[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 3 21:14:47 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
be061831 by security tracker role at 2025-09-03T20:14:39+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2025-9959 (Incomplete validation of dunder attributes allows an attacker to escap ...)
TODO: check
CVE-2025-9926 (A vulnerability was determined in projectworlds Travel Management Syst ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2025-9925 (A vulnerability was found in projectworlds Travel Management System 1. ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2025-9924 (A vulnerability has been found in projectworlds Travel Management Syst ...)
- TODO: check
+ NOT-FOR-US: Project Worlds
CVE-2025-9923 (A flaw has been found in Campcodes Sales and Inventory System 1.0. Thi ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-9922 (A security vulnerability has been detected in Campcodes Sales and Inve ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-9921 (A weakness has been identified in code-projects POS Pharmacy System 1. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-9920 (A security flaw has been discovered in Campcodes Recruitment Managemen ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-9919 (A vulnerability was identified in 1000projects Beauty Parlour Manageme ...)
TODO: check
CVE-2025-9901 (A flaw was found in libsoup\u2019s caching mechanism, SoupCache, where ...)
@@ -29,115 +29,115 @@ CVE-2025-9821 (SummaryUsers with webhook permissions can conduct SSRF via webhoo
CVE-2025-9365 (Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of un ...)
TODO: check
CVE-2025-9219 (The Post SMTP \u2013 WP SMTP Plugin with Email Logs and Mobile App for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-58644 (Deserialization of Untrusted Data vulnerability in enituretechnology L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58643 (Deserialization of Untrusted Data vulnerability in enituretechnology L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58642 (Deserialization of Untrusted Data vulnerability in enituretechnology L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58641 (Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58640 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58639 (Missing Authorization vulnerability in Ali Khallad Contact Form By Meg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58637 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58635 (Missing Authorization vulnerability in PalsCode Support Genix allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58634 (Missing Authorization vulnerability in peachpay PeachPay Payments allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58633 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58632 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58626 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58625 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58624 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58623 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58622 (Missing Authorization vulnerability in yydevelopment Mobile Contact Li ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58620 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58618 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58617 (Missing Authorization vulnerability in FAKTOR VIER F4 Media Taxonomies ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58616 (Missing Authorization vulnerability in Frisbii Frisbii Pay allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58615 (Server-Side Request Forgery (SSRF) vulnerability in gfazioli WP Banner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58613 (Missing Authorization vulnerability in Barn2 Plugins Posts Table with ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58612 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58611 (Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58610 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58609 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58608 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58607 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58606 (Missing Authorization vulnerability in CozyThemes SaasLauncher allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58605 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58604 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58603 (Missing Authorization vulnerability in Surfer Surfer allows Exploiting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58602 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58601 (Missing Authorization vulnerability in RadiusTheme Classified Listing ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58600 (Missing Authorization vulnerability in Cozmoslabs Paid Member Subscrip ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58599 (Missing Authorization vulnerability in tychesoftwares Order Delivery D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58598 (Insertion of Sensitive Information Into Debugging Code vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58597 (Authorization Bypass Through User-Controlled Key vulnerability in Tomd ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58596 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58594 (Missing Authorization vulnerability in themefusecom Brizy allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58460 (A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v844 ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-58459 (Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-58458 (In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form val ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-57151 (phpgurukul Complaint Management System 2.0 is vulnerable to Cross Site ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-57150 (phpgurukul Complaint Management System in PHP 2.0 is vulnerable to Cro ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-57149 (phpgurukul Complaint Management System 2.0 is vulnerable to SQL Inject ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-57148 (phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-57147 (A SQL Injection vulnerability was found in phpgurukul Complaint Manage ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-57146 (phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-57052 (cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_ ...)
TODO: check
CVE-2025-56803 (Figma Desktop for Windows version 125.6.5 contains a command injection ...)
@@ -151,7 +151,7 @@ CVE-2025-56752 (A vulnerability in the Ruijie RG-ES series switch firmware ESW_1
CVE-2025-56689 (An issue was discovered in Quest One Identity 7.5.1.20903. A crafted r ...)
TODO: check
CVE-2025-56608 (The SourceCodester Android application "Corona Virus Tracker App India ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-56498 (An OS command injection vulnerability exists in PLDT WiFi Router's Pro ...)
TODO: check
CVE-2025-56435 (SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remot ...)
@@ -161,7 +161,7 @@ CVE-2025-56139 (LinkedIn Mobile Application for Android version 4.1.1087.2 fails
CVE-2025-55944 (Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG ...)
TODO: check
CVE-2025-55852 (Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWif ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-55162 (Envoy is an open source L7 proxy and communication bus designed for la ...)
TODO: check
CVE-2025-53694 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
@@ -177,15 +177,15 @@ CVE-2025-52494 (Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a deni
CVE-2025-48876
REJECTED
CVE-2025-47421 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...)
- TODO: check
+ NOT-FOR-US: Crestron
CVE-2025-45805 (In phpgurukul Doctor Appointment Management System 1.0, an authenticat ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-41000 (Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB L ...)
TODO: check
CVE-2025-3701 (Missing Authorization vulnerability in Malcure Web Security Malcure Ma ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-36193 (IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns pri ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-2416 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
TODO: check
CVE-2025-2415 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...)
@@ -199,11 +199,11 @@ CVE-2025-20335 (A vulnerability in the directory permissions of Cisco Desk Phone
CVE-2025-20330 (A vulnerability in the web-based management interface of Cisco Unified ...)
TODO: check
CVE-2025-20328 (A vulnerability in the user profile component of Cisco Webex Meetings ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20326 (A vulnerability in the web-based management interface of Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20291 (A vulnerability in Cisco Webex Meetings could have allowed an unauthen ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20287 (A vulnerability in the web-based management interface of Cisco Evolved ...)
TODO: check
CVE-2025-20280 (A vulnerability in the web-based management interface of Cisco Evolved ...)
@@ -215,11 +215,11 @@ CVE-2025-1740 (Improper Restriction of Excessive Authentication Attempts vulnera
CVE-2025-0878 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2025-0280 (A security vulnerability in HCL Compass can allow attacker to gain una ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2024-43166 (Incorrect Default Permissions vulnerability in Apache DolphinScheduler ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2024-43115 (Improper Input Validation vulnerability in Apache DolphinScheduler. An ...)
- TODO: check
+ NOT-FOR-US: Apache software not packaged in Debian
CVE-2024-13068 (Origin Validation Error vulnerability in Akinsoft LimonDesk allows For ...)
TODO: check
CVE-2024-13066 (Improper Restriction of Rendered UI Layers or Frames vulnerability in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be061831095ce556e8242ddb249549e93cd16f1f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be061831095ce556e8242ddb249549e93cd16f1f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250903/0fca8fd2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list