[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Dec 18 08:13:31 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
370b3c98 by security tracker role at 2025-12-18T08:13:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,649 @@
+CVE-2025-6326 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-6324 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-68463 (Bio.Entrez in Biopython through 186 allows doctype XXE.)
+ TODO: check
+CVE-2025-68459 (RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Rui ...)
+ TODO: check
+CVE-2025-68435 (Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 ...)
+ TODO: check
+CVE-2025-68434 (Open Source Point of Sale (opensourcepos) is a web based point of sale ...)
+ TODO: check
+CVE-2025-68433 (Zed, a code editor, has an aribtrary code execution vulnerability in v ...)
+ TODO: check
+CVE-2025-68432 (Zed, a code editor, has an aribtrary code execution vulnerability in v ...)
+ TODO: check
+CVE-2025-68429 (Storybook is a frontend workshop for building user interface component ...)
+ TODO: check
+CVE-2025-68401 (ChurchCRM is an open-source church management system. Prior to version ...)
+ TODO: check
+CVE-2025-68400 (ChurchCRM is an open-source church management system. A SQL Injection ...)
+ TODO: check
+CVE-2025-68399 (ChurchCRM is an open-source church management system. In versions prio ...)
+ TODO: check
+CVE-2025-68275 (ChurchCRM is an open-source church management system. Versions prior t ...)
+ TODO: check
+CVE-2025-68147 (Open Source Point of Sale (opensourcepos) is a web based point of sale ...)
+ TODO: check
+CVE-2025-68145 (In mcp-server-git versions prior to 2025.12.17, when the server is sta ...)
+ TODO: check
+CVE-2025-68144 (In mcp-server-git versions prior to 2025.12.17, the git_diff and git_c ...)
+ TODO: check
+CVE-2025-68143 (Model Context Protocol Servers is a collection of reference implementa ...)
+ TODO: check
+CVE-2025-68129 (Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. I ...)
+ TODO: check
+CVE-2025-68118 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
+ TODO: check
+CVE-2025-68114 (Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prio ...)
+ TODO: check
+CVE-2025-68112 (ChurchCRM is an open-source church management system. In versions prio ...)
+ TODO: check
+CVE-2025-68111 (ChurchCRM is an open-source church management system. In versions prio ...)
+ TODO: check
+CVE-2025-68110 (ChurchCRM is an open-source church management system. Versions prior t ...)
+ TODO: check
+CVE-2025-68109 (ChurchCRM is an open-source church management system. In versions prio ...)
+ TODO: check
+CVE-2025-67877 (ChurchCRM is an open-source church management system. Versions prior t ...)
+ TODO: check
+CVE-2025-67876 (ChurchCRM is an open-source church management system. A stored cross-s ...)
+ TODO: check
+CVE-2025-67875 (ChurchCRM is an open-source church management system. A privilege esca ...)
+ TODO: check
+CVE-2025-67873 (Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prio ...)
+ TODO: check
+CVE-2025-67794 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before ...)
+ TODO: check
+CVE-2025-67793 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through ...)
+ TODO: check
+CVE-2025-67792 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 2 ...)
+ TODO: check
+CVE-2025-67791 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through ...)
+ TODO: check
+CVE-2025-67790 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 2 ...)
+ TODO: check
+CVE-2025-67789 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 2 ...)
+ TODO: check
+CVE-2025-67787 (An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scriptin ...)
+ TODO: check
+CVE-2025-67781 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 2 ...)
+ TODO: check
+CVE-2025-67546 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-67493 (Homarr is an open-source dashboard. Prior to version 1.45.3, it was po ...)
+ TODO: check
+CVE-2025-66647 (RIOT is an open-source microcontroller operating system, designed to m ...)
+ TODO: check
+CVE-2025-66119 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66118 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66117 (Missing Authorization vulnerability in Ays Pro Easy Form easy-form all ...)
+ TODO: check
+CVE-2025-66116 (Insertion of Sensitive Information Into Sent Data vulnerability in Use ...)
+ TODO: check
+CVE-2025-66104 (Missing Authorization vulnerability in Anton Vanyukov Offload, AI & ...)
+ TODO: check
+CVE-2025-66102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-66100 (Missing Authorization vulnerability in Magnigenie RestroPress restropr ...)
+ TODO: check
+CVE-2025-66088 (Missing Authorization vulnerability in Property Hive PropertyHive prop ...)
