[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 31 09:12:33 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
615a2185 by security tracker role at 2025-05-31T08:12:26+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2025-5371 (A vulnerability, which was classified as critical, has been found in S ...)
+	TODO: check
+CVE-2025-5370 (A vulnerability classified as critical was found in PHPGurukul News Po ...)
+	TODO: check
+CVE-2025-5369 (A vulnerability classified as critical has been found in SourceCodeste ...)
+	TODO: check
+CVE-2025-5368 (A vulnerability was found in PHPGurukul Daily Expense Tracker System 1 ...)
+	TODO: check
+CVE-2025-5367 (A vulnerability was found in PHPGurukul Online Shopping Portal Project ...)
+	TODO: check
+CVE-2025-5365 (A vulnerability was found in Campcodes Online Hospital Management Syst ...)
+	TODO: check
+CVE-2025-5364 (A vulnerability was found in Campcodes Online Hospital Management Syst ...)
+	TODO: check
+CVE-2025-5363 (A vulnerability has been found in Campcodes Online Hospital Management ...)
+	TODO: check
+CVE-2025-5362 (A vulnerability, which was classified as critical, was found in Campco ...)
+	TODO: check
+CVE-2025-5292 (The Element Pack Addons for Elementor \u2013 Best Elementor addons wit ...)
+	TODO: check
+CVE-2025-5290 (The Borderless \u2013 Elementor Addons and Templates plugin for WordPr ...)
+	TODO: check
+CVE-2025-5285 (The Product Subtitle for WooCommerce plugin for WordPress is vulnerabl ...)
+	TODO: check
+CVE-2025-5016 (The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-4672 (The Offsprout Page Builder plugin for WordPress is vulnerable to Privi ...)
+	TODO: check
+CVE-2025-4631 (The Profitori plugin for WordPress is vulnerable to Privilege Escalati ...)
+	TODO: check
+CVE-2025-4607 (The PSW Front-end Login & Registration plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-4595 (The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2025-4590 (The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-4103 (The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalat ...)
+	TODO: check
+CVE-2025-3813 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2018-25111 (django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of ...)
+	TODO: check
 CVE-2025-5361 (A vulnerability, which was classified as critical, has been found in C ...)
 	NOT-FOR-US: Campcodes
 CVE-2025-5360 (A vulnerability classified as critical was found in Campcodes Online H ...)
@@ -6097,7 +6139,8 @@ CVE-2025-4441 (A vulnerability was found in D-Link DIR-605L 2.13B01. It has been
 	NOT-FOR-US: D-Link
 CVE-2025-4440 (A vulnerability was found in H3C GR-1800AX up to 100R008 and classifie ...)
 	NOT-FOR-US: H3C
-CVE-2025-4434 (The Remote Images Grabber plugin for WordPress is vulnerable to Reflec ...)
+CVE-2025-4434
+	REJECTED
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4403 (The Drag and Drop Multiple File Upload for WooCommerce plugin for Word ...)
 	NOT-FOR-US: WordPress plugin
@@ -23951,6 +23994,7 @@ CVE-2024-6986 (A Cross-site Scripting (XSS) vulnerability exists in the Settings
 CVE-2024-6982 (A remote code execution vulnerability exists in the Calculate function ...)
 	NOT-FOR-US: parisneo/lollms
 CVE-2024-6866 (corydolphin/flask-cors version 4.01 contains a vulnerability where the ...)
+	{DLA-4197-1}
 	- python-flask-cors 6.0.0-1 (bug #1100988)
 	[bookworm] - python-flask-cors <postponed> (Minor issue)
 	NOTE: https://huntr.com/bounties/808c11af-faee-43a8-824b-b5ab4f62b9e6
@@ -23963,6 +24007,7 @@ CVE-2024-6854 (In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models
 CVE-2024-6851 (In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup funct ...)
 	NOT-FOR-US: aimhubio/aim
 CVE-2024-6844 (A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inc ...)
+	{DLA-4197-1}
 	- python-flask-cors 6.0.0-1 (bug #1100988)
 	[bookworm] - python-flask-cors <postponed> (Minor issue)
 	NOTE: https://huntr.com/bounties/731a6cd4-d05f-4fe6-8f5b-fe088d7b34e0
@@ -23974,6 +24019,7 @@ CVE-2024-6842 (In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-compl
 CVE-2024-6841 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest ...)
 	NOT-FOR-US: Vanna-ai
 CVE-2024-6839 (corydolphin/flask-cors version 4.0.1 contains an improper regex path m ...)
+	{DLA-4197-1}
 	- python-flask-cors 6.0.0-1 (bug #1100988)
 	[bookworm] - python-flask-cors <postponed> (Minor issue)
 	NOTE: https://huntr.com/bounties/403eb1fc-86f4-4820-8eba-0f3dfae9f2b4
@@ -121888,6 +121934,7 @@ CVE-2024-21872 (The device allows an unauthenticated attacker to bypass authenti
 CVE-2024-21846 (An unauthenticated attacker can reset the board and stop transmitter   ...)
 	NOT-FOR-US: Electrolink
 CVE-2024-1681 (corydolphin/flask-cors is vulnerable to log injection when the log lev ...)
+	{DLA-4197-1}
 	- python-flask-cors 4.0.1-1 (bug #1069764)
 	[bookworm] - python-flask-cors <no-dsa> (Minor issue)
 	[buster] - python-flask-cors <postponed> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/615a218580340b6cc2e0ffb0609253b39809343c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/615a218580340b6cc2e0ffb0609253b39809343c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250531/1b155ed2/attachment.htm>

More information about the debian-security-tracker-commits mailing list