Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0a3ec448 by security tracker role at 2025-04-22T20:12:02+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,185 @@
+CVE-2025-46254 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46253 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46252 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-46251 (Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp
VikRestaur ...)
+ TODO: check
+CVE-2025-46250 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46249 (Cross-Site Request Forgery (CSRF) vulnerability in Michael
Simple cale ...)
+ TODO: check
+CVE-2025-46247 (Missing Authorization vulnerability in codepeople Appointment
Booking ...)
+ TODO: check
+CVE-2025-46246 (Cross-Site Request Forgery (CSRF) vulnerability in
CreativeMindsSoluti ...)
+ TODO: check
+CVE-2025-46245 (Cross-Site Request Forgery (CSRF) vulnerability in
CreativeMindsSoluti ...)
+ TODO: check
+CVE-2025-46244 (Missing Authorization vulnerability in Dotstore Advanced
Linked Variat ...)
+ TODO: check
+CVE-2025-46243 (Cross-Site Request Forgery (CSRF) vulnerability in
sonalsinha21 Recove ...)
+ TODO: check
+CVE-2025-46242 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-46241 (Cross-Site Request Forgery (CSRF) vulnerability in codepeople
Appointm ...)
+ TODO: check
+CVE-2025-46240 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46239 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46238 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46237 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46236 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46235 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46233 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46232 (Missing Authorization vulnerability in alttextai Download Alt
Text AI ...)
+ TODO: check
+CVE-2025-46231 (Cross-Site Request Forgery (CSRF) vulnerability in SERVIT
Software Sol ...)
+ TODO: check
+CVE-2025-46229 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46228 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46227 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46226 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-46225 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-43952 (A cross-site scripting (reflected XSS) vulnerability was found
in Mett ...)
+ TODO: check
+CVE-2025-43951 (LabVantage before LV 8.8.0.13 HF6 allows local file inclusion.
Authent ...)
+ TODO: check
+CVE-2025-43950 (DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens
by plac ...)
+ TODO: check
+CVE-2025-43949 (MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3
is vuln ...)
+ TODO: check
+CVE-2025-43948 (Codemers KLIMS 1.6.DEV allows Python code injection. A user
can provid ...)
+ TODO: check
+CVE-2025-43947 (Codemers KLIMS 1.6.DEV lacks a proper access control
mechanism, allowi ...)
+ TODO: check
+CVE-2025-43946 (TCPWave DDI 11.34P1C2 allows Remote Code Execution via
Unrestricted Fi ...)
+ TODO: check
+CVE-2025-3767 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2025-3519 (An authorization bypassinUnblu Spark allows aparticipant of a
conversa ...)
+ TODO: check
+CVE-2025-3518 (It technically possible for a user to upload a file to a
conversation ...)
+ TODO: check
+CVE-2025-3472 (The Ocean Extra plugin for WordPress is vulnerable to arbitrary
shortc ...)
+ TODO: check
+CVE-2025-3458 (The Ocean Extra plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-3457 (The Ocean Extra plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2025-34028 (A path traversal vulnerability in Commvault Command Center
Innovation ...)
+ TODO: check
+CVE-2025-32964 (ManageWiki is a MediaWiki extension allowing users to manage
wikis. Pr ...)
+ TODO: check
+CVE-2025-32963 (MinIO Operator STS is a native IAM Authentication for
Kubernetes. Prio ...)
+ TODO: check
+CVE-2025-32961 (The Cuba JPA web API enables loading and saving any entities
defined i ...)
+ TODO: check
+CVE-2025-32960 (The CUBA REST API add-on performs operations on data and
entities. Pri ...)
+ TODO: check
+CVE-2025-32959 (CUBA Platform is a high level framework for enterprise
applications de ...)
+ TODO: check
+CVE-2025-32952 (Jmix is a set of libraries and tools to speed up Spring Boot
data-cent ...)
+ TODO: check
+CVE-2025-32951 (Jmix is a set of libraries and tools to speed up Spring Boot
data-cent ...)
+ TODO: check
+CVE-2025-32950 (Jmix is a set of libraries and tools to speed up Spring Boot
data-cent ...)
+ TODO: check
+CVE-2025-32788 (OctoPrint provides a web interface for controlling consumer 3D
printer ...)
+ TODO: check
+CVE-2025-31328 (SAP Learning Solution is vulnerable to Cross-Site Request
Forgery (CSR ...)
+ TODO: check
+CVE-2025-31327 (SAP Field Logistics Manage Logistics application OData
meta-data prope ...)
+ TODO: check
+CVE-2025-2092 (Insertion of Sensitive Information into Log File in Checkmk
GmbH's Che ...)
+ TODO: check
+CVE-2025-29743 (D-Link DIR-816 A2V1.1.0B05 was found to contain a command
injection in ...)
+ TODO: check
+CVE-2025-29621 (Francois Jacquet RosarioSIS v12.0.0 was discovered to contain
a conten ...)
+ TODO: check
+CVE-2025-29547 (In Rollback Rx Professional 12.8.0.0, the driver file
shieldm.sys allo ...)
+ TODO: check
+CVE-2025-29339 (An issue in UPF in Open5GS UPF versions up to v2.7.2 results
an assert ...)
+ TODO: check
+CVE-2025-28039 (TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain
a pre-au ...)
+ TODO: check
+CVE-2025-28038 (TOTOLINK EX1200T V4.1.2cu.5232_B20210713 was found to contain
a pre-au ...)
+ TODO: check
+CVE-2025-28037 (TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG
V4.1.2cu.5161_B20200 ...)
