[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 16 20:14:15 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
61310c18 by security tracker role at 2025-12-16T20:14:07+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,25 +1,25 @@
CVE-2025-9460 (A maliciously crafted SLDPRT file, when parsed through certain Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9459 (A maliciously crafted SLDPRT file, when parsed through certain Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9457 (A maliciously crafted PRT file, when parsed through certain Autodesk p ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9456 (A maliciously crafted SLDPRT file, when parsed through certain Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9455 (A maliciously crafted CATPRODUCT file, when parsed through certain Aut ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9454 (A maliciously crafted PRT file, when parsed through certain Autodesk p ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9453 (A maliciously crafted PRT file, when parsed through certain Autodesk p ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9452 (A maliciously crafted SLDPRT file, when parsed through certain Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-9122 (Hitachi Vantara Pentaho Data Integration and Analytics Community Dashb ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2025-9121 (Pentaho Data Integration and Analytics Community Dashboard Editor plug ...)
- TODO: check
+ NOT-FOR-US: Hitachi Vantana
CVE-2025-8872 (On affected platforms running Arista EOS with OSPFv3 configured, a spe ...)
- TODO: check
+ NOT-FOR-US: Arista Networks
CVE-2025-68322 (In the Linux kernel, the following vulnerability has been resolved: p ...)
TODO: check
CVE-2025-68321 (In the Linux kernel, the following vulnerability has been resolved: p ...)
@@ -109,9 +109,9 @@ CVE-2025-68270 (The Open edX Platform is a learning management platform. Prior t
CVE-2025-68269 (In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed ...)
TODO: check
CVE-2025-68268 (In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on t ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68267 (In JetBrains TeamCity before 2025.11.1 excessive privileges were possi ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68266 (In the Linux kernel, the following vulnerability has been resolved: b ...)
TODO: check
CVE-2025-68265 (In the Linux kernel, the following vulnerability has been resolved: n ...)
@@ -313,15 +313,15 @@ CVE-2025-68168 (In the Linux kernel, the following vulnerability has been resolv
CVE-2025-68167 (In the Linux kernel, the following vulnerability has been resolved: g ...)
TODO: check
CVE-2025-68166 (In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on t ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68165 (In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68164 (In JetBrains TeamCity before 2025.11 port enumeration was possible via ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68163 (In JetBrains TeamCity before 2025.11 stored XSS was possible on agentp ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68162 (In JetBrains TeamCity before 2025.11 maven embedder allowed loading ex ...)
- TODO: check
+ NOT-FOR-US: JetBrains
CVE-2025-68156 (Expr is an expression language and expression evaluation for Go. Prior ...)
TODO: check
CVE-2025-68155 (@vitejs/plugin-rs provides React Server Components (RSC) support for V ...)
@@ -335,7 +335,7 @@ CVE-2025-68146 (filelock is a platform-independent file lock for Python. In vers
CVE-2025-68142 (PyMdown Extensions is a set of extensions for the `Python-Markdown` ma ...)
TODO: check
CVE-2025-68130 (tRPC allows users to build and consume fully typesafe APIs without sch ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-68116 (FileRise is a self-hosted web file manager / WebDAV server. Versions p ...)
TODO: check
CVE-2025-68115 (Parse Server is an open source backend that can be deployed to any inf ...)
@@ -343,79 +343,79 @@ CVE-2025-68115 (Parse Server is an open source backend that can be deployed to a
CVE-2025-68113 (ALTCHA is privacy-first software for captcha and bot protection. A cry ...)
TODO: check
CVE-2025-68088 (Missing Authorization vulnerability in merkulove Huger for Elementor h ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68087 (Missing Authorization vulnerability in merkulove Modalier for Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68086 (Missing Authorization vulnerability in merkulove Reformer for Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68085 (Missing Authorization vulnerability in merkulove Buttoner for Elemento ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68084 (Missing Authorization vulnerability in Nitesh Ultimate Auction ultima ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68083 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Meks Quick Plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68082 (Cross-Site Request Forgery (CSRF) vulnerability in SEMrush CY LTD Semr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68080 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68079 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68078 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68077 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68076 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68071 (Authorization Bypass Through User-Controlled Key vulnerability in g5th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68070 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68068 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68067 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68066 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68065 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68062 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68061 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68056 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68055 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68054 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68053 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67999 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67989 (Server-Side Request Forgery (SSRF) vulnerability in LMPixels Kerge ker ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67986 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67985 (Authorization Bypass Through User-Controlled Key vulnerability in Barn ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67983 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67976 (Missing Authorization vulnerability in Bob Watu Quiz watu allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67965 (Missing Authorization vulnerability in favethemes Homey Core homey-cor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67962 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67951 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67950 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67948 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67929 (Missing Authorization vulnerability in templateinvaders TI WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67912 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-67874 (ChurchCRM is an open-source church management system. Prior to version ...)
TODO: check
CVE-2025-67751 (ChurchCRM is an open-source church management system. Prior to version ...)
@@ -449,49 +449,49 @@ CVE-2025-66402 (Misskey is an open source, federated social media platform. Star
CVE-2025-66357 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper che ...)
