[Git][security-tracker-team/security-tracker][master] automatic update

Sat Jun 7 21:12:43 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a84f8edf by security tracker role at 2025-06-07T20:12:36+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,27 @@
+CVE-2025-5840 (A vulnerability, which was classified as critical, was found in Source ...)
+	TODO: check
+CVE-2025-5839 (A vulnerability, which was classified as critical, has been found in T ...)
+	TODO: check
+CVE-2025-5838 (A vulnerability classified as critical was found in PHPGurukul Employe ...)
+	TODO: check
+CVE-2025-5837 (A vulnerability classified as critical has been found in PHPGurukul Em ...)
+	TODO: check
+CVE-2025-5836 (A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated  ...)
+	TODO: check
+CVE-2025-5568 (The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2025-5528 (The Social Sharing Plugin \u2013 Sassy Social Share plugin for WordPre ...)
+	TODO: check
+CVE-2025-5303 (The LTL Freight Quotes \u2013 Freightview Edition, LTL Freight Quotes  ...)
+	TODO: check
+CVE-2025-49619 (Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models ...)
+	TODO: check
+CVE-2024-9994 (The Essential Addons for Elementor \u2013 Best Elementor Addon, Templa ...)
+	TODO: check
+CVE-2024-9993 (The Essential Addons for Elementor \u2013 Best Elementor Addon, Templa ...)
+	TODO: check
+CVE-2024-55585 (In the moPS App through 1.8.618, all users can access administrative A ...)
+	TODO: check
 CVE-2025-5814 (The Profiler \u2013 What Slowing Down Your WP plugin for WordPress is  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-49128 (Jackson-core contains core low-level incremental ("streaming") parser  ...)
@@ -8228,7 +8252,7 @@ CVE-2025-28201 (An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physicall
 	NOT-FOR-US: Victure RX1800
 CVE-2025-28200 (Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak d ...)
 	NOT-FOR-US: Victure RX1800
-CVE-2025-28074 (phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due ...)
+CVE-2025-28074 (phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due  ...)
 	- phplist <itp> (bug #612288)
 CVE-2025-27720 (The Pixmeo Osirix MD Web Portal sends credential information without e ...)
 	NOT-FOR-US: Pixmeo Osirix MD
@@ -8608,7 +8632,7 @@ CVE-2025-30101 (Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contai
 	NOT-FOR-US: Dell / EMC
 CVE-2025-2806 (The tagDiv Composer plugin for WordPress, used by the Newspaper theme, ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-28073 (phpList 3.6.3 is vulnerable to Reflected Cross-Site Scripting (XSS) vi ...)
+CVE-2025-28073 (phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting  ...)
 	- phplist <itp> (bug #612288)
 CVE-2025-27695 (Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authe ...)
 	NOT-FOR-US: Dell / EMC



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a84f8edf87ba4aa268e96dda56c815288e72cedd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a84f8edf87ba4aa268e96dda56c815288e72cedd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250607/cbcf8e75/attachment.htm>
