[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 17 21:14:21 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8520b6c2 by security tracker role at 2025-06-17T20:14:15+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,11 +9,11 @@ CVE-2025-6050 (Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cros
CVE-2025-5777 (Insufficient input validation leading to memory overreadon the NetScal ...)
TODO: check
CVE-2025-5700 (The Simple Logo Carousel plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5349 (Improper access control on the NetScaler Management Interface in NetSc ...)
TODO: check
CVE-2025-5291 (The Master Slider \u2013 Responsive Touch Slider plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5141 (A binary in the BoKS Server Agent component of Fortra's Core Privilege ...)
TODO: check
CVE-2025-4879 (Local Privilege escalation allows a low-privileged user to gain SYSTEM ...)
@@ -25,49 +25,49 @@ CVE-2025-4404 (A privilege escalation from host to domain vulnerability was foun
CVE-2025-4365 (Arbitrary file read inNetScaler Console and NetScaler SDX (SVM))
TODO: check
CVE-2025-49882 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49881 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49880 (Missing Authorization vulnerability in Emraan Cheema CubeWP Forms allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49879 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
TODO: check
CVE-2025-49878 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49877 (Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileG ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49875 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49874 (Missing Authorization vulnerability in tychesoftwares Arconix FAQ allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49872 (Missing Authorization vulnerability in WPExperts.io myCred allows Acce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49871 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49868 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49865 (Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49864 (Missing Authorization vulnerability in AFS Analytics AFS Analytics all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49863 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49862 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49861 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49859 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49858 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49857 (Missing Authorization vulnerability in WPExperts.io myCred allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49856 (Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Respons ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49855 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49854 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49850 (A Heap-based Buffer Overflow vulnerability exists within the parsing o ...)
TODO: check
CVE-2025-49849 (An Out-of-bounds Read vulnerability exists within the parsing of PRJ f ...)
@@ -97,11 +97,11 @@ CVE-2025-49331 (Deserialization of Untrusted Data vulnerability in impleCode eCo
CVE-2025-49330 (Deserialization of Untrusted Data vulnerability in CRM Perks Integrati ...)
TODO: check
CVE-2025-49316 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49312 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49266 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49261 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-49260 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
@@ -125,7 +125,7 @@ CVE-2025-49252 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-49251 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-49234 (Missing Authorization vulnerability in Deepak anand WP Dummy Content G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49220 (An insecure deserialization operation in Trend Micro Apex Central belo ...)
TODO: check
CVE-2025-49219 (An insecure deserialization operation in Trend Micro Apex Central belo ...)
@@ -147,11 +147,11 @@ CVE-2025-48333 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-48274 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-48145 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48118 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-48111 (Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47867 (A Local File Inclusion vulnerability in a Trend Micro Apex Central wid ...)
TODO: check
CVE-2025-47866 (An unrestricted file upload vulnerability in a Trend Micro Apex Centra ...)
@@ -159,11 +159,11 @@ CVE-2025-47866 (An unrestricted file upload vulnerability in a Trend Micro Apex
CVE-2025-47865 (A Local File Inclusion vulnerability in a Trend Micro Apex Central wid ...)
TODO: check
CVE-2025-47573 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47572 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-47559 (Unrestricted Upload of File with Dangerous Type vulnerability in Roman ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47452 (Unrestricted Upload of File with Dangerous Type vulnerability in RexTh ...)
TODO: check
CVE-2025-45880 (A cross-site scripting (XSS) vulnerability in the data resource manage ...)
@@ -179,15 +179,15 @@ CVE-2025-45525 (A null pointer dereference vulnerability was discovered in micro
CVE-2025-40674 (Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerabil ...)
TODO: check
CVE-2025-3880 (The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-3515 (The Drag and Drop Multiple File Upload for Contact Form 7 plugin for W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39508 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39486 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39479 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-34511 (Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manag ...)
TODO: check
CVE-2025-34510 (Sitecore Experience Manager (XM), Experience Platform (XP), and Experi ...)
@@ -197,11 +197,11 @@ CVE-2025-34509 (Sitecore Experience Manager (XM) and Experience Platform (XP) ve
CVE-2025-34508 (A path traversal vulnerability exists in the file dropoff functionalit ...)
TODO: check
CVE-2025-33122 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-32549 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-32510 (Unrestricted Upload of File with Dangerous Type vulnerability in ovath ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31919 (Deserialization of Untrusted Data vulnerability in themeton Spare allo ...)
TODO: check
CVE-2025-30988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -213,9 +213,9 @@ CVE-2025-30679 (A Server-side Request Forgery (SSRF) vulnerability in Trend Micr
CVE-2025-30678 (A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex ...)
TODO: check
CVE-2025-30618 (Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Paymen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30562 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-29002 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
TODO: check
CVE-2025-28991 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8520b6c282da18870501ea87239e7d3b3df0c2bb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8520b6c282da18870501ea87239e7d3b3df0c2bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250617/92d5090d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list