[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 6 21:27:37 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b41c94c8 by Salvatore Bonaccorso at 2025-06-06T22:27:12+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -259,7 +259,7 @@ CVE-2025-49068 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-49067 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-49011 (SpiceDB is an open source database for storing and querying fine-grain ...)
- TODO: check
+ NOT-FOR-US: SpiceDB
CVE-2025-48784 (A missing authorization vulnerability in Soar Cloud HRD Human Resource ...)
NOT-FOR-US: Soar Cloud HRD Human Resource Management System
CVE-2025-48783 (An external control of file name or path vulnerability in the delete f ...)
@@ -285,23 +285,23 @@ CVE-2025-47586 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-47584 (Deserialization of Untrusted Data vulnerability in ThemeGoods Photogra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-41646 (An unauthorized remote attacker can bypass the authentication of the a ...)
- TODO: check
+ NOT-FOR-US: Kunbus
CVE-2025-41367 (Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41366 (In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41365 (Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41364 (Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41363 (In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41362 (Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41361 (Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-41360 (Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 ...)
- TODO: check
+ NOT-FOR-US: IDF and ZLF
CVE-2025-3485 (Allegra extractFileFromZip Directory Traversal Remote Code Execution V ...)
TODO: check
CVE-2025-3365 (A missing protection against path traversal allows to access any file ...)
@@ -311,117 +311,117 @@ CVE-2025-3322 (An improper neutralization of inputs used in expression language
CVE-2025-3321 (A predefined administrative account is not documented and cannot be de ...)
TODO: check
CVE-2025-39358 (Deserialization of Untrusted Data vulnerability in Teastudio.Pl WP Pos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-33035 (A path traversal vulnerability has been reported to affect File Statio ...)
NOT-FOR-US: QNAP
CVE-2025-33031 (An improper certificate validation vulnerability has been reported to ...)
NOT-FOR-US: QNAP
CVE-2025-31025 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31000 (Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30999 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30997 (Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30995 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30994 (Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeW ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30991 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30990 (Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30989 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30986 (Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Eli ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30981 (Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall a ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30980 (Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30978 (Missing Authorization vulnerability in Dor Zuberi Slack Notifications ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30977 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30976 (Server-Side Request Forgery (SSRF) vulnerability in wpdive Nexa Blocks ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30974 (Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30968 (Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30958 (Missing Authorization vulnerability in onOffice GmbH onOffice for WP-W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30957 (Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30956 (Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Sof ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30954 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30953 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30952 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30951 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30950 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30948 (Cross-Site Request Forgery (CSRF) vulnerability in Giraphix Creative L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30946 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Cannon Cust ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30945 (Missing Authorization vulnerability in taskbuilder Taskbuilder allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30942 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30941 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30940 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30939 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30938 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30937 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30934 (Missing Authorization vulnerability in OLIVESYSTEM \u8a3a\u65ad\u30b8\ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30932 (Missing Authorization vulnerability in WP Compress WP Compress for Mai ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30931 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30930 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30928 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30927 (Missing Authorization vulnerability in Wordapp Team Wordapp allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30638 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30637 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30636 (Missing Authorization vulnerability in Ability, Inc Accessibility Suit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30634 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30632 (Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Trans ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30629 (Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli Bitly UR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30627 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30625 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30624 (Missing Authorization vulnerability in WordLift WordLift allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-30279 (An improper certificate validation vulnerability has been reported to ...)
NOT-FOR-US: QNAP
CVE-2025-2766 (70mai A510 Use of Default Password Authentication Bypass Vulnerability ...)
- TODO: check
+ NOT-FOR-US: 70mai A510
CVE-2025-29892 (An SQL injection vulnerability has been reported to affect Qsync Centr ...)
NOT-FOR-US: QNAP
CVE-2025-29885 (An improper certificate validation vulnerability has been reported to ...)
@@ -441,33 +441,33 @@ CVE-2025-29872 (An allocation of resources without limits or throttling vulnerab
CVE-2025-29871 (An out-of-bounds read vulnerability has been reported to affect File S ...)
NOT-FOR-US: QNAP
CVE-2025-29013 (Missing Authorization vulnerability in faaiq Custom Category/Post Type ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29010 (Missing Authorization vulnerability in eleopard Behance Portfolio Mana ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29008 (Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29006 (Missing Authorization vulnerability in centangle Direct Checkout for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29005 (Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Managem ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-29003 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28997 (Missing Authorization vulnerability in EXEIdeas International WP AutoK ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28996 (Missing Authorization vulnerability in Thad Allender GPP Slideshow all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28995 (Missing Authorization vulnerability in viralloops Viral Loops WP Integ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28994 (Missing Authorization vulnerability in viralloops Viral Loops WP Integ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28986 (Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-28985 (Missing Authorization vulnerability in Elastic Email Elastic Email Sub ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28984 (Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscripti ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-28981 (Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Option ...)
@@ -483,35 +483,35 @@ CVE-2025-28958 (Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaisk
CVE-2025-28954 (Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allo ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-28952 (Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28950 (Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-28948 (Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-27360 (Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Eve ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-27359 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media Fil ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-27334 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26593 (Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-26590 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24778 (Missing Authorization vulnerability in De paragon No Spam At All allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24776 (Missing Authorization vulnerability in codelobster Responsive Flipbook ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24772 (Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24763 (Missing Authorization vulnerability in Pascal Casier bbPress API allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24762 (Missing Authorization vulnerability in facturaone TicketBAI Facturas p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23971 (Missing Authorization vulnerability in whassan KI Live Video Conferenc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23969 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22490 (A NULL pointer dereference vulnerability has been reported to affect F ...)
NOT-FOR-US: QNAP
CVE-2025-22486 (An improper certificate validation vulnerability has been reported to ...)
@@ -204511,23 +204511,23 @@ CVE-2023-26005
CVE-2023-26004
RESERVED
CVE-2023-26003 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26002 (Missing Authorization vulnerability in 6Storage 6Storage Rentals allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26001 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-26000 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25999
RESERVED
CVE-2023-25998
RESERVED
CVE-2023-25997 (Missing Authorization vulnerability in SolaPlugins Sola Support Ticket ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25996
RESERVED
CVE-2023-25995 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25994 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publis ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25993 (Missing Authorization vulnerability in WebberZone Top 10 allows Exploi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b41c94c8f66a053ec6afcad2cf8fb402740e0b92
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b41c94c8f66a053ec6afcad2cf8fb402740e0b92
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250606/4d1e3619/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list