+ TODO: check
+CVE-2025-66078 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-66074 (Unrestricted Upload of File with Dangerous Type vulnerability in Cozmo ...)
+ TODO: check
+CVE-2025-66070 (Missing Authorization vulnerability in Tomdever wpForo Forum wpforo al ...)
+ TODO: check
+CVE-2025-66068 (Missing Authorization vulnerability in InstaWP InstaWP Connect instawp ...)
+ TODO: check
+CVE-2025-66054 (Missing Authorization vulnerability in ThimPress LearnPress learnpress ...)
+ TODO: check
+CVE-2025-66029 (Open OnDemand provides remote web access to supercomputers. In version ...)
+ TODO: check
+CVE-2025-64378 (Missing Authorization vulnerability in CridioStudio ListingPro listing ...)
+ TODO: check
+CVE-2025-64377 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64376 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64375 (Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social N ...)
+ TODO: check
+CVE-2025-64374 (Unrestricted Upload of File with Dangerous Type vulnerability in Style ...)
+ TODO: check
+CVE-2025-64373 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64372 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64371 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-64295 (Insertion of Sensitive Information Into Sent Data vulnerability in Sye ...)
+ TODO: check
+CVE-2025-64273 (Missing Authorization vulnerability in GetResponse Email marketing for ...)
+ TODO: check
+CVE-2025-64272 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-64270 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-64268 (Missing Authorization vulnerability in Arraytics Timetics timetics all ...)
+ TODO: check
+CVE-2025-64266 (Deserialization of Untrusted Data vulnerability in magepeopleteam Book ...)
+ TODO: check
+CVE-2025-64260 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64258 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-64233 (Deserialization of Untrusted Data vulnerability in BoldThemes Codiqa c ...)
+ TODO: check
+CVE-2025-64231 (Unrestricted Upload of File with Dangerous Type vulnerability in Redef ...)
+ TODO: check
+CVE-2025-64230 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-64227 (Deserialization of Untrusted Data vulnerability in BoldGrid Client Inv ...)
+ TODO: check
+CVE-2025-64225 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
+ TODO: check
+CVE-2025-64223 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64222 (Missing Authorization vulnerability in FantasticPlugins WooCommerce Re ...)
+ TODO: check
+CVE-2025-64221 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64218 (Insertion of Sensitive Information Into Sent Data vulnerability in WP ...)
+ TODO: check
+CVE-2025-64217 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64214 (Missing Authorization vulnerability in StylemixThemes MasterStudy LMS ...)
+ TODO: check
+CVE-2025-64213 (Insertion of Sensitive Information Into Sent Data vulnerability in Sty ...)
+ TODO: check
+CVE-2025-64209 (Missing Authorization vulnerability in StylemixThemes Masterstudy mast ...)
+ TODO: check
+CVE-2025-64207 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64206 (Deserialization of Untrusted Data vulnerability in TieLabs Jannah jann ...)
+ TODO: check
+CVE-2025-64205 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64203 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64193 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-64192 (Missing Authorization vulnerability in 8theme XStore xstore allows Exp ...)
+ TODO: check
+CVE-2025-64191 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-64188 (Incorrect Privilege Assignment vulnerability in PenciDesign Soledad so ...)
+ TODO: check
+CVE-2025-63039 (Missing Authorization vulnerability in CridioStudio ListingPro listing ...)
+ TODO: check
+CVE-2025-60182 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-60180 (Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravit ...)
+ TODO: check
+CVE-2025-60178 (Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravit ...)
+ TODO: check
+CVE-2025-60174 (Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravit ...)
+ TODO: check
+CVE-2025-60091 (Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravit ...)
+ TODO: check
+CVE-2025-60090 (Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravit ...)
+ TODO: check
+CVE-2025-60089 (Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravit ...)
+ TODO: check
+CVE-2025-60088 (Missing Authorization vulnerability in Saleswonder Team: Tobias Webina ...)
+ TODO: check
+CVE-2025-60086 (Missing Authorization vulnerability in Matt WP Voting Contest wp-votin ...)
+ TODO: check
+CVE-2025-60084 (Deserialization of Untrusted Data vulnerability in add-ons.org PDF for ...)
+ TODO: check
+CVE-2025-60083 (Deserialization of Untrusted Data vulnerability in add-ons.org PDF Inv ...)
+ TODO: check
+CVE-2025-60082 (Deserialization of Untrusted Data vulnerability in add-ons.org PDF for ...)
