[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jul 29 21:12:14 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
58605e87 by security tracker role at 2025-07-29T20:12:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,147 @@
+CVE-2025-8216 (The Sky Addons for Elementor plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-8196 (The Magical Addons For Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-7689 (The Hydra Booking plugin for WordPress is vulnerable to Privilege Esca ...)
+ TODO: check
+CVE-2025-7675 (A maliciously crafted 3DM file, when parsed through certain Autodesk p ...)
+ TODO: check
+CVE-2025-7497 (A maliciously crafted PRT file, when parsed through certain Autodesk p ...)
+ TODO: check
+CVE-2025-7458 (An integer overflow in the sqlite3KeyInfoFromExprList function in SQLi ...)
+ TODO: check
+CVE-2025-6730 (The Bonanza \u2013 WooCommerce Free Gifts Lite plugin for WordPress is ...)
+ TODO: check
+CVE-2025-6692 (The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-6681 (The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2025-6637 (A maliciously crafted PRT file, when parsed through certain Autodesk p ...)
+ TODO: check
+CVE-2025-6636 (A maliciously crafted PRT file, when parsed through certain Autodesk p ...)
+ TODO: check
+CVE-2025-6635 (A maliciously crafted PRT file, when linked or imported into certain A ...)
+ TODO: check
+CVE-2025-6631 (A maliciously crafted PRT file, when parsed through certain Autodesk p ...)
+ TODO: check
+CVE-2025-6505 (Unauthorized access and impersonation can occur in versions4.6.2.3226a ...)
+ TODO: check
+CVE-2025-6504 (In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access ...)
+ TODO: check
+CVE-2025-6175 (Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerabi ...)
+ TODO: check
+CVE-2025-6060 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2025-5922 (Access to TSplus Remote Access Admin Toolis restricted to administrato ...)
+ TODO: check
+CVE-2025-5684 (The MetForm \u2013 Contact Form, Survey, Quiz, & Custom Form Builder f ...)
+ TODO: check
+CVE-2025-5587 (The Appzend theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2025-5043 (A maliciously crafted 3DM file, when linked or imported into certain A ...)
+ TODO: check
+CVE-2025-5038 (A maliciously crafted X_T file, when parsed through certain Autodesk p ...)
+ TODO: check
+CVE-2025-54432
+ REJECTED
+CVE-2025-54422 (Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit ...)
+ TODO: check
+CVE-2025-54420
+ REJECTED
+CVE-2025-53902 (Tuleap is an Open Source Suite created to facilitate management of sof ...)
+ TODO: check
+CVE-2025-53715 (A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerabi ...)
+ TODO: check
+CVE-2025-53714 (A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerabi ...)
+ TODO: check
+CVE-2025-53713 (A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerabi ...)
+ TODO: check
+CVE-2025-53712 (A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerabi ...)
+ TODO: check
+CVE-2025-53711 (A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerabi ...)
+ TODO: check
+CVE-2025-53541 (Tuleap is an Open Source Suite created to facilitate management of sof ...)
+ TODO: check
+CVE-2025-53102 (Discourse is an open-source community discussion platform. Prior to ve ...)
+ TODO: check
+CVE-2025-52899 (Tuleap is an Open Source Suite created to facilitate management of sof ...)
+ TODO: check
+CVE-2025-52490 (An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgc ...)
+ TODO: check
+CVE-2025-52358 (A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ ...)
+ TODO: check
+CVE-2025-52284 (Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command ...)
+ TODO: check
+CVE-2025-51970 (A SQL Injection vulnerability exists in the action.php endpoint of Pun ...)
+ TODO: check
+CVE-2025-51045 (Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection v ...)
+ TODO: check
+CVE-2025-51044 (phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a ...)
+ TODO: check
+CVE-2025-50738 (The Memos application, up to version v0.24.3, allows for the embedding ...)
+ TODO: check
+CVE-2025-46059 (langchain-ai v0.3.51 was discovered to contain an indirect prompt inje ...)
