[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 24 21:15:23 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f9597ff8 by security tracker role at 2025-07-24T20:14:08+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
 CVE-2025-8115 (A vulnerability has been found in PHPGurukul Taxi Stand Management Sys ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-8114 (A flaw was found in libssh, a library that implements the SSH protocol ...)
 	TODO: check
 CVE-2025-8071 (Mine CloudVod plugin for WordPress is vulnerable to Stored Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7966 (The Get Youtube Subs plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7959 (The Station Pro plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7835 (The iThoughts Advanced Code Editor plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7822 (The WP Wallcreeper plugin for WordPress is vulnerable to unauthorized  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7780 (The AI Engine plugin for WordPress is vulnerable to Sensitive Informat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7695 (The Dataverse Integration plugin for WordPress is vulnerable to Privil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7690 (The Affiliate Plus plugin for WordPress is vulnerable to Cross-Site Re ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-7640 (The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6998 (ReDoS in strip_whitespaces() function in cps/string_helper.py in janec ...)
 	TODO: check
 CVE-2025-6588 (The FunnelCockpit plugin for WordPress is vulnerable to Reflected Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6539 (The Voltax Video Player plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6441 (The Webinar Solution: Create live/evergreen/automated/instant webinars ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6387 (The WP Get The Table plugin for WordPress is vulnerable to Stored Cros ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6385 (The WP Applink plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6382 (The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6380 (The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Es ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-6262 (The muse.ai video embedding plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5243 (Unrestricted Upload of File with Dangerous Type, Improper Neutralizati ...)
 	TODO: check
 CVE-2025-5084 (The Post Grid Master plugin for WordPress is vulnerable to Reflected C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-5039 (A maliciously crafted binary file, when present while loading files in ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2025-53084 (A cross-site scripting (xss) vulnerability exists in the videosList pa ...)
 	TODO: check
 CVE-2025-51089 (Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at / ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-51088 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-51087 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-51085 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-51082 (Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2025-50128 (A cross-site scripting (xss) vulnerability exists in the videoNotFound ...)
 	TODO: check
 CVE-2025-4822 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -63,15 +63,15 @@ CVE-2025-4822 (Improper Neutralization of Special Elements used in an SQL Comman
 CVE-2025-4784 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	TODO: check
 CVE-2025-4608 (The Structured Content plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-48732 (An incomplete blacklist exists in the .htaccess sample of WWBN AVideo  ...)
 	TODO: check
 CVE-2025-47061 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-46996 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-46993 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2025-46410 (A cross-site scripting (xss) vulnerability exists in the managerPlayli ...)
 	TODO: check
 CVE-2025-45731 (A group deletion race condition in 2FAuth v5.5.0 causes data inconsist ...)
@@ -83,15 +83,15 @@ CVE-2025-41420 (A cross-site scripting (xss) vulnerability exists in the userLog
 CVE-2025-40680 (Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillar ...)
 	TODO: check
 CVE-2025-3669 (The Supreme Addons for Beaver Builder plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-36548 (A cross-site scripting (xss) vulnerability exists in the LoginWordPres ...)
 	TODO: check
 CVE-2025-36005 (IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-33109 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalat ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-33013 (IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-25214 (A race condition vulnerability exists in the aVideoEncoder.json.php un ...)
 	TODO: check
 CVE-2025-8107 (In OceanBase's Oracle tenant mode, a malicious user with specific priv ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9597ff8f8e3c283f19001b13cd855fecb2d8e7d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9597ff8f8e3c283f19001b13cd855fecb2d8e7d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250724/a6ad39a1/attachment.htm>

More information about the debian-security-tracker-commits mailing list