[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
01573a7b by Moritz Muehlenhoff at 2025-07-16T22:24:42+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -173,11 +173,11 @@ CVE-2025-49031 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-48345 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48339 (Missing Authorization vulnerability in activity-log.com Profiler - Wha ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48301 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48300 (Unrestricted Upload of File with Dangerous Type vulnerability in Adria ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48299 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48295 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -185,7 +185,7 @@ CVE-2025-48295 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-48294 (Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48167 (Missing Authorization vulnerability in alexvtn Chatbox Manager allows  ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48166 (Missing Authorization vulnerability in Bill Minozzi Stop and Block bot ...)
@@ -213,11 +213,11 @@ CVE-2025-46959 (Adobe Experience Manager versions 6.5.22 and earlier are affecte
 CVE-2025-46500 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-40985 (SQL injection vulnerability in SCATI Vision Web of SCATI Labs from ver ...)
-	TODO: check
+	NOT-FOR-US: SCATI
 CVE-2025-40776 (A `named` caching resolver that is configured to send ECS (EDNS Client ...)
 	TODO: check
 CVE-2025-40724 (Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy POS PHP Sc ...)
-	TODO: check
+	NOT-FOR-US: Pharmacy POS
 CVE-2025-3871 (Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows ...)
 	NOT-FOR-US: Fortra
 CVE-2025-37107 (An authentication bypass vulnerability exists in HPE AutoPass License  ...)
@@ -231,13 +231,13 @@ CVE-2025-37104 (A security vulnerability has been identified in HPE Telco Servic
 CVE-2025-36097 (IBM WebSphere Application Server 9.0 and WebSphere Application Server  ...)
 	NOT-FOR-US: IBM
 CVE-2025-34300 (A template injection vulnerability exists in Sawtooth Software\u2019s  ...)
-	TODO: check
+	NOT-FOR-US: Lighthouse Studio
 CVE-2025-32874 (An issue was discovered in Kaseya Rapid Fire Tools Network Detective t ...)
-	TODO: check
+	NOT-FOR-US: Kaseya Rapid Fire Tools Network Detective
 CVE-2025-32574 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-32353 (Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Cre ...)
-	TODO: check
+	NOT-FOR-US: Kaseya Rapid Fire Tools Network Detective
 CVE-2025-31427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31422 (Deserialization of Untrusted Data vulnerability in designthemes Visual ...)
@@ -251,7 +251,7 @@ CVE-2025-31055 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-30973 (Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSc ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30959 (Missing Authorization vulnerability in WPFactory Product XML Feed Mana ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30955 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30949 (Deserialization of Untrusted Data vulnerability in Guru Team Site Chat ...)
@@ -265,11 +265,11 @@ CVE-2025-29000 (Missing Authorization vulnerability in August Infotech Multi-lan
 CVE-2025-28982 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28965 (Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shorten ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28961 (Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28959 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-28955 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-24779 (Deserialization of Untrusted Data vulnerability in NooTheme Yogi allow ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01573a7b5d92c49e3117ef38c1ab04d407e66285

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01573a7b5d92c49e3117ef38c1ab04d407e66285
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250716/43892fc3/attachment.htm>