TODO: check
CVE-2025-66167 (Missing Authorization vulnerability in merkulove Lottier lottier-guten ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66166 (Missing Authorization vulnerability in merkulove Lottier for Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66165 (Missing Authorization vulnerability in merkulove Lottier for WPBakery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66164 (Missing Authorization vulnerability in merkulove Laser laser allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66163 (Missing Authorization vulnerability in merkulove Masker for Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66162 (Missing Authorization vulnerability in merkulove Spoter for Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66161 (Missing Authorization vulnerability in merkulove Grider for Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66147 (Missing Authorization vulnerability in merkulove Coder for Elementor c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66134 (Missing Authorization vulnerability in NinjaTeam FileBird Pro filebird ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66133 (Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66132 (Authorization Bypass Through User-Controlled Key vulnerability in FAPI ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66131 (Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Ga ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66130 (Missing Authorization vulnerability in etruel WP Views Counter wpecoun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66129 (Missing Authorization vulnerability in wppochipp Pochipp pochipp allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66128 (Missing Authorization vulnerability in Brevo Sendinblue for WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66127 (Missing Authorization vulnerability in g5theme Essential Real Estate e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66126 (Insertion of Sensitive Information Into Sent Data vulnerability in wow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66125 (Insertion of Sensitive Information Into Sent Data vulnerability in Nit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66124 (Missing Authorization vulnerability in ZEEN101 Leaky Paywall leaky-pay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66122 (Missing Authorization vulnerability in Design Stylish Price List styli ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66121 (Missing Authorization vulnerability in SiteGround SiteGround Security ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66120 (Missing Authorization vulnerability in CatFolders CatFolders catfolder ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-65834 (Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory ...)
TODO: check
CVE-2025-65593 (nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) ...)
@@ -521,53 +521,53 @@ CVE-2025-65074 (WaveView client allows users to execute restricted set of predef
CVE-2025-64725 (Weblate is a web based localization tool. In versions prior to 5.15, i ...)
TODO: check
CVE-2025-64639 (Missing Authorization vulnerability in WP Compress WP Compress for Mai ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64638 (Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64635 (Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64634 (Missing Authorization vulnerability in ThemeFusion Avada avada allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64633 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64632 (Missing Authorization vulnerability in Auctollo Google XML Sitemaps go ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64631 (Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64630 (Missing Authorization vulnerability in Strategy11 Team Business Direct ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64253 (Path Traversal: '.../...//' vulnerability in WordPress.org Health Chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64251 (Missing Authorization vulnerability in azzaroco Ultimate Learning Pro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64250 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in w ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64249 (Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64248 (Missing Authorization vulnerability in emarket-design Request a Quote ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64247 (Missing Authorization vulnerability in edmon.parker Read More & Accord ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64246 (Missing Authorization vulnerability in netopsae Accessibility by Audio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64245 (Missing Authorization vulnerability in ryanpcmcquen Import external at ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64244 (Missing Authorization vulnerability in Codexpert, Inc Restrict Element ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64243 (Missing Authorization vulnerability in e-plugins Directory Pro directo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64242 (Missing Authorization vulnerability in Merv Barrett Easy Property List ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64241 (Missing Authorization vulnerability in Imtiaz Rayhan WP Coupons and De ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64240 (Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64239 (Cross-Site Request Forgery (CSRF) vulnerability in Yoav Farhi RTL Test ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64238 (Missing Authorization vulnerability in NicolasKulka WPS Bidouille wps- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64237 (Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Intere ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64012 (InvoicePlane commit debb446c is vulnerable to Incorrect Access Control ...)
TODO: check
CVE-2025-63414 (A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06 ...)
@@ -579,15 +579,15 @@ CVE-2025-62863 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 dev
CVE-2025-62862 (Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices b ...)
TODO: check
CVE-2025-62849 (An SQL injection vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62848 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62847 (An improper neutralization of argument delimiters in a command vulnera ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-62330 (HCL DevOps Deploy is susceptible to a cleartext transmission of sensit ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-62329 (HCL DevOps Deploy / HCL Launch is susceptible to a race condition in h ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-61976 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper che ...)
TODO: check
CVE-2025-59947 (NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to ...)
@@ -597,23 +597,23 @@ CVE-2025-59935 (GLPI is a free asset and IT management software package. Startin
CVE-2025-59479 (CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper res ...)
TODO: check
CVE-2025-59385 (An authentication bypass by spoofing vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-59009 (Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Listify ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59001 (Missing Authorization vulnerability in ThemeNectar Salient Core salien ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58999 (Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractiv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58173 (FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 thro ...)
TODO: check
CVE-2025-55895 (TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-54045 (Missing Authorization vulnerability in CreativeMindsSolutions CM On De ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54005 (Missing Authorization vulnerability in sonalsinha21 SKT Page Builder s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54004 (Missing Authorization vulnerability in WC Lovers WCFM \u2013 Frontend ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52196 (Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x ...)
TODO: check
CVE-2025-50401 (Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffe ...)
@@ -621,13 +621,13 @@ CVE-2025-50401 (Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to
CVE-2025-50398 (Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffe ...)
