[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 6 21:20:23 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b24473e1 by Salvatore Bonaccorso at 2025-06-06T22:20:01+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,7 +5,7 @@ CVE-2025-5799 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been d
CVE-2025-5798 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been classi ...)
NOT-FOR-US: Tenda
CVE-2025-5797 (A vulnerability was found in Laundry Laundry System 1.0 and classified ...)
- TODO: check
+ NOT-FOR-US: Laundry Laundry System
CVE-2025-5796 (A vulnerability has been found in code-projects Laundry System 1.0 and ...)
NOT-FOR-US: code-projects
CVE-2025-5795 (A vulnerability, which was classified as critical, was found in Tenda ...)
@@ -13,23 +13,23 @@ CVE-2025-5795 (A vulnerability, which was classified as critical, was found in T
CVE-2025-5794 (A vulnerability, which was classified as critical, has been found in T ...)
NOT-FOR-US: Tenda
CVE-2025-5793 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5792 (A vulnerability, which was classified as critical, has been found in T ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5791 (A flaw was found in the user's crate for Rust. This vulnerability allo ...)
TODO: check
CVE-2025-5790 (A vulnerability classified as critical was found in TOTOLINK X15 1.0.0 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5789 (A vulnerability classified as critical has been found in TOTOLINK X15 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5788 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5787 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5786 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5785 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and cla ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5784 (A vulnerability has been found in PHPGurukul Employee Record Managemen ...)
NOT-FOR-US: PHPGurukul
CVE-2025-5783 (A vulnerability, which was classified as critical, was found in PHPGur ...)
@@ -41,7 +41,7 @@ CVE-2025-5780 (A vulnerability was found in code-projects Patient Record Managem
CVE-2025-5779 (A vulnerability has been found in code-projects Patient Record Managem ...)
NOT-FOR-US: code-projects
CVE-2025-5778 (A vulnerability, which was classified as critical, was found in 1000 P ...)
- TODO: check
+ NOT-FOR-US: 1000 Projects ABC Courier Management System
CVE-2025-5766 (A vulnerability was found in code-projects Laundry System 1.0. It has ...)
NOT-FOR-US: code-projects
CVE-2025-5765 (A vulnerability was found in code-projects Laundry System 1.0. It has ...)
@@ -67,181 +67,181 @@ CVE-2025-5756 (A vulnerability was found in code-projects Real Estate Property M
CVE-2025-5755 (A vulnerability was found in SourceCodester Open Source Clinic Managem ...)
NOT-FOR-US: SourceCodester
CVE-2025-5751 (WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Auth ...)
- TODO: check
+ NOT-FOR-US: WOLFBOX Level 2 EV Charger Management Card
CVE-2025-5750 (WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-b ...)
- TODO: check
+ NOT-FOR-US: WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse
CVE-2025-5749 (WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable ...)
- TODO: check
+ NOT-FOR-US: WOLFBOX Level 2 EV Charger
CVE-2025-5748 (WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Cod ...)
- TODO: check
+ NOT-FOR-US: WOLFBOX Level 2 EV Charger
CVE-2025-5747 (WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of In ...)
- TODO: check
+ NOT-FOR-US: WOLFBOX Level 2 EV Charger
CVE-2025-5739 (A vulnerability classified as critical has been found in TOTOLINK X15 ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5738 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5737 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-5481 (Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Cod ...)
- TODO: check
+ NOT-FOR-US: Sante DICOM Viewer Pro
CVE-2025-5480 (Action1 Uncontrolled Search Path Element Local Privilege Escalation Vu ...)
- TODO: check
+ NOT-FOR-US: Action1
CVE-2025-5474 (2BrightSparks SyncBackFree Link Following Local Privilege Escalation V ...)
- TODO: check
+ NOT-FOR-US: 2BrightSparks SyncBackFree
CVE-2025-5473 (GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerabi ...)
TODO: check
CVE-2025-5239 (The Domain For Sale plugin for WordPress is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5192 (A missing authentication for critical function vulnerability in the cl ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-49599 (Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices throug ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2025-49453 (Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49450 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49449 (Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Inte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49446 (Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin No ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49445 (Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Inte ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49443 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49442 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49441 (Missing Authorization vulnerability in WP Map Plugins Interactive Regi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49440 (Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Sec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49439 (Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49435 (Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49429 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49427 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49425 (Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49421 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49419 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49333 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49332 (Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49329 (Unrestricted Upload of File with Dangerous Type vulnerability in Agile ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49328 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49327 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49326 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49325 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49324 (Missing Authorization vulnerability in PickPlugins Job Board Manager a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49323 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49320 (Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49318 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49317 (Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page Loading ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49315 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49314 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49313 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49311 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49310 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49309 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49308 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49307 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49306 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49305 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49304 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49301 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49299 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49298 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49294 (Insertion of Sensitive Information Into Sent Data vulnerability in Cod ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49293 (Missing Authorization vulnerability in CodeRevolution Crawlomatic Mult ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49292 (Improper Validation of Specified Quantity in Input vulnerability in Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49291 (Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49289 (Missing Authorization vulnerability in add-ons.org PDF for WPForms all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49288 (Missing Authorization vulnerability in Rustaurius Ultimate WP Mail all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49287 (Missing Authorization vulnerability in WebToffee Product Feed for WooC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49286 (Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49285 (Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49284 (Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenan ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49283 (Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig An ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49273 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Too ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49272 (Missing Authorization vulnerability in sergiotrinity Trinity Audio all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49270 (Missing Authorization vulnerability in Mario Peshev WP-CRM System allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49269 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Mark ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49268 (Missing Authorization vulnerability in Soft8Soft LLC Verge3D allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49263 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49262 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49250 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49248 (Missing Authorization vulnerability in cmoreira Team Showcase allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49246 (Missing Authorization vulnerability in cmoreira Testimonials Showcase ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49244 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49243 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49242 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49241 (Missing Authorization vulnerability in bobbingwide oik allows Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49240 (Missing Authorization vulnerability in nK DocsPress allows Exploiting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49239 (Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Prin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49238 (Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Evere ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49237 (Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor a ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49236 (Missing Authorization vulnerability in raychat Raychat allows Accessin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49235 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49077 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic P ...)
@@ -253,9 +253,9 @@ CVE-2025-49075 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-49074 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49073 (Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49072 (Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Mu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-49068 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49067 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -263,15 +263,15 @@ CVE-2025-49067 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-49011 (SpiceDB is an open source database for storing and querying fine-grain ...)
TODO: check
CVE-2025-48784 (A missing authorization vulnerability in Soar Cloud HRD Human Resource ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48783 (An external control of file name or path vulnerability in the delete f ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48782 (An unrestricted upload of file with dangerous type vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48781 (An external control of file name or path vulnerability in the download ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48780 (A deserialization of untrusted data vulnerability in the download file ...)
- TODO: check
+ NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48337 (Missing Authorization vulnerability in QuickcabWP QuickCab.This issue ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48335 (Missing Authorization vulnerability in CyberChimps Responsive Plus all ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b24473e1c5a2f4ef1121762cbddcfef263d3a81a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b24473e1c5a2f4ef1121762cbddcfef263d3a81a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250606/ff61dacd/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list