[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 18 20:14:03 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7672ceb by security tracker role at 2025-11-18T20:13:52+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-9977 (Value provided in one of POST parameters sent during the process of lo ...)
TODO: check
CVE-2025-9625 (The Coil Web Monetization plugin for WordPress is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9312 (A missing authentication enforcement vulnerability exists in the mutua ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2025-8609 (The RTMKit Addons for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8605 (The Gutenify \u2013 Visual Site Builder Blocks & Site Templates. plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8084 (The AI Engine plugin for WordPress is vulnerable to Server-Side Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6670 (A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple W ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2025-64996 (In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2 ...)
TODO: check
CVE-2025-64076 (Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the d ...)
@@ -19,9 +19,9 @@ CVE-2025-64076 (Multiple vulnerabilities exist in cbor2 through version 5.7.0 in
CVE-2025-63994 (An arbitrary file upload vulnerability in the /php/UploadHandler.php c ...)
TODO: check
CVE-2025-63955 (A Cross-Site Request Forgery (CSRF) vulnerability in the manage-studen ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-63892 (A vulnerability was determined in SourceCodester Student Grades Manage ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-63883 (A DOM-based cross-site scripting vulnerability exists in electic-shop ...)
TODO: check
CVE-2025-63829 (eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability c ...)
@@ -63,7 +63,7 @@ CVE-2025-63226 (The Sencore SMP100 SMP Media Platform (firmware versions V4.2.16
CVE-2025-63225 (The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vul ...)
TODO: check
CVE-2025-61713 (A Cleartext Storage of Sensitive Information in Memory vulnerability [ ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-61664 (A vulnerability in the GRUB2 bootloader has been identified in the nor ...)
TODO: check
CVE-2025-61663 (A vulnerability has been identified in the GRUB2 bootloader's normal c ...)
@@ -75,7 +75,7 @@ CVE-2025-61661 (A vulnerability has been identified in the GRUB (Grand Unified B
CVE-2025-60455 (Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, ...)
TODO: check
CVE-2025-59669 (A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-59117 (Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) ...)
TODO: check
CVE-2025-59116 (Windu CMS is vulnerable to User Enumeration. This issue occurs during ...)
@@ -93,15 +93,15 @@ CVE-2025-59111 (Windu CMS is vulnerable to Broken Access Control in user editing
CVE-2025-59110 (Windu CMS is vulnerable to Cross-Site Request Forgery in user editing ...)
TODO: check
CVE-2025-58692 (An improper neutralization of special elements used in an SQL Command ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-58413 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-58122 (Insufficient permission validation in Checkmk 2.4.0 before version 2.4 ...)
TODO: check
CVE-2025-58121 (Insufficient permission validation on multiple REST API endpoints in C ...)
TODO: check
CVE-2025-58034 (An Improper Neutralization of Special Elements used in an OS Command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-56643 (Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active ...)
TODO: check
CVE-2025-56527 (Plaintext password storage in Kotaemon 0.11.0 in the client's localSto ...)
@@ -117,41 +117,41 @@ CVE-2025-55179 (Incomplete validation of rich response messages in WhatsApp for
CVE-2025-55074 (Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to enfo ...)
TODO: check
CVE-2025-54972 (An improper neutralization of crlf sequences ('crlf injection') in For ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54971 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54821 (An Improper Privilege Management vulnerability [CWE-269] in Fortinet F ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54771 (A use-after-free vulnerability has been identified in the GNU GRUB (Gr ...)
TODO: check
CVE-2025-54770 (A vulnerability has been identified in the GRUB2 bootloader's network ...)
TODO: check
CVE-2025-54660 (An active debug code vulnerability in Fortinet FortiClientWindows 7.4. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-54321 (In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting ...)
TODO: check
CVE-2025-54320 (In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting ...)
TODO: check
CVE-2025-53843 (A stack-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.3, ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-53360 (pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventor ...)
TODO: check
CVE-2025-52639 (HCL Connections is vulnerable to a sensitive information disclosure vu ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-4212 (The Checkout Files Upload for WooCommerce plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-48839 (An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6. ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-47761 (An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-7 ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46776 (A buffer copy without checking size of input ('classic buffer overflow ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46775 (A debug messages revealing unnecessary information vulnerability in Fo ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46373 (A Heap-based Buffer Overflow vulnerability [CWE-122] in Fortinet Forti ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-46215 (An Improper Isolation or Compartmentalization vulnerability [CWE-653] ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-41737 (Due to webserver misconfiguration an unauthenticated remote attacker i ...)
TODO: check
CVE-2025-41736 (A low privileged remote attacker can upload a new or overwrite an exis ...)
