[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 4 21:13:10 BST 2025



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fd20928b by security tracker role at 2025-07-04T20:13:04+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,21 +3,21 @@ CVE-2025-7067 (A vulnerability classified as problematic was found in HDF5 1.14.
 CVE-2025-7066 (Jirafeau normally prevents browser preview for text files due to the p ...)
 	TODO: check
 CVE-2025-7061 (A vulnerability was found in Intelbras InControl up to 2.21.60.9. It h ...)
-	TODO: check
+	NOT-FOR-US: Intelbras
 CVE-2025-7060 (A vulnerability was found in Monitorr up to 1.7.6m. It has been classi ...)
 	TODO: check
 CVE-2025-6740 (The Contact Form 7 Database Addon plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6056 (Timing difference in password reset in Ergon Informatik AG's Airlock I ...)
 	TODO: check
 CVE-2025-5920 (The Sharable Password Protected Posts before version 1.1.1 allows acce ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-53569 (Cross-Site Request Forgery (CSRF) vulnerability in Trust Payments Trus ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-53568 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli Radio St ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-53566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-53485 (SetTranslationHandler.php does not validate that the user is an electi ...)
 	TODO: check
 CVE-2025-53484 (User-controlled inputs are improperly escaped in:       *   VotePage.p ...)
@@ -41,7 +41,7 @@ CVE-2025-52828 (Deserialization of Untrusted Data vulnerability in designthemes
 CVE-2025-52813 (Missing Authorization vulnerability in pietro MobiLoud allows Exploiti ...)
 	TODO: check
 CVE-2025-52807 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-52805 (Path Traversal vulnerability in VaultDweller Leyka allows PHP Local Fi ...)
 	TODO: check
 CVE-2025-52798 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -87,11 +87,11 @@ CVE-2025-49303 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
 CVE-2025-49302 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	TODO: check
 CVE-2025-49274 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49247 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49245 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49070 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	TODO: check
 CVE-2025-48231 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -101,85 +101,85 @@ CVE-2025-48172 (CHMLib through 2bef8d0, as used in SumatraPDF and other products
 CVE-2025-47634 (Missing Authorization vulnerability in Keylor Mendoza WC Pickup Store  ...)
 	TODO: check
 CVE-2025-47627 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47565 (Missing Authorization vulnerability in ashanjay EventON allows Exploit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47479 (Weak Authentication vulnerability in AresIT WP Compress allows Authent ...)
 	TODO: check
 CVE-2025-46733 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion  ...)
 	TODO: check
 CVE-2025-39487 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32918 (Improper neutralization of Livestatus command delimiters in autocomple ...)
 	TODO: check
 CVE-2025-32311 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32297 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31037 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30983 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30969 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30947 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30943 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30933 (Unrestricted Upload of File with Dangerous Type vulnerability in Liqui ...)
 	TODO: check
 CVE-2025-30929 (Missing Authorization vulnerability in amazewp fluXtore allows Exploit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-29012 (Missing Authorization vulnerability in kamleshyadav CF7 7 Mailchimp Ad ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-29007 (Missing Authorization vulnerability in LMSACE LMSACE Connect allows Ex ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-29001 (Missing Authorization vulnerability in ZoomIt WooCommerce Shop Page Bu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28983 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28980 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	TODO: check
 CVE-2025-28978 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28976 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	TODO: check
 CVE-2025-28971 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28969 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28968 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28967 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28963 (Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin Ul Haide ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28957 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28951 (Unrestricted Upload of File with Dangerous Type vulnerability in Creed ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-27358 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-27326 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-26591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24780 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2025-24771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24764 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24757 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24748 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24735 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-23972 (Cross-Site Request Forgery (CSRF) vulnerability in Brian S. Reed Conta ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-23970 (Incorrect Privilege Assignment vulnerability in aonetheme Service Find ...)
 	TODO: check
 CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The bearer tok ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd20928b0e13a8273be75e10e02f4396033f1042

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd20928b0e13a8273be75e10e02f4396033f1042
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250704/c8adb746/attachment.htm>


More information about the debian-security-tracker-commits mailing list