[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 11 08:12:14 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a42c6f50 by security tracker role at 2025-11-11T08:12:06+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,251 @@
+CVE-2025-9524 (The VAPIX API port.cgi did not have sufficient input validation, which ...)
+ TODO: check
+CVE-2025-9055 (The VAPIX Edge storage API that allowed a privilege escalation, enabli ...)
+ TODO: check
+CVE-2025-8998 (It was possible to upload files with a specific name to a temporary di ...)
+ TODO: check
+CVE-2025-8108 (An ACAP configuration file has improper permissions and lacks input va ...)
+ TODO: check
+CVE-2025-7429 (Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below a ...)
+ TODO: check
+CVE-2025-6779 (An ACAP configuration file has improper permissions, which could allow ...)
+ TODO: check
+CVE-2025-6571 (A 3rd-party componentexposed its password in process arguments, allowi ...)
+ TODO: check
+CVE-2025-6298 (ACAP applications can gain elevated privileges due to improper input v ...)
+ TODO: check
+CVE-2025-64529 (SpiceDB is an open source database system for creating and managing se ...)
+ TODO: check
+CVE-2025-64522 (Soft Serve is a self-hostable Git server for the command line. Version ...)
+ TODO: check
+CVE-2025-64519 (TorrentPier is an open source BitTorrent Public/Private tracker engine ...)
+ TODO: check
+CVE-2025-64518 (The CycloneDX core module provides a model representation of the SBOM ...)
+ TODO: check
+CVE-2025-64513 (Milvus is an open-source vector database built for generative AI appli ...)
+ TODO: check
+CVE-2025-64512 (Pdfminer.six is a community maintained fork of the original PDFMiner, ...)
+ TODO: check
+CVE-2025-64509 (Bugsink is a self-hosted error tracking tool. In versions prior to 2.0 ...)
+ TODO: check
+CVE-2025-64508 (Bugsink is a self-hosted error tracking tool. In versions prior to 2.0 ...)
+ TODO: check
+CVE-2025-64504 (Langfuse is an open source large language model engineering platform. ...)
+ TODO: check
+CVE-2025-64502 (Parse Server is an open source backend that can be deployed to any inf ...)
+ TODO: check
+CVE-2025-64501 (ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatib ...)
+ TODO: check
+CVE-2025-64484 (OAuth2-Proxy is an open-source tool that can act as either a standalon ...)
+ TODO: check
+CVE-2025-64183 (OpenEXR provides the specification and reference implementation of the ...)
+ TODO: check
+CVE-2025-64182 (OpenEXR provides the specification and reference implementation of the ...)
+ TODO: check
+CVE-2025-64181 (OpenEXR provides the specification and reference implementation of the ...)
+ TODO: check
+CVE-2025-64167 (Combodo iTop is a web based IT service management tool. Versions prior ...)
+ TODO: check
+CVE-2025-63678 (An authenticated arbitrary file upload vulnerability in the /uploads/ ...)
+ TODO: check
+CVE-2025-63617 (ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserializat ...)
+ TODO: check
+CVE-2025-63397 (Improper input validation in OneFlow v0.9.0 allows attackers to cause ...)
+ TODO: check
+CVE-2025-63384 (A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before i ...)
+ TODO: check
+CVE-2025-63296 (KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 c ...)
+ TODO: check
+CVE-2025-62780 (changedetection.io is a free open source web page change detection too ...)
+ TODO: check
+CVE-2025-5718 (The ACAP Application framework could allow privilege escalation throug ...)
+ TODO: check
+CVE-2025-5454 (An ACAP configuration file lacked sufficient input validation, which c ...)
+ TODO: check
+CVE-2025-5452 (A malicious ACAP application can gain access to admin-level service ac ...)
+ TODO: check
+CVE-2025-4645 (An ACAP configuration file lacked sufficient input validation, which c ...)
+ TODO: check
+CVE-2025-49145 (Combodo iTop is a web based IT service management tool. In versions pr ...)
+ TODO: check
+CVE-2025-48878 (Combodo iTop is a web based IT service management tool. In versions on ...)
+ TODO: check
+CVE-2025-48065 (Combodo iTop is a web based IT service management tool. Versions prior ...)
+ TODO: check
+CVE-2025-48055 (Combodo iTop is a web based IT service management tool. In versions pr ...)
+ TODO: check
+CVE-2025-42940 (SAP CommonCryptoLib does not perform necessary boundary checks during ...)
+ TODO: check
+CVE-2025-42924 (SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated a ...)
+ TODO: check
+CVE-2025-42919 (Due to an Information Disclosure vulnerability in SAP NetWeaver Applic ...)
+ TODO: check
+CVE-2025-42899 (SAP S4CORE (Manage journal entries) does not perform necessary authori ...)
+ TODO: check
+CVE-2025-42897 (Due to information disclosure vulnerability in anonymous API provided ...)