+ TODO: check
+CVE-2025-60081 (Deserialization of Untrusted Data vulnerability in add-ons.org PDF for ...)
+ TODO: check
+CVE-2025-60080 (Deserialization of Untrusted Data vulnerability in add-ons.org PDF for ...)
+ TODO: check
+CVE-2025-60079 (Missing Authorization vulnerability in bPlugins Parallax Section block ...)
+ TODO: check
+CVE-2025-60078 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60077 (Missing Authorization vulnerability in YayCommerce YayPricing yayprici ...)
+ TODO: check
+CVE-2025-60076 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60072 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60071 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60070 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-60069 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60068 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-60067 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60066 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60065 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60064 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60063 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60062 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-60061 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60060 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60059 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60058 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60057 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60056 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60055 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60054 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60053 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60052 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60051 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60050 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60049 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60048 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60047 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60046 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60045 (Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate ...)
+ TODO: check
+CVE-2025-60044 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60043 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-60042 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-59849 (Improper management of Content Security Policy in HCL BigFix Remote Co ...)
+ TODO: check
+CVE-2025-59134 (Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigrat ...)
+ TODO: check
+CVE-2025-58951 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-58950 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58949 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58948 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58947 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58946 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58945 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58944 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58943 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58942 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58941 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58940 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58938 (Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate ...)
+ TODO: check
+CVE-2025-58937 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58936 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58935 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58934 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58933 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58932 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58931 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58930 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58929 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58928 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58927 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58926 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58925 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58923 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58901 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58900 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58899 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58898 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58896 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58895 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58894 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58893 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58892 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58891 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58890 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58889 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58888 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58885 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58879 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58877 (Missing Authorization vulnerability in javothemes Javo Core javo-core ...)
+ TODO: check
+CVE-2025-58803 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58710 (Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listin ...)
+ TODO: check
+CVE-2025-58709 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58708 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58706 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-58225 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-57897 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-55707 (Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-p ...)
+ TODO: check
+CVE-2025-55254 (Improper management of Path-relative stylesheet import in HCL BigFix R ...)
+ TODO: check
+CVE-2025-54751 (Missing Authorization vulnerability in WPXPO PostX ultimate-post allow ...)
+ TODO: check
+CVE-2025-54748 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-54745 (Missing Authorization vulnerability in miniOrange miniOrange's Google ...)
+ TODO: check
+CVE-2025-54743 (Missing Authorization vulnerability in mkscripts Download After Email ...)
+ TODO: check
+CVE-2025-54741 (Missing Authorization vulnerability in Tyler Moore Super Blank super-b ...)
+ TODO: check
+CVE-2025-54723 (Deserialization of Untrusted Data vulnerability in BoldThemes DentiCar ...)
+ TODO: check
+CVE-2025-53453 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53449 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53448 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53447 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53446 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53445 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53443 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53442 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53441 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53439 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53438 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53437 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53436 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53435 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53434 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53433 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53432 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53431 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53430 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53429 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53000 (The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to v ...)
+ TODO: check
+CVE-2025-52768 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-52745 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49943 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49942 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49941 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49919 (Insertion of Sensitive Information Into Sent Data vulnerability in WPC ...)
+ TODO: check
+CVE-2025-49918 (Insertion of Sensitive Information Into Sent Data vulnerability in e4j ...)
+ TODO: check
+CVE-2025-49914 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
+ TODO: check
+CVE-2025-49902 (Missing Authorization vulnerability in A WP Life Login Page Customizer ...)
+ TODO: check
+CVE-2025-49379 (Incorrect Privilege Assignment vulnerability in silverplugins217 Custo ...)
+ TODO: check
+CVE-2025-49371 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49370 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49369 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49368 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49367 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49366 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49365 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49364 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49363 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49362 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49361 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49360 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49359 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-49041 (Missing Authorization vulnerability in The African Boss Get Cash get-c ...)
+ TODO: check
+CVE-2025-47387 (Memory Corruption when processing IOCTLs for JPEG data without verific ...)
+ TODO: check
+CVE-2025-47382 (Memory corruption while loading an invalid firmware in boot loader.)
+ TODO: check
+CVE-2025-47372 (Memory Corruption when a corrupted ELF image with an oversized file si ...)
+ TODO: check
+CVE-2025-47350 (Memory corruption while handling concurrent memory mapping and unmappi ...)
+ TODO: check
+CVE-2025-47325 (Information disclosure while processing system calls with invalid para ...)
