[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 9 21:14:44 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ca3896d5 by security tracker role at 2025-09-09T20:14:37+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,37 +3,37 @@ CVE-2025-9994 (The Amp\u2019ed RF BT-AP 111 Bluetooth access point's HTTP admin
CVE-2025-9951 (A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows ...)
TODO: check
CVE-2025-9872 (Insufficient filename validation in Ivanti Endpoint Manager before 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-9712 (Insufficient filename validation in Ivanti Endpoint Manager before 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-9364 (An open database issue exists in the affected product and version. The ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9269 (A Server-Side Request Forgery (SSRF) vulnerability has been identified ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-9166 (A denial-of-service security issue exists in the affected product and ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9161 (A security issue exists within FactoryTalk Optix MQTT broker due to th ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9160 (A code execution security issue exists in the affected product. An att ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9065 (A server-side request forgery security issue exists within Rockwell Au ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-8712 (Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-8711 (CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-8277 (A flaw was found in libssh's handling of key exchange (KEX) processes ...)
TODO: check
CVE-2025-8008 (A security issue exists in the protected mode of EN4TR devices, where ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-8007 (A security issue exists in the protected mode of 1756-EN4TR and 1756-E ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-7970 (A security issue exists within FactoryTalk Activation Manager. An err ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-7635 (Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT al ...)
TODO: check
CVE-2025-7350 (A security issue affecting multiple Cisco devices also directly impact ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-5500 (A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. ...)
TODO: check
CVE-2025-5005 (A vulnerability was detected in Shanghai Lingdang Information Technolo ...)
@@ -53,45 +53,45 @@ CVE-2025-59014 (An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versi
CVE-2025-59013 (An open\u2011redirect vulnerability in GeneralUtility::sanitizeLocalUr ...)
TODO: check
CVE-2025-59008 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59005 (Missing Authorization vulnerability in frenify Categorify allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58997 (Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58993 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58991 (Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58990 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58989 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58987 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58985 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58984 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58983 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58982 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58981 (Missing Authorization vulnerability in Equalize Digital Accessibility ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58980 (Missing Authorization vulnerability in recorp Export WP Page to Static ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58979 (Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58978 (Missing Authorization vulnerability in WP Swings PDF Generator for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58977 (Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58976 (Missing Authorization vulnerability in Equalize Digital Accessibility ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58975 (Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58762 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
TODO: check
CVE-2025-58761 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
@@ -111,7 +111,7 @@ CVE-2025-58435 (Open OnDemand is an open-source HPC portal. Prior to versions 3.
CVE-2025-58430 (listmonk is a standalone, self-hosted, newsletter and mailing list man ...)
TODO: check
CVE-2025-58215 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58180 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
TODO: check
CVE-2025-58063 (CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 ...)
@@ -127,45 +127,45 @@ CVE-2025-57538 (A stored cross-site scripting (XSS) vulnerability in the HTTP Pr
CVE-2025-57278 (The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B ...)
TODO: check
CVE-2025-57087 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overfl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57086 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overfl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57085 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overfl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57078 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57072 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57071 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57070 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57069 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57064 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57063 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57062 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57061 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack o ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57060 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57059 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57058 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack o ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57057 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-55730 (XWiki Remote Macros provides XWiki rendering macros that are useful wh ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-55729 (XWiki Remote Macros provides XWiki rendering macros that are useful wh ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-55728 (XWiki Remote Macros provides XWiki rendering macros that are useful wh ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-55727 (XWiki Remote Macros provides XWiki rendering macros that are useful wh ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-55317 (Improper link resolution before file access ('link following') in Micr ...)
TODO: check
CVE-2025-55316 (External control of file name or path in Azure Arc allows an authorize ...)
@@ -193,23 +193,23 @@ CVE-2025-55224 (Concurrent execution using shared resource with improper synchro
CVE-2025-55223 (Concurrent execution using shared resource with improper synchronizati ...)
TODO: check
CVE-2025-55148 (Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55147 (CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55146 (An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55145 (Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55144 (Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55143 (Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 2 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55142 (Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55141 (Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55139 (SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55054 (CWE-79 Improper Neutralization of Input During Web Page Generation (XS ...)
TODO: check
CVE-2025-55053 (CWE-328: Use of Weak Hash)
@@ -275,33 +275,33 @@ CVE-2025-54895 (Integer overflow or wraparound in Windows SPNEGO Extended Negoti
CVE-2025-54894 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...)
TODO: check
CVE-2025-54709 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54261 (ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54257 (Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54256 (Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54255 (Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54252 (Adobe Experience Manager versions 6.5.23.0 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54251 (Adobe Experience Manager versions 6.5.23.0 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54250 (Adobe Experience Manager versions 6.5.23.0 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54249 (Adobe Experience Manager versions 6.5.23.0 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54248 (Adobe Experience Manager versions 6.5.23.0 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54247 (Adobe Experience Manager versions 6.5.23.0 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54246 (Adobe Experience Manager versions 6.5.23.0 and earlier are affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54242 (Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a Use A ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54236 (Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54116 (Improper access control in Windows MultiPoint Services allows an autho ...)
