[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 8 22:07:32 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14e2378b by Salvatore Bonaccorso at 2026-01-08T23:07:12+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -210,57 +210,57 @@ CVE-2025-67911 (Deserialization of Untrusted Data vulnerability in Tribulant Sof
 CVE-2025-67910 (Unrestricted Upload of File with Dangerous Type vulnerability in conte ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67825 (An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34 ...)
-	TODO: check
+	NOT-FOR-US: Nitro PDF Pro for Windows
 CVE-2025-67325 (Unrestricted file upload in the hotel review feature in QloApps versio ...)
-	TODO: check
+	NOT-FOR-US: QloApps
 CVE-2025-67091 (An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: GL Inet GL.Inet AX1800
 CVE-2025-67090 (The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 ...)
-	TODO: check
+	NOT-FOR-US: Gl Inet GL.Inet AX1800
 CVE-2025-67089 (A command injection vulnerability exists in the GL-iNet GL-AXT1800 rou ...)
-	TODO: check
+	NOT-FOR-US: GL-iNet
 CVE-2025-66916 (The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, i ...)
-	TODO: check
+	NOT-FOR-US: RuoYi-Vue-Plus
 CVE-2025-66913 (JimuReport thru version 2.1.3 is vulnerable to remote code execution w ...)
-	TODO: check
+	NOT-FOR-US: JimuReport
 CVE-2025-66001 (NeuVector supports login authentication through OpenID Connect. Howeve ...)
-	TODO: check
+	NOT-FOR-US: NeuVector
 CVE-2025-65731 (An issue was discovered in D-Link Router DIR-605L (Hardware version F1 ...)
 	NOT-FOR-US: D-Link
 CVE-2025-65518 (Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Deni ...)
-	TODO: check
+	NOT-FOR-US: Plesk Obsidian
 CVE-2025-63611 (Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user- ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-62877 (Projects using the SUSE Virtualization (Harvester) environment mayexpo ...)
 	TODO: check
 CVE-2025-61550 (Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValu ...)
-	TODO: check
+	NOT-FOR-US: edu Business Solutions Print Shop Pro WebDesk
 CVE-2025-61549 (Cross-Site Scripting (XSS) is present on the LoginID parameter on the  ...)
-	TODO: check
+	NOT-FOR-US: edu Business Solutions Print Shop Pro WebDesk
 CVE-2025-61548 (SQL Injection is present on the hfInventoryDistFormID parameter in the ...)
-	TODO: check
+	NOT-FOR-US: edu Business Solutions Print Shop Pro WebDesk
 CVE-2025-61547 (Cross-Site Request Forgery (CSRF) is present on all functions in edu B ...)
-	TODO: check
+	NOT-FOR-US: edu Business Solutions Print Shop Pro WebDesk
 CVE-2025-61546 (There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice e ...)
-	TODO: check
+	NOT-FOR-US: edu Business Solutions Print Shop Pro WebDesk
 CVE-2025-61246 (indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injecti ...)
-	TODO: check
+	NOT-FOR-US: indieka900 online-shopping-system-php
 CVE-2025-59470 (This vulnerability allows a Backup Operator to perform remote code exe ...)
-	TODO: check
+	NOT-FOR-US: Veeam
 CVE-2025-59469 (This vulnerability allows a Backup or Tape Operator to write files as  ...)
-	TODO: check
+	NOT-FOR-US: Veeam
 CVE-2025-59468 (This vulnerability allows a Backup Administrator to perform remote cod ...)
-	TODO: check
+	NOT-FOR-US: Veeam
 CVE-2025-56425 (An issue was discovered in the AppConnector component version 10.10.0. ...)
-	TODO: check
+	NOT-FOR-US: enaio
 CVE-2025-56424 (An issue in Insiders Technologies GmbH e-invoice pro before release 1  ...)
-	TODO: check
+	NOT-FOR-US: Insiders Technologies GmbH e-invoice
 CVE-2025-55125 (This vulnerability allows a Backup or Tape Operator to perform remote  ...)
-	TODO: check
+	NOT-FOR-US: Veeam
 CVE-2025-50334 (An issue in Technitium DNS Server v.13.5 allows a remote attacker to c ...)
-	TODO: check
+	NOT-FOR-US: Technitium DNS Server
 CVE-2025-4596 (Asseco ADMX system is used for processing medical records. It allows l ...)
-	TODO: check
+	NOT-FOR-US: Asseco ADMX system
 CVE-2025-27004 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-27002 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14e2378bbecff74f0b8ecedabde5863155141354

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14e2378bbecff74f0b8ecedabde5863155141354
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260108/df938567/attachment.htm>

More information about the debian-security-tracker-commits mailing list