[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Sep 23 14:37:30 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
17009a66 by Moritz Muehlenhoff at 2025-09-23T15:37:08+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -893,11 +893,11 @@ CVE-2025-57437 (The Blackmagic Web Presenter HD firmware version 3.3 exposes sen
CVE-2025-57434 (Creacast Creabox Manager contains a critical authentication flaw that ...)
NOT-FOR-US: Creacast Creabox Manager
CVE-2025-57433 (The 2wcom IP-4c 2.15.5 device's web interface includes an information ...)
- TODO: check
+ NOT-FOR-US: 2wcom IP-4c
CVE-2025-57432 (Blackmagic Web Presenter version 3.3 exposes a Telnet service on port ...)
NOT-FOR-US: Blackmagic Web Presenter
CVE-2025-57431 (The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vuln ...)
- TODO: check
+ NOT-FOR-US: Sound4 PULSE-ECO AES67
CVE-2025-57430 (Creacast Creabox Manager 4.4.4 exposes sensitive configuration data vi ...)
NOT-FOR-US: Creacast Creabox Manager
CVE-2025-57203 (MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS ...)
@@ -907,13 +907,13 @@ CVE-2025-56075 (A SQL Injection vulnerability was discovered in the normal-bwdat
CVE-2025-56074 (A SQL Injection vulnerability was discovered in the foreigner-bwdates- ...)
NOT-FOR-US: PHPGurukul
CVE-2025-55888 (Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax tr ...)
- TODO: check
+ NOT-FOR-US: ARD
CVE-2025-55887 (Cross-Site Scripting (XSS) vulnerability was discovered in the meal re ...)
- TODO: check
+ NOT-FOR-US: ARD
CVE-2025-55886 (An Insecure Direct Object Reference (IDOR) vulnerability was discovere ...)
- TODO: check
+ NOT-FOR-US: ARD
CVE-2025-55885 (SQL Injection vulnerability in Alpes Recherche et Developpement ARD GE ...)
- TODO: check
+ NOT-FOR-US: ARD
CVE-2025-53570 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53469 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -955,13 +955,13 @@ CVE-2025-53451 (Cross-Site Request Forgery (CSRF) vulnerability in mihdan Mihdan
CVE-2025-53450 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52367 (Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a ...)
- TODO: check
+ NOT-FOR-US: PivotX CMS
CVE-2025-51006 (Within tcpreplay's tcprewrite, a double free vulnerability has been id ...)
TODO: check
CVE-2025-46711 (Software installed and run as a non-privileged user may conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2025-43953 (In 2wcom IP-4c 2.16, the web interface allows admin and manager users ...)
- TODO: check
+ NOT-FOR-US: 2wcom IP-4c
CVE-2025-43807 (Stored cross-site scripting (XSS) vulnerability in the notifications w ...)
NOT-FOR-US: Liferay
CVE-2025-36202 (IBM webMethods Integration 10.15 and 11.1 could allow an authenticated ...)
@@ -971,13 +971,13 @@ CVE-2025-36064 (IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 throu
CVE-2025-36037 (IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-si ...)
NOT-FOR-US: IBM
CVE-2025-35042 (Airship AI Acropolis includes a default administrative account that us ...)
- TODO: check
+ NOT-FOR-US: Airship AI Acropolis
CVE-2025-35041 (Airship AI Acropolis allows unlimited MFA attempts for 15 minutes afte ...)
- TODO: check
+ NOT-FOR-US: Airship AI Acropolis
CVE-2025-25177 (Software installed and run as a non-privileged user may conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2025-10854 (The txtai framework allows the loading of compressed tar files as embe ...)
- TODO: check
+ NOT-FOR-US: txtai
CVE-2025-10813 (A vulnerability was found in code-projects Hostel Management System 1. ...)
NOT-FOR-US: code-projects
CVE-2025-10812 (A vulnerability has been found in code-projects Hostel Management Syst ...)
@@ -1005,7 +1005,7 @@ CVE-2025-10802 (A flaw has been found in code-projects Online Bidding System 1.0
CVE-2025-10801 (A security vulnerability has been detected in SourceCodester Pet Groom ...)
NOT-FOR-US: SourceCodester
CVE-2025-10800 (A weakness has been identified in itsourcecode Online Discussion Forum ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Discussion Forum
CVE-2025-10799 (A security flaw has been discovered in code-projects Hostel Management ...)
NOT-FOR-US: code-projects
CVE-2025-10798 (A vulnerability was identified in code-projects Hostel Management Syst ...)
@@ -1019,7 +1019,7 @@ CVE-2025-10795 (A vulnerability has been found in code-projects Online Bidding S
CVE-2025-10794 (A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected b ...)
NOT-FOR-US: PHPGurukul
CVE-2025-10793 (A vulnerability was detected in code-projects E-Commerce Website 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-10792 (A security vulnerability has been detected in D-Link DIR-513 A1FW110. ...)
NOT-FOR-US: D-Link
CVE-2025-10791 (A weakness has been identified in code-projects Online Bidding System ...)
@@ -1027,7 +1027,7 @@ CVE-2025-10791 (A weakness has been identified in code-projects Online Bidding S
CVE-2025-10790 (A security flaw has been discovered in SourceCodester Simple Forum Dis ...)
NOT-FOR-US: SourceCodester
CVE-2025-10009 (Incorrect handling of uploaded files in the admin "Restore" function i ...)
- TODO: check
+ NOT-FOR-US: invoiceninja
CVE-2025-9541 (The Markup Markdown WordPress plugin before 3.20.10 allows links to co ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9540 (The Markup Markdown WordPress plugin before 3.20.10 allows links to co ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17009a66df63c3432e6dadb0f74a0427558dd773
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17009a66df63c3432e6dadb0f74a0427558dd773
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250923/a785046a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list