Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fd20928b by security tracker role at 2025-07-04T20:13:04+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,21 +3,21 @@ CVE-2025-7067 (A vulnerability classified as problematic was
found in HDF5 1.14.
CVE-2025-7066 (Jirafeau normally prevents browser preview for text files due
to the p ...)
TODO: check
CVE-2025-7061 (A vulnerability was found in Intelbras InControl up to
2.21.60.9. It h ...)
- TODO: check
+ NOT-FOR-US: Intelbras
CVE-2025-7060 (A vulnerability was found in Monitorr up to 1.7.6m. It has been
classi ...)
TODO: check
CVE-2025-6740 (The Contact Form 7 Database Addon plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6056 (Timing difference in password reset in Ergon Informatik AG's
Airlock I ...)
TODO: check
CVE-2025-5920 (The Sharable Password Protected Posts before version 1.1.1
allows acce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-53569 (Cross-Site Request Forgery (CSRF) vulnerability in Trust
Payments Trus ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53568 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli
Radio St ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53566 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53485 (SetTranslationHandler.php does not validate that the user is
an electi ...)
TODO: check
CVE-2025-53484 (User-controlled inputs are improperly escaped in: *
VotePage.p ...)
@@ -41,7 +41,7 @@ CVE-2025-52828 (Deserialization of Untrusted Data
vulnerability in designthemes
CVE-2025-52813 (Missing Authorization vulnerability in pietro MobiLoud allows
Exploiti ...)
TODO: check
CVE-2025-52807 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52805 (Path Traversal vulnerability in VaultDweller Leyka allows PHP
Local Fi ...)
TODO: check
CVE-2025-52798 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -87,11 +87,11 @@ CVE-2025-49303 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2025-49302 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
TODO: check
CVE-2025-49274 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49247 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49245 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49070 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-48231 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -101,85 +101,85 @@ CVE-2025-48172 (CHMLib through 2bef8d0, as used in
SumatraPDF and other products
CVE-2025-47634 (Missing Authorization vulnerability in Keylor Mendoza WC
Pickup Store ...)
TODO: check
CVE-2025-47627 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47565 (Missing Authorization vulnerability in ashanjay EventON allows
Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47479 (Weak Authentication vulnerability in AresIT WP Compress allows
Authent ...)
TODO: check
CVE-2025-46733 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
TODO: check
CVE-2025-39487 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32918 (Improper neutralization of Livestatus command delimiters in
autocomple ...)
TODO: check
CVE-2025-32311 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32297 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31037 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30983 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30979 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30969 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30947 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30943 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30933 (Unrestricted Upload of File with Dangerous Type vulnerability
in Liqui ...)
TODO: check
CVE-2025-30929 (Missing Authorization vulnerability in amazewp fluXtore allows
Exploit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-29012 (Missing Authorization vulnerability in kamleshyadav CF7 7
Mailchimp Ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-29007 (Missing Authorization vulnerability in LMSACE LMSACE Connect
allows Ex ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-29001 (Missing Authorization vulnerability in ZoomIt WooCommerce Shop
Page Bu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28983 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28980 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2025-28978 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28976 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-28971 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28969 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28968 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28967 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28963 (Server-Side Request Forgery (SSRF) vulnerability in Md Yeasin
Ul Haide ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28957 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28951 (Unrestricted Upload of File with Dangerous Type vulnerability
in Creed ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27358 (Improper Neutralization of Script-Related HTML Tags in a Web
Page (Bas ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-27326 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-26591 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24780 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-24771 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24764 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24757 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24748 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24735 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23972 (Cross-Site Request Forgery (CSRF) vulnerability in Brian S.
Reed Conta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-23970 (Incorrect Privilege Assignment vulnerability in aonetheme
Service Find ...)
TODO: check
CVE-2024-9453 (A vulnerability was found in Red Hat OpenShift Jenkins. The
bearer tok ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd20928b0e13a8273be75e10e02f4396033f1042
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fd20928b0e13a8273be75e10e02f4396033f1042
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
