[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 29 20:14:30 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bdaf6b2c by security tracker role at 2025-12-29T20:14:16+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,143 @@
+CVE-2025-69211 (Nest is a framework for building scalable Node.js server-side applicat ...)
+	TODO: check
+CVE-2025-69206 (Hemmelig is a messing app with with client-side encryption and self-de ...)
+	TODO: check
+CVE-2025-69202 (Axios Cache Interceptor is a cache interceptor for axios. Prior to ver ...)
+	TODO: check
+CVE-2025-69201 (Tugtainer is a self-hosted app for automating updates of docker contai ...)
+	TODO: check
+CVE-2025-69200 (phpMyFAQ is an open source FAQ web application. In versions prior to 4 ...)
+	TODO: check
+CVE-2025-68951 (phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4. ...)
+	TODO: check
+CVE-2025-68929 (Frappe is a full-stack web application framework. Prior to versions 14 ...)
+	TODO: check
+CVE-2025-68928 (Frappe CRM is an open-source customer relationship management tool. Pr ...)
+	TODO: check
+CVE-2025-68897 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+	TODO: check
+CVE-2025-68893 (Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress ...)
+	TODO: check
+CVE-2025-68879 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-68878 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-68877 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-68876 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-68870 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+	TODO: check
+CVE-2025-68868 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-68861 (Missing Authorization vulnerability in Plugin Optimizer allows Exploit ...)
+	TODO: check
+CVE-2025-68706 (A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon o ...)
+	TODO: check
+CVE-2025-68431 (libheif is an HEIF and AVIF file format decoder and encoder. Prior to  ...)
+	TODO: check
+CVE-2025-67255 (In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack pro ...)
+	TODO: check
+CVE-2025-67254 (NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traver ...)
+	TODO: check
+CVE-2025-66877 (Buffer overflow vulnerability in function dcputchar in decompile.c in  ...)
+	TODO: check
+CVE-2025-66869 (Buffer overflow vulnerability in function strcat in asan_interceptors. ...)
+	TODO: check
+CVE-2025-66866 (An issue was discovered in function d_abi_tags in file cp-demangle.c i ...)
+	TODO: check
+CVE-2025-66865 (An issue was discovered in function d_print_comp_inner in file cp-dema ...)
+	TODO: check
+CVE-2025-66864 (An issue was discovered in function d_print_comp_inner in file cp-dema ...)
+	TODO: check
+CVE-2025-66863 (An issue was discovered in function d_discriminator in file cp-demangl ...)
+	TODO: check
+CVE-2025-66862 (A buffer overflow vulnerability in function gnu_special in file cplus- ...)
+	TODO: check
+CVE-2025-66861 (An issue was discovered in function d_unqualified_name in file cp-dema ...)
+	TODO: check
+CVE-2025-65570 (A type confusion in jsish 2.0 allows incorrect control flow during exe ...)
+	TODO: check
+CVE-2025-65442 (DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel  ...)
+	TODO: check
+CVE-2025-60458 (UxPlay 1.72 contains a double free vulnerability in its RTSP request h ...)
+	TODO: check
+CVE-2025-57462 (Reflected Cross site scripting (xss) in machsol machpanel 8.0.32 allow ...)
+	TODO: check
+CVE-2025-57460 (File upload vulnerability in machsol machpanel 8.0.32 allows attacker  ...)
+	TODO: check
+CVE-2025-56333 (An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remot ...)
+	TODO: check
+CVE-2025-55064 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
+	TODO: check
+CVE-2025-55063 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
+	TODO: check
+CVE-2025-55062 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
+	TODO: check
+CVE-2025-55061 (CWE-434 Unrestricted Upload of File with Dangerous Type)
+	TODO: check
+CVE-2025-55060 (CWE-601 URL Redirection to Untrusted Site ('Open Redirect'))
+	TODO: check
