[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 21 20:14:09 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ea0f7385 by security tracker role at 2025-11-21T20:13:59+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,99 +1,99 @@
CVE-2025-66115 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66114 (Missing Authorization vulnerability in theme funda Show Variations as ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66113 (Missing Authorization vulnerability in ThemeAtelier Better Chat Suppor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66112 (Missing Authorization vulnerability in WebToffee Accessibility Toolkit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66111 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66110 (Missing Authorization vulnerability in bPlugins Tiktok Feed b-tiktok-f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66109 (Missing Authorization vulnerability in octolize Cart Weight for WooCom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66108 (Missing Authorization vulnerability in Merlot Digital (by TNC) TNC Too ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66107 (Missing Authorization vulnerability in Scott Paterson Subscriptions & ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66106 (Missing Authorization vulnerability in Essential Plugin Featured Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66101 (Missing Authorization vulnerability in Sabuj Kundu CBX Bookmark & Favo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66099 (Missing Authorization vulnerability in ThemeAtelier Chat Help chat-hel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66098 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66097 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Jerosimi\u0107 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66096 (Missing Authorization vulnerability in Imtiaz Rayhan Table Block by Ta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66095 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66090 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66089 (Missing Authorization vulnerability in WebToffee Product Feed for WooC ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66087 (Missing Authorization vulnerability in Property Hive PropertyHive prop ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66086 (Missing Authorization vulnerability in Cozy Vision SMS Alert Order Not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66085 (Missing Authorization vulnerability in tychesoftwares Arconix Shortcod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66084 (Missing Authorization vulnerability in Shahjahan Jewel FluentCommunity ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66083 (Missing Authorization vulnerability in magepeopleteam WpEvently mage-e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66082 (Missing Authorization vulnerability in magepeopleteam WpEvently mage-e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66081 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66079 (Missing Authorization vulnerability in Jegstudio Gutenverse Form guten ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66077 (Missing Authorization vulnerability in wpWax Legal Pages legal-pages a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66075 (Missing Authorization vulnerability in WP Legal Pages WP Cookie Notice ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66073 (Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66072 (Missing Authorization vulnerability in Stiofan UsersWP userswp allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66071 (Missing Authorization vulnerability in tychesoftwares Custom Order Num ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66069 (Missing Authorization vulnerability in Themeisle PPOM for WooCommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66067 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66066 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66065 (Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66064 (Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveawa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66063 (Missing Authorization vulnerability in jgwhite33 WP Google Review Slid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66062 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66061 (Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriou ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66060 (Missing Authorization vulnerability in Craig Hewitt Seriously Simple P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66059 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66057 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66056 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66055 (Deserialization of Untrusted Data vulnerability in Icegram Email Subsc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-66053 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64767 (hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top o ...)
TODO: check
CVE-2025-64483 (Wazuh is a security detection, visibility, and compliance open source ...)
@@ -111,13 +111,13 @@ CVE-2025-48502 (Improper input validation within AMD uprof can allow a local att
CVE-2025-41115 (SCIM provisioning wasintroducedin Grafana Enterprise and Grafana Cloud ...)
TODO: check
CVE-2025-36149 (IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-30201 (Wazuh is a free and open source platform used for threat prevention, d ...)
TODO: check
CVE-2025-29934 (A bug within some AMD CPUs could allow a local admin-privileged attack ...)
TODO: check
CVE-2025-13524 (Improper resource release in the call termination process in AWS Wickr ...)
- TODO: check
+ NOT-FOR-US: Amazon
CVE-2025-13470 (In RNP version 0.18.0 a refactoring regression causes the symmetric s ...)
TODO: check
CVE-2025-13432 (Terraform state versions can be created by a user with specific but in ...)
@@ -125,45 +125,45 @@ CVE-2025-13432 (Terraform state versions can be created by a user with specific
CVE-2025-13357 (Vault\u2019s Terraform Provider incorrectly set the default deny_null_ ...)
TODO: check
CVE-2025-13156 (The Vitepos \u2013 Point of Sale (POS) for WooCommerce plugin for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13149 (The Schedule Post Changes With PublishPress Future: Unpublish, Delete, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13141 (The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13138 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13132 (This vulnerability allowed a site to enter fullscreen, after a user cl ...)
TODO: check
CVE-2025-12973 (The S2B AI Assistant \u2013 ChatBot, ChatGPT, OpenAI, Content & Image ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12964 (The Magical Products Display plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12935 (The FluentCRM \u2013 Email Newsletter, Automation, Email Marketing, Em ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12750 (The Groundhogg \u2014 CRM, Newsletters, and Marketing Automation plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12747 (The Tainacan plugin for WordPress is vulnerable to Information Exposur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12160 (The Simple User Registration plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12066 (The WP Delete Post Copies plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12039 (The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11973 (The \u7b80\u6570\u91c7\u96c6\u5668 plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11826 (The WP Company Info plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11808 (The Shortcode for Google Street View plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11803 (The WPSite Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11127 (The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10054 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10039 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-40211 (In the Linux kernel, the following vulnerability has been resolved: A ...)
- linux 6.17.8-1
NOTE: https://git.kernel.org/linus/8f067aa59430266386b83c18b983ca583faa6a11 (6.18-rc4)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea0f738526b08468415dd9f5d5ffb44ef05a6973
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea0f738526b08468415dd9f5d5ffb44ef05a6973
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251121/f34fe3e1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list