+ TODO: check
+CVE-2025-47323 (Memory corruption while routing GPR packets between user and root when ...)
+ TODO: check
+CVE-2025-47322 (Memory corruption while handling IOCTL calls to set mode.)
+ TODO: check
+CVE-2025-47321 (Memory corruption while copying packets received from unix clients.)
+ TODO: check
+CVE-2025-47320 (Memory corruption while processing MFC channel configuration during mu ...)
+ TODO: check
+CVE-2025-47319 (Information disclosure while exposing internal TA-to-TA communication ...)
+ TODO: check
+CVE-2025-46292 (This issue was addressed with additional entitlement checks. This issu ...)
+ TODO: check
+CVE-2025-46291 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2025-46288 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-46283 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2025-46282 (The issue was addressed with additional permissions checks. This issue ...)
+ TODO: check
+CVE-2025-46281 (A logic issue was addressed with improved checks. This issue is fixed ...)
+ TODO: check
+CVE-2025-46279 (A permissions issue was addressed with additional restrictions. This i ...)
+ TODO: check
+CVE-2025-46278 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2025-46277 (A logging issue was addressed with improved data redaction. This issue ...)
+ TODO: check
+CVE-2025-43533 (Multiple memory corruption issues were addressed with improved input v ...)
+ TODO: check
+CVE-2025-43526 (This issue was addressed with improved URL validation. This issue is f ...)
+ TODO: check
+CVE-2025-43514 (The issue was addressed with improved handling of caches. This issue i ...)
+ TODO: check
+CVE-2025-43475 (A logging issue was addressed with improved data redaction. This issue ...)
+ TODO: check
+CVE-2025-43428 (A configuration issue was addressed with additional restrictions. This ...)
+ TODO: check
+CVE-2025-27063 (Memory corruption during video playback when video session open fails ...)
+ TODO: check
+CVE-2025-14856 (A security vulnerability has been detected in y_project RuoYi up to 4. ...)
+ TODO: check
+CVE-2025-14841 (A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element ...)
+ TODO: check
+CVE-2025-14837 (A vulnerability has been found in ZZCMS 2025. Affected by this issue i ...)
+ TODO: check
+CVE-2025-14836 (A flaw has been found in ZZCMS 2025. Affected by this vulnerability is ...)
+ TODO: check
+CVE-2025-14834 (A weakness has been identified in code-projects Simple Stock System 1. ...)
+ TODO: check
+CVE-2025-14833 (A security flaw has been discovered in code-projects Online Appointmen ...)
+ TODO: check
+CVE-2025-14832 (A vulnerability was identified in itsourcecode Online Cake Ordering Sy ...)
+ TODO: check
+CVE-2025-14764 (Missing cryptographic key commitment in the Amazon S3 Encryption Clien ...)
+ TODO: check
+CVE-2025-14763 (Missing cryptographic key commitment in the Amazon S3 Encryption Clien ...)
+ TODO: check
+CVE-2025-14762 (Missing cryptographic key commitment in the AWS SDK for Ruby may allow ...)
+ TODO: check
+CVE-2025-14761 (Missing cryptographic key commitment in the AWS SDK for PHP may allow ...)
+ TODO: check
+CVE-2025-14760 (Missing cryptographic key commitment in the AWS SDK for C++ may allow ...)
+ TODO: check
+CVE-2025-14759 (Missing cryptographic key commitment in the Amazon S3 Encryption Clien ...)
+ TODO: check
+CVE-2025-14319
+ REJECTED
+CVE-2025-14318 (Improper access checks in M-Files Server before 25.12 allows users to ...)
+ TODO: check
+CVE-2025-14314 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-14268
+ REJECTED
+CVE-2025-14202 (A vulnerability in the file upload at bookmark + asset rendering pipel ...)
+ TODO: check
+CVE-2025-13498 (The Download Manager plugin for WordPress is vulnerable to unauthorize ...)
+ TODO: check
+CVE-2025-12976 (The Events Manager \u2013 Calendar, Bookings, Tickets, and more! plugi ...)
+ TODO: check
+CVE-2025-12885 (The Embed Any Document \u2013 Embed PDF, Word, PowerPoint and Excel Fi ...)
+ TODO: check
+CVE-2025-10019 (Authorization Bypass Through User-Controlled Key vulnerability in code ...)
+ TODO: check
+CVE-2023-53933 (Serendipity 2.4.0 contains a remote code execution vulnerability that ...)