+ TODO: check
+CVE-2025-28036 (TOTOLINK A950RG V4.1.2cu.5161_B20200903 was found to contain a
pre-aut ...)
+ TODO: check
+CVE-2025-28035 (TOTOLINK A830R V4.1.2cu.5182_B20201102 was found to contain a
pre-auth ...)
+ TODO: check
+CVE-2025-28034 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R
V4.1.2cu.5182_B20201026, ...)
+ TODO: check
+CVE-2025-28033 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R
V4.1.2cu.5182_B20201026, ...)
+ TODO: check
+CVE-2025-28032 (TOTOLINK A800R V4.1.2cu.5137_B20200730, A810R
V4.1.2cu.5182_B20201026, ...)
+ TODO: check
+CVE-2025-28031 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to
contain a har ...)
+ TODO: check
+CVE-2025-28030 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2025-28029 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG
V4.1.2cu.5161_B20200903 ...)
+ TODO: check
+CVE-2025-28027 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG
V4.1.2cu.5161_B20200903 ...)
+ TODO: check
+CVE-2025-28026 (TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG
V4.1.2cu.5161_B20200903 ...)
+ TODO: check
+CVE-2025-28024 (TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a
buffer o ...)
+ TODO: check
+CVE-2025-27907 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
server-s ...)
+ TODO: check
+CVE-2025-26159 (Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting
(XSS) in ...)
+ TODO: check
+CVE-2025-23253 (NVIDIA NvContainer service for Windows contains a
vulnerability in its ...)
+ TODO: check
+CVE-2025-23251 (NVIDIA NeMo Framework contains a vulnerability where a user
could caus ...)
+ TODO: check
+CVE-2025-23250 (NVIDIA NeMo Framework contains a vulnerability where an
attacker could ...)
+ TODO: check
+CVE-2025-23249 (NVIDIA NeMo Framework contains a vulnerability where a user
could caus ...)
+ TODO: check
+CVE-2025-23176 (CWE-89: Improper Neutralization of Special Elements used in an
SQL Com ...)
+ TODO: check
+CVE-2025-23175 (Multiple XSS (CWE-79))
+ TODO: check
+CVE-2025-1951 (IBM Hardware Management Console - Power Systems V10.2.1030.0
and V10.3 ...)
+ TODO: check
+CVE-2025-1950 (IBM Hardware Management Console - Power Systems V10.2.1030.0
and V10.3 ...)
+ TODO: check
+CVE-2024-53569 (A stored cross-site scripting (XSS) vulnerability in the New
Goal Crea ...)
+ TODO: check
+CVE-2024-53568 (A stored cross-site scripting (XSS) vulnerability in the Image
Upload ...)
+ TODO: check
+CVE-2024-46546 (NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to
contain a sta ...)
+ TODO: check
+CVE-2024-33452 (An issue in OpenResty lua-nginx-module v.0.10.26 and before
allows a r ...)
+ TODO: check
+CVE-2024-11299 (The Memberpress plugin for WordPress is vulnerable to
Sensitive Inform ...)
+ TODO: check
+CVE-2023-44755 (Sacco Management system v1.0 was discovered to contain a SQL
injection ...)
+ TODO: check
+CVE-2023-44753 (A stored cross-site scripting (XSS) vulnerability fin Student
Manageme ...)
+ TODO: check
+CVE-2023-44752 (An issue in Student Study Center Desk Management System v1.0
allows at ...)
+ TODO: check
+CVE-2023-43958 (An arbitrary file upload vulnerability in the component
/jquery-file-u ...)
+ TODO: check
+CVE-2023-43378 (A cross-site scripting (XSS) vulnerability in Hoteldruid
v3.0.5 allows ...)
+ TODO: check
CVE-2025-3856 (A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has
been cla ...)
NOT-FOR-US: xxyopen Novel-Plus
CVE-2025-3855 (A vulnerability was found in CodeCanyon RISE Ultimate Project
Manager ...)
@@ -116,10 +298,10 @@ CVE-2024-12862 (Incorrect Authorization vulnerability in
the OpenText Content Se
NOT-FOR-US: OpenText
CVE-2024-12543 (User Enumeration and Data Integrity in Barcode functionality
in OpenTe ...)
NOT-FOR-US: OpenText
-CVE-2024-40446
+CVE-2024-40446 (An issue in forkosh Mime Tex before v.1.77 allows an attacker
to execu ...)
- mimetex <unfixed> (bug #1103801)
NOTE: https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446
-CVE-2024-40445
+CVE-2024-40445 (Directory Traversal vulnerability in forkosh Mime Tex before
v.1.77 al ...)
- mimetex <unfixed> (bug #1103801)
NOTE: https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446
CVE-2025-25228 (A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for
Joomla allow ...)
@@ -1022,7 +1204,7 @@ CVE-2025-26478 (Dell ECS version 3.8.1.4 and prior
contain an Improper Certifica
NOT-FOR-US: Dell / EMC
CVE-2025-26477 (Dell ECS version 3.8.1.4 and prior contain an Improper Input
Validatio ...)
NOT-FOR-US: Dell / EMC
-CVE-2025-26269 (DragonflyDB Dragonfly through 1.28.2 allows authenticated
users to cau ...)
+CVE-2025-26269 (DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows
authenti ...)
NOT-FOR-US: DragonflyDB Dragonfly
CVE-2025-26268 (DragonflyDB Dragonfly before 1.27.0 allows authenticated users
to caus ...)
NOT-FOR-US: DragonflyDB Dragonfly
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3ec4488338a2bb336ab2a52993d82f01914298
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3ec4488338a2bb336ab2a52993d82f01914298
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
