[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 7 20:14:15 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6bd4d1b0 by security tracker role at 2026-01-07T20:14:08+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,7 +53,7 @@ CVE-2026-21496 (iccDEV provides a set of libraries and tools that allow for the
CVE-2026-21495 (iccDEV provides a set of libraries and tools that allow for the intera ...)
TODO: check
CVE-2026-20029 (A vulnerability in the licensing features of Cisco Identity Servi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2026-20027 (Multiple Cisco products are affected by a vulnerability in the process ...)
TODO: check
CVE-2026-20026 (Multiple Cisco products are affected by a vulnerability in the pr ...)
@@ -65,19 +65,19 @@ CVE-2026-0669 (Improper Limitation of a Pathname to a Restricted Directory ('Pat
CVE-2026-0668 (Inefficient Regular Expression Complexity vulnerability in Wikimedia F ...)
TODO: check
CVE-2026-0618 (Cross-site Scripting vulnerability in Devolutions PowerShell Universal ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2025-6225 (Kieback&Peter Neutrino-GLT product is used for building management. It ...)
TODO: check
CVE-2025-69344 (Missing Authorization vulnerability in ThemeHunk Oneline Lite allows E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69333 (Missing Authorization vulnerability in Crocoblock JetEngine allows Exp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69082 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69081 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-69080 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-68637 (The Uniffle HTTP client is configured to trust all SSL certificates an ...)
TODO: check
CVE-2025-67366 (@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file c ...)
@@ -97,7 +97,7 @@ CVE-2025-66560 (Quarkus is a Cloud Native, (Linux) Container First framework for
CVE-2025-65805 (OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability ...)
TODO: check
CVE-2025-62327 (In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configur ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2025-61939 (An unused function in MicroServer can start a reverse SSH connection t ...)
TODO: check
CVE-2025-61782 (OpenCTI is an open source platform for managing cyber threat intellige ...)
@@ -109,145 +109,145 @@ CVE-2025-61489 (A command injection vulnerability in the shell_exec function of
CVE-2025-58441 (Knowage is an open source analytics and business intelligence suite. P ...)
TODO: check
CVE-2025-4677 (Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-4676 (Incorrect Implementation of Authentication Algorithm vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-4675 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...)
- TODO: check
+ NOT-FOR-US: ABB group
CVE-2025-49335 (Server-Side Request Forgery (SSRF) vulnerability in minnur External Me ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47552 (Deserialization of Untrusted Data vulnerability in Digital zoom studio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46494 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46434 (Missing Authorization vulnerability in POSIMYTH Innovation The Plus Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-46256 (Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Data ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32303 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32300 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31643 (Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-15479 (Stored cross-site scripting (XSS, CWE-79) in the survey content and ad ...)
TODO: check
CVE-2025-15158 (The WP Enable WebP plugin for WordPress is vulnerable to arbitrary fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15058 (The Responsive Pricing Table plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15018 (The Optional Email plugin for WordPress is vulnerable to Privilege Esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-15000 (The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14999 (The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Reque ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14796 (The My Album Gallery plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14626 (The QR Code for WooCommerce order emails, PDF invoices, packing slips ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14465 (The Sticky Action Buttons plugin for WordPress is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14460 (The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14453 (The My Album Gallery plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14352 (The Awesome Hotel Booking plugin for WordPress is vulnerable to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14147 (The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14145 (The Niche Hero | Beautifully-designed blocks in seconds plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14144 (The Mstoic Shortcodes plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14131 (The WP Widget Changer plugin for WordPress is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14130 (The Post Like Dislike plugin for WordPress is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14128 (The Stumble! for WordPress plugin for WordPress is vulnerable to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14127 (The Testimonial Master plugin for WordPress is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14122 (The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14121 (The EDD Download Info plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14118 (The Starred Review plugin for WordPress is vulnerable to Reflected Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14114 (The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14113 (The Viitor Button Shortcodes plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14112 (The Snillrik Restaurant plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14110 (The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14109 (The AH Shortcodes plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14077 (The Simcast plugin for WordPress is vulnerable to Cross-Site Request F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14070 (The Reviewify plugin for WordPress is vulnerable to unauthorized modif ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14057 (The Multi-column Tag Map plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14053 (The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-14028 (The Contact Us Simple Form plugin for WordPress is vulnerable to Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13990 (The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13974 (The Email Customizer for WooCommerce plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13887 (The AI BotKit \u2013 AI Chatbot & Live Support for WordPress plugin fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13849 (The Cool YT Player plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13848 (The STM Gallery 1.9 plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13847 (The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13841 (The Smart App Banners plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13801 (The Yoco Payments plugin for WordPress is vulnerable to Path Traversal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13722 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz, & Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13694 (The AA Block Country plugin for WordPress is vulnerable to IP Address ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13667 (The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13531 (The Stylish Order Form Builder plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13529 (The Unify plugin for WordPress is vulnerable to unauthorized modificat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13527 (The xShare plugin for WordPress is vulnerable to Cross-Site Request Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13521 (The WP Status Notifier plugin for WordPress is vulnerable to Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13520 (The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13519 (The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13497 (The Recras WordPress plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13496 (The Moosend Landing Pages plugin for WordPress is vulnerable to unauth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13493 (The Latest Registered Users plugin for WordPress is vulnerable to unau ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13419 (The Guest posting / Frontend Posting / Front Editor \u2013 WP Front Us ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13418 (The Responsive Pricing Table plugin for WordPress is vulnerable to Sto ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12958 (The Rankology SEO and Analytics Tool plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12543 (A flaw was found in the Undertow HTTP server core, which is used in Wi ...)
TODO: check
CVE-2025-12540 (The ShareThis Dashboard for Google Analytics plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12030 (The ACF to REST API plugin for WordPress is vulnerable to Insecure Dir ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11877 (The User Activity Log plugin is vulnerable to a limited options update ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-67603 [Add PolicyKit authorization to D-Bus methods]
{DSA-6095-1}
- foomuuri 0.31-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bd4d1b0f45648b9ee77fbfc23c68602c8625ba6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bd4d1b0f45648b9ee77fbfc23c68602c8625ba6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260107/a0849193/attachment.htm>
More information about the debian-security-tracker-commits
mailing list