ TODO: check
CVE-2025-67742 (In JetBrains TeamCity before 2025.11 path traversal was possible via f ...)
NOT-FOR-US: JetBrains
CVE-2025-67741 (In JetBrains TeamCity before 2025.11 stored XSS was possible via sessi ...)
@@ -4736,8 +5056,8 @@ CVE-2024-32641 (Masa CMS is an open source Enterprise Content Management platfor
NOT-FOR-US: Masa CMS
CVE-2025-12548
NOT-FOR-US: Eclipse Che
-CVE-2025-65955
- REJECTED
+CVE-2025-65955 (ImageMagick is free and open-source software used for editing and mani ...)
+ TODO: check
CVE-2025-65657 (FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted Fi ...)
NOT-FOR-US: FeehiCMS
CVE-2025-65380 (PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the ad ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83b3ea18ba68598a30a35fb957a7c98bd9d10cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a83b3ea18ba68598a30a35fb957a7c98bd9d10cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251212/e22bcbb0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list