[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 19 08:13:24 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bba6120f by security tracker role at 2025-11-19T08:13:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,107 @@
+CVE-2025-6251 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2025-65941
+	REJECTED
+CVE-2025-65940
+	REJECTED
+CVE-2025-65939
+	REJECTED
+CVE-2025-65938
+	REJECTED
+CVE-2025-65937
+	REJECTED
+CVE-2025-65936
+	REJECTED
+CVE-2025-65935
+	REJECTED
+CVE-2025-65934
+	REJECTED
+CVE-2025-65933
+	REJECTED
+CVE-2025-65093 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+	TODO: check
+CVE-2025-65015 (joserfc is a Python library that provides an implementation of several ...)
+	TODO: check
+CVE-2025-65014 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+	TODO: check
+CVE-2025-65013 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...)
+	TODO: check
+CVE-2025-65012 (Kirby is an open-source content management system. From versions 5.0.0 ...)
+	TODO: check
+CVE-2025-64515 (Open Forms allows users create and publish smart forms. Prior to versi ...)
+	TODO: check
+CVE-2025-64325 (Emby Server is a personal media server. Prior to version 4.8.1.0 and p ...)
+	TODO: check
+CVE-2025-64324 (KubeVirt is a virtual machine management add-on for Kubernetes. The `h ...)
+	TODO: check
+CVE-2025-63229 (The Mozart FM Transmitter web management interface on version WEBMOZZI ...)
+	TODO: check
+CVE-2025-63217 (The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authenticatio ...)
+	TODO: check
+CVE-2025-63216 (The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentic ...)
+	TODO: check
+CVE-2025-63215 (The Sound4 IMPACT web-based management interface is vulnerable to Remo ...)
+	TODO: check
+CVE-2025-62406 (Piwigo is a full featured open source photo gallery application for th ...)
+	TODO: check
+CVE-2025-54990 (XWiki AdminTools integrates administrative tools for managing a runnin ...)
+	TODO: check
+CVE-2025-13225 (Tanium addressed an arbitrary file deletion vulnerability in TanOS.)
+	TODO: check
+CVE-2025-13206 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
+	TODO: check
+CVE-2025-13145 (The WP Import \u2013 Ultimate CSV XML Importer for WordPress plugin fo ...)
+	TODO: check
+CVE-2025-13085 (The SiteSEO \u2013 SEO Simplified plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2025-13054 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...)
+	TODO: check
+CVE-2025-13051 (When the service of ABP and AES is installed in a directory writable b ...)
+	TODO: check
+CVE-2025-13035 (The Code Snippets plugin for WordPress is vulnerable to PHP Code Injec ...)
+	TODO: check
+CVE-2025-12878 (The FunnelKit \u2013 Funnel Builder for WooCommerce Checkout plugin fo ...)
+	TODO: check
+CVE-2025-12852 (DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX Al ...)
+	TODO: check
+CVE-2025-12842 (The Booking Plugin for WordPress Appointments \u2013 Time Slot plugin  ...)
+	TODO: check
+CVE-2025-12822 (The WP Login and Register using JWT plugin for WordPress is vulnerable ...)
+	TODO: check
+CVE-2025-12814 (The SiteSEO \u2013 SEO Simplified plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2025-12777 (The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to au ...)
+	TODO: check
+CVE-2025-12770 (The New User Approve plugin for WordPress is vulnerable to unauthorize ...)
+	TODO: check
+CVE-2025-12751 (The WSChat \u2013 WordPress Live Chat plugin for WordPress is vulnerab ...)
+	TODO: check
+CVE-2025-12710 (The Pet-Manager \u2013 Petfinder plugin for WordPress is vulnerable to ...)
+	TODO: check
+CVE-2025-12646 (The Community Events plugin for WordPress is vulnerable to SQL Injecti ...)
+	TODO: check
+CVE-2025-12535 (The SureForms plugin for WordPress is vulnerable to Cross-Site Request ...)
+	TODO: check
+CVE-2025-12484 (The Giveaways and Contests by RafflePress \u2013 Get More Website Traf ...)
+	TODO: check
+CVE-2025-12427 (The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to In ...)
+	TODO: check
+CVE-2025-12426 (The Quiz Maker plugin for WordPress is vulnerable to Sensitive Informa ...)
+	TODO: check
+CVE-2025-12359 (The Responsive Lightbox & Gallery plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2025-12349 (The Icegram Express - Email Subscribers, Newsletters and Marketing Aut ...)
+	TODO: check
+CVE-2025-12174 (The Directorist: AI-Powered Business Directory Plugin with Classified  ...)
+	TODO: check
+CVE-2025-12119 (A mongoc_bulk_operation_t may read invalid memory if large options are ...)
+	TODO: check
+CVE-2025-12057 (The WavePlayer WordPress plugin before 3.8.0 does not have authorizati ...)
+	TODO: check
+CVE-2025-12056 (Out-of-bounds Read in Shelly Pro 3EM(before v1.4.4) allows Overread Bu ...)
+	TODO: check
+CVE-2025-11243 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
+	TODO: check
 CVE-2025-12106 [IPv6 address parsing: fix buffer overread on invalid input]
 	- openvpn <not-affected> (Vulnerable code only in 2.7 upstream)
 	NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
@@ -2662,6 +2766,7 @@ CVE-2025-64518 (The CycloneDX core module provides a model representation of the
 CVE-2025-64513 (Milvus is an open-source vector database built for generative AI appli ...)
 	NOT-FOR-US: Milvus
 CVE-2025-64512 (Pdfminer.six is a community maintained fork of the original PDFMiner,  ...)
+	{DLA-4374-1}
 	- pdfminer 20221105+dfsg-1.1 (bug #1120642)
 	NOTE: https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-wf5f-4jwr-ppcp
 	NOTE: Fixed by: https://github.com/pdfminer/pdfminer.six/commit/b808ee05dd7f0c8ea8ec34bdf394d40e63501086 (20251107)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bba6120fdf4b000188bcae3ad3171883aa7f5dc0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bba6120fdf4b000188bcae3ad3171883aa7f5dc0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251119/b17bb180/attachment.htm>

More information about the debian-security-tracker-commits mailing list