[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 16 22:04:51 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
26edf4ef by Salvatore Bonaccorso at 2025-05-16T23:04:28+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,21 +9,21 @@ CVE-2025-4806 (A vulnerability, which was classified as critical, has been found
CVE-2025-4802 (Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GN ...)
TODO: check
CVE-2025-4795 (A vulnerability classified as critical has been found in gongfuxiang s ...)
- TODO: check
+ NOT-FOR-US: gongfuxiang schoolcms
CVE-2025-4794 (A vulnerability was found in PHPGurukul Online Course Registration 3.1 ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4793 (A vulnerability was found in PHPGurukul Online Course Registration 3.1 ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4792 (A vulnerability was found in FreeFloat FTP Server 1.0 and classified a ...)
- TODO: check
+ NOT-FOR-US: FreeFloat FTP Server
CVE-2025-4791 (A vulnerability has been found in FreeFloat FTP Server 1.0 and classif ...)
- TODO: check
+ NOT-FOR-US: FreeFloat FTP Server
CVE-2025-4790 (A vulnerability, which was classified as critical, was found in FreeFl ...)
- TODO: check
+ NOT-FOR-US: FreeFloat FTP Server
CVE-2025-4789 (A vulnerability, which was classified as critical, has been found in F ...)
- TODO: check
+ NOT-FOR-US: FreeFloat FTP Server
CVE-2025-4788 (A vulnerability classified as critical was found in FreeFloat FTP Serv ...)
- TODO: check
+ NOT-FOR-US: FreeFloat FTP Server
CVE-2025-4787 (A vulnerability classified as critical has been found in SourceCodeste ...)
NOT-FOR-US: SourceCodester
CVE-2025-4786 (A vulnerability was found in SourceCodester/oretnom23 Stock Management ...)
@@ -49,11 +49,11 @@ CVE-2025-4771 (A vulnerability, which was classified as critical, was found in P
CVE-2025-4770 (A vulnerability, which was classified as critical, has been found in P ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4769 (A vulnerability classified as critical was found in CBEWIN Anytxt Sear ...)
- TODO: check
+ NOT-FOR-US: CBEWIN Anytxt Searcher
CVE-2025-4768 (A vulnerability classified as critical has been found in feng_ha_ha/me ...)
- TODO: check
+ NOT-FOR-US: feng_ha_ha/megagao ssm-erp and production_ssm
CVE-2025-4767 (A vulnerability was found in defog-ai introspect up to 0.1.4. It has b ...)
- TODO: check
+ NOT-FOR-US: defog-ai introspect
CVE-2025-4766 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4765 (A vulnerability was found in PHPGurukul Zoo Management System 2.1. It ...)
@@ -113,7 +113,7 @@ CVE-2025-48080 (Improper Neutralization of Input During Web Page Generation ('Cr
CVE-2025-48079 (Missing Authorization vulnerability in Metagauss ProfileGrid allows E ...)
NOT-FOR-US: WordPress plugin
CVE-2025-47916 (Invision Community 5.0.0 before 5.0.7 allows remote code execution via ...)
- TODO: check
+ NOT-FOR-US: Invision Community
CVE-2025-47794 (Nextcloud Server is a self hosted personal cloud system. In Nextcloud ...)
TODO: check
CVE-2025-47793 (Nextcloud Server is a self hosted personal cloud system, and the Nextc ...)
@@ -133,37 +133,37 @@ CVE-2025-47564 (Missing Authorization vulnerability in ashanjay EventON allows A
CVE-2025-47563 (Missing Authorization vulnerability in villatheme CURCY allows Accessi ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47562 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47560 (Missing Authorization vulnerability in RomanCode MapSVG allows Exploit ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-47556 (Missing Authorization vulnerability in QuanticaLabs CSS3 Compare Prici ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-47534 (Missing Authorization vulnerability in ValvePress Wordpress Auto Spinn ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-46464 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-40906 (BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbso ...)
TODO: check
CVE-2025-40632 (Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11 ...)
- TODO: check
+ NOT-FOR-US: Icewarp Mail Server
CVE-2025-40631 (HTTP host header injection vulnerability in Icewarp Mail Server affect ...)
- TODO: check
+ NOT-FOR-US: Icewarp Mail Server
CVE-2025-40630 (Open redirection vulnerability in IceWarp Mail Server affecting versio ...)
- TODO: check
+ NOT-FOR-US: IceWarp Mail Server
CVE-2025-40629 (PNETLab 4.2.10 does not properly sanitize user inputs in its file acce ...)
- TODO: check
+ NOT-FOR-US: PNETLab
CVE-2025-39537 (Authorization Bypass Through User-Controlled Key vulnerability in Chim ...)
- TODO: check
+ NOT-FOR-US: Chimpstudio WP JobHunt
CVE-2025-39511 (Missing Authorization vulnerability in ValvePress Pinterest Automatic ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39507 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39493 (Missing Authorization vulnerability in ValvePress Rankie allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-39492 (Path Traversal vulnerability in WHMPress WHMpress allows Relative Path ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-39491 (Path Traversal vulnerability in WHMPress WHMpress allows Path Traversa ...)
@@ -179,59 +179,59 @@ CVE-2025-32643 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-32310 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32307 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32306 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32301 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32299 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32296 (Missing Authorization vulnerability in quantumcloud Simple Link Direct ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32295 (Missing Authorization vulnerability in wordpresschef Salon Booking Pro ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32290 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32287 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32245 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-32180 (Missing Authorization vulnerability in QuanticaLabs CSS3 Tooltips for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31928 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31926 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31923 (Missing Authorization vulnerability in QuanticaLabs CSS3 Accordions fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31922 (Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 A ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31921 (Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Ultimate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31915 (Cross-Site Request Forgery (CSRF) vulnerability in kamleshyadav Pixel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31641 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31640 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31639 (Cross-Site Request Forgery (CSRF) vulnerability in themeton Spare allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31637 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31630 (Missing Authorization vulnerability in themeton The Business allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31071 (Missing Authorization vulnerability in themeton HotStar \u2013 Multi-P ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31068 (Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Star ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31066 (Missing Authorization vulnerability in themeton Acerola allows Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31065 (Missing Authorization vulnerability in themeton Rozario allows Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31063 (Missing Authorization vulnerability in redqteam Wishlist allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-31062 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-2306 (An Improper Access Control vulnerability was identified in the file do ...)
TODO: check
CVE-2025-2305 (A Path traversal vulnerability in the file download functionality was ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26edf4efffedeea6b5597511a74f17ed9c333491
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26edf4efffedeea6b5597511a74f17ed9c333491
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250516/fdaa8a89/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list