[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 4 21:36:45 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0a3802d7 by Salvatore Bonaccorso at 2025-09-04T22:36:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,21 +3,21 @@ CVE-2025-9636 (pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP
CVE-2025-9616 (The PopAd plugin for WordPress is vulnerable to Cross-Site Request For ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8311 (dotCMS versions24.03.22 and after, identified a Boolean-based blind SQ ...)
- TODO: check
+ NOT-FOR-US: dotCMS
CVE-2025-7388 (It was possible to perform Remote Command Execution (RCE) via Java RMI ...)
NOT-FOR-US: Progress Software
CVE-2025-7385 (Input from search query parameter in GOV CMS is not sanitized properly ...)
- TODO: check
+ NOT-FOR-US: GOV CMS
CVE-2025-6984 (The langchain-ai/langchain project, specifically the EverNoteLoader co ...)
- TODO: check
+ NOT-FOR-US: langchain-ai/langchain
CVE-2025-6785 (Securing externally available CAN wires can easily allow physical acce ...)
- TODO: check
+ NOT-FOR-US: Tesla Model 3
CVE-2025-6085 (The Make Connector plugin for WordPress is vulnerable to arbitrary fil ...)
NOT-FOR-US: WordPress plugin
CVE-2025-58361 (Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and ...)
- TODO: check
+ NOT-FOR-US: Promptcraft Forge Studio
CVE-2025-58353 (Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and ...)
- TODO: check
+ NOT-FOR-US: Promptcraft Forge Studio
CVE-2025-57576 (PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scri ...)
NOT-FOR-US: PHPGurukul
CVE-2025-57263 (An authenticated SQL injection vulnerability in VX Guestbook 1.07 allo ...)
@@ -602,11 +602,11 @@ CVE-2025-58695
CVE-2025-58694
REJECTED
CVE-2025-58358 (Markdownify is a Model Context Protocol server for converting almost a ...)
- TODO: check
+ NOT-FOR-US: Markdownify
CVE-2025-58357 (5ire is a cross-platform desktop artificial intelligence assistant and ...)
- TODO: check
+ NOT-FOR-US: 5ire
CVE-2025-58355 (Soft Serve is a self-hostable Git server for the command line. In vers ...)
- TODO: check
+ NOT-FOR-US: Soft Serve
CVE-2025-58171
REJECTED
CVE-2025-58064 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3802d736e983e189c07292bbcdbdddc59791ad
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3802d736e983e189c07292bbcdbdddc59791ad
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250904/4536b0a5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list