[Git][security-tracker-team/security-tracker][master] 2 commits: Process one NFU
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 24 21:41:22 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c071cdda by Salvatore Bonaccorso at 2025-02-24T22:28:39+01:00
Process one NFU
- - - - -
1769600b by Salvatore Bonaccorso at 2025-02-24T22:40:55+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,111 +1,111 @@
CVE-2025-27364 (In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code ...)
- TODO: check
+ NOT-FOR-US: MITRE Caldera
CVE-2025-27357 (Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI \xd6nceki ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27356 (Missing Authorization vulnerability in Hardik Sticky Header On Scroll ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27355 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27353 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Namaste! LMS al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27352 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27351 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27349 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27348 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27347 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27344 (Cross-Site Request Forgery (CSRF) vulnerability in filipstepanov Phee' ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27342 (Cross-Site Request Forgery (CSRF) vulnerability in josesan WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27341 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27340 (Cross-Site Request Forgery (CSRF) vulnerability in Marc F12-Profiler a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27339 (Cross-Site Request Forgery (CSRF) vulnerability in Will Anderson Minim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27336 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Prokopenko / J ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27335 (Cross-Site Request Forgery (CSRF) vulnerability in Free plug in by SEO ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27332 (Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Main ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27331 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27330 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27329 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27328 (Cross-Site Request Forgery (CSRF) vulnerability in queeez WP-PostRatin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27327 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27325 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27323 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27321 (Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27318 (Cross-Site Request Forgery (CSRF) vulnerability in ixiter Simple Googl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27317 (Cross-Site Request Forgery (CSRF) vulnerability in IT-RAYS RAYS Grid a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27316 (Cross-Site Request Forgery (CSRF) vulnerability in hosting.io JPG, PNG ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27315 (Cross-Site Request Forgery (CSRF) vulnerability in wptom All-In-One Cu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27312 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27311 (Cross-Site Request Forgery (CSRF) vulnerability in luk3thomas Bulk Con ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27307 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27305 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27304 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27303 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27301 (Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27300 (Deserialization of Untrusted Data vulnerability in giuliopanda ADFO al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27298 (Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27297 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27296 (Missing Authorization vulnerability in revenueflex Auto Ad Inserter \u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27294 (Missing Authorization vulnerability in platcom WP-Asambleas allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27290 (Cross-Site Request Forgery (CSRF) vulnerability in seyyed-amir Erima Z ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27280 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27277 (Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linke ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27276 (Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Galle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27272 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27266 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27265 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27133 (WeGIA is a Web manager for charitable institutions. A SQL Injection vu ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-27112 (Navidrome is an open source web-based music collection server and stre ...)
TODO: check
CVE-2025-26883 (Missing Authorization vulnerability in bPlugins Animated Text Block al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26803 (The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0. ...)
TODO: check
CVE-2025-26532 (Additional checks were required to ensure trusttext is applied (when e ...)
@@ -125,21 +125,21 @@ CVE-2025-26526 (Separate Groups mode restrictions were not factored into permiss
CVE-2025-26525 (Insufficient sanitizing in the TeX notation filter resulted in an arb ...)
TODO: check
CVE-2025-26201 (Credential disclosure vulnerability via the /staff route in GreaterWMS ...)
- TODO: check
+ NOT-FOR-US: GreaterWMS
CVE-2025-26200 (SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate pr ...)
- TODO: check
+ NOT-FOR-US: SLIMS
CVE-2025-25460 (A stored Cross-Site Scripting (XSS) vulnerability was identified in Fl ...)
TODO: check
CVE-2025-23017 (WorkOS Hosted AuthKit before 2025-01-07 allows a password authenticati ...)
- TODO: check
+ NOT-FOR-US: WorkOS Hosted AuthKit
CVE-2025-22495 (An improper input validation vulnerability was discovered in the NTP s ...)
TODO: check
CVE-2025-1632 (A vulnerability was found in libarchive up to 3.7.7. It has been class ...)
TODO: check
CVE-2025-1488 (The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0545 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Tekrom Technology T-Soft E-Commerce
CVE-2024-5174 (A flaw in Gliffy results in broken authentication through the reset fu ...)
TODO: check
CVE-2024-57026 (TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site Scripting ( ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b59acad68820c8a51a054047a316773cb2daa61...1769600b582edacadf52c075e63ce20a1441421b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6b59acad68820c8a51a054047a316773cb2daa61...1769600b582edacadf52c075e63ce20a1441421b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250224/7b103c48/attachment.htm>
More information about the debian-security-tracker-commits
mailing list