[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 27 08:13:00 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70780a2f by security tracker role at 2025-11-27T08:12:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,6 +1,103 @@
-CVE-2025-40934
+CVE-2025-7820 (The SKT PayPal for WooCommerce plugin for WordPress is vulnerable to P ...)
+	TODO: check
+CVE-2025-66314 (Improper Privilege Management vulnerability in ZTE ElasticNet UME R32  ...)
+	TODO: check
+CVE-2025-66040 (Spotipy is a Python library for the Spotify Web API. Prior to version  ...)
+	TODO: check
+CVE-2025-66035 (Angular is a development platform for building mobile and desktop web  ...)
+	TODO: check
+CVE-2025-66031 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
+	TODO: check
+CVE-2025-66030 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
+	TODO: check
+CVE-2025-65202 (TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command inje ...)
+	TODO: check
+CVE-2025-64344 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
+	TODO: check
+CVE-2025-64335 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
+	TODO: check
+CVE-2025-64334 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
+	TODO: check
+CVE-2025-64333 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
+	TODO: check
+CVE-2025-64332 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
+	TODO: check
+CVE-2025-64331 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
+	TODO: check
+CVE-2025-64330 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
+	TODO: check
+CVE-2025-62593 (Ray is an AI compute engine. Prior to version 2.52.0, developers worki ...)
+	TODO: check
+CVE-2025-3784 (Cleartext Storage of Sensitive Information Vulnerability in GX Works2  ...)
+	TODO: check
+CVE-2025-34351 (Anyscale Ray 2.52.0 contains an insecure default configuration in whic ...)
+	TODO: check
+CVE-2025-13762 (Improper Input Validation vulnerability in CyberArk CyberArk Secure We ...)
+	TODO: check
+CVE-2025-13680 (The Tiger theme for WordPress is vulnerable to Privilege Escalation in ...)
+	TODO: check
+CVE-2025-13675 (The Tiger theme for WordPress is vulnerable to Privilege Escalation in ...)
+	TODO: check
+CVE-2025-13540 (The Tiare Membership plugin for WordPress is vulnerable to Privilege E ...)
+	TODO: check
+CVE-2025-13539 (The FindAll Membership plugin for WordPress is vulnerable to Authentic ...)
+	TODO: check
+CVE-2025-13538 (The FindAll Listing plugin for WordPress is vulnerable to Privilege Es ...)
+	TODO: check
+CVE-2025-13525 (The WP Directory Kit plugin for WordPress is vulnerable to Reflected C ...)
+	TODO: check
+CVE-2025-13441 (The Hide Category by User Role for WooCommerce plugin for WordPress is ...)
+	TODO: check
+CVE-2025-13157 (The QODE Wishlist for WooCommerce plugin for WordPress is vulnerable t ...)
+	TODO: check
+CVE-2025-13143 (The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordP ...)
+	TODO: check
+CVE-2025-12758 (Versions of the package validator before 13.15.22 are vulnerable to In ...)
+	TODO: check
+CVE-2025-12713 (The Soundslides plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+	TODO: check
+CVE-2025-12712 (The Shouty plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+	TODO: check
+CVE-2025-12670 (The wp-twitpic plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2025-12666 (The Google Drive upload and download link plugin for WordPress is vuln ...)
+	TODO: check
+CVE-2025-12649 (The SortTable Post plugin for WordPress is vulnerable to Stored Cross- ...)
+	TODO: check
+CVE-2025-12579 (The Reuters Direct plugin for WordPress is vulnerable to unauthorized  ...)
+	TODO: check
+CVE-2025-12578 (The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Re ...)
+	TODO: check
+CVE-2025-12185 (The StaffList plugin for WordPress is vulnerable to Stored Cross-Site  ...)
+	TODO: check
+CVE-2025-12151 (The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Si ...)
+	TODO: check
+CVE-2025-12123 (The Customer Reviews Collector for WooCommerce plugin for WordPress is ...)
+	TODO: check
+CVE-2025-0658 (A vulnerability in Automated Logic and Carrier's Zone Controllervia BA ...)
+	TODO: check
+CVE-2025-0657 (A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver   ...)
+	TODO: check
+CVE-2024-5540 (The reflective cross-site scripting vulnerability found in ALC WebCTRL ...)
+	TODO: check
+CVE-2024-5539 (The Access Control Bypass vulnerability found in ALC WebCTRL and Carri ...)
+	TODO: check
+CVE-2020-36874 (ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configura ...)
+	TODO: check
+CVE-2020-36873 (Astak CM-818T3 2.4GHz wireless security surveillance cameras contain a ...)
+	TODO: check
+CVE-2020-36872 (BACnet Test Server versions up to and including 1.01 contains a remote ...)
+	TODO: check
+CVE-2020-36871 (ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration  ...)
+	TODO: check
+CVE-2019-25227 (Tellion HN-2204AP routers contain an unauthenticated configuration dis ...)
+	TODO: check
+CVE-2019-25226 (Dongyoung Media DM-AP240T/W wireless access points contain an unauthen ...)
+	TODO: check
+CVE-2025-40934 (XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML  ...)
 	NOT-FOR-US: XML-Sig Perl module
 CVE-2025-66270
+	{DSA-6063-1}
 	- kdeconnect 25.11.80+git20251121.7090b106-1
 	[bookworm] - kdeconnect <not-affected> (Vulnerable code not present)
 	[bullseye] - kdeconnect <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70780a2f88abb6f5503488e08828f82f66a40fda

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70780a2f88abb6f5503488e08828f82f66a40fda
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251127/2eb9739b/attachment.htm>

More information about the debian-security-tracker-commits mailing list