[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 23 06:34:17 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d57e2ed by Salvatore Bonaccorso at 2025-07-23T07:33:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-8019 (A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 ...)
- TODO: check
+ NOT-FOR-US: seShenzhen Libituo Technology
CVE-2025-8018 (A vulnerability was found in code-projects Food Ordering Review System ...)
NOT-FOR-US: code-projects
CVE-2025-8017 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been classi ...)
@@ -7,19 +7,19 @@ CVE-2025-8017 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been c
CVE-2025-8015 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7953 (A vulnerability, which was classified as problematic, has been found i ...)
- TODO: check
+ NOT-FOR-US: Sanluan PublicCMS
CVE-2025-7952 (A vulnerability classified as critical was found in TOTOLINK T6 4.1.5c ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-7951 (A vulnerability classified as problematic has been found in code-proje ...)
NOT-FOR-US: code-projects
CVE-2025-7950 (A vulnerability was found in code-projects Public Chat Room 1.0. It ha ...)
- TODO: check
+ NOT-FOR-US: code-projects Public Chat Room
CVE-2025-7949 (A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It ha ...)
- TODO: check
+ NOT-FOR-US: Sanluan PublicCMS
CVE-2025-7948 (A vulnerability classified as problematic was found in jshERP up to 3. ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2025-7947 (A vulnerability classified as critical has been found in jshERP up to ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2025-7946 (A vulnerability was found in PHPGurukul Apartment Visitors Management ...)
NOT-FOR-US: PHPGurukul
CVE-2025-7945 (A vulnerability was found in D-Link DIR-513 up to 20190831. It has bee ...)
@@ -33,13 +33,13 @@ CVE-2025-7942 (A vulnerability has been found in PHPGurukul Taxi Stand Managemen
CVE-2025-7941 (A vulnerability, which was classified as problematic, was found in PHP ...)
NOT-FOR-US: PHPGurukul
CVE-2025-7940 (A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on And ...)
- TODO: check
+ NOT-FOR-US: Genshin Albedo Cat House App
CVE-2025-7939 (A vulnerability was found in jerryshensjf JPACookieShop \u86cb\u7cd5\u ...)
- TODO: check
+ NOT-FOR-US: jerryshensjf JPACookieShop
CVE-2025-7900 (The femanager extension for TYPO3 allows Insecure Direct Object Refere ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2025-7899 (The powermail extension for TYPO3 allows Insecure Direct Object Refere ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2025-7705 (: Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, A ...)
NOT-FOR-US: ABB group
CVE-2025-7692 (The Orion Login with SMS plugin for WordPress is vulnerable to Authent ...)
@@ -57,9 +57,9 @@ CVE-2025-7495 (The WP-Members Membership Plugin plugin for WordPress is vulnerab
CVE-2025-7486 (The Ebook Store plugin for WordPress is vulnerable to Stored Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7427 (Uncontrolled Search Path Element in Arm Development Studio before 2025 ...)
- TODO: check
+ NOT-FOR-US: Arm Development Studio
CVE-2025-7371 (Okta On-Premises Provisioning (OPP) agents log certain user data durin ...)
- TODO: check
+ NOT-FOR-US: Okta
CVE-2025-6831 (The User Registration plugin for WordPress is vulnerable to Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6741 (Improper access control in secure message component in Devolutions Ser ...)
@@ -97,77 +97,77 @@ CVE-2025-54355
CVE-2025-54354
REJECTED
CVE-2025-54134 (HAX CMS NodeJs allows users to manage their microsite universe with a ...)
- TODO: check
+ NOT-FOR-US: HAX CMS NodeJs
CVE-2025-54129 (HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2025-54128 (HAX CMS NodeJs allows users to manage their microsite universe with a ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2025-54127 (HAXcms with nodejs backend allows users to start the server in any HAX ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2025-54122 (Manager-io/Manager is accounting software. A critical unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Manager-io/Manager
CVE-2025-53832 (Lara Translate MCP Server is a Model Context Protocol (MCP) Server for ...)
- TODO: check
+ NOT-FOR-US: Lara Translate MCP Server
CVE-2025-53528 (Cadwyn creates production-ready community-driven modern Stripe-like AP ...)
- TODO: check
+ NOT-FOR-US: Cadwyn
CVE-2025-53472 (WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of spec ...)
- TODO: check
+ NOT-FOR-US: Elecom
CVE-2025-52580 (Insertion of sensitive information into log file issue exists in "regi ...)
- TODO: check
+ NOT-FOR-US: region Pay App for Android
CVE-2025-51867 (Insecure Direct Object Reference (IDOR) vulnerability in Deepfiction A ...)
- TODO: check
+ NOT-FOR-US: Deepfiction AI
CVE-2025-51865 (Ai2 playground web service (playground.allenai.org) LLM chat through 2 ...)