+ TODO: check
+CVE-2025-45346 (SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remo ...)
+ TODO: check
+CVE-2025-44137 (MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The ...)
+ TODO: check
+CVE-2025-44136 (MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XS ...)
+ TODO: check
+CVE-2025-41241 (VMware vCenter contains a denial-of-service vulnerability.A malicious ...)
+ TODO: check
+CVE-2025-40686 (Reflected Cross-Site Scripting (XSS) in Human Resource Management Syst ...)
+ TODO: check
+CVE-2025-40685 (Reflected Cross-Site Scripting (XSS) in Human Resource Management Syst ...)
+ TODO: check
+CVE-2025-40684 (Reflected Cross-Site Scripting (XSS) in Human Resource Management Syst ...)
+ TODO: check
+CVE-2025-40683 (Reflected Cross-Site Scripting (XSS) in Human Resource Management Syst ...)
+ TODO: check
+CVE-2025-40682 (SQL injection vulnerability in Human Resource Management System versio ...)
+ TODO: check
+CVE-2025-36071 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
+ TODO: check
+CVE-2025-36010 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthen ...)
+ TODO: check
+CVE-2025-33114 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to deni ...)
+ TODO: check
+CVE-2025-33092 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stac ...)
+ TODO: check
+CVE-2025-31965 (Improper access restrictions in HCL BigFix Remote Control Server WebUI ...)
+ TODO: check
+CVE-2025-2928 (SQL Injection affecting the Archiver role.)
+ TODO: check
+CVE-2025-2533 (IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial ...)
+ TODO: check
+CVE-2025-2179 (An incorrect privilege assignment vulnerability in the Palo Alto Netwo ...)
+ TODO: check
+CVE-2025-28172 (Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Im ...)
+ TODO: check
+CVE-2025-28171 (An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote ...)
+ TODO: check
+CVE-2025-28170 (Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Ac ...)
+ TODO: check
+CVE-2025-27514 (GLPI is a Free Asset and IT Management Software package, Data center m ...)
+ TODO: check
+CVE-2025-26400 (SolarWinds Web Help Desk was reported to be affected by an XML Externa ...)
+ TODO: check
+CVE-2024-52894 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2024-51473 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2024-49828 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...)
+ TODO: check
+CVE-2024-43018 (Piwigo 13.8.0 and below is vulnerable to SQL Injection in the paramete ...)
+ TODO: check
+CVE-2024-42655 (An access control issue in NanoMQ v0.21.10 allows attackers to bypass ...)
+ TODO: check
+CVE-2024-42651 (NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnera ...)
+ TODO: check
+CVE-2024-42645 (An issue in FlashMQ v1.14.0 allows attackers to cause an assertion fai ...)
+ TODO: check
+CVE-2024-42644 (FlashMQ v1.14.0 was discovered to contain an assertion failure in the ...)
+ TODO: check
CVE-2025-8264 (Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable ...)
NOT-FOR-US: z-push/z-push-dev
CVE-2025-7811 (The StreamWeasels YouTube Integration plugin for WordPress is vulnerab ...)
@@ -851,7 +995,7 @@ CVE-2022-4979 (A cross-site scripting (XSS) vulnerability exists in Sitecore Exp
NOT-FOR-US: Sitecore
CVE-2020-36850 (An information disclosure vulnerability exits in Sitecore JSS React Sa ...)
NOT-FOR-US: Sitecore
-CVE-2016-15046 (A client-side remote code execution vulnerability exists in Samsung Se ...)
+CVE-2016-15046 (A client-side remote code execution vulnerability exists in Hanwha Tec ...)
NOT-FOR-US: Samsung Security Manager
CVE-2015-10142 (Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 1 ...)
NOT-FOR-US: Sitecore
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58605e87bd48879e650717566055ab49b991d30c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58605e87bd48879e650717566055ab49b991d30c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250729/e5a6ac65/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list