[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 18 20:13:12 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
407b06ba by security tracker role at 2025-11-18T20:13:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,303 @@
+CVE-2025-9977 (Value provided in one of POST parameters sent during the process of lo ...)
+ TODO: check
+CVE-2025-9625 (The Coil Web Monetization plugin for WordPress is vulnerable to Cross- ...)
+ TODO: check
+CVE-2025-9312 (A missing authentication enforcement vulnerability exists in the mutua ...)
+ TODO: check
+CVE-2025-8609 (The RTMKit Addons for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-8605 (The Gutenify \u2013 Visual Site Builder Blocks & Site Templates. plugi ...)
+ TODO: check
+CVE-2025-8084 (The AI Engine plugin for WordPress is vulnerable to Server-Side Reques ...)
+ TODO: check
+CVE-2025-6670 (A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple W ...)
+ TODO: check
+CVE-2025-64996 (In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2 ...)
+ TODO: check
+CVE-2025-64076 (Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the d ...)
+ TODO: check
+CVE-2025-63994 (An arbitrary file upload vulnerability in the /php/UploadHandler.php c ...)
+ TODO: check
+CVE-2025-63955 (A Cross-Site Request Forgery (CSRF) vulnerability in the manage-studen ...)
+ TODO: check
+CVE-2025-63892 (A vulnerability was determined in SourceCodester Student Grades Manage ...)
+ TODO: check
+CVE-2025-63883 (A DOM-based cross-site scripting vulnerability exists in electic-shop ...)
+ TODO: check
+CVE-2025-63829 (eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability c ...)
+ TODO: check
+CVE-2025-63828 (Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows atta ...)
+ TODO: check
+CVE-2025-63800 (The password change endpoint in Open Source Point of Sale 3.4.1 allows ...)
+ TODO: check
+CVE-2025-63749 (pnetlab 5.3.11 is vulnerable to Command Injection via the qemu_options ...)
+ TODO: check
+CVE-2025-63695 (DzzOffice v2.3.7 and before is vulnerable to Arbitrary File Upload in ...)
+ TODO: check
+CVE-2025-63694 (DzzOffice v2.3.7 and before is vulnerable to SQL Injection in explorer ...)
+ TODO: check
+CVE-2025-63693 (The comment editing template (dzz/comment/template/edit_form.htm) in D ...)
+ TODO: check
+CVE-2025-63604 (A code injection vulnerability exists in baryhuang/mcp-server-aws-reso ...)
+ TODO: check
+CVE-2025-63603 (A command injection vulnerability exists in the MCP Data Science Serve ...)
+ TODO: check
+CVE-2025-63602 (A vulnerability was discovered in Awesome Miner thru 11.2.4 that allow ...)
+ TODO: check
+CVE-2025-63514 (kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) ...)
+ TODO: check
+CVE-2025-63513 (kishan0725 Hospital Management System v4 has an Insecure Direct Object ...)
+ TODO: check
+CVE-2025-63512 (kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injecti ...)
+ TODO: check
+CVE-2025-63408 (Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory trav ...)
+ TODO: check
+CVE-2025-63258 (A remote command execution (RCE) vulnerability was discovered in all H ...)
+ TODO: check
+CVE-2025-63228 (The Mozart FM Transmitter web management interface on version WEBMOZZI ...)
+ TODO: check
+CVE-2025-63227 (The Mozart FM Transmitter web management interface on version WEBMOZZI ...)
+ TODO: check
+CVE-2025-63226 (The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60 ...)
+ TODO: check
+CVE-2025-63225 (The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vul ...)
+ TODO: check
+CVE-2025-61713 (A Cleartext Storage of Sensitive Information in Memory vulnerability [ ...)
+ TODO: check
+CVE-2025-61664 (A vulnerability in the GRUB2 bootloader has been identified in the nor ...)
+ TODO: check
+CVE-2025-61663 (A vulnerability has been identified in the GRUB2 bootloader's normal c ...)
+ TODO: check
+CVE-2025-61662 (A Use-After-Free vulnerability has been discovered in GRUB's gettext m ...)
+ TODO: check
+CVE-2025-61661 (A vulnerability has been identified in the GRUB (Grand Unified Bootloa ...)
+ TODO: check
+CVE-2025-60455 (Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, ...)
+ TODO: check
+CVE-2025-59669 (A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6 ...)
+ TODO: check
+CVE-2025-59117 (Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) ...)
+ TODO: check
+CVE-2025-59116 (Windu CMS is vulnerable to User Enumeration. This issue occurs during ...)
