Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ceca847 by security tracker role at 2025-07-16T20:13:07+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,113 +1,113 @@
CVE-2025-7703 (Authentication vulnerability in the mobile
application\uff08tech.palm. ...)
- TODO: check
+ NOT-FOR-US: TECNO Mobile
CVE-2025-7699 (An improper access control vulnerability was found in the EZ
Sync Man ...)
- TODO: check
+ NOT-FOR-US: Asustor
CVE-2025-7357 (LITEON IC48A firmware versions prior to 01.00.19r and LITEON
IC80A fir ...)
TODO: check
CVE-2025-7035 (The Media Library Assistant plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6993 (The Ultimate WP Mail plugin for WordPress is vulnerable to
Privilege E ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-6982 (Use of Hard-coded Credentials in TP-Link Archer C50 V3( <=
180703)/V ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-5994 (A multi-vendor cache poisoning vulnerability named 'Rebirthday
Attack' ...)
TODO: check
CVE-2025-5284 (The Master Addons \u2013 Elementor Addons with White Label,
Free Widge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-54051 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54050 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54047 (Missing Authorization vulnerability in QuanticaLabs Cost
Calculator al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54043 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54042 (Cross-Site Request Forgery (CSRF) vulnerability in xfinitysoft
WP Post ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54041 (Cross-Site Request Forgery (CSRF) vulnerability in WP Swings
Wallet Sy ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54039 (Cross-Site Request Forgery (CSRF) vulnerability in Toast
Plugins Anima ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54038 (Cross-Site Request Forgery (CSRF) vulnerability in jetmonsters
Restaur ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54037 (Missing Authorization vulnerability in blazethemes News Kit
Elementor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54036 (Cross-Site Request Forgery (CSRF) vulnerability in Webba
Appointment B ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54035 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant
Software ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54033 (Cross-Site Request Forgery (CSRF) vulnerability in BlocksWP
Theme Buil ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54030 (Cross-Site Request Forgery (CSRF) vulnerability in
GSheetConnector by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54026 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54024 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54023 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54022 (Cross-Site Request Forgery (CSRF) vulnerability in Elliot
Sowersby / R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54020 (Cross-Site Request Forgery (CSRF) vulnerability in Erik
AntiSpam for C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54018 (Missing Authorization vulnerability in CreativeMindsSolutions
CM Pop-U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54016 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54015 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54013 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54011 (Missing Authorization vulnerability in SMTP2GO SMTP2GO allows
Exploiti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54010 (Cross-Site Request Forgery (CSRF) vulnerability in Shahjahan
Jewel Flu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54009 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54006 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53997 (Missing Authorization vulnerability in favethemes Houzez
allows Exploi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53996 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53995 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53994 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53991 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53990 (Deserialization of Untrusted Data vulnerability in jetmonsters
JetForm ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53989 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53986 (Missing Authorization vulnerability in ThemeIsle Hestia allows
Accessi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53984 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53982 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53943 (VoidBot Open-Source is a customizable Discord bot. VoidBot
Open-Source ...)
TODO: check
CVE-2025-53938 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53937 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53936 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53935 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53934 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53933 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53932 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53931 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53930 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53929 (WeGIA is an open source web manager with a focus on the
Portuguese lan ...)
- TODO: check
+ NOT-FOR-US: WeGIA
CVE-2025-53926 (Emlog is an open source website building system. A cross-site
scriptin ...)
TODO: check
CVE-2025-53925 (Emlog is an open source website building system. A cross-site
scriptin ...)
@@ -137,77 +137,77 @@ CVE-2025-53754 (This vulnerability exists in Digisol
DG-GR6821AC Router due to h
CVE-2025-52836 (Incorrect Privilege Assignment vulnerability in Unity Business
Technol ...)
TODO: check
CVE-2025-52819 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52804 (Missing Authorization vulnerability in uxper Nuss allows
Accessing Fun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52803 (Missing Authorization vulnerability in uxper Sala allows
Accessing Fun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52787 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52786 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52779 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52777 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52714 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-50028 (Missing Authorization vulnerability in CodeSolz Ultimate Push
Notifica ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49888 (Missing Authorization vulnerability in pimwick PW WooCommerce
On Sale! ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49884 (Missing Authorization vulnerability in alexvtn Internal
Linking of Rel ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49876 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-49319 (Missing Authorization vulnerability in WPFactory Wishlist for
WooComme ...)
