[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 11 09:12:14 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f6b8d0ba by security tracker role at 2025-09-11T08:12:07+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,121 @@
+CVE-2025-9918 (A Path Traversal vulnerability in the archive extraction component in ...)
+ TODO: check
+CVE-2025-9910 (Versions of the package jsondiffpatch before 0.7.2 are vulnerable to C ...)
+ TODO: check
+CVE-2025-9874 (The Ultimate Classified Listings plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-9861 (The ThemeLoom Widgets plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-9860 (The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2025-9855 (The Enhanced BibliPlug plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-9850 (The Evenium plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2025-9776 (The CatFolders \u2013 Tame Your WordPress Media Library by Category pl ...)
+ TODO: check
+CVE-2025-9693 (The User Meta \u2013 User Profile Builder and User management plugin p ...)
+ TODO: check
+CVE-2025-9635 (The Analytics Reduce Bounce Rate plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-9634 (The Plugin updates blocker plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2025-9633 (The LH Signing plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2025-9632 (The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Re ...)
+ TODO: check
+CVE-2025-9631 (The AutoCatSet plugin for WordPress is vulnerable to Cross-Site Reques ...)
+ TODO: check
+CVE-2025-9628 (The The integration of the AMO.CRM plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-9627 (The Run Log plugin for WordPress is vulnerable to Cross-Site Request F ...)
+ TODO: check
+CVE-2025-9623 (The Admin in English with Switch plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-9620 (The Seo Monster plugin for WordPress is vulnerable to Cross-Site Reque ...)
+ TODO: check
+CVE-2025-9617 (The Publish approval plugin for WordPress is vulnerable to Cross-Site ...)
+ TODO: check
+CVE-2025-9451 (The Smartcat Translator for WPML plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2025-9128 (The eID Easy plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2025-9123 (The CBX Map for Google Map & OpenStreetMap plugin for WordPress is vul ...)
+ TODO: check
+CVE-2025-9073 (The All in one Minifier plugin for WordPress is vulnerable to SQL Inje ...)
+ TODO: check
+CVE-2025-9059 (The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an ele ...)
+ TODO: check
+CVE-2025-9034 (The Wp Edit Password Protected WordPress plugin before 1.3.5 does not ...)
+ TODO: check
+CVE-2025-8721 (The Workable Api plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-8692 (The Coupon API plugin for WordPress is vulnerable to SQL Injection via ...)
+ TODO: check
+CVE-2025-8691 (The WP Scriptcase plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2025-8689 (The Elements Plus! plugin for WordPress is vulnerable to Stored Cross- ...)
+ TODO: check
+CVE-2025-8686 (The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-8570 (The BeyondCart Connector plugin for WordPress is vulnerable to Privile ...)
+ TODO: check
+CVE-2025-8492 (The Salon Booking System, Appointment Scheduling for Salons, Spas & Sm ...)
+ TODO: check
+CVE-2025-8481 (The Blog Designer For Elementor \u2013 Post Slider, Post Carousel, Pos ...)
+ TODO: check
+CVE-2025-8479 (The Zoho Flow plugin for WordPress is vulnerable to Cross-Site Request ...)
+ TODO: check
+CVE-2025-8445 (The Countdown Timer for Elementor plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2025-8425 (The My WP Translate plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2025-8423 (The My WP Translate plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2025-8422 (The Propovoice: All-in-One Client Management System plugin for WordPre ...)
+ TODO: check
+CVE-2025-8417 (The Catalog Importer, Scraper & Crawler plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2025-8398 (The azurecurve BBCode plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2025-8392 (The Mitfahrgelegenheit plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2025-8318 (The Jobify plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2025-8316 (The Certifica WP plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2025-8215 (The Responsive Addons for Elementor plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-6088 (In version 0.7.8 of danny-avila/librechat, improper authorization cont ...)
+ TODO: check
+CVE-2025-5801 (The Digital Events Calendar plugin for WordPress is vulnerable to Stor ...)
+ TODO: check
+CVE-2025-59052 (Angular is a development platform for building mobile and desktop web ...)
+ TODO: check
+CVE-2025-10247 (A security vulnerability has been detected in JEPaaS 7.2.8. This vulne ...)
+ TODO: check
+CVE-2025-10246 (A weakness has been identified in lokibhardwaj PHP-Code-For-Unlimited- ...)
+ TODO: check
+CVE-2025-10245 (A security flaw has been discovered in Display Pain\xe9is TGA up to 7. ...)
+ TODO: check
+CVE-2025-10236 (A vulnerability has been found in binary-husky gpt_academic up to 3.91 ...)
+ TODO: check
+CVE-2025-10235 (A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects s ...)
+ TODO: check
+CVE-2025-10234 (A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerab ...)
+ TODO: check
+CVE-2025-10233 (A security vulnerability has been detected in kalcaddle kodbox 1.61. T ...)
+ TODO: check
+CVE-2025-10232 (A weakness has been identified in 299ko up to 2.0.0. Affected by this ...)
+ TODO: check
+CVE-2025-10229 (A vulnerability has been found in Freshwork up to 1.2.3. This impacts ...)
