[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 31 20:13:43 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc582597 by security tracker role at 2025-10-31T20:13:36+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
CVE-2025-8849 (LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) att ...)
TODO: check
CVE-2025-8489 (The King Addons for Elementor \u2013 Free Elements, Widgets, Templates ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8385 (The Zombify plugin for WordPress is vulnerable to Path Traversal in al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8383 (The Depicter plugin for WordPress is vulnerable to Cross-Site Request ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-7846 (The WordPress User Extra Fields plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6520 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
TODO: check
CVE-2025-6176 (Scrapy versions up to 2.13.2 are vulnerable to a denial of service (Do ...)
@@ -25,41 +25,41 @@ CVE-2025-64386 (The equipment grants a JWT token for each connection in the time
CVE-2025-64385 (The equipment initially can be configured using the manufacturer's app ...)
TODO: check
CVE-2025-64368 (Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64367 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64366 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64364 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64363 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64362 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64360 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64359 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64358 (Missing Authorization vulnerability in WebToffee Smart Coupons for Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64357 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advance ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64356 (Missing Authorization vulnerability in f1logic Insert PHP Code Snippet ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64354 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64353 (Deserialization of Untrusted Data vulnerability in Chouby Polylang pol ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64352 (Missing Authorization vulnerability in WPDeveloper Essential Addons fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64351 (Insertion of Sensitive Information Into Sent Data vulnerability in Ran ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64350 (Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-64349 (ELOG allows an authenticated user to modify another user's profile. An ...)
TODO: check
CVE-2025-64348 (ELOG allows an authenticated user to modify or overwrite the configura ...)
@@ -73,37 +73,37 @@ CVE-2025-63562 (Summer Pearl Group Vacation Rental Management Platform prior to
CVE-2025-63561 (Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 ...)
TODO: check
CVE-2025-63469 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63468 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63467 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63466 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63465 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63464 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63463 (Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stac ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63462 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63461 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63460 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63459 (Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a sta ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-63458 (Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-63454 (Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-62618 (ELOG allows an authenticated user to upload arbitrary HTML files. The ...)
TODO: check
CVE-2025-62267 (Multiple cross-site scripting (XSS) vulnerabilities in web content tem ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62264 (Reflected cross-site scripting (XSS) vulnerability in Languauge Overri ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-62232 (Sensitive data exposure via logging in basic-auth leads to plaintext u ...)
TODO: check
CVE-2025-61427 (A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO A ...)
@@ -113,9 +113,9 @@ CVE-2025-61141 (sqls-server/sqls 0.2.28 is vulnerable to command injection in th
CVE-2025-60749 (DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via craft ...)
TODO: check
CVE-2025-60711 (Protection mechanism failure in Microsoft Edge (Chromium-based) allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2025-5397 (The Noo JobMonster theme for WordPress is vulnerable to Authentication ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-59501 (Authentication bypass by spoofing in Microsoft Configuration Manager a ...)
TODO: check
CVE-2025-58152 (FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put ...)
@@ -145,9 +145,9 @@ CVE-2025-48982 (This vulnerability in Veeam Agent for Microsoft Windows allows f
CVE-2025-48980 (In Brave Browser Desktop versions prior to 1.83.10 that have the split ...)
TODO: check
CVE-2025-40603 (A potential exposure of sensitive information in log files in SonicWal ...)
- TODO: check
+ NOT-FOR-US: SonicWall
CVE-2025-36249 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-34298 (Nagios Log Server versions prior to 2024R1.3.2 contain a privilege esc ...)
TODO: check
CVE-2025-34287 (Nagios XI versions prior to 2024R2 contain an improperly owned script, ...)
@@ -183,7 +183,7 @@ CVE-2025-34135 (Nagios XI versions prior to2024R1.4.2configure some systemd unit
CVE-2025-34134 (Nagios XI versions prior to 2024R1.4.2 contain a remote code execution ...)
TODO: check
CVE-2025-33003 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-30191 (Malicious content from E-Mail can be used to perform a redressing atta ...)
TODO: check
CVE-2025-30188 (Malicious or unintentional API requests can be used to add significant ...)
@@ -193,23 +193,23 @@ CVE-2025-29270 (Incorrect access control in the realtime.cgi endpoint of Deep Se
CVE-2025-27208 (A reflected Cross-Site Scripting (XSS) vulnerability has been identifi ...)
TODO: check
CVE-2025-12554 (Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; B ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12553 (Email Server Certificate Verification Disabled.This issue affects BLU- ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12552 (Insufficient Password Policy.This issue affects BLU-IC2: through 1.19. ...)
- TODO: check
+ NOT-FOR-US: Azure Access Technology
CVE-2025-12547 (A vulnerability was identified in LogicalDOC Community Edition up to 9 ...)
TODO: check
CVE-2025-12546 (A vulnerability was determined in LogicalDOC Community Edition up to 9 ...)
TODO: check
CVE-2025-12521 (The Analytify Pro plugin for WordPress is vulnerable to Sensitive Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12509 (On a client with an admin user, a Global_Shipping script can be implem ...)
- TODO: check
+ NOT-FOR-US: Bizerba
CVE-2025-12508 (When using domain users as BRAIN2 users, communication with Active Dir ...)
- TODO: check
+ NOT-FOR-US: Bizerba
CVE-2025-12507 (The service Bizerba Communication Server (BCS) has an unquoted service ...)
- TODO: check
+ NOT-FOR-US: Bizerba
CVE-2025-12501 (Integer overflow in GameMaker IDE below 2024.14.0 version can lead to ...)
TODO: check
CVE-2025-12460 (An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 ...)
@@ -217,27 +217,27 @@ CVE-2025-12460 (An XSS issue was discovered in Afterlogic Aurora webmail version
CVE-2025-12357 (By manipulating the Signal Level Attenuation Characterization (SLAC) ...)
TODO: check
CVE-2025-12175 (The The Events Calendar plugin for WordPress is vulnerable to unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12115 (The WPC Name Your Price for WooCommerce plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12094 (The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12041 (The ERI File Library plugin for WordPress is vulnerable to unauthorize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11975 (The FuseWP \u2013 WordPress User Sync to Email List & Marketing Automa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11843 (Therefore Corporation GmbH has recently become aware that Therefore\u2 ...)
- TODO: check
+ NOT-FOR-US: Canon
CVE-2025-11806 (The Qzzr Shortcode Plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11602 (Potential information leak in bolt protocol handshake in Neo4j Enterpr ...)
TODO: check
CVE-2025-11191 (The RealPress WordPress plugin before 1.1.0 registers the REST routes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10897 (The WooCommerce Designer Pro theme for WordPress is vulnerable to arbi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10693 (When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR ...)
- TODO: check
+ NOT-FOR-US: Silicon Labs
CVE-2024-58273 (Nagios Log Server versions prior to 2024R1.0.2 contain a local privile ...)
TODO: check
CVE-2024-58272 (Nagios Log Server versions prior to 2024R1 contain a stored cross-site ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc5825978468f2e11ad84bdd18a6a4ef423914bb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc5825978468f2e11ad84bdd18a6a4ef423914bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251031/94ce5bdb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list