Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ec043209 by security tracker role at 2025-06-06T20:13:54+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2025-5806 (Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling
reports in ...)
- TODO: check
+ NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-5799 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been
declar ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5798 (A vulnerability was found in Tenda AC8 16.03.34.09. It has been
classi ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5797 (A vulnerability was found in Laundry Laundry System 1.0 and
classified ...)
TODO: check
CVE-2025-5796 (A vulnerability has been found in code-projects Laundry System
1.0 and ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5795 (A vulnerability, which was classified as critical, was found in
Tenda ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5794 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5793 (A vulnerability, which was classified as critical, was found in
TOTOLI ...)
TODO: check
CVE-2025-5792 (A vulnerability, which was classified as critical, has been
found in T ...)
@@ -31,41 +31,41 @@ CVE-2025-5786 (A vulnerability was found in TOTOLINK X15
1.0.0-B20230714.1105. I
CVE-2025-5785 (A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105
and cla ...)
TODO: check
CVE-2025-5784 (A vulnerability has been found in PHPGurukul Employee Record
Managemen ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5783 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5782 (A vulnerability, which was classified as critical, has been
found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5780 (A vulnerability was found in code-projects Patient Record
Management S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5779 (A vulnerability has been found in code-projects Patient Record
Managem ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5778 (A vulnerability, which was classified as critical, was found in
1000 P ...)
TODO: check
CVE-2025-5766 (A vulnerability was found in code-projects Laundry System 1.0.
It has ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5765 (A vulnerability was found in code-projects Laundry System 1.0.
It has ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5764 (A vulnerability was found in code-projects Laundry System 1.0
and clas ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5763 (A vulnerability has been found in Tenda CP3 11.10.00.2311090948
and cl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-5762 (A vulnerability, which was classified as critical, was found in
code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5761 (A vulnerability, which was classified as critical, has been
found in P ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5760 (The Simple History plugin for WordPress is vulnerable to
sensitive dat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5759 (A vulnerability classified as critical was found in PHPGurukul
Local S ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-5758 (A vulnerability classified as critical has been found in
SourceCodeste ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-5757 (A vulnerability was found in code-projects Traffic Offense
Reporting S ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5756 (A vulnerability was found in code-projects Real Estate Property
Manage ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-5755 (A vulnerability was found in SourceCodester Open Source Clinic
Managem ...)
- TODO: check
+ NOT-FOR-US: SourceCodester
CVE-2025-5751 (WOLFBOX Level 2 EV Charger Management Card Hard-coded
Credentials Auth ...)
TODO: check
CVE-2025-5750 (WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse
Heap-b ...)
@@ -91,13 +91,13 @@ CVE-2025-5474 (2BrightSparks SyncBackFree Link Following
Local Privilege Escalat
CVE-2025-5473 (GIMP ICO File Parsing Integer Overflow Remote Code Execution
Vulnerabi ...)
TODO: check
CVE-2025-5239 (The Domain For Sale plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-5192 (A missing authentication for critical function vulnerability in
the cl ...)
TODO: check
CVE-2025-49599 (Huawei EG8141A5 devices through V5R019C00S100, EG8145V5
devices throug ...)
TODO: check
CVE-2025-49453 (Cross-Site Request Forgery (CSRF) vulnerability in Jatinder
Pal Singh ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49450 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-49449 (Cross-Site Request Forgery (CSRF) vulnerability in WP Map
Plugins Inte ...)
@@ -105,7 +105,7 @@ CVE-2025-49449 (Cross-Site Request Forgery (CSRF)
vulnerability in WP Map Plugin
CVE-2025-49446 (Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao
Admin No ...)
TODO: check
CVE-2025-49445 (Cross-Site Request Forgery (CSRF) vulnerability in WP Map
Plugins Inte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49443 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-49442 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -115,7 +115,7 @@ CVE-2025-49441 (Missing Authorization vulnerability in WP
Map Plugins Interactiv
CVE-2025-49440 (Cross-Site Request Forgery (CSRF) vulnerability in Vuong
Nguyen WP Sec ...)
TODO: check
CVE-2025-49439 (Cross-Site Request Forgery (CSRF) vulnerability in
mariusz88atelierweb ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49435 (Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp
Easy Al ...)
TODO: check
CVE-2025-49429 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -183,7 +183,7 @@ CVE-2025-49299 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-49298 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-49294 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49293 (Missing Authorization vulnerability in CodeRevolution
Crawlomatic Mult ...)