@@ -173,31 +173,31 @@ CVE-2025-41347 (Unlimited upload vulnerability for dangerous file types in WinPl
CVE-2025-41346 (Faulty authorization control in software WinPlus v24.11.27 by Inform\x ...)
TODO: check
CVE-2025-40549 (A Path Restriction Bypass vulnerability exists in Serv-U that when abu ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-40548 (A missing validation process exists in Serv U when abused, could give ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-40547 (A logic error vulnerability exists in Serv-U which when abused could g ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-40545 (SolarWinds Observability Self-Hosted is susceptible to an open redirec ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-37163 (A command injection vulnerability has been identified in the command l ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37162 (A vulnerability in the command line interface of affected devices coul ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37161 (A vulnerability in the web-based management interface of affected prod ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37160 (A broken access control (BAC) vulnerability in the web-based managemen ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37159 (A vulnerability in the web management interface of the AOS-CX OS user ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37158 (A command injection vulnerability exists in the AOS-CX Operating Syste ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37157 (A command injection vulnerability exists in the AOS-CX Operating Syste ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37156 (A platform-level denial-of-service (DoS) vulnerability exists in Aruba ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37155 (A vulnerability in the SSH restricted shell interface of the network m ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-34324 (GoSign Desktop versions 2.4.0 and earlier use an unsigned update manif ...)
TODO: check
CVE-2025-33184 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Pyt ...)
@@ -205,97 +205,97 @@ CVE-2025-33184 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability in
CVE-2025-33183 (NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Pyt ...)
TODO: check
CVE-2025-26391 (SolarWinds Observability Self-Hosted XSS Vulnerability. The SolarWinds ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2025-13349 (A vulnerability has been found in SourceCodester Student Grades Manage ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13347 (A flaw has been found in SourceCodester Train Station Ticketing System ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13346 (A vulnerability was detected in SourceCodester Train Station Ticketing ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13345 (A security vulnerability has been detected in SourceCodester Train Sta ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13344 (A weakness has been identified in SourceCodester Train Station Ticketi ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13343 (A security flaw has been discovered in SourceCodester Interview Manage ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-13196 (The Element Pack Addons for Elementor plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13133 (The Simple User Import Export plugin for WordPress is vulnerable to CS ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13088 (The Category and Product Woocommerce Tabs plugin for WordPress is vuln ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13083 (Use of Web Browser Cache Containing Sensitive Information vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13082 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13081 (Improperly Controlled Modification of Dynamically-Determined Object At ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13080 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-13069 (The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12962 (The Local Syndication plugin for WordPress is vulnerable to Server-Sid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12961 (The Download Panel plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12955 (The Live sales notification for WooCommerce plugin for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12937 (The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12827 (The Top Friends plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12823 (The CSV to SortTable plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12775 (The WP Dropzone plugin for WordPress is vulnerable to authenticated ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12761 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-12760 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- TODO: check
+ NOT-FOR-US: Drupal core and addons
CVE-2025-12691 (The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12639 (The wModes \u2013 Catalog Mode, Product Pricing, Enquiry Forms & Promo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12545 (The Pixel Manager for WooCommerce \u2013 Track Conversions and Analyti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12528 (The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12481 (The WP Duplicate Page plugin for WordPress is vulnerable to Missing Au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12457 (The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12411 (The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12406 (The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12404 (The Like-it plugin for WordPress is vulnerable to Cross-Site Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12392 (The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12391 (The Restrictions for BuddyPress plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12383 (In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can ca ...)
TODO: check
CVE-2025-12376 (The Icon List Block \u2013 Add Icon-Based Lists with Custom Styles plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12372 (The Permalinks Cascade plugin for WordPress is vulnerable to Missing A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12173 (The WP Admin Microblog plugin for WordPress is vulnerable to Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12088 (The Meta Display Block plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12079 (The WP Twitter Auto Publish plugin for WordPress is vulnerable to Refl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12078 (The ArtiBot Free Chat Bot for WebSites plugin for WordPress is vulnera ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11868 (The everviz plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11734 (The Broken Link Checker by AIOSEO \u2013 Easily Fix/Monitor Internal a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11620 (The Multiple Roles per User plugin for WordPress is vulnerable to unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11427 (The WP Migrate Lite \u2013 WordPress Migration Made Easy plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10158 (A malicious client acting as the receiver of an rsync file transfer ca ...)
TODO: check
CVE-2025-8727 (There is a vulnerability in the Supermicro BMC web function at Supermi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7672ceb16d84646ea6e952b11cc355471853f1a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7672ceb16d84646ea6e952b11cc355471853f1a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251118/4430f820/attachment.htm>
More information about the debian-security-tracker-commits
mailing list