+ TODO: check
+CVE-2023-53932 (Serendipity 2.4.0 contains a stored cross-site scripting vulnerability ...)
+ TODO: check
+CVE-2023-53931 (Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in ...)
+ TODO: check
+CVE-2023-53930 (ProjectSend r1605 contains an insecure direct object reference vulnera ...)
+ TODO: check
+CVE-2023-53929 (phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows aut ...)
+ TODO: check
+CVE-2023-53928 (PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability ...)
+ TODO: check
+CVE-2023-53927 (PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulne ...)
+ TODO: check
+CVE-2023-53926 (PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in th ...)
+ TODO: check
+CVE-2023-53925 (UliCMS 2023.1 contains a stored cross-site scripting vulnerability tha ...)
+ TODO: check
+CVE-2023-53924 (UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnera ...)
+ TODO: check
+CVE-2023-53923 (UliCMS 2023.1 contains a privilege escalation vulnerability that allow ...)
+ TODO: check
+CVE-2023-53922 (TinyWebGallery v2.5 contains a remote code execution vulnerability in ...)
+ TODO: check
+CVE-2023-53921 (SitemagicCMS 4.4.3 contains a remote code execution vulnerability that ...)
+ TODO: check
+CVE-2023-53920 (PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerab ...)
+ TODO: check
+CVE-2023-53919 (PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerab ...)
+ TODO: check
+CVE-2023-53918 (PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerab ...)
+ TODO: check
+CVE-2023-53917 (Affiliate Me version 5.0.1 contains a SQL injection vulnerability in t ...)
+ TODO: check
+CVE-2023-53916 (Zenphoto 1.6 contains a stored cross-site scripting vulnerability in t ...)
+ TODO: check
+CVE-2023-53915 (Zenphoto 1.6 contains a stored cross-site scripting vulnerability that ...)
+ TODO: check
+CVE-2023-53914 (UliCMS 2023.1 contains an authentication bypass vulnerability that all ...)
+ TODO: check
+CVE-2023-53913 (Rukovoditel 3.3.1 contains a CSV injection vulnerability that allows a ...)
+ TODO: check
+CVE-2023-53912 (USB Flash Drives Control 4.1.0.0 contains an unquoted service path vul ...)
+ TODO: check
+CVE-2023-53911 (Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerabi ...)
+ TODO: check
+CVE-2023-53910 (WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability th ...)
+ TODO: check
+CVE-2023-53909 (WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability th ...)
+ TODO: check
+CVE-2023-53908 (HiSecOS 04.0.01 contains a privilege escalation vulnerability that all ...)
+ TODO: check
+CVE-2023-53907 (Bludit versions before 3.13.1 contain an authenticated file download v ...)
+ TODO: check
+CVE-2023-53906 (projectSend r1605 contains a stored cross-site scripting vulnerability ...)
+ TODO: check
+CVE-2023-53905 (ProjectSend r1605 contains a CSV injection vulnerability that allows a ...)
+ TODO: check
+CVE-2023-53904 (Xenforo 2.2.13 contains a stored cross-site scripting vulnerability th ...)
+ TODO: check
CVE-2025-67895 (Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow ...)
NOT-FOR-US: Apache Airflow Providers Edge3
CVE-2025-67285 (A SQL injection vulnerability was found in the '/cts/admin/?page=zone' ...)
@@ -223,7 +869,7 @@ CVE-2025-14177
- php8.2 <removed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7
-CVE-2025-68462 [backups: Set proper permissions for backups-data directory]
+CVE-2025-68462 (Freedombox before 25.17.1 does not set proper permissions for the back ...)
- freedombox 25.17.1
[trixie] - freedombox <no-dsa> (Minor issue)
[bookworm] - freedombox <no-dsa> (Minor issue)
@@ -1698,11 +2344,11 @@ CVE-2025-14652 (A vulnerability was found in itsourcecode Online Cake Ordering S
NOT-FOR-US: itsourcecode System
CVE-2025-14651 (A vulnerability has been found in MartialBE one-hub up to 0.14.27. Thi ...)
NOT-FOR-US: MartialBE one-hub
-CVE-2025-68461 [Cross-Site-Scripting vulnerability via SVG's animate tag]
+CVE-2025-68461 (Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cr ...)
- roundcube 1.6.12+dfsg-1 (bug #1122899)
NOTE: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb (1.6.12)
-CVE-2025-68460 [Information Disclosure vulnerability in the HTML style sanitizer]
+CVE-2025-68460 (Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a in ...)
