[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 3 21:13:53 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9994daa by security tracker role at 2025-10-03T20:13:47+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,77 +1,77 @@
CVE-2025-9945 (The Optimize More! \u2013 CSS plugin for WordPress is vulnerable to Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9897 (The AP Background plugin for WordPress is vulnerable to Cross-Site Req ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9895 (The Notification Bar plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9892 (The Restrict User Registration plugin for WordPress is vulnerable to C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9889 (The ContentMX Content Publisher plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9885 (The MPWizard \u2013 Create Mercado Pago Payment Links plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9884 (The Mobile Site Redirect plugin for WordPress is vulnerable to Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9876 (The Ird Slider plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9875 (The Event Tickets, RSVPs, Calendar plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9859 (The Fintelligence Calculator plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9858 (The Auto Bulb Finder for WordPress plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9854 (The A Simple Multilanguage Plugin plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9630 (The WP SinoType plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9561 (The AP Background plugin for WordPress is vulnerable to arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9372 (The Ultimate Multi Design Video Carousel plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9333 (The Smart Docs plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9332 (The Interactive Human Anatomy with Clickable Body Parts plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9286 (The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9213 (The TextBuilder plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9212 (The WP Dispatcher plugin for WordPress is vulnerable to arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9209 (The RestroPress \u2013 Online Food Ordering System plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9206 (The Meks Easy Maps plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9204 (The X Addons for Elementor plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9200 (The Blappsta Mobile App Plugin \u2013 Your native, mobile iPhone App a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9199 (The Woo superb slideshow transition gallery with random effect plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9198 (The Wp cycle text announcement plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9194 (The Constructor theme for WordPress is vulnerable to unauthorized modi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9130 (The Unify plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9129 (The Flexi plugin for WordPress is vulnerable to Stored Cross-Site Scri ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9080 (The Generic Elements plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9077 (The Ultra Addons Lite for Elementor plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9045 (The Easy Elementor Addons plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8776 (The Epic Bootstrap Buttons plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8669 (The Customify theme for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7825 (The Schema Plugin For Divi, Gutenberg & Shortcodes plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7721 (The JoomSport \u2013 for Sports: Team & League, Football, Hockey & mor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6388 (The Spirit Framework plugin for WordPress is vulnerable to authenticat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-61593 (Cursor is a code editor built for programming with AI. In versions 1.7 ...)
TODO: check
CVE-2025-61592 (Cursor is a code editor built for programming with AI. In versions 1.7 ...)
@@ -105,7 +105,7 @@ CVE-2025-59829 (Claude Code is an agentic coding tool. Versions below 1.0.120 fa
CVE-2025-59489 (Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux ...)
TODO: check
CVE-2025-57714 (An unquoted search path or element vulnerability has been reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-57423 (A SQL injection vulnerability was discovered in the /articles endpoint ...)
TODO: check
CVE-2025-56551 (An issue in DirectAdmin v1.680 allows unauthorized attackers to manipu ...)
@@ -117,81 +117,81 @@ CVE-2025-55971 (TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269
CVE-2025-54374 (Eidos is an extensible framework for Personal Data Management. Version ...)
TODO: check
CVE-2025-54154 (An improper authentication vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-54153 (An SQL injection vulnerability has been reported to affect Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-53595 (An SQL injection vulnerability has been reported to affect Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-53407 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-53406 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-53354 (NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are ...)
TODO: check
CVE-2025-52867 (An uncontrolled resource consumption vulnerability has been reported t ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52866 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52862 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52860 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52859 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52858 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52857 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52855 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52854 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52853 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52658 (HCL MyXalytics 6.6. product is affected by Use of Vulnerable/Outdate ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52656 (HCL MyXalytics: 6.6.is affected by Mass Assignment vulnerability. Mass ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52654 (A vulnerability in HCL HCL MyXalytics allows HTML InjectionThis issue ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52653 (HCL MyXalytics product is affected by Cross Site Scripting vulnerabili ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-52433 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52432 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52429 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52428 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52427 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-52424 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-49844 (Redis is an open source, in-memory database that persists on disk. Ver ...)
TODO: check
CVE-2025-49641 (A regular Zabbix user with no permission to the Monitoring -> Problems ...)
TODO: check
CVE-2025-48730 (A use of externally-controlled format string vulnerability has been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48729 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48728 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48727 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-48726 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47214 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47213 (A NULL pointer dereference vulnerability has been reported to affect s ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47212 (A command injection vulnerability has been reported to affect several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47211 (A path traversal vulnerability has been reported to affect several QNA ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-47210 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-46819 (Redis is an open source, in-memory database that persists on disk. Ver ...)
TODO: check
CVE-2025-46818 (Redis is an open source, in-memory database that persists on disk. Ver ...)
@@ -199,31 +199,31 @@ CVE-2025-46818 (Redis is an open source, in-memory database that persists on dis
CVE-2025-46817 (Redis is an open source, in-memory database that persists on disk. Ver ...)
TODO: check
CVE-2025-44014 (An out-of-bounds write vulnerability has been reported to affect Qsync ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44012 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44011 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44010 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44009 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44008 (A NULL pointer dereference vulnerability has been reported to affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44007 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-44006 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-40636 (SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4 ...)
TODO: check
CVE-2025-34226 (OpenPLC Runtime v3 contains an input validation flaw in the /upload-pr ...)
TODO: check
CVE-2025-33040 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-33039 (An allocation of resources without limits or throttling vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-33034 (A path traversal vulnerability has been reported to affect Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-27237 (In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file ...)
TODO: check
CVE-2025-27236 (A regular Zabbix user can search other users in their user group via Z ...)
@@ -233,41 +233,41 @@ CVE-2025-27231 (The LDAP 'Bind password' value cannot be read after saving, but
CVE-2025-11234 (A flaw was found in QEMU. If the QIOChannelWebsock object is freed whi ...)
TODO: check
CVE-2025-11223 (Installer of Panasonic AutoDownloader version 1.2.8 contains ...)
- TODO: check
+ NOT-FOR-US: Panasonic
CVE-2025-10729 (The module will parse a <pattern> node which is not a child of a struc ...)
TODO: check
CVE-2025-10728 (When the module renders a Svg file that contains a <pattern> element, ...)
TODO: check
CVE-2025-10726 (The WPRecovery plugin for WordPress is vulnerable to SQL Injection via ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10609 (Use of Hard-coded Credentials vulnerability in Logo Software Inc. Tige ...)
TODO: check
CVE-2025-10582 (The WP Dispatcher plugin for WordPress is vulnerable to SQL Injection ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10547 (An uninitialized variable in the HTTP CGI request arguments processing ...)
TODO: check
CVE-2025-10311 (The Comment Info Detector plugin for WordPress is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10309 (The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10306 (The Backup Bolt plugin for WordPress is vulnerable to arbitrary file d ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10302 (The Ultimate Viral Quiz plugin for WordPress is vulnerable to Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10212 (The SiteAlert (Formerly WP Health) plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10192 (The WP Photo Effects plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10165 (The AP Background plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10053 (The TableGen \u2013 Data Table Generator plugin for WordPress is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-0876 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2025-0616 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2024-56804 (An SQL injection vulnerability has been reported to affect Video Stati ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-XXXX [fetchmail-SA-2025-01: SMTP AUTH denial of service]
- fetchmail 6.5.6-1 (bug #1117136)
[trixie] - fetchmail <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9994daa77676788478054283a468c6c2683aaa2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9994daa77676788478054283a468c6c2683aaa2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251003/d75d03db/attachment.htm>
More information about the debian-security-tracker-commits
mailing list