[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Oct 4 09:12:52 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8f2cde44 by security tracker role at 2025-10-04T08:12:45+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2025-9952 (The Trinity Audio \u2013 Text to Speech AI audio player to convert con ...)
+	TODO: check
+CVE-2025-9886 (The Trinity Audio \u2013 Text to Speech AI audio player to convert con ...)
+	TODO: check
+CVE-2025-9485 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPres ...)
+	TODO: check
+CVE-2025-9243 (The Cost Calculator Builder plugin for WordPress is vulnerable to unau ...)
+	TODO: check
+CVE-2025-9030 (The Majestic Before After Image plugin for WordPress is vulnerable to  ...)
+	TODO: check
+CVE-2025-9029 (The WDesignKit \u2013 Elementor & Gutenberg Starter Templates, Pattern ...)
+	TODO: check
+CVE-2025-8726 (The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Si ...)
+	TODO: check
+CVE-2025-61962 (In fetchmail before 6.5.6, the SMTP client can crash when authenticati ...)
+	TODO: check
+CVE-2025-61895
+	REJECTED
+CVE-2025-61894
+	REJECTED
+CVE-2025-61893
+	REJECTED
+CVE-2025-61892
+	REJECTED
+CVE-2025-61891
+	REJECTED
+CVE-2025-61890
+	REJECTED
+CVE-2025-61889
+	REJECTED
+CVE-2025-61888
+	REJECTED
+CVE-2025-61887
+	REJECTED
+CVE-2025-61685 (Mastra is a Typescript framework for building AI agents and assistants ...)
+	TODO: check
+CVE-2025-61681 (KUNO CMS is a fully deployable full-stack blog application. Versions 1 ...)
+	TODO: check
+CVE-2025-61680 (Minecraft RCON Terminal is a VS Code extension that streamlines Minecr ...)
+	TODO: check
+CVE-2025-61679 (Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 ...)
+	TODO: check
+CVE-2025-61677 (DataChain is a Python-based AI-data warehouse for transforming and ana ...)
+	TODO: check
+CVE-2025-61673 (Karapace is an open-source implementation of Kafka REST and Schema Reg ...)
+	TODO: check
+CVE-2025-61585
+	REJECTED
+CVE-2025-59944 (Cursor is a code editor built for programming with AI. Versions 1.6.23 ...)
+	TODO: check
+CVE-2025-59943 (phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2 ...)
+	TODO: check
+CVE-2025-43825 (A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay ...)
+	TODO: check
+CVE-2025-39953 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
+	TODO: check
+CVE-2025-39952 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
+	TODO: check
+CVE-2025-39951 (In the Linux kernel, the following vulnerability has been resolved:  u ...)
+	TODO: check
+CVE-2025-39950 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2025-39949 (In the Linux kernel, the following vulnerability has been resolved:  q ...)
+	TODO: check
+CVE-2025-39948 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
+	TODO: check
+CVE-2025-39947 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2025-39946 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
+	TODO: check
+CVE-2025-39945 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
+	TODO: check
+CVE-2025-39944 (In the Linux kernel, the following vulnerability has been resolved:  o ...)
+	TODO: check
+CVE-2025-39943 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
+	TODO: check
+CVE-2025-39942 (In the Linux kernel, the following vulnerability has been resolved:  k ...)
+	TODO: check
+CVE-2025-39941 (In the Linux kernel, the following vulnerability has been resolved:  z ...)
+	TODO: check
+CVE-2025-39940 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2025-39939 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
+	TODO: check
+CVE-2025-39938 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
+	TODO: check
+CVE-2025-39937 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2025-39936 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
+	TODO: check
+CVE-2025-39935 (In the Linux kernel, the following vulnerability has been resolved:  A ...)
+	TODO: check
+CVE-2025-39934 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
+	TODO: check
+CVE-2025-39933 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
+	TODO: check
+CVE-2025-39932 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
+	TODO: check
+CVE-2025-39931 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
+	TODO: check
+CVE-2025-39929 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
+	TODO: check
+CVE-2025-11228 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
+	TODO: check
+CVE-2025-11227 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
+	TODO: check
+CVE-2025-10751 (MacForge contains an insecure XPC service that allows local, unprivile ...)
+	TODO: check
+CVE-2025-10746 (The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to u ...)
+	TODO: check
+CVE-2025-10696 (OpenSupports exposes an endpoint that allows the list of 'supervised u ...)
+	TODO: check
+CVE-2025-10695 (Two unauthenticated diagnostic endpoints allow arbitrary backend-initi ...)
+	TODO: check
+CVE-2025-10692 (The endpoint POST /api/staff/get-new-tickets concatenates the user-con ...)
+	TODO: check
+CVE-2025-10383 (The Contest Gallery \u2013 Upload, Vote & Sell with PayPal and Stripe  ...)
+	TODO: check
 CVE-2025-9945 (The Optimize More! \u2013 CSS plugin for WordPress is vulnerable to Cr ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9897 (The AP Background plugin for WordPress is vulnerable to Cross-Site Req ...)
@@ -4390,7 +4508,7 @@ CVE-2025-57973 (Improper Neutralization of Input During Web Page Generation ('Cr
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-57972 (Missing Authorization vulnerability in WPFactory Helpdesk Support Tick ...)
 	NOT-FOR-US: WordPress plugin or theme
-CVE-2025-57971 (Missing Authorization vulnerability in SALESmanago SALESmanago allows  ...)
+CVE-2025-57971 (Missing Authorization vulnerability in SALESmanago SALESmanago & Leado ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-57970 (Cross-Site Request Forgery (CSRF) vulnerability in SALESmanago SALESma ...)
 	NOT-FOR-US: WordPress plugin or theme



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f2cde447373aa0681cdcd93fc22bed882821bf3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f2cde447373aa0681cdcd93fc22bed882821bf3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251004/00fb37f3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list