+ TODO: check
+CVE-2025-42895 (Due to insufficient validation of connection property values, the SAP ...)
+ TODO: check
+CVE-2025-42894 (Due to a Path Traversal vulnerability in SAP Business Connector, an at ...)
+ TODO: check
+CVE-2025-42893 (Due to an Open Redirect vulnerability in SAP Business Connector, an un ...)
+ TODO: check
+CVE-2025-42892 (Due to an OS Command Injection vulnerability in SAP Business Connector ...)
+ TODO: check
+CVE-2025-42890 (SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposin ...)
+ TODO: check
+CVE-2025-42889 (SAP Starter Solution allows an authenticated attacker to execute craft ...)
+ TODO: check
+CVE-2025-42888 (SAP GUI for Windows may allow a highly privileged user on the affected ...)
+ TODO: check
+CVE-2025-42887 (Due to missing input sanitation, SAP Solution Manager allows an authen ...)
+ TODO: check
+CVE-2025-42886 (Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Bus ...)
+ TODO: check
+CVE-2025-42885 (Due to missing authentication, SAP HANA 2.0 (hdbrss) allows an unauthe ...)
+ TODO: check
+CVE-2025-42884 (SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to ...)
+ TODO: check
+CVE-2025-42883 (Migration Workbench (DX Workbench) in SAP NetWeaver Application Server ...)
+ TODO: check
+CVE-2025-42882 (Due to a missing authorization check in SAP NetWeaver Application Serv ...)
+ TODO: check
+CVE-2025-31719 (In TEE EcDSA algorithm, there is a possible memory consistency issue. ...)
+ TODO: check
+CVE-2025-12880 (The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2025-12813 (The Holiday class post calendar plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-12754 (The Geopost plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2025-12753 (The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-12711 (The Share to Google Classroom plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2025-12672 (The Flickr Show plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-12671 (The WP-Iconics plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-12668 (The WP Count Down Timer plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2025-12667 (The GitHub Gist Shortcode Plugin for WordPress is vulnerable to Stored ...)
+ TODO: check
+CVE-2025-12665 (The Ninja Countdown | Fastest Countdown Builder plugin for WordPress i ...)
+ TODO: check
+CVE-2025-12663 (The Jeba Cute forkit plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-12662 (The Coon Google Maps plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-12658 (The Preload Current Images plugin for WordPress is vulnerable to Store ...)
+ TODO: check
+CVE-2025-12652 (The Ungapped Widgets plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-12651 (The Live Photos on WordPress plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-12644 (The Nonaki \u2013 Drag and Drop Email Template builder and Newsletter ...)
+ TODO: check
+CVE-2025-12637 (The Elastic Theme Editor plugin for WordPress is vulnerable to arbitra ...)
+ TODO: check
+CVE-2025-12632 (The RandomQuotr plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2025-12631 (The Squirrels Auto Inventory plugin for WordPress is vulnerable to Sto ...)
+ TODO: check
+CVE-2025-12590 (The YSlider plugin for WordPress is vulnerable to Cross-Site Request F ...)
+ TODO: check
+CVE-2025-12589 (The WP-Walla plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2025-12588 (The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-12542
+ REJECTED
+CVE-2025-12538 (The Fleet Manager plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-12526 (The Private Google Calendars plugin for WordPress is vulnerable to una ...)
+ TODO: check
+CVE-2025-12132 (The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-12126 (The The Total Book Project plugin for WordPress is vulnerable to Insec ...)
+ TODO: check
+CVE-2025-12021 (The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
+ TODO: check
+CVE-2025-12020 (The Double the Donation \u2013 A workplace giving tool to help your fu ...)
+ TODO: check
+CVE-2025-12019 (The Featured Image plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-12010 (The Authors List plugin for WordPress is vulnerable to Sensitive Infor ...)
+ TODO: check
+CVE-2025-11999 (The Add Multiple Marker plugin for WordPress is vulnerable to unauthor ...)
+ TODO: check
+CVE-2025-11997 (The Document Pro Elementor \u2013 Documentation & Knowledge Base plugi ...)
+ TODO: check
+CVE-2025-11996 (The Find Unused Images plugin for WordPress is vulnerable to unauthori ...)
+ TODO: check
+CVE-2025-11988 (The Crypto plugin for WordPress is vulnerable to unauthorized manipula ...)
+ TODO: check
+CVE-2025-11986 (The Crypto plugin for WordPress is vulnerable to Information exposure ...)
+ TODO: check
+CVE-2025-11894 (The Shelf Planner plugin for WordPress is vulnerable to unauthorized m ...)
+ TODO: check
+CVE-2025-11892 (An improper neutralization of input vulnerability was identified in Gi ...)