TODO: check
CVE-2025-49292 (Improper Validation of Specified Quantity in Input
vulnerability in Co ...)
@@ -219,7 +219,7 @@ CVE-2025-49263 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2025-49262 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-49250 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49248 (Missing Authorization vulnerability in cmoreira Team Showcase
allows E ...)
TODO: check
CVE-2025-49246 (Missing Authorization vulnerability in cmoreira Testimonials
Showcase ...)
@@ -239,27 +239,27 @@ CVE-2025-49239 (Cross-Site Request Forgery (CSRF)
vulnerability in tychesoftware
CVE-2025-49238 (Cross-Site Request Forgery (CSRF) vulnerability in
everestthemes Evere ...)
TODO: check
CVE-2025-49237 (Cross-Site Request Forgery (CSRF) vulnerability in POEditor
POEditor a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49236 (Missing Authorization vulnerability in raychat Raychat allows
Accessin ...)
TODO: check
CVE-2025-49235 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49077 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh
Dynamic P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49076 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49075 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49074 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49073 (Deserialization of Untrusted Data vulnerability in Axiomthemes
Sweet D ...)
TODO: check
CVE-2025-49072 (Deserialization of Untrusted Data vulnerability in
AncoraThemes Mr. Mu ...)
TODO: check
CVE-2025-49068 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49067 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49011 (SpiceDB is an open source database for storing and querying
fine-grain ...)
TODO: check
CVE-2025-48784 (A missing authorization vulnerability in Soar Cloud HRD Human
Resource ...)
@@ -273,19 +273,19 @@ CVE-2025-48781 (An external control of file name or path
vulnerability in the do
CVE-2025-48780 (A deserialization of untrusted data vulnerability in the
download file ...)
TODO: check
CVE-2025-48337 (Missing Authorization vulnerability in QuickcabWP
QuickCab.This issue ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48335 (Missing Authorization vulnerability in CyberChimps Responsive
Plus all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48329 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48328 (Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet
Real Tim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47950 (CoreDNS is a DNS server that chains plugins. In versions prior
to 1.21 ...)
TODO: check
CVE-2025-47586 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47584 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Photogra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-41646 (An unauthorized remote attacker can bypass the authentication
of the a ...)
TODO: check
CVE-2025-41367 (Stored Cross-Site Scripting (XSS) vulnerability in IDF
v0.10.0-0C03-03 ...)
@@ -315,9 +315,9 @@ CVE-2025-3321 (A predefined administrative account is not
documented and cannot
CVE-2025-39358 (Deserialization of Untrusted Data vulnerability in
Teastudio.Pl WP Pos ...)
TODO: check
CVE-2025-33035 (A path traversal vulnerability has been reported to affect
File Statio ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-33031 (An improper certificate validation vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-31025 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-31000 (Missing Authorization vulnerability in Miguel Fuentes Payment
QR WooCo ...)
@@ -327,9 +327,9 @@ CVE-2025-30999 (Improper Control of Filename for
Include/Require Statement in PH
CVE-2025-30997 (Server-Side Request Forgery (SSRF) vulnerability in
SmartDataSoft Car ...)
TODO: check
CVE-2025-30995 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes
Widgetize ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30994 (Cross-Site Request Forgery (CSRF) vulnerability in Emraan
Cheema CubeW ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30991 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-30990 (Missing Authorization vulnerability in ThemeHunk ThemeHunk
allows Expl ...)
@@ -339,13 +339,13 @@ CVE-2025-30989 (Improper Neutralization of Special
Elements used in an SQL Comma
CVE-2025-30986 (Cross-Site Request Forgery (CSRF) vulnerability in
_CreativeMedia_ Eli ...)
TODO: check
CVE-2025-30981 (Cross-Site Request Forgery (CSRF) vulnerability in tggfref
WP-Recall a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30980 (Cross-Site Request Forgery (CSRF) vulnerability in Alessandro
Piconi S ...)
TODO: check
CVE-2025-30978 (Missing Authorization vulnerability in Dor Zuberi Slack
Notifications ...)
TODO: check
CVE-2025-30977 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30976 (Server-Side Request Forgery (SSRF) vulnerability in wpdive
Nexa Blocks ...)
TODO: check
CVE-2025-30974 (Missing Authorization vulnerability in Akhtarujjaman Shuvo
Post Grid M ...)
