[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 8 16:01:23 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1749e0b by Moritz Mühlenhoff at 2025-07-08T17:01:05+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-7346 (Any unauthenticated attacker can bypass the localhost  restrictions po ...)
-	TODO: check
+	- pyload <itp> (bug #1001980)
 CVE-2025-7327 (The Widget for Google Reviews plugin for WordPress is vulnerable to Di ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-7168 (A vulnerability was found in code-projects Crime Reporting System 1.0. ...)
@@ -27,11 +27,11 @@ CVE-2025-7158 (A vulnerability was found in PHPGurukul Zoo Management System 2.1
 CVE-2025-7157 (A vulnerability was found in code-projects Online Note Sharing 1.0. It ...)
 	NOT-FOR-US: code-projects
 CVE-2025-7156 (A vulnerability has been found in hitsz-ids airda 0.0.3 and classified ...)
-	TODO: check
+	NOT-FOR-US: hitsz-ids airda
 CVE-2025-7155 (A vulnerability, which was classified as critical, was found in PHPGur ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-7154 (A vulnerability, which was classified as critical, has been found in T ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-7153 (A vulnerability classified as problematic was found in CodeAstro Simpl ...)
 	NOT-FOR-US: CodeAstro
 CVE-2025-7152 (A vulnerability classified as critical has been found in Campcodes Adv ...)
@@ -47,7 +47,7 @@ CVE-2025-7148 (A vulnerability was found in CodeAstro Simple Hospital Management
 CVE-2025-7147 (A vulnerability has been found in CodeAstro Patient Record Management  ...)
 	NOT-FOR-US: CodeAstro
 CVE-2025-7146 (The iPublish System developed by Jhenggao has an Arbitrary File Readin ...)
-	TODO: check
+	NOT-FOR-US: iPublish
 CVE-2025-7144 (A vulnerability has been found in SourceCodester Best Salon Management ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-6746 (The WoodMart plugin for WordPress is vulnerable to Local File Inclusio ...)
@@ -395,21 +395,21 @@ CVE-2025-43930 (Hashview 0.8.1 allows account takeover via the password reset fe
 CVE-2025-3920 (A vulnerability was identified in SUR-FBD CMMS where hard-coded creden ...)
 	NOT-FOR-US: SUR-FBD CMMS
 CVE-2025-3777 (Hugging Face Transformers versions up to 4.49.0 are affected by an imp ...)
-	TODO: check
+	NOT-FOR-US: Hugging Face Transformers
 CVE-2025-3705 (A physical attacker with no privileges can gain full control of the af ...)
-	TODO: check
+	NOT-FOR-US: Frauscher
 CVE-2025-3626 (A remote attacker with administrator account can gain full control of  ...)
-	TODO: check
+	NOT-FOR-US: Frauscher
 CVE-2025-3467 (An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3 ...)
 	NOT-FOR-US: Dify
 CVE-2025-3466 (langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized  ...)
 	NOT-FOR-US: Dify
 CVE-2025-3264 (A Regular Expression Denial of Service (ReDoS) vulnerability was disco ...)
-	TODO: check
+	NOT-FOR-US: Hugging Face Transformers
 CVE-2025-3263 (A Regular Expression Denial of Service (ReDoS) vulnerability was disco ...)
-	TODO: check
+	NOT-FOR-US: Hugging Face Transformers
 CVE-2025-3262 (A Regular Expression Denial of Service (ReDoS) vulnerability was disco ...)
-	TODO: check
+	NOT-FOR-US: Hugging Face Transformers
 CVE-2025-3225 (An XML Entity Expansion vulnerability, also known as a 'billion laughs ...)
 	NOT-FOR-US: run-llama/llama_index
 CVE-2025-3046 (A vulnerability in the `ObsidianReader` class of the run-llama/llama_i ...)
@@ -563,7 +563,7 @@ CVE-2025-53167 (Authentication vulnerability in the distributed collaboration fr
 CVE-2025-48501 (An OS command injection issue exists in Nimesa Backup and Recovery v2. ...)
 	NOT-FOR-US: Nimesa Backup and Recovery
 CVE-2025-41672 (A remote unauthenticated attacker may use default certificates to gene ...)
-	TODO: check
+	NOT-FOR-US: WAGO
 CVE-2025-3108 (A critical deserialization vulnerability exists in the run-llama/llama ...)
 	NOT-FOR-US: run-llama/llama_index
 CVE-2025-24508 (Extraction of Account Connectivity Credentials (ACCs) from the IT Mana ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1749e0baefd0a2b89a1805959fe7ae118451640

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1749e0baefd0a2b89a1805959fe7ae118451640
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250708/086510cb/attachment.htm>

More information about the debian-security-tracker-commits mailing list