[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Nov 25 08:14:19 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e32a6c3 by security tracker role at 2025-11-25T08:13:47+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-9803 (lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover d ...)
TODO: check
CVE-2025-6389 (The Sneeit Framework plugin for WordPress is vulnerable to Remote Code ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-66187
REJECTED
CVE-2025-66186
@@ -45,21 +45,21 @@ CVE-2025-62155 (New API is a large language mode (LLM) gateway and artificial in
CVE-2025-59485 (Incorrect default permissions issue exists in Security Point (Windows) ...)
TODO: check
CVE-2025-59373 (A local privilege escalation vulnerability exists in the restore me ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-59372 (A path traversal vulnerability has been identified in certain router m ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-59371 (An authentication bypass vulnerability has been identified in the IFTT ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-59370 (A command injection vulnerability has been identified in bwdpi. A remo ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-59369 (A SQL injection vulnerability has been identified in bwdpi. A remote, ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-59368 (An integer underflow vulnerability has been identified in Aicloud. An ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-59366 (An authentication-bypass vulnerability exists in AiCloud. This vulnera ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-59365 (A stack buffer overflow vulnerability has been identified in certain r ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-54563 (An Incorrect Access Control vulnerability was found in the Application ...)
TODO: check
CVE-2025-54347 (A Directory Traversal vulnerability was found in the Application Serve ...)
@@ -71,73 +71,73 @@ CVE-2025-54338 (An Incorrect Access Control vulnerability was found in the Appli
CVE-2025-52538 (Improper input validation within the XOCL driver may allow a local att ...)
TODO: check
CVE-2025-36150 (IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-13644 (MongoDB Server may experience an invariant failure during batched dele ...)
TODO: check
CVE-2025-13643 (A user with access to the cluster with a limited set of privilege acti ...)
TODO: check
CVE-2025-13559 (The EduKart Pro plugin for WordPress is vulnerable to Privilege Escala ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13558 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13507 (Inconsistent object size validation in time series processing logic ma ...)
TODO: check
CVE-2025-13452 (The Admin and Customer Messages After Order for WooCommerce: OrderConv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13414 (The Chamber Dashboard Business Directory plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13405 (The Ace Post Type Builder plugin for WordPress is vulnerable to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13404 (The atec Duplicate Page & Post plugin for WordPress is vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13389 (The Admin and Customer Messages After Order for WooCommerce: OrderConv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13386 (The Social Images Widget plugin for WordPress is vulnerable to unautho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13385 (The Bookme \u2013 Free Online Appointment Booking and Scheduling Plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13383 (The Job Board by BestWebSoft plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13382 (The Frontend File Manager Plugin for WordPress is vulnerable to Insecu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13380 (The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13376 (The ProjectList plugin for WordPress is vulnerable to arbitrary file u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13370 (The ProjectList plugin for WordPress is vulnerable to time-based SQL I ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13311 (The Just Highlight plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13068 (The Telegram Bot & Channel plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12893 (Clients may successfully perform a TLS handshake with a MongoDB server ...)
TODO: check
CVE-2025-12742 (A Looker user with a Developer role could cause Looker to execute a ma ...)
TODO: check
CVE-2025-12645 (The Inline frame \u2013 Iframe plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12634 (The Refund Request for WooCommerce plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12587 (The Peer Publish plugin for WordPress is vulnerable to Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12586 (The Conditional Maintenance Mode for WordPress plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12525 (The Locker Content plugin for WordPress is vulnerable to Sensitive Inf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12043 (The Autochat Automatic Conversation plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12040 (The Wishlist for WooCommerce plugin for WordPress is vulnerable to Ins ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12032 (The Zweb Social Mobile \u2013 \u1ee8ng D\u1ee5ng N\xfat G\u1ecdi Mobil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12025 (The YouTube Subscribe plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12003 (A path traversal vulnerability has been identified in WebDAV, which ma ...)
- TODO: check
+ NOT-FOR-US: ASUS
CVE-2025-10646 (The Search Exclude plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10144 (The Perfect Brands for WooCommerce plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0007 (Insufficient validation within Xilinx Run Time framework could allow a ...)
TODO: check
CVE-2025-0003 (Inadequate lock protection within Xilinx Run time may allow a local at ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e32a6c3c04dde0359b265daabb8d195f593ebe8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e32a6c3c04dde0359b265daabb8d195f593ebe8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251125/929492d3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list