[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 8 08:12:50 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
182986f7 by security tracker role at 2025-11-08T08:12:41+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2025-9334 (The Better Find and Replace \u2013 AI-Powered Suggestions plugin for W ...)
+	TODO: check
+CVE-2025-7663 (The Ovatheme Events Manager plugin for WordPress is vulnerable to unau ...)
+	TODO: check
+CVE-2025-64496 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
+	TODO: check
+CVE-2025-64495 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
+	TODO: check
+CVE-2025-64494 (Soft Serve is a self-hostable Git server for the command line. In vers ...)
+	TODO: check
+CVE-2025-64493 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-64492 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-64491 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-64490 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-64489 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-64488 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
+	TODO: check
+CVE-2025-64486 (calibre is an e-book manager. In versions 8.13.0 and prior, calibre do ...)
+	TODO: check
+CVE-2025-64485 (CVAT is an open source interactive video and image annotation tool for ...)
+	TODO: check
+CVE-2025-64481 (Datasette is an open source multi-tool for exploring and publishing da ...)
+	TODO: check
+CVE-2025-64442 (HumHub is an Open Source Enterprise Social Network. Versions below 1.1 ...)
+	TODO: check
+CVE-2025-64439 (LangGraph SQLite Checkpoint is an implementation of LangGraph Checkpoi ...)
+	TODO: check
+CVE-2025-64437 (KubeVirt is a virtual machine management add-on for Kubernetes. In ver ...)
+	TODO: check
+CVE-2025-64436 (KubeVirt is a virtual machine management add-on for Kubernetes. In 1.5 ...)
+	TODO: check
+CVE-2025-64435 (KubeVirt is a virtual machine management add-on for Kubernetes. Prior  ...)
+	TODO: check
+CVE-2025-64434 (KubeVirt is a virtual machine management add-on for Kubernetes. Prior  ...)
+	TODO: check
+CVE-2025-64433 (KubeVirt is a virtual machine management add-on for Kubernetes. Prior  ...)
+	TODO: check
+CVE-2025-63544 (TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /order_no ...)
+	TODO: check
+CVE-2025-63543 (TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in the /sear ...)
+	TODO: check
+CVE-2025-63420 (A stored cross-site scripting (XSS) vulnerability in the CrushFTP 11.3 ...)
+	TODO: check
+CVE-2025-60574 (A Local File Inclusion (LFI) vulnerability has been identified in tQua ...)
+	TODO: check
+CVE-2025-37736 (Improper Authorization in Elastic Cloud Enterprise can lead to Privile ...)
+	TODO: check
+CVE-2025-12911 (Inappropriate implementation in Permissions in Google Chrome prior to  ...)
+	TODO: check
+CVE-2025-12910 (Inappropriate implementation in Passkeys in Google Chrome prior to 140 ...)
+	TODO: check
+CVE-2025-12909 (Insufficient policy enforcement in Devtools in Google Chrome prior to  ...)
+	TODO: check
+CVE-2025-12908 (Insufficient validation of untrusted input in Downloads in Google Chro ...)
+	TODO: check
+CVE-2025-12907 (Insufficient validation of untrusted input in Devtools in Google Chrom ...)
+	TODO: check
+CVE-2025-12906 (Inappropriate implementation in Permissions in Google Chrome prior to  ...)
+	TODO: check
+CVE-2025-12905 (Inappropriate implementation in Downloads in Google Chrome on Windows  ...)
+	TODO: check
+CVE-2025-12902 (Improper resource management in firmware of some Solidigm DC Products  ...)
+	TODO: check
+CVE-2025-12896 (Improper resource management in firmware of some Solidigm DC Products  ...)
+	TODO: check
+CVE-2025-12875 (A weakness has been identified in mruby 3.4.0. This vulnerability affe ...)
+	TODO: check
+CVE-2025-12863 (A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML pa ...)
+	TODO: check
+CVE-2025-12621 (The Flexible Refund and Return Order for WooCommerce plugin for WordPr ...)
+	TODO: check
+CVE-2025-12583 (The Simple Downloads List plugin for WordPress is vulnerable to unauth ...)
+	TODO: check
+CVE-2025-12498 (The EventPrime \u2013 Events Calendar, Bookings and Tickets plugin for ...)
+	TODO: check
+CVE-2025-12418 (Potential Denial of Service issue in all supported versions of Revener ...)
+	TODO: check
+CVE-2025-12353 (The WPFunnels \u2013 The Easiest Funnel Builder For WordPress And WooC ...)
+	TODO: check
+CVE-2025-12193 (The Mang Board WP plugin for WordPress is vulnerable to Reflected Cros ...)
+	TODO: check
+CVE-2025-12177 (The Download Manager plugin for WordPress is vulnerable to unauthorize ...)
+	TODO: check
+CVE-2025-12167 (The Contact Form 7 AWeber Extension plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2025-12161 (The Smart Auto Upload Images plugin for WordPress is vulnerable to arb ...)
+	TODO: check
+CVE-2025-12125 (The HTML Forms \u2013 Simple WordPress Forms Plugin plugin for WordPre ...)
+	TODO: check
+CVE-2025-12112 (The Insert Headers and Footers Code \u2013 HT Script plugin for WordPr ...)
+	TODO: check
+CVE-2025-12064 (The WP2Social Auto Publish plugin for WordPress is vulnerable to Refle ...)
+	TODO: check
+CVE-2025-12042 (The Course Booking System plugin for WordPress is vulnerable to unauth ...)
+	TODO: check
+CVE-2025-12000 (The WPFunnels plugin for WordPress is vulnerable to arbitrary file del ...)
+	TODO: check
+CVE-2025-11972 (The Tag, Category, and Taxonomy Manager \u2013 AI Autotagger with Open ...)
+	TODO: check
+CVE-2025-11748 (The Groups plugin for WordPress is vulnerable to Insecure Direct Objec ...)
+	TODO: check
+CVE-2025-11452 (The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection  ...)
+	TODO: check
+CVE-2020-36870 (Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 ...)
+	TODO: check
 CVE-2025-9458 (A maliciously crafted PRT file, when parsed through certain Autodesk p ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-7719 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/182986f7bfe572561bf6d0e46d03c307d11817fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/182986f7bfe572561bf6d0e46d03c307d11817fb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251108/bfddf9cd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list