[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 23 20:17:01 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ec216439 by security tracker role at 2025-12-23T20:16:53+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,23 @@
 CVE-2025-68561 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68560 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68557 (Missing Authorization vulnerability in Vikas Ratudi Chakra test allows ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68556 (Missing Authorization vulnerability in VillaTheme HAPPY allows Exploit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68551 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68550 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68548 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68546 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68544 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67111 (An integer overflow in the RTPS protocol implementation of OpenDDS DDS ...)
 	TODO: check
 CVE-2025-67109 (Improper verification of the time certificate in Eclipse Cyclone DDS b ...)
@@ -35,17 +35,17 @@ CVE-2025-65410 (A stack overflow in the src/main.c component of GNU Unrtf v0.21.
 CVE-2025-65354 (Improper input handling in /Grocery/search_products_itname.php inPunee ...)
 	TODO: check
 CVE-2025-59886 (Improper input validation at one of the endpoints of Eaton xComfort EC ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2025-51511 (Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerabili ...)
 	TODO: check
 CVE-2025-50526 (Netgear EX8000 V1.0.0.126 was discovered to contain a command injectio ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-48864
 	REJECTED
 CVE-2025-48863
 	REJECTED
 CVE-2025-45493 (Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the i ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2025-33224 (NVIDIA Isaac Launchable contains a vulnerability where an attacker cou ...)
 	TODO: check
 CVE-2025-33223 (NVIDIA Isaac Launchable contains a vulnerability where an attacker cou ...)
@@ -53,29 +53,29 @@ CVE-2025-33223 (NVIDIA Isaac Launchable contains a vulnerability where an attack
 CVE-2025-33222 (NVIDIA Isaac Launchable contains a vulnerability where an attacker cou ...)
 	TODO: check
 CVE-2025-29229 (linksys E5600 V1.1.0.26 is vulnerable to command injection in the func ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2025-29228 (Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runt ...)
-	TODO: check
+	NOT-FOR-US: Linksys
 CVE-2025-25364 (A command injection vulnerability in the me.connectify.SMJobBlessHelpe ...)
 	TODO: check
 CVE-2025-14635 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14548 (The Calendar plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14388 (The PhastPress plugin for WordPress is vulnerable to Unauthenticated A ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14163 (The Premium Addons for Elementor plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14155 (The Premium Addons for Elementor \u2013 Powerful Elementor Templates & ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-14000 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13183 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-13074
 	REJECTED
 CVE-2025-12934 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10863
 	REJECTED
 CVE-2024-9684 (FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers t ...)
@@ -83,7 +83,7 @@ CVE-2024-9684 (FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attack
 CVE-2024-57521 (SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remot ...)
 	TODO: check
 CVE-2024-24844 (Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2024-10398
 	REJECTED
 CVE-2023-5094
@@ -95,7 +95,7 @@ CVE-2023-5092
 CVE-2023-53982 (PMB 7.4.6 contains a SQL injection vulnerability in the storage parame ...)
 	TODO: check
 CVE-2023-52210 (Vulnerability in Tyche softwares Product Delivery Date for WooCommerce ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2021-47739 (Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulne ...)
 	TODO: check
 CVE-2021-47738 (CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec216439c06835eccbcd5e54a69b638f48c88b1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec216439c06835eccbcd5e54a69b638f48c88b1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251223/68235866/attachment.htm>

More information about the debian-security-tracker-commits mailing list