[Git][security-tracker-team/security-tracker][master] automatic update

Sat Oct 18 09:13:00 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
863a775a by security tracker role at 2025-10-18T08:12:53+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,137 @@
+CVE-2025-9562 (The Redirection for Contact Form 7 plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2025-62671 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62670 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62669 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	TODO: check
+CVE-2025-62668 (Incorrect Default Permissions vulnerability in The Wikimedia Foundatio ...)
+	TODO: check
+CVE-2025-62667 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62666 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
+	TODO: check
+CVE-2025-62665 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62664 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62663 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62662 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62655 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-62654 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62653 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62652 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-62651 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
+	TODO: check
+CVE-2025-62650 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
+	TODO: check
+CVE-2025-62649 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
+	TODO: check
+CVE-2025-62648 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
+	TODO: check
+CVE-2025-62647 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
+	TODO: check
+CVE-2025-62646 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
+	TODO: check
+CVE-2025-62645 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
+	TODO: check
+CVE-2025-62644 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
+	TODO: check
+CVE-2025-62643 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
+	TODO: check
+CVE-2025-62642 (The Restaurant Brands International (RBI) assistant platform through 2 ...)
+	TODO: check
+CVE-2025-62640
+	REJECTED
+CVE-2025-62639
+	REJECTED
+CVE-2025-62638
+	REJECTED
+CVE-2025-62637
+	REJECTED
+CVE-2025-62636
+	REJECTED
+CVE-2025-62635
+	REJECTED
+CVE-2025-62634
+	REJECTED
+CVE-2025-62633
+	REJECTED
+CVE-2025-62632
+	REJECTED
+CVE-2025-62515 (pyquokka is a framework for making data lakes work for time series. In ...)
+	TODO: check
+CVE-2025-62508 (Citizen is a MediaWiki skin that makes extensions part of the cohesive ...)
+	TODO: check
+CVE-2025-5555 (A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to  ...)
+	TODO: check
+CVE-2025-40003 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
+	TODO: check
+CVE-2025-40002 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
+	TODO: check
+CVE-2025-40001 (In the Linux kernel, the following vulnerability has been resolved:  s ...)
+	TODO: check
+CVE-2025-11937 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-11914 (A vulnerability was found in Shenzhen Ruiming Technology Streamax Croc ...)
+	TODO: check
+CVE-2025-11913 (A vulnerability has been found in Shenzhen Ruiming Technology Streamax ...)
+	TODO: check
+CVE-2025-11912 (A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1 ...)
+	TODO: check
+CVE-2025-11857 (The XX2WP Integration Tools plugin for WordPress is vulnerable to Stor ...)
+	TODO: check
+CVE-2025-11742 (The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnera ...)
+	TODO: check
+CVE-2025-11741 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2025-11738 (The Media Library Assistant plugin for WordPress is vulnerable to limi ...)
+	TODO: check
+CVE-2025-11703 (The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulne ...)
+	TODO: check
+CVE-2025-11691 (The PPOM \u2013 Product Addons & Custom Fields for WooCommerce plugin  ...)
+	TODO: check
+CVE-2025-11519 (The Optimole \u2013 Optimize Images | Convert WebP & AVIF | CDN & Lazy ...)
+	TODO: check
+CVE-2025-11517 (The Event Tickets and Registration plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2025-11510 (The FileBird \u2013 WordPress Media Library Folders & File Manager plu ...)
+	TODO: check
+CVE-2025-11391 (The PPOM \u2013 Product Addons & Custom Fields for WooCommerce plugin  ...)
+	TODO: check
+CVE-2025-11378 (The ShortPixel Image Optimizer \u2013 Optimize Images, Convert WebP &  ...)
+	TODO: check
+CVE-2025-11372 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
+	TODO: check
+CVE-2025-11361 (The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Block ...)
+	TODO: check
+CVE-2025-11270 (The Gutenberg Essential Blocks \u2013 Page Builder for Gutenberg Block ...)
+	TODO: check
+CVE-2025-11256 (The Kognetiks Chatbot plugin for WordPress is vulnerable to unauthoriz ...)
+	TODO: check
+CVE-2025-10750 (The PowerBI Embed Reports plugin for WordPress is vulnerable to Sensit ...)
+	TODO: check
+CVE-2025-10187 (The GSpeech TTS \u2013 WordPress Text To Speech Plugin plugin for Word ...)
+	TODO: check
+CVE-2025-10006 (The WPBakery Page Builder plugin for WordPress is vulnerable to Stored ...)
+	TODO: check
+CVE-2020-36854 (The Async JavaScript plugin for WordPress is vulnerable to Stored Cros ...)
+	TODO: check
+CVE-2020-36853 (The 10WebMapBuilder plugin for WordPress is vulnerable to Stored Cross ...)
+	TODO: check
+CVE-2017-20208 (The RegistrationMagic \u2013 Custom Registration Forms, User Registrat ...)
+	TODO: check
+CVE-2017-20207 (The Flickr Gallery plugin for WordPress is vulnerable to PHP Object In ...)
+	TODO: check
+CVE-2017-20206 (The Appointments plugin for WordPress is vulnerable to PHP Object Inje ...)
+	TODO: check
 CVE-2025-8414 (Due to improper input validation, a buffer overflow vulnerability is p ...)
 	NOT-FOR-US: Silicon Labs
 CVE-2025-62511 (yt-grabber-tui is a C++ terminal user interface application for downlo ...)
@@ -755,7 +889,8 @@ CVE-2025-54279 (Animate versions 23.0.13, 24.0.10 and earlier are affected by a
 	NOT-FOR-US: Adobe
 CVE-2025-54278 (Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-base ...)
 	NOT-FOR-US: Adobe
-CVE-2025-54277 (Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2 ...)
+CVE-2025-54277
+	REJECTED
 	NOT-FOR-US: Adobe
 CVE-2025-54272 (Adobe Experience Manager versions 11.6 and earlier are affected by a s ...)
 	NOT-FOR-US: Adobe



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/863a775a8fed59d13b5721b876fcc5dd3fa3cf99

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/863a775a8fed59d13b5721b876fcc5dd3fa3cf99
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251018/fb59d2c6/attachment-0001.htm>
