[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 6 21:14:00 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ec043209 by security tracker role at 2025-06-06T20:13:54+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-5806 (Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-5799 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been declar ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5798 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been classi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5797 (A vulnerability was found in Laundry Laundry System 1.0 and classified ...)
TODO: check
CVE-2025-5796 (A vulnerability has been found in code-projects Laundry System 1.0 and ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5795 (A vulnerability, which was classified as critical, was found in Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5794 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5793 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
TODO: check
CVE-2025-5792 (A vulnerability, which was classified as critical, has been found in T ...)
@@ -31,41 +31,41 @@ CVE-2025-5786 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. I
CVE-2025-5785 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and cla ...)
TODO: check
CVE-2025-5784 (A vulnerability has been found in PHPGurukul Employee Record Managemen ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5783 (A vulnerability, which was classified as critical, was found in PHPGur ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5782 (A vulnerability, which was classified as critical, has been found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5780 (A vulnerability was found in code-projects Patient Record Management S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5779 (A vulnerability has been found in code-projects Patient Record Managem ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5778 (A vulnerability, which was classified as critical, was found in 1000 P ...)
TODO: check
CVE-2025-5766 (A vulnerability was found in code-projects Laundry System 1.0. It has ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5765 (A vulnerability was found in code-projects Laundry System 1.0. It has ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5764 (A vulnerability was found in code-projects Laundry System 1.0 and clas ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5763 (A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and cl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5762 (A vulnerability, which was classified as critical, was found in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5761 (A vulnerability, which was classified as critical, has been found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5760 (The Simple History plugin for WordPress is vulnerable to sensitive dat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5759 (A vulnerability classified as critical was found in PHPGurukul Local S ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5758 (A vulnerability classified as critical has been found in SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-5757 (A vulnerability was found in code-projects Traffic Offense Reporting S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5756 (A vulnerability was found in code-projects Real Estate Property Manage ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5755 (A vulnerability was found in SourceCodester Open Source Clinic Managem ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-5751 (WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Auth ...)
TODO: check
CVE-2025-5750 (WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-b ...)
@@ -91,13 +91,13 @@ CVE-2025-5474 (2BrightSparks SyncBackFree Link Following Local Privilege Escalat
CVE-2025-5473 (GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerabi ...)
TODO: check
CVE-2025-5239 (The Domain For Sale plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5192 (A missing authentication for critical function vulnerability in the cl ...)
TODO: check
CVE-2025-49599 (Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices throug ...)
TODO: check
CVE-2025-49453 (Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49450 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-49449 (Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Inte ...)
@@ -105,7 +105,7 @@ CVE-2025-49449 (Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugin
CVE-2025-49446 (Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin No ...)
TODO: check
CVE-2025-49445 (Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Inte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49443 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-49442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -115,7 +115,7 @@ CVE-2025-49441 (Missing Authorization vulnerability in WP Map Plugins Interactiv
CVE-2025-49440 (Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Sec ...)
TODO: check
CVE-2025-49439 (Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49435 (Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Al ...)
TODO: check
CVE-2025-49429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -183,7 +183,7 @@ CVE-2025-49299 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-49298 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-49294 (Insertion of Sensitive Information Into Sent Data vulnerability in Cod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49293 (Missing Authorization vulnerability in CodeRevolution Crawlomatic Mult ...)
TODO: check
CVE-2025-49292 (Improper Validation of Specified Quantity in Input vulnerability in Co ...)
@@ -219,7 +219,7 @@ CVE-2025-49263 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-49262 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-49250 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49248 (Missing Authorization vulnerability in cmoreira Team Showcase allows E ...)
TODO: check
CVE-2025-49246 (Missing Authorization vulnerability in cmoreira Testimonials Showcase ...)
@@ -239,27 +239,27 @@ CVE-2025-49239 (Cross-Site Request Forgery (CSRF) vulnerability in tychesoftware
CVE-2025-49238 (Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Evere ...)
TODO: check
CVE-2025-49237 (Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49236 (Missing Authorization vulnerability in raychat Raychat allows Accessin ...)
TODO: check
CVE-2025-49235 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49077 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49076 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49075 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49074 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49073 (Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet D ...)
TODO: check
CVE-2025-49072 (Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Mu ...)
TODO: check
CVE-2025-49068 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49067 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49011 (SpiceDB is an open source database for storing and querying fine-grain ...)
TODO: check
CVE-2025-48784 (A missing authorization vulnerability in Soar Cloud HRD Human Resource ...)
@@ -273,19 +273,19 @@ CVE-2025-48781 (An external control of file name or path vulnerability in the do
CVE-2025-48780 (A deserialization of untrusted data vulnerability in the download file ...)
