[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 16 21:13:14 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ceca847 by security tracker role at 2025-07-16T20:13:07+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,113 +1,113 @@
CVE-2025-7703 (Authentication vulnerability in the mobile application\uff08tech.palm. ...)
- TODO: check
+ NOT-FOR-US: TECNO Mobile
CVE-2025-7699 (An improper access control vulnerability was found in the EZ Sync Man ...)
- TODO: check
+ NOT-FOR-US: Asustor
CVE-2025-7357 (LITEON IC48A firmware versions prior to 01.00.19r and LITEON IC80A fir ...)
TODO: check
CVE-2025-7035 (The Media Library Assistant plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6993 (The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6982 (Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-5994 (A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' ...)
TODO: check
CVE-2025-5284 (The Master Addons \u2013 Elementor Addons with White Label, Free Widge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-54051 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54050 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54047 (Missing Authorization vulnerability in QuanticaLabs Cost Calculator al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54043 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54042 (Cross-Site Request Forgery (CSRF) vulnerability in xfinitysoft WP Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54041 (Cross-Site Request Forgery (CSRF) vulnerability in WP Swings Wallet Sy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54039 (Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Anima ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54038 (Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters Restaur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54037 (Missing Authorization vulnerability in blazethemes News Kit Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54036 (Cross-Site Request Forgery (CSRF) vulnerability in Webba Appointment B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54035 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54033 (Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP Theme Buil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54030 (Cross-Site Request Forgery (CSRF) vulnerability in GSheetConnector by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54026 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54024 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54023 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54022 (Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54020 (Cross-Site Request Forgery (CSRF) vulnerability in Erik AntiSpam for C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54018 (Missing Authorization vulnerability in CreativeMindsSolutions CM Pop-U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54016 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54015 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54013 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54011 (Missing Authorization vulnerability in SMTP2GO SMTP2GO allows Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54010 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan Jewel Flu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54009 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54006 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53997 (Missing Authorization vulnerability in favethemes Houzez allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53996 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53995 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53994 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53991 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53990 (Deserialization of Untrusted Data vulnerability in jetmonsters JetForm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53986 (Missing Authorization vulnerability in ThemeIsle Hestia allows Accessi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53984 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53982 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53943 (VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source ...)
TODO: check
CVE-2025-53938 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53937 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53936 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53935 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53934 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53933 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53932 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53931 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53930 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53929 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53926 (Emlog is an open source website building system. A cross-site scriptin ...)
TODO: check
CVE-2025-53925 (Emlog is an open source website building system. A cross-site scriptin ...)
@@ -137,77 +137,77 @@ CVE-2025-53754 (This vulnerability exists in Digisol DG-GR6821AC Router due to h
CVE-2025-52836 (Incorrect Privilege Assignment vulnerability in Unity Business Technol ...)
TODO: check
CVE-2025-52819 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52804 (Missing Authorization vulnerability in uxper Nuss allows Accessing Fun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52803 (Missing Authorization vulnerability in uxper Sala allows Accessing Fun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52787 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52786 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52779 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52777 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52714 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-50028 (Missing Authorization vulnerability in CodeSolz Ultimate Push Notifica ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49888 (Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49884 (Missing Authorization vulnerability in alexvtn Internal Linking of Rel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49876 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-49319 (Missing Authorization vulnerability in WPFactory Wishlist for WooComme ...)
TODO: check
CVE-2025-49034 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49031 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48345 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48339 (Missing Authorization vulnerability in activity-log.com Profiler - Wha ...)
TODO: check
CVE-2025-48301 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48300 (Unrestricted Upload of File with Dangerous Type vulnerability in Adria ...)
TODO: check
CVE-2025-48299 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48295 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48294 (Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-48167 (Missing Authorization vulnerability in alexvtn Chatbox Manager allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48166 (Missing Authorization vulnerability in Bill Minozzi Stop and Block bot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48161 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48156 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48155 (Missing Authorization vulnerability in enituretechnology Residential A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48153 (Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48150 (Missing Authorization vulnerability in Bill Minozzi Real Estate Proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47645 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47554 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47053 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46959 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46500 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-40985 (SQL injection vulnerability in SCATI Vision Web of SCATI Labs from ver ...)
TODO: check
CVE-2025-40776 (A `named` caching resolver that is configured to send ECS (EDNS Client ...)
@@ -215,51 +215,51 @@ CVE-2025-40776 (A `named` caching resolver that is configured to send ECS (EDNS
CVE-2025-40724 (Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy POS PHP Sc ...)
TODO: check
CVE-2025-3871 (Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2025-37107 (An authentication bypass vulnerability exists in HPE AutoPass License ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37106 (An authentication bypass and disclosure of information vulnerability e ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37105 (An hsqldb-related remote code execution vulnerability exists in HPE Au ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37104 (A security vulnerability has been identified in HPE Telco Service Orch ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-36097 (IBM WebSphere Application Server 9.0 and WebSphere Application Server ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-34300 (A template injection vulnerability exists in Sawtooth Software\u2019s ...)
TODO: check
CVE-2025-32874 (An issue was discovered in Kaseya Rapid Fire Tools Network Detective t ...)
TODO: check
CVE-2025-32574 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32353 (Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Cre ...)
TODO: check
CVE-2025-31427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31422 (Deserialization of Untrusted Data vulnerability in designthemes Visual ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31072 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31070 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31055 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30973 (Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30959 (Missing Authorization vulnerability in WPFactory Product XML Feed Mana ...)
TODO: check
CVE-2025-30955 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30949 (Deserialization of Untrusted Data vulnerability in Guru Team Site Chat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30936 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-29009 (Unrestricted Upload of File with Dangerous Type vulnerability in Webku ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-29000 (Missing Authorization vulnerability in August Infotech Multi-language ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28982 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28965 (Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shorten ...)
TODO: check
CVE-2025-28961 (Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider ...)
@@ -267,11 +267,11 @@ CVE-2025-28961 (Deserialization of Untrusted Data vulnerability in Md Yeasin Ul
CVE-2025-28959 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-28955 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24779 (Deserialization of Untrusted Data vulnerability in NooTheme Yogi allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24777 (Deserialization of Untrusted Data vulnerability in awethemes Hillter a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24759 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-22227 (In some specific scenarios with chained redirects, Reactor Netty HTTP ...)
@@ -281,11 +281,11 @@ CVE-2025-20337 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC
CVE-2025-20288 (A vulnerability in the web-based management interface of Cisco Unified ...)
TODO: check
CVE-2025-20285 (A vulnerability in the IP Access Restriction feature of Cisco ISE and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20284 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20283 (A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20274 (A vulnerability in the web-based management interface of Cisco Unified ...)
TODO: check
CVE-2025-20272 (A vulnerability in a subset of REST APIs of Cisco Prime Infrastructure ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ceca847fb4160d75907145fe75acef1796ff9d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ceca847fb4160d75907145fe75acef1796ff9d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250716/c4b3f73c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list