TODO: check
CVE-2025-49034 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49031 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48345 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48339 (Missing Authorization vulnerability in activity-log.com
Profiler - Wha ...)
TODO: check
CVE-2025-48301 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48300 (Unrestricted Upload of File with Dangerous Type vulnerability
in Adria ...)
TODO: check
CVE-2025-48299 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48295 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48294 (Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG
Drupal ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48291 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-48167 (Missing Authorization vulnerability in alexvtn Chatbox Manager
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48166 (Missing Authorization vulnerability in Bill Minozzi Stop and
Block bot ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48161 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48156 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48155 (Missing Authorization vulnerability in enituretechnology
Residential A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48153 (Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au
Import CD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48150 (Missing Authorization vulnerability in Bill Minozzi Real
Estate Proper ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47652 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47645 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47554 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47053 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46959 (Adobe Experience Manager versions 6.5.22 and earlier are
affected by a ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-46500 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-40985 (SQL injection vulnerability in SCATI Vision Web of SCATI Labs
from ver ...)
TODO: check
CVE-2025-40776 (A `named` caching resolver that is configured to send ECS
(EDNS Client ...)
@@ -215,51 +215,51 @@ CVE-2025-40776 (A `named` caching resolver that is
configured to send ECS (EDNS
CVE-2025-40724 (Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy
POS PHP Sc ...)
TODO: check
CVE-2025-3871 (Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1
allows ...)
- TODO: check
+ NOT-FOR-US: Fortra
CVE-2025-37107 (An authentication bypass vulnerability exists in HPE AutoPass
License ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37106 (An authentication bypass and disclosure of information
vulnerability e ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37105 (An hsqldb-related remote code execution vulnerability exists
in HPE Au ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-37104 (A security vulnerability has been identified in HPE Telco
Service Orch ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2025-36097 (IBM WebSphere Application Server 9.0 and WebSphere Application
Server ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-34300 (A template injection vulnerability exists in Sawtooth
Software\u2019s ...)
TODO: check
CVE-2025-32874 (An issue was discovered in Kaseya Rapid Fire Tools Network
Detective t ...)
TODO: check
CVE-2025-32574 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32353 (Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has
Unencrypted Cre ...)
TODO: check
CVE-2025-31427 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31422 (Deserialization of Untrusted Data vulnerability in
designthemes Visual ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31072 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31070 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-31055 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30973 (Deserialization of Untrusted Data vulnerability in Codexpert,
Inc CoSc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30959 (Missing Authorization vulnerability in WPFactory Product XML
Feed Mana ...)
TODO: check
CVE-2025-30955 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30949 (Deserialization of Untrusted Data vulnerability in Guru Team
Site Chat ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30936 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-29009 (Unrestricted Upload of File with Dangerous Type vulnerability
in Webku ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-29000 (Missing Authorization vulnerability in August Infotech
Multi-language ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28982 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28965 (Missing Authorization vulnerability in Md Yeasin Ul Haider URL
Shorten ...)
TODO: check
CVE-2025-28961 (Deserialization of Untrusted Data vulnerability in Md Yeasin
Ul Haider ...)
@@ -267,11 +267,11 @@ CVE-2025-28961 (Deserialization of Untrusted Data
vulnerability in Md Yeasin Ul
CVE-2025-28959 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-28955 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24779 (Deserialization of Untrusted Data vulnerability in NooTheme
Yogi allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24777 (Deserialization of Untrusted Data vulnerability in awethemes
Hillter a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-24759 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-22227 (In some specific scenarios with chained redirects, Reactor
Netty HTTP ...)
@@ -281,11 +281,11 @@ CVE-2025-20337 (A vulnerability in a specific API of
Cisco ISE and Cisco ISE-PIC
CVE-2025-20288 (A vulnerability in the web-based management interface of Cisco
Unified ...)
TODO: check
CVE-2025-20285 (A vulnerability in the IP Access Restriction feature of Cisco
ISE and ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20284 (A vulnerability in a specific API of Cisco ISE and Cisco
ISE-PIC could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20283 (A vulnerability in a specific API of Cisco ISE and Cisco
ISE-PIC could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2025-20274 (A vulnerability in the web-based management interface of Cisco
Unified ...)
TODO: check
CVE-2025-20272 (A vulnerability in a subset of REST APIs of Cisco Prime
Infrastructure ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ceca847fb4160d75907145fe75acef1796ff9d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ceca847fb4160d75907145fe75acef1796ff9d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
