Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dfc34258 by Salvatore Bonaccorso at 2025-08-19T22:39:48+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16,37 +16,37 @@ CVE-2025-9154 (A flaw has been found in itsourcecode Online
Tour and Travel Mana
CVE-2025-9153 (A vulnerability was detected in itsourcecode Online Tour and
Travel Ma ...)
NOT-FOR-US: itsourcecode System
CVE-2025-9151 (A security flaw has been discovered in LiuYuYang01 ThriveX-Blog
up to ...)
- TODO: check
+ NOT-FOR-US: LiuYuYang01 ThriveX-Blog
CVE-2025-9150 (A vulnerability was identified in Surbowl
dormitory-management-php up ...)
- TODO: check
+ NOT-FOR-US: Surbowl dormitory-management-php
CVE-2025-9149 (A vulnerability was determined in Wavlink WL-NU516U1
M16U1_V240425. Th ...)
NOT-FOR-US: Wavlink
CVE-2025-9148 (A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7.
This aff ...)
- TODO: check
+ NOT-FOR-US: CodePhiliaX Chat2DB
CVE-2025-9147 (A vulnerability has been found in jasonclark getsemantic up to
040c96e ...)
- TODO: check
+ NOT-FOR-US: getsemantic
CVE-2025-9146 (A flaw has been found in Linksys E5600 1.1.0.26. The affected
element ...)
NOT-FOR-US: Linksys
CVE-2025-9145 (A security vulnerability has been detected in Scada-LTS
2.7.8.1. This ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9144 (A weakness has been identified in Scada-LTS 2.7.8.1. This
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9143 (A security flaw has been discovered in Scada-LTS 2.7.8.1. This
affects ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9140 (A vulnerability was identified in Shanghai Lingdang Information
Techno ...)
- TODO: check
+ NOT-FOR-US: Shanghai Lingdang Information Technology Lingdang CRM
CVE-2025-9139 (A vulnerability was determined in Scada-LTS 2.7.8.1. Affected
by this ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9138 (A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an
unknown ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9137 (A vulnerability has been found in Scada-LTS 2.7.8.1. This
impacts an u ...)
- TODO: check
+ NOT-FOR-US: Scada-LTS
CVE-2025-9136 (A flaw has been found in libretro RetroArch
1.18.0/1.19.0/1.20.0. This ...)
TODO: check
CVE-2025-9135 (A vulnerability was detected in Verkehrsauskunft \xd6sterreich
SmartRi ...)
- TODO: check
+ NOT-FOR-US: Verkehrsauskunft Oesterreich SmartRide, cleVVVer and
BusBahnBim
CVE-2025-9134 (A security vulnerability has been detected in AfterShip Package
Tracke ...)
- TODO: check
+ NOT-FOR-US: AfterShip Package Tracker App
CVE-2025-8783 (The Contact Manager plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8782
@@ -56,25 +56,25 @@ CVE-2025-8567 (The Nexter Blocks plugin for WordPress is
vulnerable to Stored Cr
CVE-2025-8450 (Improper Access Control issue in the Workflow component of
Fortra's Fi ...)
NOT-FOR-US: Fortra
CVE-2025-55740 (nginx-defender is a high-performance, enterprise-grade Web
Application ...)
- TODO: check
+ NOT-FOR-US: nginx-defender
CVE-2025-55737 (flaskBlog is a blog app built with Flask. In 2.8.0 and
earlier, when d ...)
- TODO: check
+ NOT-FOR-US: flaskBlog
CVE-2025-55736 (flaskBlog is a blog app built with Flask. In 2.8.0 and
earlier, an arb ...)
- TODO: check
+ NOT-FOR-US: flaskBlog
CVE-2025-55735 (flaskBlog is a blog app built with Flask. In 2.8.0 and
earlier, when c ...)
- TODO: check
+ NOT-FOR-US: flaskBlog
CVE-2025-55734 (flaskBlog is a blog app built with Flask. In 2.8.0 and
earlier, the co ...)