- TODO: check
+ NOT-FOR-US: Ai2 playground web service (playground.allenai.org) LLM chat
CVE-2025-51864 (A reflected cross-site scripting (XSS) vulnerability exists in AIBOX L ...)
- TODO: check
+ NOT-FOR-US: AIBOX LLM chat (chat.aibox365.cn)
CVE-2025-51863 (Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli (ChatGPT ...)
- TODO: check
+ NOT-FOR-US: ChatGPT Unli (ChatGPTUnli.com)
CVE-2025-51862 (Insecure Direct Object Reference (IDOR) vulnerability in TelegAI (tele ...)
- TODO: check
+ NOT-FOR-US: TelegAI (telegai.com)
CVE-2025-51860 (Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) 2025-05-26 ...)
- TODO: check
+ NOT-FOR-US: TelegAI (telegai.com)
CVE-2025-51859 (Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk thru 2025 ...)
- TODO: check
+ NOT-FOR-US: Chaindesk
CVE-2025-51858 (Self Cross-Site Scripting (XSS) vulnerability in ChatPlayground.ai thr ...)
- TODO: check
+ NOT-FOR-US: ChatPlayground.ai
CVE-2025-51482 (Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_to ...)
- TODO: check
+ NOT-FOR-US: letta-ai Letta
CVE-2025-51481 (Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagste ...)
- TODO: check
+ NOT-FOR-US: Dagster
CVE-2025-51480 (Path Traversal vulnerability in onnx.external_data_helper.save_externa ...)
- TODO: check
+ NOT-FOR-US: ONNX
CVE-2025-51479 (Authorization bypass in update_user_group in onyx-dot-app Onyx Enterpr ...)
- TODO: check
+ NOT-FOR-US: nyx-dot-app Onyx Enterprise Edition
CVE-2025-51475 (Arbitrary File Overwrite (AFO) in superagi.controllers.resources.uploa ...)
- TODO: check
+ NOT-FOR-US: TransformerOptimus SuperAGI
CVE-2025-51472 (Code Injection in AgentTemplate.eval_agent_config in TransformerOptimu ...)
- TODO: check
+ NOT-FOR-US: TransformerOptimus SuperAGI
CVE-2025-51471 (Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ol ...)
TODO: check
CVE-2025-51464 (Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows remote attack ...)
- TODO: check
+ NOT-FOR-US: aimhubio Aim
CVE-2025-51463 (Path Traversal in restore_run_backup() in AIM 3.28.0 allows remote att ...)
- TODO: check
+ NOT-FOR-US: aimhubio Aim
CVE-2025-51459 (File Upload vulnerability in agent.hub.controller.refresh_plugins in e ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai DB-GPT
CVE-2025-51458 (SQL Injection in editor_sql_run and query_ex in eosphoros-ai DB-GPT 0. ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai DB-GPT
CVE-2025-4295 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
- TODO: check
+ NOT-FOR-US: HotelRunner B2B
CVE-2025-4294 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: HotelRunner B2B
CVE-2025-4285 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Agentis
CVE-2025-4284 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Agentis
CVE-2025-48964 (ping in iputils through 20240905 allows a denial of service (applicati ...)
TODO: check
CVE-2025-48498 (A null pointer dereference vulnerability exists in the Distributed Tra ...)
- TODO: check
+ NOT-FOR-US: Bloomberg Comdb2
CVE-2025-46354 (A denial of service vulnerability exists in the Distributed Transactio ...)
- TODO: check
+ NOT-FOR-US: Bloomberg Comdb2
CVE-2025-46267 (Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If e ...)
- TODO: check
+ NOT-FOR-US: Elecom
CVE-2025-36520 (A null pointer dereference vulnerability exists in the net_connectmsg ...)
TODO: check
CVE-2025-36512 (A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 d ...)
@@ -457,7 +457,7 @@ CVE-2025-54121 (Starlette is a lightweight ASGI (Asynchronous Server Gateway Int
NOTE: Fixed by: https://github.com/encode/starlette/commit/9f7ec2eb512fcc3fe90b43cb9dd9e1d08696bec1 (0.47.2)
NOTE: https://github.com/encode/starlette/discussions/2927#discussioncomment-13721403
CVE-2025-54082 (marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nov ...)
- TODO: check
+ NOT-FOR-US: marshmallow-packages/nova-tiptap
CVE-2025-54071 (RomM (ROM Manager) allows users to scan, enrich, browse and play their ...)
NOT-FOR-US: RomM
CVE-2025-52575 (EspoCRM is an Open Source CRM (Customer Relationship Management) softw ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d57e2edc270396aa4827f5baeb70af038323f82
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d57e2edc270396aa4827f5baeb70af038323f82
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250723/d2b18a9f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list