+ TODO: check
+CVE-2025-10218 (A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the fu ...)
+ TODO: check
+CVE-2025-10216 (A vulnerability was detected in GrandNode up to 2.3.0. The impacted el ...)
+ TODO: check
+CVE-2025-0763 (The Ultimate Classified Listings plugin for WordPress is vulnerable to ...)
+ TODO: check
CVE-2025-9997 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...)
NOT-FOR-US: Schneider Electric
CVE-2025-9996 (CWE-78: Improper Neutralization of Special Elements used in an OS Comm ...)
@@ -285,9 +403,11 @@ CVE-2025-6454
CVE-2025-2256
- gitlab <unfixed>
CVE-2025-10201 (Inappropriate implementation in Mojo in Google Chrome on Android, Linu ...)
+ {DSA-5996-1}
- chromium 140.0.7339.127-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-10200 (Use after free in Serviceworker in Google Chrome on Desktop prior to 1 ...)
+ {DSA-5996-1}
- chromium 140.0.7339.127-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9086 [Out of bounds read for cookie path]
@@ -1329,6 +1449,7 @@ CVE-2025-10027 (A vulnerability was determined in itsourcecode POS Point of Sale
CVE-2025-10003 (The UsersWP \u2013 Front-end login form, User Registration, User Profi ...)
NOT-FOR-US: WordPress plugin
CVE-2025-57807 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DLA-4297-1}
- imagemagick 8:7.1.2.3+dfsg1-1 (bug #1114520)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg
NOTE: https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e (7.1.2-3)
@@ -4812,6 +4933,7 @@ CVE-2025-57813 (traQ is a messenger application built for Digital Creators Club
CVE-2025-57810 (jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, use ...)
- jspdf <itp> (bug #998381)
CVE-2025-57803 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DLA-4297-1}
- imagemagick 8:7.1.2.3+dfsg1-1 (bug #1112469)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mxvv-97wh-cfmm
NOTE: https://github.com/ImageMagick/ImageMagick/commit/2c55221f4d38193adcb51056c14cf238fbcc35d7 (7.1.2-2)
@@ -7441,6 +7563,7 @@ CVE-2025-38554 (In the Linux kernel, the following vulnerability has been resolv
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9bbffee67ffd16360179327b57f3b1245579ef08 (6.17-rc1)
CVE-2025-55298 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DLA-4297-1}
- imagemagick 8:7.1.2.3+dfsg1-1 (bug #1111586)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9ccg-6pjw-x645
NOTE: Fixed by [1/2]: https://github.com/ImageMagick/ImageMagick/commit/1f93323df9d8c011c31bc4c6880390071f7fb895 (7.1.2-2)
@@ -7448,6 +7571,7 @@ CVE-2025-55298 (ImageMagick is free and open-source software used for editing an
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/731ce3a7aa7fabebaa322711c04ce5f5cf22edf4 (6.9.13-28)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/d789bdf7aabb955b88fbc95653aa9dbf6c5d259f (6.9.13-28)
CVE-2025-55212 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DLA-4297-1}
- imagemagick 8:7.1.2.3+dfsg1-1 (bug #1111587)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fh55-q5pj-pxgw
NOTE: Fixed by [1/2]: https://github.com/ImageMagick/ImageMagick/commit/43d92bf855155e8e716ecbb50ed94c2ed41ff9f6 (7.1.2-2)
@@ -9079,6 +9203,7 @@ CVE-2025-55160 (ImageMagick is free and open-source software used for editing an
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/986bddf243da88768e8198ee07c758768c098108 (6.9.13-27)
NOTE: Negligible security impact
CVE-2025-55154 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DLA-4297-1}
- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111103)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82
NOTE: https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337 (7.1.2-1)
@@ -17296,6 +17421,7 @@ CVE-2025-53639 (MeterSphere is an open source continuous testing platform. Prior
CVE-2025-53623 (The Job Iteration API is an an extension for ActiveJob that make jobs ...)
NOT-FOR-US: Shopify extension
CVE-2025-53101 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DLA-4297-1}
- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
[bookworm] - imagemagick <no-dsa> (Minor issue)
@@ -17303,6 +17429,7 @@ CVE-2025-53101 (ImageMagick is free and open-source software used for editing an
NOTE: https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 (7.1.2-0)
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/643deeb60803488373cd4799b24d5786af90972e (6.9.13-26)
CVE-2025-53019 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DLA-4297-1}
- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
[bookworm] - imagemagick <no-dsa> (Minor issue)
@@ -17318,6 +17445,7 @@ CVE-2025-53015 (ImageMagick is free and open-source software used for editing an
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/38631605e6ab744548a561797472cf8648bcfe26 (7.1.2-0)
NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/fc4f67bb1b8eb1b61ae70e401482844086949721 (7.1.1-7)
CVE-2025-53014 (ImageMagick is free and open-source software used for editing and mani ...)
+ {DLA-4297-1}
- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
[bookworm] - imagemagick <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6b8d0badfeed8f3053944cdff881f8950b490b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6b8d0badfeed8f3053944cdff881f8950b490b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250911/938ad91e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list