- TODO: check
+ NOT-FOR-US: flaskBlog
CVE-2025-55733 (DeepChat is a smart assistant that connects powerful AI to
your person ...)
- TODO: check
+ NOT-FOR-US: DeepChat
CVE-2025-55306 (GenX_FX is an advance IA trading platform that will focus on
forex tra ...)
- TODO: check
+ NOT-FOR-US: GenX_FX
CVE-2025-55303 (Astro is a web framework for content-driven websites. In
versions of a ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2025-55295 (qBit Manage is a tool that helps manage tedious tasks in
qBittorrent a ...)
- TODO: check
+ NOT-FOR-US: qBit Manage
CVE-2025-55294 (screenshot-desktop allows capturing a screenshot of your local
machine ...)
- TODO: check
+ NOT-FOR-US: screenshot-desktop
CVE-2025-55153
REJECTED
CVE-2025-54881 (Mermaid is a JavaScript based diagramming and charting tool
that uses ...)
@@ -84,35 +84,35 @@ CVE-2025-54880 (Mermaid is a JavaScript based diagramming
and charting tool that
CVE-2025-54411 (Discourse is an open-source discussion platform. Welcome
banner user n ...)
NOT-FOR-US: Discourse
CVE-2025-54336 (In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an ==
comparison ...)
- TODO: check
+ NOT-FOR-US: Plesk Obsidian
CVE-2025-52478 (n8n is a workflow automation platform. From 1.77.0 to before
1.98.2, a ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2025-52338 (An issue in the default configuration of the password reset
function i ...)
- TODO: check
+ NOT-FOR-US: LogicData eCommerce Framework
CVE-2025-52337 (An authenticated arbitrary file upload vulnerability in the
Content Ex ...)
- TODO: check
+ NOT-FOR-US: LogicData eCommerce Framework
CVE-2025-51543 (An issue was discovered in Cicool builder 3.4.4 allowing
attackers to ...)
- TODO: check
+ NOT-FOR-US: Cicool builder
CVE-2025-51540 (EzGED3 3.5.0 stores user passwords using an insecure hashing
scheme: m ...)
- TODO: check
+ NOT-FOR-US: EzGED3
CVE-2025-51539 (EzGED3 3.5.0 contains an unauthenticated arbitrary file read
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: EzGED3
CVE-2025-51529 (Incorrect Access Control in the AJAX endpoint functionality in
jonkast ...)
- TODO: check
+ NOT-FOR-US: onkastonka Cookies and Content Security Policy plugin
CVE-2025-51510 (MoonShine v3.12.5 was discovered to contain a SQL injection
vulnerabil ...)
- TODO: check
+ NOT-FOR-US: MoonShine
CVE-2025-51506 (In the smartLibrary component of the HRForecast Suite 0.4.3, a
SQL inj ...)
- TODO: check
+ NOT-FOR-US: HRForecast Suite
CVE-2025-51489 (An arbitrary file upload vulnerability in MoonShine v3.12.4
allows att ...)
- TODO: check
+ NOT-FOR-US: MoonShine
CVE-2025-51488 (A stored cross-site scripting (XSS) vulnerability in the
Create Admin ...)
- TODO: check
+ NOT-FOR-US: MoonShine
CVE-2025-51487 (A stored cross-site scripting (XSS) vulnerability in the
Create Articl ...)
- TODO: check
+ NOT-FOR-US: MoonShine
CVE-2025-50938 (Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31
via the ...)
- TODO: check
+ NOT-FOR-US: Hustoj
CVE-2025-50926 (Easy Hosting Control Panel EHCP v20.04.1.b was discovered to
contain a ...)
- TODO: check
+ NOT-FOR-US: Easy Hosting Control Panel EHCP
CVE-2025-50897 (A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2)
processo ...)
TODO: check
CVE-2025-50891 (Adform Site Tracking 1.1 allows attackers to inject HTML or
execute ar ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfc34258ff7eba25b902ca693834dc6a4e16d95c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dfc34258ff7eba25b902ca693834dc6a4e16d95c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
