[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8fef626f by Moritz Muehlenhoff at 2025-10-09T10:25:38+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,25 +9,25 @@ CVE-2025-7526 (The WP Travel Engine \u2013 Tour Booking Plugin \u2013 Tour Opera
 CVE-2025-6038 (The Lisfinity Core - Lisfinity Core plugin used for pebas\xae Lisfinit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-61913 (Flowise is a drag & drop user interface to build a customized large la ...)
-	TODO: check
+	NOT-FOR-US: Flowise
 CVE-2025-61906 (Opencast is a free, open-source platform to support the management of  ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2025-61788 (Opencast is a free, open-source platform to support the management of  ...)
-	TODO: check
+	NOT-FOR-US: Opencast
 CVE-2025-61672 (Synapse is an open source Matrix homeserver implementation. Lack of va ...)
 	TODO: check
 CVE-2025-61524 (An issue in the permission verification module and organization/applic ...)
 	TODO: check
 CVE-2025-61183 (Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: vaahcms
 CVE-2025-60834 (A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: uzy-ssm-mall
 CVE-2025-60833 (An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay comp ...)
 	TODO: check
 CVE-2025-60830 (redragon-erp v1.0 was discovered to contain a Shiro deserialization vu ...)
-	TODO: check
+	NOT-FOR-US: redragon-erp
 CVE-2025-60828 (WukongCRM-9.0-JAVA was discovered to contain a fastjson deserializatio ...)
-	TODO: check
+	NOT-FOR-US: WukongCRM-9.0-JAVA
 CVE-2025-60318 (SourceCodester Pet Grooming Management Software 1.0 is vulnerable to C ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-60314 (Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored C ...)
@@ -35,19 +35,19 @@ CVE-2025-60314 (Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a St
 CVE-2025-60313 (Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site S ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-60311 (ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection  ...)
-	TODO: check
+	NOT-FOR-US: ProjectWorlds Gym Management System
 CVE-2025-60299 (Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Sc ...)
-	TODO: check
+	NOT-FOR-US: Novel-Plus
 CVE-2025-60298 (Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: Novel-Plus
 CVE-2025-5009 (In Gemini iOS, when a user shared a snippet of a conversation, it woul ...)
 	TODO: check
 CVE-2025-59303 (HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-s ...)
-	TODO: check
+	NOT-FOR-US: HAProxy Kubernetes Ingress Controller
 CVE-2025-57457 (An OS Command Injection vulnerability in the Admin panel in Curo UC300 ...)
-	TODO: check
+	NOT-FOR-US: Curo UC300
 CVE-2025-53967 (Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remo ...)
-	TODO: check
+	NOT-FOR-US: Framelink Figma MCP Server
 CVE-2025-47355 (Memory corruption while invoking remote procedure IOCTL calls.)
 	NOT-FOR-US: Qualcomm
 CVE-2025-47354 (Memory corruption while allocating buffers in DSP service.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fef626f11cddc325d003aa8526d5b7a155ddd8f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fef626f11cddc325d003aa8526d5b7a155ddd8f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251009/75d5b54b/attachment-0001.htm>