Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
01573a7b by Moritz Muehlenhoff at 2025-07-16T22:24:42+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -173,11 +173,11 @@ CVE-2025-49031 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-48345 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48339 (Missing Authorization vulnerability in activity-log.com
Profiler - Wha ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48301 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48300 (Unrestricted Upload of File with Dangerous Type vulnerability
in Adria ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48299 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48295 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -185,7 +185,7 @@ CVE-2025-48295 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-48294 (Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG
Drupal ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48291 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48167 (Missing Authorization vulnerability in alexvtn Chatbox Manager
allows ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-48166 (Missing Authorization vulnerability in Bill Minozzi Stop and
Block bot ...)
@@ -213,11 +213,11 @@ CVE-2025-46959 (Adobe Experience Manager versions 6.5.22
and earlier are affecte
CVE-2025-46500 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-40985 (SQL injection vulnerability in SCATI Vision Web of SCATI Labs
from ver ...)
- TODO: check
+ NOT-FOR-US: SCATI
CVE-2025-40776 (A `named` caching resolver that is configured to send ECS
(EDNS Client ...)
TODO: check
CVE-2025-40724 (Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy
POS PHP Sc ...)
- TODO: check
+ NOT-FOR-US: Pharmacy POS
CVE-2025-3871 (Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1
allows ...)
NOT-FOR-US: Fortra
CVE-2025-37107 (An authentication bypass vulnerability exists in HPE AutoPass
License ...)
@@ -231,13 +231,13 @@ CVE-2025-37104 (A security vulnerability has been
identified in HPE Telco Servic
CVE-2025-36097 (IBM WebSphere Application Server 9.0 and WebSphere Application
Server ...)
NOT-FOR-US: IBM
CVE-2025-34300 (A template injection vulnerability exists in Sawtooth
Software\u2019s ...)
- TODO: check
+ NOT-FOR-US: Lighthouse Studio
CVE-2025-32874 (An issue was discovered in Kaseya Rapid Fire Tools Network
Detective t ...)
- TODO: check
+ NOT-FOR-US: Kaseya Rapid Fire Tools Network Detective
CVE-2025-32574 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-32353 (Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has
Unencrypted Cre ...)
- TODO: check
+ NOT-FOR-US: Kaseya Rapid Fire Tools Network Detective
CVE-2025-31427 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-31422 (Deserialization of Untrusted Data vulnerability in
designthemes Visual ...)
@@ -251,7 +251,7 @@ CVE-2025-31055 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-30973 (Deserialization of Untrusted Data vulnerability in Codexpert,
Inc CoSc ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30959 (Missing Authorization vulnerability in WPFactory Product XML
Feed Mana ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30955 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-30949 (Deserialization of Untrusted Data vulnerability in Guru Team
Site Chat ...)
@@ -265,11 +265,11 @@ CVE-2025-29000 (Missing Authorization vulnerability in
August Infotech Multi-lan
CVE-2025-28982 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-28965 (Missing Authorization vulnerability in Md Yeasin Ul Haider URL
Shorten ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28961 (Deserialization of Untrusted Data vulnerability in Md Yeasin
Ul Haider ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28959 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-28955 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-24779 (Deserialization of Untrusted Data vulnerability in NooTheme
Yogi allow ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01573a7b5d92c49e3117ef38c1ab04d407e66285
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/01573a7b5d92c49e3117ef38c1ab04d407e66285
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