- roundcube 1.6.12+dfsg-1 (bug #1122899)
NOTE: https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12
NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/08de250fba731b634bed188bbe18d2f6ef3c7571 (1.6.12)
@@ -1865,7 +2511,8 @@ CVE-2025-46276 (An information disclosure issue was addressed with improved priv
NOT-FOR-US: Apple
CVE-2025-43542 (This issue was addressed with improved state management. This issue is ...)
NOT-FOR-US: Apple
-CVE-2025-43541 [Malicious web content may lead to an unexpected process crash]
+CVE-2025-43541 (A type confusion issue was addressed with improved state handling. Thi ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -1876,14 +2523,16 @@ CVE-2025-43539 (The issue was addressed with improved bounds checks. This issue
NOT-FOR-US: Apple
CVE-2025-43538 (A logging issue was addressed with improved data redaction. This issue ...)
NOT-FOR-US: Apple
-CVE-2025-43536 [Malicious web content may lead to an unexpected process crash]
+CVE-2025-43536 (A use-after-free issue was addressed with improved memory management. ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
-CVE-2025-43535 [Malicious web content may lead to an unexpected process crash]
+CVE-2025-43535 (The issue was addressed with improved memory handling. This issue is f ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -1892,7 +2541,8 @@ CVE-2025-43535 [Malicious web content may lead to an unexpected process crash]
NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43532 (A memory corruption issue was addressed with improved bounds checking. ...)
NOT-FOR-US: Apple
-CVE-2025-43531 [Malicious web content may lead to an unexpected process crash]
+CVE-2025-43531 (A race condition was addressed with improved state handling. This issu ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -1901,7 +2551,8 @@ CVE-2025-43531 [Malicious web content may lead to an unexpected process crash]
NOTE: https://webkitgtk.org/security/WSA-2025-0010.html
CVE-2025-43530 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2025-43529 [Malicious web content may lead to arbitrary code execution]
+CVE-2025-43529 (A use-after-free issue was addressed with improved memory management. ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -1938,7 +2589,8 @@ CVE-2025-43509 (This issue was addressed with improved data protection. This iss
NOT-FOR-US: Apple
CVE-2025-43506 (A logic error was addressed with improved error handling. This issue i ...)
NOT-FOR-US: Apple
-CVE-2025-43501 [Malicious web content may lead to an unexpected process crash]
+CVE-2025-43501 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ {DSA-6083-1}
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -2175,6 +2827,7 @@ CVE-2025-14565 (A vulnerability was identified in kidaze CourseSelectionSystem u
CVE-2025-14442 (The Secure Copy Content Protection and Content Locking plugin for Word ...)
NOT-FOR-US: WordPress plugin
CVE-2025-14174 (Out of bounds memory access in ANGLE in Google Chrome on Mac prior to ...)
+ {DSA-6083-1}
- chromium <not-affected> (Only affects Chromium on MacOS)
- webkit2gtk 2.50.4-1
- wpewebkit 2.50.4-1
@@ -14995,11 +15648,11 @@ CVE-2025-43496 (The issue was addressed by adding additional logic. This issue i
NOT-FOR-US: Apple
CVE-2025-43495 (The issue was addressed with improved checks. This issue is fixed in i ...)
NOT-FOR-US: Apple
-CVE-2025-43493 (The issue was addressed with improved checks. This issue is fixed in i ...)
+CVE-2025-43493 (The issue was addressed with improved checks. This issue is fixed in m ...)
NOT-FOR-US: Apple
CVE-2025-43481 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
-CVE-2025-43480 (The issue was addressed with improved checks. This issue is fixed in S ...)
+CVE-2025-43480 (The issue was addressed with improved checks. This issue is fixed in t ...)
{DSA-5792-1}
- webkit2gtk 2.46.0-1
- wpewebkit 2.46.0-1
@@ -15070,7 +15723,7 @@ CVE-2025-43442 (A permissions issue was addressed with additional restrictions.
NOT-FOR-US: Apple
CVE-2025-43441 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
-CVE-2025-43440 (This issue was addressed with improved checks This issue is fixed in S ...)
+CVE-2025-43440 (This issue was addressed with improved checks This issue is fixed in t ...)
{DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/370b3c98cc69385d8a0e8a0bdba63fdd2cc4e427
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/370b3c98cc69385d8a0e8a0bdba63fdd2cc4e427
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251218/483a6a7a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list