[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4e8d5a1 by security tracker role at 2025-10-22T08:12:07+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,45 @@
+CVE-2025-62775 (Mercku M6a devices through 2.1.0 allow root TELNET logins via the web  ...)
+	TODO: check
+CVE-2025-62774 (On Mercku M6a devices through 2.1.0, the authentication system uses pr ...)
+	TODO: check
+CVE-2025-62773 (Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.te ...)
+	TODO: check
+CVE-2025-62772 (On Mercku M6a devices through 2.1.0, session tokens remain valid for a ...)
+	TODO: check
+CVE-2025-62771 (Mercku M6a devices through 2.1.0 allow password changes via intranet C ...)
+	TODO: check
+CVE-2025-61756 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+	TODO: check
+CVE-2025-5983 (The Meta Tag Manager WordPress plugin before 3.3 does not restrict whi ...)
+	TODO: check
+CVE-2025-41724 (An unauthenticated remote attacker can crash the wscserver by sending  ...)
+	TODO: check
+CVE-2025-41723 (The importFile SOAP method is vulnerable to a directory traversal atta ...)
+	TODO: check
+CVE-2025-41722 (The wsc server uses a hard-coded certificate to check the authenticity ...)
+	TODO: check
+CVE-2025-41721 (A high privileged remote attacker can influence the parameters passed  ...)
+	TODO: check
+CVE-2025-41720 (A low privileged remote attacker can upload arbitrary data masked as a ...)
+	TODO: check
+CVE-2025-41719 (A low privileged remote attacker can corrupt the webserver users stora ...)
+	TODO: check
+CVE-2025-22167 (This High severity Path Traversal (Arbitrary Write) vulnerability was  ...)
+	TODO: check
+CVE-2025-12033 (The Simple Banner \u2013 Easily add multiple Banners/Bars/Notification ...)
+	TODO: check
+CVE-2025-10651 (The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cr ...)
+	TODO: check
+CVE-2025-10638 (The NS Maintenance Mode for WP WordPress plugin through 1.3.1 lacks au ...)
+	TODO: check
+CVE-2025-10588 (The PixelYourSite \u2013 Your smart PIXEL (TAG) & API Manager plugin f ...)
+	TODO: check
+CVE-2025-10570 (The Flexible Refund and Return Order for WooCommerce plugin for WordPr ...)
+	TODO: check
+CVE-2024-58274 (Hikvision CSMP (Comprehensive Security Management Platform) iSecure Ce ...)
+	TODO: check
+CVE-2023-53691 (Hikvision CSMP (Comprehensive Security Management Platform) iSecure Ce ...)
+	TODO: check
 CVE-2025-62526
 	NOT-FOR-US: OpenWRT (ubusd)
 	NOTE: https://openwrt.org/advisory/2025-10-22-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4e8d5a1575df215dbd60e5e6945c13a35f79bc3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4e8d5a1575df215dbd60e5e6945c13a35f79bc3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251022/1205b271/attachment.htm>