[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 31 20:19:25 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b442c3fc by Salvatore Bonaccorso at 2025-10-31T21:19:02+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-8849 (LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) att ...)
- TODO: check
+ NOT-FOR-US: LibreChat
CVE-2025-8489 (The King Addons for Elementor \u2013 Free Elements, Widgets, Templates ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8385 (The Zombify plugin for WordPress is vulnerable to Path Traversal in al ...)
@@ -9,21 +9,21 @@ CVE-2025-8383 (The Depicter plugin for WordPress is vulnerable to Cross-Site Req
CVE-2025-7846 (The WordPress User Extra Fields plugin for WordPress is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6520 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Abis Technology BAPSIS
CVE-2025-6176 (Scrapy versions up to 2.13.2 are vulnerable to a denial of service (Do ...)
TODO: check
CVE-2025-6075 (If the value passed to os.path.expandvars() is user-controlled a perf ...)
TODO: check
CVE-2025-64389 (The web server of the device performs exchanges of sensitive informati ...)
- TODO: check
+ NOT-FOR-US: Circutor TCPRS1plus
CVE-2025-64388 (Denial of service of the web server through specific requests to this ...)
- TODO: check
+ NOT-FOR-US: Circutor TCPRS1plus
CVE-2025-64387 (The web application is vulnerable to a so-called \u2018clickjacking\u2 ...)
- TODO: check
+ NOT-FOR-US: Circutor TCPRS1plus
CVE-2025-64386 (The equipment grants a JWT token for each connection in the timeline, ...)
- TODO: check
+ NOT-FOR-US: Circutor TCPRS1plus
CVE-2025-64385 (The equipment initially can be configured using the manufacturer's app ...)
- TODO: check
+ NOT-FOR-US: Circutor TCPRS1plus
CVE-2025-64368 (Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-64367 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b442c3fc5e98694cc4493a451aaff93e418e306f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b442c3fc5e98694cc4493a451aaff93e418e306f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251031/a498a08e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list