TODO: check
CVE-2025-49300 (Insertion of Sensitive Information Into Sent Data vulnerability in shi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46296 (An authorization bypass vulnerability in FileMaker Server Admin Consol ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46295 (Apache Commons Text versions prior to 1.10.0 included interpolation fe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-46294 (To enhance security, the FileMaker Server 22.0.4 installer now include ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2025-40363 (In the Linux kernel, the following vulnerability has been resolved: n ...)
TODO: check
CVE-2025-40362 (In the Linux kernel, the following vulnerability has been resolved: c ...)
@@ -665,19 +665,19 @@ CVE-2025-40347 (In the Linux kernel, the following vulnerability has been resolv
CVE-2025-40346 (In the Linux kernel, the following vulnerability has been resolved: a ...)
TODO: check
CVE-2025-37164 (A remote code execution issue exists in HPE OneView.)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-33235 (NVIDIA Resiliency Extension for Linux contains a vulnerability in the ...)
TODO: check
CVE-2025-33226 (NVIDIA NeMo Framework for all platforms contains a vulnerability where ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33225 (NVIDIA Resiliency Extension for Linux contains a vulnerability in log ...)
TODO: check
CVE-2025-33212 (NVIDIA NeMo Framework contains a vulnerability in model loading that c ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-33210 (NVIDIA Isaac Lab contains a deserialization vulnerability. A successf ...)
- TODO: check
+ NOT-FOR-US: NVIDIA
CVE-2025-29231 (A stored cross-site scripting (XSS) vulnerability in the page_save com ...)
- TODO: check
+ NOT-FOR-US: Linksys
CVE-2025-14780 (A vulnerability was detected in Xiongwei Smart Catering Cloud Platform ...)
TODO: check
CVE-2025-14777 (A flaw was found in Keycloak. An IDOR (Broken Access Control) vulnerab ...)
@@ -701,61 +701,61 @@ CVE-2025-14729 (A vulnerability was identified in CTCMS Content Management Syste
CVE-2025-14722 (A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537 ...)
TODO: check
CVE-2025-14593 (A maliciously crafted CATPART file, when parsed through certain Autode ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-14553 (Exposure of password hashes through an unauthenticated API response in ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-14443 (A flaw was found in ose-openshift-apiserver. This vulnerability allows ...)
TODO: check
CVE-2025-14432 (In limited scenarios, sensitive data might be written to the log file ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2025-14252 (An Improper Access Control vulnerability in Advantech SUSI driver (sus ...)
- TODO: check
+ NOT-FOR-US: Advantech
CVE-2025-14002 (The WPCOM Member plugin for WordPress is vulnerable to authentication ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13956 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13794 (The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13741 (The Schedule Post Changes With PublishPress Future: Unpublish, Delete, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13532 (Insecure defaults in the Server Agent component of Fortra's Core Privi ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2025-13474 (Authorization Bypass Through User-Controlled Key vulnerability in Menu ...)
TODO: check
CVE-2025-13439 (The Fancy Product Designer plugin for WordPress is vulnerable to Infor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13231 (The Fancy Product Designer plugin for WordPress is vulnerable to Serve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12809 (The Dokan Pro plugin for WordPress is vulnerable to unauthorized acces ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11991 (The JetFormBuilder \u2014 Dynamic Blocks Form Builder plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11220 (The Elementor plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10900 (AA maliciously crafted MODEL file, when parsed through certain Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10899 (AA maliciously crafted MODEL file, when parsed through certain Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10898 (AA maliciously crafted MODEL file, when parsed through certain Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10889 (A maliciously crafted CATPART file, when parsed through certain Autode ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10888 (AA maliciously crafted MODEL file, when parsed through certain Autodes ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10887 (A maliciously crafted MODEL file, when parsed through certain Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10886 (A maliciously crafted MODEL file, when parsed through certain Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10884 (AA maliciously crafted CATPART file, when parsed through certain Autod ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10883 (A maliciously crafted CATPRODUCT file, when parsed through certain Aut ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10882 (AA maliciously crafted X_T file, when parsed through certain Autodesk ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10881 (A maliciously crafted CATPRODUCT file, when parsed through certain Aut ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2025-10450 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...)
- TODO: check
+ NOT-FOR-US: RTI Connext
CVE-2025-0836 (Missing Authorization vulnerability in Milestone Systems XProtect VMS ...)
TODO: check
CVE-2023-53903 (WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerabili ...)
@@ -773,7 +773,7 @@ CVE-2023-53898 (Rukovoditel 3.4.1 contains a stored cross-site scripting vulnera
CVE-2023-53897 (Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulner ...)
TODO: check
CVE-2023-53896 (D-Link DAP-1325 firmware version 1.01 contains a broken access control ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2023-53895 (PimpMyLog 1.7.14 contains an improper access control vulnerability tha ...)
TODO: check
CVE-2023-53894 (phpfm 1.7.9 contains an authentication bypass vulnerability that allow ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61310c185ab0ff1a63e3b1f35c3cd490760ade79
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/61310c185ab0ff1a63e3b1f35c3cd490760ade79
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251216/34c7ed12/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list