+ TODO: check
+CVE-2025-59115 (Windu CMS is vulnerable to Stored Cross-Site Scripting (XSS) in the lo ...)
+ TODO: check
+CVE-2025-59114 (Windu CMS is vulnerable to Cross-Site Request Forgery in file uploadin ...)
+ TODO: check
+CVE-2025-59113 (Windu CMS implements weak client-side brute-force protection by using ...)
+ TODO: check
+CVE-2025-59112 (Windu CMS is vulnerable to Cross-Site Request Forgery in user editing ...)
+ TODO: check
+CVE-2025-59111 (Windu CMS is vulnerable to Broken Access Control in user editing funct ...)
+ TODO: check
+CVE-2025-59110 (Windu CMS is vulnerable to Cross-Site Request Forgery in user editing ...)
+ TODO: check
+CVE-2025-58692 (An improper neutralization of special elements used in an SQL Command ...)
+ TODO: check
+CVE-2025-58413 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, ...)
+ TODO: check
+CVE-2025-58122 (Insufficient permission validation in Checkmk 2.4.0 before version 2.4 ...)
+ TODO: check
+CVE-2025-58121 (Insufficient permission validation on multiple REST API endpoints in C ...)
+ TODO: check
+CVE-2025-58034 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
+ TODO: check
+CVE-2025-56643 (Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active ...)
+ TODO: check
+CVE-2025-56527 (Plaintext password storage in Kotaemon 0.11.0 in the client's localSto ...)
+ TODO: check
+CVE-2025-56526 (Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing a ...)
+ TODO: check
+CVE-2025-56499 (Incorrect access control in mihomo v1.19.11 allows authenticated attac ...)
+ TODO: check
+CVE-2025-55796 (The openml/openml.org web application version v2.0.20241110 uses predi ...)
+ TODO: check
+CVE-2025-55179 (Incomplete validation of rich response messages in WhatsApp for iOS pr ...)
+ TODO: check
+CVE-2025-55074 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to enfo ...)
+ TODO: check
+CVE-2025-54972 (An improper neutralization of crlf sequences ('crlf injection') in For ...)
+ TODO: check
+CVE-2025-54971 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
+ TODO: check
+CVE-2025-54821 (An Improper Privilege Management vulnerability [CWE-269] in Fortinet F ...)
+ TODO: check
+CVE-2025-54771 (A use-after-free vulnerability has been identified in the GNU GRUB (Gr ...)
+ TODO: check
+CVE-2025-54770 (A vulnerability has been identified in the GRUB2 bootloader's network ...)
+ TODO: check
+CVE-2025-54660 (An active debug code vulnerability in Fortinet FortiClientWindows 7.4. ...)
+ TODO: check
+CVE-2025-54321 (In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting ...)
+ TODO: check
+CVE-2025-54320 (In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting ...)
+ TODO: check
+CVE-2025-53843 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, ...)
+ TODO: check
+CVE-2025-53360 (pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventor ...)
+ TODO: check
+CVE-2025-52639 (HCL Connections is vulnerable to a sensitive information disclosure vu ...)
+ TODO: check
+CVE-2025-4212 (The Checkout Files Upload for WooCommerce plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2025-48839 (An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6. ...)
+ TODO: check
+CVE-2025-47761 (An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-7 ...)
+ TODO: check
+CVE-2025-46776 (A buffer copy without checking size of input ('classic buffer overflow ...)
+ TODO: check
+CVE-2025-46775 (A debug messages revealing unnecessary information vulnerability in Fo ...)
+ TODO: check
+CVE-2025-46373 (A Heap-based Buffer Overflow vulnerability [CWE-122] in Fortinet Forti ...)
+ TODO: check
+CVE-2025-46215 (An Improper Isolation or Compartmentalization vulnerability [CWE-653] ...)
+ TODO: check
+CVE-2025-41737 (Due to webserver misconfiguration an unauthenticated remote attacker i ...)
+ TODO: check
+CVE-2025-41736 (A low privileged remote attacker can upload a new or overwrite an exis ...)
+ TODO: check
+CVE-2025-41735 (A low privileged remote attacker can upload any file to an arbitrary l ...)
+ TODO: check
+CVE-2025-41734 (An unauthenticated remote attacker can execute arbitrary php files and ...)
+ TODO: check
+CVE-2025-41733 (The commissioning wizard on the affected devices does not validate if ...)
+ TODO: check
+CVE-2025-41350 (Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11. ...)
+ TODO: check
+CVE-2025-41349 (Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11. ...)
+ TODO: check
+CVE-2025-41348 (SQL injection vulnerability in WinPlus v24.11.27 by Inform\xe1tica del ...)