@@ -359,7 +359,7 @@ CVE-2025-30957 (Missing Authorization vulnerability in
BuddyDev Activity Plus Re
CVE-2025-30956 (Cross-Site Request Forgery (CSRF) vulnerability in Booqable
Rental Sof ...)
TODO: check
CVE-2025-30954 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30953 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
TODO: check
CVE-2025-30952 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -421,27 +421,27 @@ CVE-2025-30625 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-30624 (Missing Authorization vulnerability in WordLift WordLift
allows Exploi ...)
TODO: check
CVE-2025-30279 (An improper certificate validation vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-2766 (70mai A510 Use of Default Password Authentication Bypass
Vulnerability ...)
TODO: check
CVE-2025-29892 (An SQL injection vulnerability has been reported to affect
Qsync Centr ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29885 (An improper certificate validation vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29884 (An improper certificate validation vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29883 (An improper certificate validation vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29877 (A NULL pointer dereference vulnerability has been reported to
affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29876 (A NULL pointer dereference vulnerability has been reported to
affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29873 (A NULL pointer dereference vulnerability has been reported to
affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29872 (An allocation of resources without limits or throttling
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29871 (An out-of-bounds read vulnerability has been reported to
affect File S ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-29013 (Missing Authorization vulnerability in faaiq Custom
Category/Post Type ...)
TODO: check
CVE-2025-29011 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -467,33 +467,33 @@ CVE-2025-28994 (Missing Authorization vulnerability in
viralloops Viral Loops WP
CVE-2025-28989 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-28986 (Cross-Site Request Forgery (CSRF) vulnerability in
Webaholicson Epicwi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28985 (Missing Authorization vulnerability in Elastic Email Elastic
Email Sub ...)
TODO: check
CVE-2025-28984 (Cross-Site Request Forgery (CSRF) vulnerability in storepro
Subscripti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28981 (Cross-Site Request Forgery (CSRF) vulnerability in Soli WP
Mail Option ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28974 (Cross-Site Request Forgery (CSRF) vulnerability in mail250
Free WP Mai ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28966 (Cross-Site Request Forgery (CSRF) vulnerability in dilemma123
Recent P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28964 (Cross-Site Request Forgery (CSRF) vulnerability in mangup
Personal Fav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28958 (Cross-Site Request Forgery (CSRF) vulnerability in Vadim
Bogaiskov Bg ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28954 (Cross-Site Request Forgery (CSRF) vulnerability in wphobby
Backwp allo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28952 (Cross-Site Request Forgery (CSRF) vulnerability in Jonathan
Lau CubePo ...)
TODO: check
CVE-2025-28950 (Cross-Site Request Forgery (CSRF) vulnerability in David
Shabtai Post ...)
TODO: check
CVE-2025-28948 (Cross-Site Request Forgery (CSRF) vulnerability in codedraft
Mediabay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27360 (Cross-Site Request Forgery (CSRF) vulnerability in WP Corner
Quick Eve ...)
TODO: check
CVE-2025-27359 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP
Media Fil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27334 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-26593 (Cross-Site Request Forgery (CSRF) vulnerability in
FasterThemes FastBo ...)
@@ -515,23 +515,23 @@ CVE-2025-23971 (Missing Authorization vulnerability in
whassan KI Live Video Con
CVE-2025-23969 (Exposure of Sensitive System Information to an Unauthorized
Control Sp ...)
TODO: check
CVE-2025-22490 (A NULL pointer dereference vulnerability has been reported to
affect F ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-22486 (An improper certificate validation vulnerability has been
reported to ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-22484 (An allocation of resources without limits or throttling
vulnerability ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-22482 (A use of externally-controlled format string vulnerability has
been re ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-22481 (A command injection vulnerability has been reported to affect
several ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-56805 (A buffer overflow vulnerability has been reported to affect
several QN ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-50406 (A cross-site scripting (XSS) vulnerability has been reported
to affect ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-13088 (An improper authentication vulnerability has been reported to
affect Q ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2024-13087 (A command injection vulnerability has been reported to affect
QHora. I ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2025-38002 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/d871198ee431d90f5308d53998c1ba1d5db5619a (6.15-rc7)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec043209a49e723ee6d58e121750626c9c2ddbe3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec043209a49e723ee6d58e121750626c9c2ddbe3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
