[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 1 08:13:11 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce873f5c by security tracker role at 2026-01-01T08:13:04+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,113 @@
+CVE-2025-69413 (In Gitea before 1.25.2, /api/v1/user has different responses for faile ...)
+	TODO: check
+CVE-2025-69412 (KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:fi ...)
+	TODO: check
+CVE-2025-69288 (Titra is open source project time tracking software. Prior to version  ...)
+	TODO: check
+CVE-2025-69286 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
+	TODO: check
+CVE-2025-68700 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
+	TODO: check
+CVE-2025-67711 (There is a stored cross site scripting issue in Esri ArcGIS Server 11. ...)
+	TODO: check
+CVE-2025-67710 (There is a stored cross site scripting issue in Esri ArcGIS Server 11. ...)
+	TODO: check
+CVE-2025-67709 (There is a stored cross site scripting issue in Esri ArcGIS Server 11. ...)
+	TODO: check
+CVE-2025-67708 (There is a stored cross site scripting issue in Esri ArcGIS Server 11. ...)
+	TODO: check
+CVE-2025-67707 (ArcGIS Server version 11.5 and earlier on Windows and Linux does not p ...)
+	TODO: check
+CVE-2025-67706 (ArcGIS Server version 11.5 and earlier on Windows and Linux does not p ...)
+	TODO: check
+CVE-2025-67705 (There is a stored cross site scripting issue in Esri ArcGIS Server 11. ...)
+	TODO: check
+CVE-2025-67704 (There is a stored cross site scripting issue in Esri ArcGIS Server 11. ...)
+	TODO: check
+CVE-2025-67703 (There is a stored cross site scripting issue in Esri ArcGIS Server 11. ...)
+	TODO: check
+CVE-2025-53235 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-52739 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-50053 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-47566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-34469 (Cowrie versions prior to 2.9.0 contain a server-side request forgery ( ...)
+	TODO: check
+CVE-2025-31054 (Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie all ...)
+	TODO: check
+CVE-2025-30628 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-28973 (Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermar ...)
+	TODO: check
+CVE-2025-28949 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+	TODO: check
+CVE-2025-22203
+	REJECTED
+CVE-2025-22202
+	REJECTED
+CVE-2025-22201
+	REJECTED
+CVE-2025-22200
+	REJECTED
+CVE-2025-22199
+	REJECTED
+CVE-2025-22198
+	REJECTED
+CVE-2025-22197
+	REJECTED
+CVE-2025-22196
+	REJECTED
+CVE-2025-22195
+	REJECTED
+CVE-2025-22194
+	REJECTED
+CVE-2025-22193
+	REJECTED
+CVE-2025-22192
+	REJECTED
+CVE-2025-22191
+	REJECTED
+CVE-2025-22190
+	REJECTED
+CVE-2025-22189
+	REJECTED
+CVE-2025-22188
+	REJECTED
+CVE-2025-22187
+	REJECTED
+CVE-2025-22186
+	REJECTED
+CVE-2025-22185
+	REJECTED
+CVE-2025-22184
+	REJECTED
+CVE-2025-22183
+	REJECTED
+CVE-2025-22182
+	REJECTED
+CVE-2025-22181
+	REJECTED
+CVE-2025-22180
+	REJECTED
+CVE-2025-22155
+	REJECTED
+CVE-2025-22154
+	REJECTED
+CVE-2025-15398 (A security vulnerability has been detected in Uasoft badaso up to 2.9. ...)
+	TODO: check
+CVE-2025-13820 (The Comments  WordPress plugin before 7.6.40 does not properly validat ...)
+	TODO: check
+CVE-2025-11157 (A high-severity remote code execution vulnerability exists in feast-de ...)
+	TODO: check
+CVE-2023-7332 (PocketMine-MP versions prior to 4.18.1 contain an improper input valid ...)
+	TODO: check
+CVE-2023-7331 (A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0 ...)
+	TODO: check
+CVE-2015-10145 (Gargoyle router management utility versions 1.5.x contain an authentic ...)
+	TODO: check
 CVE-2025-66160 (Missing Authorization vulnerability in merkulove Select Graphist for E ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-66159 (Missing Authorization vulnerability in merkulove Walker for Elementor  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce873f5c65a398b5e3e00fa124d48f5350b14cb6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce873f5c65a398b5e3e00fa124d48f5350b14cb6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260101/f150a667/attachment.htm>

More information about the debian-security-tracker-commits mailing list