+ TODO: check
+CVE-2025-41347 (Unlimited upload vulnerability for dangerous file types in WinPlus v24 ...)
+ TODO: check
+CVE-2025-41346 (Faulty authorization control in software WinPlus v24.11.27 by Inform\x ...)
+ TODO: check
+CVE-2025-40549 (A Path Restriction Bypass vulnerability exists in Serv-U that when abu ...)
+ TODO: check
+CVE-2025-40548 (A missing validation process exists in Serv U when abused, could give ...)
+ TODO: check
+CVE-2025-40547 (A logic error vulnerability exists in Serv-U which when abused could g ...)
+ TODO: check
+CVE-2025-40545 (SolarWinds Observability Self-Hosted is susceptible to an open redirec ...)
+ TODO: check
+CVE-2025-37163 (A command injection vulnerability has been identified in the command l ...)
+ TODO: check
+CVE-2025-37162 (A vulnerability in the command line interface of affected devices coul ...)
+ TODO: check
+CVE-2025-37161 (A vulnerability in the web-based management interface of affected prod ...)
+ TODO: check
+CVE-2025-37160 (A broken access control (BAC) vulnerability in the web-based managemen ...)
+ TODO: check
+CVE-2025-37159 (A vulnerability in the web management interface of the AOS-CX OS user ...)
+ TODO: check
+CVE-2025-37158 (A command injection vulnerability exists in the AOS-CX Operating Syste ...)
+ TODO: check
+CVE-2025-37157 (A command injection vulnerability exists in the AOS-CX Operating Syste ...)
+ TODO: check
+CVE-2025-37156 (A platform-level denial-of-service (DoS) vulnerability exists in Aruba ...)
+ TODO: check
+CVE-2025-37155 (A vulnerability in the SSH restricted shell interface of the network m ...)
+ TODO: check
+CVE-2025-34324 (GoSign Desktop versions 2.4.0 and earlier use an unsigned update manif ...)
+ TODO: check
+CVE-2025-33184 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Pyt ...)
+ TODO: check
+CVE-2025-33183 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Pyt ...)
+ TODO: check
+CVE-2025-26391 (SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds ...)
+ TODO: check
+CVE-2025-13349 (A vulnerability has been found in SourceCodester Student Grades Manage ...)
+ TODO: check
+CVE-2025-13347 (A flaw has been found in SourceCodester Train Station Ticketing System ...)
+ TODO: check
+CVE-2025-13346 (A vulnerability was detected in SourceCodester Train Station Ticketing ...)
+ TODO: check
+CVE-2025-13345 (A security vulnerability has been detected in SourceCodester Train Sta ...)
+ TODO: check
+CVE-2025-13344 (A weakness has been identified in SourceCodester Train Station Ticketi ...)
+ TODO: check
+CVE-2025-13343 (A security flaw has been discovered in SourceCodester Interview Manage ...)
+ TODO: check
+CVE-2025-13196 (The Element Pack Addons for Elementor plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2025-13133 (The Simple User Import Export plugin for WordPress is vulnerable to CS ...)
+ TODO: check
+CVE-2025-13088 (The Category and Product Woocommerce Tabs plugin for WordPress is vuln ...)
+ TODO: check
+CVE-2025-13083 (Use of Web Browser Cache Containing Sensitive Information vulnerabilit ...)
+ TODO: check
+CVE-2025-13082 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ TODO: check
+CVE-2025-13081 (Improperly Controlled Modification of Dynamically-Determined Object At ...)
+ TODO: check
+CVE-2025-13080 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
+ TODO: check
+CVE-2025-13069 (The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-12962 (The Local Syndication plugin for WordPress is vulnerable to Server-Sid ...)
+ TODO: check
+CVE-2025-12961 (The Download Panel plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2025-12955 (The Live sales notification for WooCommerce plugin for WordPress is vu ...)
+ TODO: check
+CVE-2025-12937 (The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-12827 (The Top Friends plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2025-12823 (The CSV to SortTable plugin for WordPress is vulnerable to Stored Cros ...)
+ TODO: check
+CVE-2025-12775 (The WP Dropzone plugin for WordPress is vulnerable to authenticated ar ...)
+ TODO: check
+CVE-2025-12761 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
+ TODO: check
+CVE-2025-12760 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-12691 (The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin fo ...)
+ TODO: check
+CVE-2025-12639 (The wModes \u2013 Catalog Mode, Product Pricing, Enquiry Forms & Promo ...)
+ TODO: check
+CVE-2025-12545 (The Pixel Manager for WooCommerce \u2013 Track Conversions and Analyti ...)