+ TODO: check
+CVE-2025-11891 (The Shelf Planner plugin for WordPress is vulnerable to Sensitive Info ...)
+ TODO: check
+CVE-2025-11886 (The CTL Arcade Lite plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2025-11882 (The Simple Donate plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-11874 (The Slippy Slider \u2013 Responsive Touch Navigation Slider plugin for ...)
+ TODO: check
+CVE-2025-11873 (The WP BBCode plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2025-11869 (The Precise Columns plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-11863 (The My Geo Posts Free plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-11860 (The Twitter Feed plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-11859 (The Paypal Donation Shortcode plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2025-11856 (The Eventbee Ticketing Widget plugin for WordPress is vulnerable to St ...)
+ TODO: check
+CVE-2025-11855 (The age-restriction WordPress plugin through 3.0.2 does not have autho ...)
+ TODO: check
+CVE-2025-11829 (The Five9 Live Chat plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2025-11828 (The Magazine Companion plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-11822 (The WP Bootstrap Tabs plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-11821 (The Woocommerce \u2013 Products By Custom Tax plugin for WordPress is ...)
+ TODO: check
+CVE-2025-11805 (The Skip to Timestamp plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-11578 (A privilege escalation vulnerability was identified in GitHub Enterpri ...)
+ TODO: check
+CVE-2025-11532 (The Wisly plugin for WordPress is vulnerable to Insecure Direct Object ...)
+ TODO: check
+CVE-2025-11521 (The Astra Security Suite \u2013 Firewall & Malware Scan plugin for Wor ...)
+ TODO: check
+CVE-2025-11457 (The EasyCommerce \u2013 AI-Powered, Fast & Beautiful WordPress Ecommer ...)
+ TODO: check
+CVE-2025-11451 (The Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin plugin ...)
+ TODO: check
+CVE-2025-11307 (The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.4 ...)
+ TODO: check
+CVE-2025-11237 (The Make Email Customizer for WooCommerce WordPress plugin through 1.0 ...)
+ TODO: check
+CVE-2025-11170 (The WP\u79fb\u884c\u5c02\u7528\u30d7\u30e9\u30b0\u30a4\u30f3 for CPI p ...)
+ TODO: check
+CVE-2025-11168 (The Mementor Core plugin for WordPress is vulnerable to Privilege Esca ...)
+ TODO: check
+CVE-2025-11129 (The Include Fussball.de Widgets plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-10714 (AXIS Optimizer was vulnerable to an unquoted search path vulnerability ...)
+ TODO: check
+CVE-2021-4462 (Employee Records System version 1.0 contains an unrestricted file uplo ...)
+ TODO: check
+CVE-2018-25124 (PacsOne Server version 6.6.2 (prior versions are likely affected) cont ...)
+ TODO: check
CVE-2025-8768
REJECTED
CVE-2025-64690 (In JetBrains YouTrack before 2025.3.104432 insecure Junie configuratio ...)
@@ -152,7 +400,7 @@ CVE-2025-12864 (U-Office Force developed by e-Excellence has a SQL Injection vul
NOT-FOR-US: U-Office Force
CVE-2025-12613 (Versions of the package cloudinary before 2.7.0 are vulnerable to Arbi ...)
NOT-FOR-US: cloudinary Node.js module
-CVE-2025-64507 [GHSA-56mx-8g9f-5crf]
+CVE-2025-64507 (Incus is a system container and virtual machine manager. An issue in v ...)
{DSA-6051-1}
- incus 6.0.5-4
- lxd <removed>
@@ -252,7 +500,7 @@ CVE-2025-63544 (TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /or
NOT-FOR-US: TechStore
CVE-2025-63543 (TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in the /sear ...)
NOT-FOR-US: TechStore
-CVE-2025-63420 (A stored cross-site scripting (XSS) vulnerability in the CrushFTP 11.3 ...)
+CVE-2025-63420 (CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in ...)
NOT-FOR-US: CrushFTP
CVE-2025-60574 (A Local File Inclusion (LFI) vulnerability has been identified in tQua ...)
NOT-FOR-US: tQuadra CMS
@@ -727,7 +975,8 @@ CVE-2025-5803 (Missing Authorization vulnerability in e4jvikwp VikBooking Hotel
NOT-FOR-US: WordPress plugin or theme
CVE-2025-59556 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
-CVE-2025-59396 (The default configuration of WatchGuard Firebox devices through 2025-0 ...)
+CVE-2025-59396
+ REJECTED
NOT-FOR-US: WatchGuard
CVE-2025-59392 (On Elspec G5 devices through 1.2.2.19, a person with physical access t ...)
NOT-FOR-US: Elspec G5 devices
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42c6f5044c2b3f9b2d30d0f6d69cfa906159dd8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a42c6f5044c2b3f9b2d30d0f6d69cfa906159dd8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251111/75facf0b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list