[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 13 09:44:58 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ece9a5f6 by Salvatore Bonaccorso at 2025-12-13T09:28:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33,13 +33,13 @@ CVE-2025-67864
 CVE-2025-67863
 	REJECTED
 CVE-2025-67750 (Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and  ...)
-	TODO: check
+	NOT-FOR-US: Lightning Flow Scanner
 CVE-2025-67749 (PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versi ...)
 	TODO: check
 CVE-2025-67721 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zst ...)
-	TODO: check
+	NOT-FOR-US: Aircompressor
 CVE-2025-67634 (The CISA Software Acquisition Guide Supplier Response Web Tool before  ...)
-	TODO: check
+	NOT-FOR-US: CISA Software Acquisition Guide Supplier Response Web Tool
 CVE-2025-46289 (A logic issue was addressed with improved file handling. This issue is ...)
 	NOT-FOR-US: Apple
 CVE-2025-46287 (An inconsistent user interface issue was addressed with improved state ...)
@@ -135,7 +135,7 @@ CVE-2025-43351 (A permissions issue was addressed with additional restrictions.
 CVE-2025-43320 (The issue was addressed by adding additional logic. This issue is fixe ...)
 	NOT-FOR-US: Apple
 CVE-2025-14611 (Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 us ...)
-	TODO: check
+	NOT-FOR-US: Gladinet CentreStack and Triofox
 CVE-2025-14586 (A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089_B202112 ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-14585 (A vulnerability was found in itsourcecode COVID Tracking System 1.0. A ...)
@@ -149,7 +149,7 @@ CVE-2025-14582 (A vulnerability was detected in campcodes Online Student Enrollm
 CVE-2025-14581 (The HAPPY \u2013 Helpdesk Support Ticket System plugin for WordPress i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14580 (A security vulnerability has been detected in Qualitor up to 8.24.73.  ...)
-	TODO: check
+	NOT-FOR-US: Qualitor
 CVE-2025-14540 (The Userback plugin for WordPress is vulnerable to unauthorized access ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14539 (The The Shortcode Ajax plugin for WordPress is vulnerable to arbitrary ...)
@@ -199,7 +199,7 @@ CVE-2025-14056 (The Custom Post Type UI plugin for WordPress is vulnerable to St
 CVE-2025-14050 (The Design Import/Export plugin for WordPress is vulnerable to SQL Inj ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13970 (OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack ...)
-	TODO: check
+	NOT-FOR-US: OpenPLC
 CVE-2025-13705 (The Custom Frames plugin for WordPress is vulnerable to Stored Cross-S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13403 (The Employee Spotlight \u2013 Team Member Showcase & Meet the Team Plu ...)
@@ -241,7 +241,7 @@ CVE-2025-10738 (The URL Shortener Plugin For WordPress plugin for WordPress is v
 CVE-2025-10289 (The Filter & Grids plugin for WordPress is vulnerable to SQL Injection ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-58316 (Online Shopping System Advanced 1.0 contains a SQL injection vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Online Shopping System Advanced
 CVE-2025-8083 (The  Preset configuration https://v2.vuetifyjs.com/en/features/presets ...)
 	NOT-FOR-US: Vuetify
 CVE-2025-8082 (Improper neutralization of the title date in the 'VDatePicker' compone ...)
@@ -48337,7 +48337,7 @@ CVE-2025-54558 (OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) exe
 CVE-2025-54379 (LF Edge eKuiper is a lightweight IoT data analytics and stream process ...)
 	NOT-FOR-US: LF Edge eKuiper
 CVE-2025-54369 (Node-SAML is a SAML library not dependent on any frameworks that runs  ...)
-	TODO: check
+	NOT-FOR-US: Node SAML module
 CVE-2025-53940 (Quiet is an alternative to team chat apps like Slack, Discord, and Ele ...)
 	NOT-FOR-US: Quiet
 CVE-2025-3614 (The ElementsKit Elementor Addons and Templates plugin for WordPress is ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ece9a5f6bf16ed5493cf01df145d220e3112181f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ece9a5f6bf16ed5493cf01df145d220e3112181f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251213/0155cdb8/attachment.htm>

More information about the debian-security-tracker-commits mailing list