[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 26 21:14:11 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc23baeb by security tracker role at 2025-09-26T20:14:03+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,173 +9,173 @@ CVE-2025-7691 (A privilege escalation issue has been discovered in GitLab EE aff
CVE-2025-6396 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
TODO: check
CVE-2025-60219 (Unrestricted Upload of File with Dangerous Type vulnerability in HaruT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60186 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60185 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60184 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60181 (Server-Side Request Forgery (SSRF) vulnerability in silence Silencesof ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60179 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60177 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60173 (Cross-Site Request Forgery (CSRF) vulnerability in Ashwani kumar GST f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60172 (Cross-Site Request Forgery (CSRF) vulnerability in flytedesk Flytedesk ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60171 (Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60170 (Cross-Site Request Forgery (CSRF) vulnerability in Taraprasad Swain HT ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60169 (Cross-Site Request Forgery (CSRF) vulnerability in W3S Cloud Technolog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60167 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60166 (Missing Authorization vulnerability in wpshuffle WP Subscription Forms ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60165 (Missing Authorization vulnerability in HaruTheme Frames allows Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60164 (Cross-Site Request Forgery (CSRF) vulnerability in NewsMAN NewsmanApp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60163 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60162 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60161 (Server-Side Request Forgery (SSRF) vulnerability in bdthemes ZoloBlock ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60160 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60159 (Missing Authorization vulnerability in webmaniabr Nota Fiscal Eletr\xf ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60158 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60157 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60156 (Cross-Site Request Forgery (CSRF) vulnerability in webandprint AR For ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60155 (Missing Authorization vulnerability in loopus WP Virtual Assistant all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60154 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60153 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60152 (Missing Authorization vulnerability in wpshuffle Subscribe To Unlock a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60150 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60148 (Missing Authorization vulnerability in wpshuffle Subscribe to Download ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60147 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60146 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60145 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60144 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60143 (Missing Authorization vulnerability in netgsm Netgsm allows Exploiting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60142 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60141 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60140 (Insertion of Sensitive Information Into Sent Data vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60139 (Cross-Site Request Forgery (CSRF) vulnerability in Joovii Sendle Shipp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60138 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60137 (Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Pos ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60136 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60133 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60130 (Missing Authorization vulnerability in wedos.com WEDOS Global allows A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60129 (Missing Authorization vulnerability in Yext Yext allows Accessing Func ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60128 (Missing Authorization vulnerability in WP Delicious Delisho allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60127 (Missing Authorization vulnerability in ArtistScope CopySafe Web Protec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60126 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60125 (Insertion of Sensitive Information Into Sent Data vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60124 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60123 (Missing Authorization vulnerability in HivePress HivePress Claim Listi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60122 (Missing Authorization vulnerability in HivePress HivePress Claim Listi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60121 (Missing Authorization vulnerability in Ex-Themes WooEvents allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60120 (Missing Authorization vulnerability in wpdirectorykit WP Directory Kit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60119 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60118 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60117 (Cross-Site Request Forgery (CSRF) vulnerability in TangibleWP Vehica C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60116 (Missing Authorization vulnerability in ThemeGoods Grand Conference The ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60115 (Cross-Site Request Forgery (CSRF) vulnerability in instapagedev Instap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60114 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60113 (Cross-Site Request Forgery (CSRF) vulnerability in grooni Groovy Menu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60112 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60111 (Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Cor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60110 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60109 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60108 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60107 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60106 (Missing Authorization vulnerability in Roxnor EmailKit allows Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60105 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60104 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60103 (Missing Authorization vulnerability in CridioStudio ListingPro allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60101 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60100 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60099 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60098 (Missing Authorization vulnerability in Jeff Farthing Theme My Login al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60097 (Missing Authorization vulnerability in CodexThemes TheGem allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60096 (Missing Authorization vulnerability in CodexThemes TheGem (Elementor) ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60095 (Insertion of Sensitive Information Into Sent Data vulnerability in Ben ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60094 (Missing Authorization vulnerability in Benjamin Intal Stackable allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60093 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjada Download M ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60092 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-60040 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-5069 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
TODO: check
CVE-2025-59844 (SonarQube Server and Cloud is a static analysis solution for continuou ...)
@@ -187,19 +187,19 @@ CVE-2025-59842 (jupyterlab is an extensible environment for interactive and repr
CVE-2025-59362 (Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This oc ...)
TODO: check
CVE-2025-59012 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59011 (Missing Authorization vulnerability in shinetheme Traveler allows Expl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59010 (Insertion of Sensitive Information Into Sent Data vulnerability in Mac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59002 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58919 (Missing Authorization vulnerability in guihom Wide Banner allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58917 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58914 (Cross-Site Request Forgery (CSRF) vulnerability in Di Themes Di Themes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58385 (In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be d ...)
TODO: check
CVE-2025-58384 (In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Da ...)
@@ -215,35 +215,35 @@ CVE-2025-56383 (Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can re
CVE-2025-55848 (An issue was discovered in DIR-823 firmware 20250416. There is an RCE ...)
TODO: check
CVE-2025-55847 (Wavlink M86X3A_V240730 contains a buffer overflow vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: Wavlink
CVE-2025-55187 (In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 be ...)
TODO: check
CVE-2025-4957 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48326 (Missing Authorization vulnerability in Acclectic Media Acclectic Media ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48107 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-45994 (An issue in Aranda PassRecovery v1.0 allows attackers to enumerate val ...)
TODO: check
CVE-2025-36326 (IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36274 (IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive informati ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-27006 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26258 (Sourcecodester Employee Management System v1.0 is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-1862 (An arbitrary file upload vulnerability exists in multiple WSO2 product ...)
- TODO: check
+ NOT-FOR-US: WSO2
CVE-2025-11060 (A flaw was found in the live query subscription mechanism of the datab ...)
TODO: check
CVE-2025-11042 (An issue was discovered in GitLab CE/EE affecting all versions startin ...)
TODO: check
CVE-2025-11039 (A security vulnerability has been detected in Campcodes Computer Sales ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-11038 (A weakness has been identified in itsourcecode Online Clinic Managemen ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-11037 (A security flaw has been discovered in code-projects E-Commerce Websit ...)
TODO: check
CVE-2025-11036 (A vulnerability was identified in code-projects E-Commerce Website 1.0 ...)
@@ -257,7 +257,7 @@ CVE-2025-11033 (A vulnerability has been found in kidaze CourseSelectionSystem u
CVE-2025-11032 (A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40 ...)
TODO: check
CVE-2025-11031 (A flaw has been found in DataTables up to 1.10.13. The affected elemen ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-11030 (A vulnerability was detected in Tutorials-Website Employee Management ...)
TODO: check
CVE-2025-11029 (A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vul ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc23baeb8cceb4fd9f1cbc2608bc7b3e6af343ed
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc23baeb8cceb4fd9f1cbc2608bc7b3e6af343ed
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250926/4e3b7645/attachment.htm>
More information about the debian-security-tracker-commits
mailing list