TODO: check
CVE-2025-54115 (Concurrent execution using shared resource with improper synchronizati ...)
@@ -387,15 +387,15 @@ CVE-2025-53797 (Buffer over-read in Windows Routing and Remote Access Service (R
CVE-2025-53796 (Buffer over-read in Windows Routing and Remote Access Service (RRAS) a ...)
TODO: check
CVE-2025-53609 (A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 thr ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-53348 (Missing Authorization vulnerability in Laborator Kalium. This issue af ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53340 (Missing Authorization vulnerability in awesomesupport Awesome Support. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53303 (Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53291 (Missing Authorization vulnerability in spoddev2021 Spreadconnect. This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52915 (K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, al ...)
TODO: check
CVE-2025-52322 (An issue in Open5GS v2.7.2 and before allows a remote attacker to caus ...)
@@ -403,77 +403,77 @@ CVE-2025-52322 (An issue in Open5GS v2.7.2 and before allows a remote attacker t
CVE-2025-52277 (Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote a ...)
TODO: check
CVE-2025-49860 (Missing Authorization vulnerability in Majestic Support Majestic Suppo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49734 (Improper restriction of communication channel to intended endpoints in ...)
TODO: check
CVE-2025-49692 (Improper access control in Azure Windows Virtual Machine Agent allows ...)
TODO: check
CVE-2025-49430 (Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48208 (Improper Neutralization of Special Elements used in an LDAP Query ('LD ...)
TODO: check
CVE-2025-48101 (Deserialization of Untrusted Data vulnerability in webdevstudios Const ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47997 (Concurrent execution using shared resource with improper synchronizati ...)
TODO: check
CVE-2025-47695 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47694 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47579 (Deserialization of Untrusted Data vulnerability in ThemeGoods Photogra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47571 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47569 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47437 (Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technolo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47416 (A vulnerability exists in the ConsoleFindCommandMatchListfunction in l ...)
- TODO: check
+ NOT-FOR-US: Crestron
CVE-2025-47415 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Crestron
CVE-2025-44594 (halo v2.20.17 and before is vulnerable to server-side request forgery ...)
TODO: check
CVE-2025-43786 (Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43781 (Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43776 (A Stored cross-site scripting vulnerability in the Liferay Portal 7.4 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43775 (Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-41701 (An unauthenticated attacker can trick a local user into executing arbi ...)
TODO: check
CVE-2025-40804 (A vulnerability has been identified in SIMATIC Virtualization as a Ser ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40803 (A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40802 (A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40798 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40797 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40796 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40795 (A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40757 (A vulnerability has been identified in APOGEE PXC Series (BACnet) (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40594 (A vulnerability has been identified in SINAMICS G220 V6.4 (All version ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-39553 (Missing Authorization vulnerability in andy_moyle Church Admin. This i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39541 (Missing Authorization vulnerability in Roland Murg WP Simple Booking C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39523 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-36125 (IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36011 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-34175 (In pfSense CE/usr/local/www/suricata/suricata_filecheck.php, the value ...)
TODO: check
CVE-2025-34174 (In pfSense CE/usr/local/www/status_traffic_totals.php, the value of th ...)
@@ -483,17 +483,17 @@ CVE-2025-34173 (In pfSense CE/usr/local/www/snort/snort_ip_reputation.php, the v
CVE-2025-34172 (In pfSense CE/usr/local/www/haproxy/haproxy_stats.php, the value of th ...)
TODO: check
CVE-2025-33045 (APTIOV contains vulnerabilities in the BIOS where a privileged user ma ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2025-32689 (Improper Validation of Specified Quantity in Input vulnerability in Th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32688 (Missing Authorization vulnerability in Sovica Target Video Easy Publis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32486 (Weak Password Recovery Mechanism for Forgotten Password vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30875 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-29089 (An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a rem ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-24404 (XML Injection RCE by parse http sitemap xml response vulnerability in ...)
TODO: check
CVE-2025-10199 (A local privilege escalation vulnerability exists in Sunshine for Wind ...)
@@ -505,13 +505,13 @@ CVE-2025-10183 (A blind XML External Entity (XXE) injection in the OpenMessaging
CVE-2025-10164 (A security flaw has been discovered in lmsys sglang 0.4.6. Affected by ...)
TODO: check
CVE-2025-10134 (The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10107 (A vulnerability has been found in TRENDnet TEW-831DR 1.0 (601.130.1.14 ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2025-10095 (A SQL injection vulnerability has been identified in the SMPP server c ...)
TODO: check
CVE-2024-45325 (An improper neutralization of special elements used in an OS command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-9542 (The AutomatorWP \u2013 Automator plugin for no-code automations, webho ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9539 (The AutomatorWP \u2013 Automator plugin for no-code automations, webho ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3896d5537e9786ac184a90346c375aec1f912b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3896d5537e9786ac184a90346c375aec1f912b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250909/930880fa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list