[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Mon Nov 3 20:13:54 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
748238ec by security tracker role at 2025-11-03T20:13:44+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2025-8900 (The Doccure Core plugin for WordPress is vulnerable to privilege escal ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8558 (Insider Threat Management (ITM) Serverversions prior to 7.17.2contain  ...)
-	TODO: check
+	NOT-FOR-US: Proofpoint
 CVE-2025-64294 (Missing Authorization vulnerability in d3wp WP Snow Effect allows Acce ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-63593 (Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS).)
 	TODO: check
 CVE-2025-63453 (Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux ...)
@@ -37,29 +37,29 @@ CVE-2025-60503 (A cross-site scripting (XSS) vulnerability exists in the adminis
 CVE-2025-50735 (Directory traversal vulnerability in NextChat thru 2.16.0 due to the W ...)
 	TODO: check
 CVE-2025-50363 (Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Si ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-48397 (The privileged user could log in without sufficient credentials after  ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2025-45959
 	REJECTED
 CVE-2025-36093 (IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36092 (IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-36091 (IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-12642 (lighttpd1.4.80 incorrectly merged trailer fields into headersafter htt ...)
 	TODO: check
 CVE-2025-12626 (A security flaw has been discovered in jeecgboot jeewx-boot up to 641a ...)
 	TODO: check
 CVE-2025-12531 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-12463 (An unauthenticated SQL Injection was discovered within the Geutebruck  ...)
 	TODO: check
 CVE-2025-11953 (The Metro Development Server, which is opened by the React Native Comm ...)
 	TODO: check
 CVE-2025-11761 (A potential security vulnerability has been identified in the HP Clien ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2025-10280 (IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4 ...)
 	TODO: check
 CVE-2025-0987 (Authorization Bypass Through User-Controlled Key vulnerability in CB P ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/748238ece1311419f4fdf23a5adc20fe6954001c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/748238ece1311419f4fdf23a5adc20fe6954001c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251103/15747e55/attachment.htm>