+ TODO: check
+CVE-2025-12528 (The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary F ...)
+ TODO: check
+CVE-2025-12481 (The WP Duplicate Page plugin for WordPress is vulnerable to Missing Au ...)
+ TODO: check
+CVE-2025-12457 (The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2025-12411 (The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress i ...)
+ TODO: check
+CVE-2025-12406 (The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-12404 (The Like-it plugin for WordPress is vulnerable to Cross-Site Request F ...)
+ TODO: check
+CVE-2025-12392 (The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPres ...)
+ TODO: check
+CVE-2025-12391 (The Restrictions for BuddyPress plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-12383 (In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can ca ...)
+ TODO: check
+CVE-2025-12376 (The Icon List Block \u2013 Add Icon-Based Lists with Custom Styles plu ...)
+ TODO: check
+CVE-2025-12372 (The Permalinks Cascade plugin for WordPress is vulnerable to Missing A ...)
+ TODO: check
+CVE-2025-12173 (The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Sit ...)
+ TODO: check
+CVE-2025-12088 (The Meta Display Block plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-12079 (The WP Twitter Auto Publish plugin for WordPress is vulnerable to Refl ...)
+ TODO: check
+CVE-2025-12078 (The ArtiBot Free Chat Bot for WebSites plugin for WordPress is vulnera ...)
+ TODO: check
+CVE-2025-11868 (The everviz plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2025-11734 (The Broken Link Checker by AIOSEO \u2013 Easily Fix/Monitor Internal a ...)
+ TODO: check
+CVE-2025-11620 (The Multiple Roles per User plugin for WordPress is vulnerable to unau ...)
+ TODO: check
+CVE-2025-11427 (The WP Migrate Lite \u2013 WordPress Migration Made Easy plugin for Wo ...)
+ TODO: check
+CVE-2025-10158 (A malicious client acting as the receiver of an rsync file transfer ca ...)
+ TODO: check
CVE-2025-8727 (There is a vulnerability in the Supermicro BMC web function at Supermi ...)
NOT-FOR-US: Supermicro
CVE-2025-8693 (A post-authentication command injection vulnerability in the "priv" pa ...)
@@ -63,18 +363,23 @@ CVE-2025-13301 (A vulnerability was found in itsourcecode Web-Based Internet Lab
CVE-2025-13300 (A vulnerability has been found in itsourcecode Web-Based Internet Labo ...)
NOT-FOR-US: itsourcecode System
CVE-2025-13230 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-13229 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-13228 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-13227 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-13226 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a ...)
+ {DSA-6046-1}
- chromium 142.0.7444.59-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12974 (The Gravity Forms plugin for WordPress is vulnerable to arbitrary file ...)
@@ -87,7 +392,7 @@ CVE-2025-11267 (The VK All in One Expansion Unit plugin for WordPress is vulnera
NOT-FOR-US: WordPress plugin
CVE-2025-11265 (The VK All in One Expansion Unit plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-10089 (Malicious Code Execution Vulnerability in Setting and Operation Applic ...)
+CVE-2025-10089 (Uncontrolled Search Path Element Vulnerability in Setting and Operatio ...)
NOT-FOR-US: Mitsubishi
CVE-2025-13223 (Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed ...)
- chromium <unfixed>
@@ -99,7 +404,7 @@ CVE-2025-65083 (GoSign Desktop through 2.4.1 disables TLS certificate validation
NOT-FOR-US: GoSign Desktop
CVE-2025-64758 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...)
NOT-FOR-US: DependencyTrack/frontend
-CVE-2025-64756 (Glob matches files using patterns the shell uses. From versions 10.3.7 ...)
+CVE-2025-64756 (Glob matches files using patterns the shell uses. Starting in version ...)
- node-glob <not-affected> (Vulnerable code not present)
NOTE: https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2
NOTE: Fixed by: https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146 (v11.1.0)
@@ -72980,7 +73285,7 @@ CVE-2024-41789 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data
NOT-FOR-US: Siemens
CVE-2024-41788 (A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manage ...)
NOT-FOR-US: Siemens
-CVE-2024-32122 (A storing passwords in a recoverable format in Fortinet FortiOS versio ...)
+CVE-2024-32122 (A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 ...)
NOT-FOR-US: Fortinet
CVE-2024-26013 (A improper restriction of communication channel to intended endpoints ...)
NOT-FOR-US: Fortinet
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/407b06ba8a3b623bd6b1511eb0623a0b5f6a9784
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/407b06ba8a3b623bd6b1511eb0623a0b5f6a9784
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251118/da36fada/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list