[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 15 09:12:24 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a80be05 by security tracker role at 2025-07-15T08:12:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,62 @@
-CVE-2025-53643
+CVE-2025-7672 (The improper default setting in JiranSoft CrossEditor4 on Windows, Lin ...)
+	TODO: check
+CVE-2025-7367 (The Strong Testimonials plugin for WordPress is vulnerable to Stored C ...)
+	TODO: check
+CVE-2025-7360 (The HT Contact Form Widget For Elementor Page Builder & Gutenberg Bloc ...)
+	TODO: check
+CVE-2025-7341 (The HT Contact Form Widget For Elementor Page Builder & Gutenberg Bloc ...)
+	TODO: check
+CVE-2025-7340 (The HT Contact Form Widget For Elementor Page Builder & Gutenberg Bloc ...)
+	TODO: check
+CVE-2025-6265 (A path traversal vulnerability in the file_upload-cgi CGI program of Z ...)
+	TODO: check
+CVE-2025-5394 (The Alone \u2013 Charity Multipurpose Non-profit WordPress Theme theme ...)
+	TODO: check
+CVE-2025-5393 (The Alone \u2013 Charity Multipurpose Non-profit WordPress Theme theme ...)
+	TODO: check
+CVE-2025-53891 (The timelineofficial/Time-Line- repository contains the source code fo ...)
+	TODO: check
+CVE-2025-53890 (pyload is an open-source Download Manager written in pure Python. An u ...)
+	TODO: check
+CVE-2025-53889 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+	TODO: check
+CVE-2025-53887 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+	TODO: check
+CVE-2025-53886 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+	TODO: check
+CVE-2025-53885 (Directus is a real-time API and App dashboard for managing SQL databas ...)
+	TODO: check
+CVE-2025-53839 (DRACOON is a file sharing service, and the DRACOON Branding Service al ...)
+	TODO: check
+CVE-2025-53836 (XWiki Rendering is a generic rendering system that converts textual in ...)
+	TODO: check
+CVE-2025-53835 (XWiki Rendering is a generic rendering system that converts textual in ...)
+	TODO: check
+CVE-2025-53834 (Caido is a web security auditing toolkit. A reflected cross-site scrip ...)
+	TODO: check
+CVE-2025-53833 (LaRecipe is an application that allows users to create documentation w ...)
+	TODO: check
+CVE-2025-53825 (Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior t ...)
+	TODO: check
+CVE-2025-53824 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-53823 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-53822 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-53821 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-53820 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
+	TODO: check
+CVE-2025-53819 (Nix is a package manager for Linux and other Unix systems. Builds with ...)
+	TODO: check
+CVE-2025-53818 (GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for  ...)
+	TODO: check
+CVE-2025-53640 (Indico is an event management system that uses Flask-Multipass, a mult ...)
+	TODO: check
+CVE-2025-3621 (Vulnerabilities* in ActADUR local server product, developed and mainta ...)
+	TODO: check
+CVE-2025-53643 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed>
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
 	NOTE: https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a (v3.12.14)
@@ -4574,8 +4632,8 @@ CVE-2025-6081 (Insufficiently Protected Credentials in LDAP in Konica Minoltabiz
 	NOT-FOR-US: Konica
 CVE-2025-5967 (A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a  ...)
 	NOT-FOR-US: Trellix
-CVE-2025-53416
-	REJECTED
+CVE-2025-53416 (Delta Electronics DTN SoftProject File Parsing Deserialization of Untr ...)
+	TODO: check
 CVE-2025-53415 (Delta Electronics DTM SoftProject File Parsing Deserialization of Untr ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2025-53096 (Sunshine is a self-hosted game stream host for Moonlight. Prior to ver ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a80be05558cd5f3f3e8a724dedcd029e29e45ae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a80be05558cd5f3f3e8a724dedcd029e29e45ae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250715/ce107b6f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list