[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Oct 4 17:14:53 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2687c722 by Salvatore Bonaccorso at 2025-10-04T18:14:22+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,23 +31,23 @@ CVE-2025-61888
 CVE-2025-61887
 	REJECTED
 CVE-2025-61685 (Mastra is a Typescript framework for building AI agents and assistants ...)
-	TODO: check
+	NOT-FOR-US: Mastra
 CVE-2025-61681 (KUNO CMS is a fully deployable full-stack blog application. Versions 1 ...)
-	TODO: check
+	NOT-FOR-US: KUNO CMS
 CVE-2025-61680 (Minecraft RCON Terminal is a VS Code extension that streamlines Minecr ...)
-	TODO: check
+	NOT-FOR-US: Minecraft RCON Terminal
 CVE-2025-61679 (Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 ...)
-	TODO: check
+	NOT-FOR-US: Anyquery
 CVE-2025-61677 (DataChain is a Python-based AI-data warehouse for transforming and ana ...)
-	TODO: check
+	NOT-FOR-US: DataChain
 CVE-2025-61673 (Karapace is an open-source implementation of Kafka REST and Schema Reg ...)
-	TODO: check
+	NOT-FOR-US: Karapace
 CVE-2025-61585
 	REJECTED
 CVE-2025-59944 (Cursor is a code editor built for programming with AI. Versions 1.6.23 ...)
-	TODO: check
+	NOT-FOR-US: Cursor
 CVE-2025-59943 (phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2 ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2025-43825 (A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay ...)
 	NOT-FOR-US: Liferay
 CVE-2025-39953 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
@@ -150,15 +150,15 @@ CVE-2025-11228 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugi
 CVE-2025-11227 (The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10751 (MacForge contains an insecure XPC service that allows local, unprivile ...)
-	TODO: check
+	NOT-FOR-US: MacForge
 CVE-2025-10746 (The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to u ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10696 (OpenSupports exposes an endpoint that allows the list of 'supervised u ...)
-	TODO: check
+	NOT-FOR-US: OpenSupports
 CVE-2025-10695 (Two unauthenticated diagnostic endpoints allow arbitrary backend-initi ...)
-	TODO: check
+	NOT-FOR-US: OpenSupports
 CVE-2025-10692 (The endpoint POST /api/staff/get-new-tickets concatenates the user-con ...)
-	TODO: check
+	NOT-FOR-US: OpenSupports
 CVE-2025-10383 (The Contest Gallery \u2013 Upload, Vote & Sell with PayPal and Stripe  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9945 (The Optimize More! \u2013 CSS plugin for WordPress is vulnerable to Cr ...)
@@ -417,11 +417,11 @@ CVE-2025-10728 (When the module renders a Svg file that contains a <pattern> ele
 CVE-2025-10726 (The WPRecovery plugin for WordPress is vulnerable to SQL Injection via ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10609 (Use of Hard-coded Credentials vulnerability in Logo Software Inc. Tige ...)
-	TODO: check
+	NOT-FOR-US: Logo Software Inc. TigerWings ERP
 CVE-2025-10582 (The WP Dispatcher plugin for WordPress is vulnerable to SQL Injection  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10547 (An uninitialized variable in the HTTP CGI request arguments processing ...)
-	TODO: check
+	NOT-FOR-US: Draytek
 CVE-2025-10311 (The Comment Info Detector plugin for WordPress is vulnerable to Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10309 (The PayPal Forms plugin for WordPress is vulnerable to Cross-Site Requ ...)
@@ -439,9 +439,9 @@ CVE-2025-10165 (The AP Background plugin for WordPress is vulnerable to Stored C
 CVE-2025-10053 (The TableGen \u2013 Data Table Generator plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0876 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: IT's Workif
 CVE-2025-0616 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: B2B Netsis Panel
 CVE-2024-56804 (An SQL injection vulnerability has been reported to affect Video Stati ...)
 	NOT-FOR-US: QNAP
 CVE-2025-61962 [fetchmail-SA-2025-01: SMTP AUTH denial of service]
@@ -522,7 +522,7 @@ CVE-2025-11241 (The Yoast SEO Premium plugin for WordPress is vulnerable to Stor
 CVE-2025-10895
 	REJECTED
 CVE-2025-10653 (An unauthenticated debug port may allow access to the device file syst ...)
-	TODO: check
+	NOT-FOR-US: Raise3D
 CVE-2025-61653 [Add authorizeRead check for extracts endpoint]
 	- mediawiki <unfixed>
 	NOTE: http://phabricator.wikimedia.org/T397577
@@ -352928,7 +352928,7 @@ CVE-2021-42195 (An issue was discovered in swftools through 20201222. A heap-buf
 CVE-2021-42194 (The wechat_return function in /controller/Index.php of EyouCms V1.5.4- ...)
 	NOT-FOR-US: Eyoucms
 CVE-2021-42193 (nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/ ...)
-	TODO: check
+	NOT-FOR-US: nopCommerce
 CVE-2021-42192 (Konga v0.14.9 is affected by an incorrect access control vulnerability ...)
 	NOT-FOR-US: KONGA
 CVE-2021-42191



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2687c722bca6721424f1b0eacf2bdc965df07efd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2687c722bca6721424f1b0eacf2bdc965df07efd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251004/5f674318/attachment.htm>

More information about the debian-security-tracker-commits mailing list