+CVE-2025-53627 (Meshtastic is an open source mesh networking solution. The Meshtastic  ...)
+	TODO: check
+CVE-2025-15202 (A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This  ...)
+	TODO: check
+CVE-2025-15201 (A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted e ...)
+	TODO: check
+CVE-2025-15200 (A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The aff ...)
+	TODO: check
+CVE-2025-15199 (A security vulnerability has been detected in code-projects College No ...)
+	TODO: check
+CVE-2025-15198 (A weakness has been identified in code-projects College Notes Uploadin ...)
+	TODO: check
+CVE-2025-15197 (A security flaw has been discovered in code-projects/anirbandutta9 Con ...)
+	TODO: check
+CVE-2025-15196 (A vulnerability was identified in code-projects Assessment Management  ...)
+	TODO: check
+CVE-2025-15195 (A vulnerability was determined in code-projects Assessment Management  ...)
+	TODO: check
+CVE-2025-15194 (A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected  ...)
+	TODO: check
+CVE-2025-15193 (A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This aff ...)
+	TODO: check
+CVE-2025-15192 (A security vulnerability has been detected in D-Link DWR-M920 up to 1. ...)
+	TODO: check
+CVE-2025-15191 (A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The af ...)
+	TODO: check
+CVE-2025-15190 (A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. I ...)
+	TODO: check
+CVE-2025-15189 (A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This i ...)
+	TODO: check
+CVE-2025-15188 (A vulnerability was determined in Campcodes Complete Online Beauty Par ...)
+	TODO: check
+CVE-2025-15187 (A vulnerability was found in GreenCMS up to 2.3. This affects an unkno ...)
+	TODO: check
+CVE-2025-15186 (A vulnerability has been found in code-projects Refugee Food Managemen ...)
+	TODO: check
+CVE-2025-15185 (A flaw has been found in code-projects Refugee Food Management System  ...)
+	TODO: check
+CVE-2025-15184 (A vulnerability was detected in code-projects Refugee Food Management  ...)
+	TODO: check
+CVE-2025-15183 (A security vulnerability has been detected in code-projects Refugee Fo ...)
+	TODO: check
+CVE-2025-15182 (A weakness has been identified in code-projects Refugee Food Managemen ...)
+	TODO: check
+CVE-2025-15181 (A security flaw has been discovered in code-projects Refugee Food Mana ...)
+	TODO: check
+CVE-2025-15180 (A vulnerability was identified in Tenda WH450 1.0.0.18. The affected e ...)
+	TODO: check
+CVE-2025-14728 (Rapid7 Velociraptor versions before 0.75.6 contain a directory travers ...)
+	TODO: check
+CVE-2025-14280 (The PixelYourSite plugin for WordPress is vulnerable to Sensitive Info ...)
+	TODO: check
+CVE-2025-14175 (A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows th ...)
+	TODO: check
+CVE-2025-13592 (The Advanced Ads plugin for WordPress is vulnerable to Remote Code Exe ...)
+	TODO: check
+CVE-2024-30855 (DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (C ...)
+	TODO: check
+CVE-2024-25181 (A critical vulnerability has been identified in givanz VvvebJs 1.7.2,  ...)
+	TODO: check
 CVE-2025-52691 (Successful exploitation of the vulnerability could allow an unauthenti ...)
 	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2025-15228 (BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Up ...)
@@ -50891,6 +51031,7 @@ CVE-2025-51629 (A cross-site scripting (XSS) vulnerability in the PdfViewer comp
 CVE-2025-51533 (An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 an ...)
 	NOT-FOR-US: Sage DPW
 CVE-2025-50952 (openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference  ...)
+	{DLA-4424-1}
 	- openjpeg2 2.5.3-1
 	[bookworm] - openjpeg2 2.5.0-2+deb12u2
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1505



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdaf6b2c9465b8552316f2497551a09589ac0213

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdaf6b2c9465b8552316f2497551a09589ac0213
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251229/cb193651/attachment.htm>

More information about the debian-security-tracker-commits mailing list