TODO: check
CVE-2025-48337 (Missing Authorization vulnerability in QuickcabWP QuickCab.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48335 (Missing Authorization vulnerability in CyberChimps Responsive Plus all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48329 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48328 (Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Tim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47950 (CoreDNS is a DNS server that chains plugins. In versions prior to 1.21 ...)
TODO: check
CVE-2025-47586 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47584 (Deserialization of Untrusted Data vulnerability in ThemeGoods Photogra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-41646 (An unauthorized remote attacker can bypass the authentication of the a ...)
TODO: check
CVE-2025-41367 (Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 ...)
@@ -315,9 +315,9 @@ CVE-2025-3321 (A predefined administrative account is not documented and cannot
CVE-2025-39358 (Deserialization of Untrusted Data vulnerability in Teastudio.Pl WP Pos ...)
TODO: check
CVE-2025-33035 (A path traversal vulnerability has been reported to affect File Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-33031 (An improper certificate validation vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-31025 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-31000 (Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCo ...)
@@ -327,9 +327,9 @@ CVE-2025-30999 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-30997 (Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car ...)
TODO: check
CVE-2025-30995 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30994 (Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeW ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30991 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-30990 (Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Expl ...)
@@ -339,13 +339,13 @@ CVE-2025-30989 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-30986 (Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Eli ...)
TODO: check
CVE-2025-30981 (Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30980 (Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi S ...)
TODO: check
CVE-2025-30978 (Missing Authorization vulnerability in Dor Zuberi Slack Notifications ...)
TODO: check
CVE-2025-30977 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30976 (Server-Side Request Forgery (SSRF) vulnerability in wpdive Nexa Blocks ...)
TODO: check
CVE-2025-30974 (Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid M ...)
@@ -359,7 +359,7 @@ CVE-2025-30957 (Missing Authorization vulnerability in BuddyDev Activity Plus Re
CVE-2025-30956 (Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Sof ...)
TODO: check
CVE-2025-30954 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30953 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
TODO: check
CVE-2025-30952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -421,27 +421,27 @@ CVE-2025-30625 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-30624 (Missing Authorization vulnerability in WordLift WordLift allows Exploi ...)
TODO: check
CVE-2025-30279 (An improper certificate validation vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-2766 (70mai A510 Use of Default Password Authentication Bypass Vulnerability ...)
TODO: check
CVE-2025-29892 (An SQL injection vulnerability has been reported to affect Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29885 (An improper certificate validation vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29884 (An improper certificate validation vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29883 (An improper certificate validation vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29877 (A NULL pointer dereference vulnerability has been reported to affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29876 (A NULL pointer dereference vulnerability has been reported to affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29873 (A NULL pointer dereference vulnerability has been reported to affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29872 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29871 (An out-of-bounds read vulnerability has been reported to affect File S ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29013 (Missing Authorization vulnerability in faaiq Custom Category/Post Type ...)
TODO: check
CVE-2025-29011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -467,33 +467,33 @@ CVE-2025-28994 (Missing Authorization vulnerability in viralloops Viral Loops WP
CVE-2025-28989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-28986 (Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28985 (Missing Authorization vulnerability in Elastic Email Elastic Email Sub ...)
TODO: check
CVE-2025-28984 (Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscripti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28981 (Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Option ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28974 (Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mai ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28966 (Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28964 (Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Fav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28958 (Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28954 (Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28952 (Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePo ...)
TODO: check
CVE-2025-28950 (Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post ...)
TODO: check
CVE-2025-28948 (Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27360 (Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Eve ...)
TODO: check
CVE-2025-27359 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media Fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27334 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
TODO: check
CVE-2025-26593 (Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBo ...)
@@ -515,23 +515,23 @@ CVE-2025-23971 (Missing Authorization vulnerability in whassan KI Live Video Con
CVE-2025-23969 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
TODO: check
CVE-2025-22490 (A NULL pointer dereference vulnerability has been reported to affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-22486 (An improper certificate validation vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-22484 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-22482 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-22481 (A command injection vulnerability has been reported to affect several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-56805 (A buffer overflow vulnerability has been reported to affect several QN ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50406 (A cross-site scripting (XSS) vulnerability has been reported to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-13088 (An improper authentication vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-13087 (A command injection vulnerability has been reported to affect QHora. I ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-38002 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/d871198ee431d90f5308d53998c1ba1d5db5619a (6.15-rc7)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec043209a49e723ee6d58e121750626c9c2ddbe3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec043209a49e723ee6d58e121750626c9c2ddbe3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250606/d459cd01/attachment.htm>
More information about the debian-security-tracker-commits
mailing list