[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 26 09:13:53 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67083cb9 by security tracker role at 2025-09-26T08:13:46+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2025-9985 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9984 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9490 (The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-9044 (The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8906 (The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-8200 (The Mega Elements \u2013 Addons for Elementor plugin for WordPress is  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-60251 (Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any hand ...)
 	TODO: check
 CVE-2025-60250 (Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE pac ...)
@@ -43,15 +43,15 @@ CVE-2025-56769 (An issue was discovered in chinabugotech hutool before 5.8.4 all
 CVE-2025-54831 (Apache Airflow 3 introduced a change to the handling of sensitive info ...)
 	TODO: check
 CVE-2025-43816 (A memory leak in the headless API for StructuredContents in Liferay Po ...)
-	TODO: check
+	NOT-FOR-US: Liferay
 CVE-2025-35027 (Multiple robotic products by Unitree sharing a common firmware, includ ...)
 	TODO: check
 CVE-2025-26482 (Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an  ...)
-	TODO: check
+	NOT-FOR-US: Dell / EMC
 CVE-2025-1396 (A username enumeration vulnerability exists in multiple WSO2 products  ...)
-	TODO: check
+	NOT-FOR-US: WSO2
 CVE-2025-11005 (Improper Neutralization of Special Elements used in an OS Command ('OS ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2025-11000 (A vulnerability was determined in Open Babel up to 3.1.1. This affects ...)
 	TODO: check
 CVE-2025-10999 (A vulnerability was found in Open Babel up to 3.1.1. The impacted elem ...)
@@ -99,31 +99,31 @@ CVE-2025-10967 (A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2
 CVE-2025-10965 (A security vulnerability has been detected in LazyAGI LazyLLM up to 0. ...)
 	TODO: check
 CVE-2025-10752 (The OAuth Single Sign On \u2013 SSO (OAuth Client) plugin for WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10747 (The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10745 (The Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10490 (The Zephyr Project Manager plugin for WordPress is vulnerable to Store ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10377 (The System Dashboard plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10307 (The Backuply \u2013 Backup, Restore, Migrate and Clone plugin for Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10180 (The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10178 (The CM Business Directory plugin for WordPress is vulnerable to Stored ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10173 (The ShopEngine Elementor WooCommerce Builder Addon \u2013 All in One W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10137 (The Snow Monkey theme for WordPress is vulnerable to Server-Side Reque ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10136 (The TweetThis Shortcode plugin for WordPress is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10037 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-10036 (The Featured Image from URL (FIFU) plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-60249 (vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and u ...)
 	NOT-FOR-US: vulnerability-lookup
 CVE-2025-60019 (glib-networking's OpenSSL backend fails to properly check the return v ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67083cb90582533c157b34a501433988e05b8120

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67083cb90582533c157b34a501433988e05b8120
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250926/b1029dc4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list