[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 24 09:13:37 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b61f1de9 by security tracker role at 2025-10-24T08:13:31+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2025-9978 (The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7730 (The Bold Page Builder plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6440 (The WooCommerce Designer Pro plugin for WordPress, used by the Pricom ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-62868 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-62835
REJECTED
CVE-2025-62834
@@ -29,7 +29,7 @@ CVE-2025-62688 (An incorrect permission assignment for a critical resource vulne
CVE-2025-62498 (A relative path traversal (ZipSlip) vulnerability was discovered in Pr ...)
TODO: check
CVE-2025-62254 (The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-61977 (A weak password recovery mechanism for forgotten password vulnerabilit ...)
TODO: check
CVE-2025-61934 (A binding to an unrestricted IP address vulnerability was discovered i ...)
@@ -61,9 +61,9 @@ CVE-2025-54963 (An issue was discovered in BAE SOCET GXP before 4.6.0.2. An atta
CVE-2025-12100 (Incorrect Default Permissions vulnerability in MongoDB BI Connector OD ...)
TODO: check
CVE-2025-10874 (The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10723 (The PixelYourSite WordPress plugin before 11.1.2 does not validate so ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9981 (QuickCMS is vulnerable to multiple Stored XSS in slider editor functio ...)
NOT-FOR-US: QuickCMS
CVE-2025-9980 (QuickCMS is vulnerable to multiple Stored XSS in page editor functiona ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b61f1de93ff23ebf708af6c13c64b43b83eff1fa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b61f1de93ff23ebf708af6c13c64b43b83eff1fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251024/a2a46473/attachment.htm>
More information about the debian-security-tracker-commits
mailing list