Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7ce48937 by security tracker role at 2025-08-20T08:14:02+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-9225 (Stored cross-site scripting (XSS) in the web interface of MiR
software ...)
TODO: check
CVE-2025-9202 (The ColorMag theme for WordPress is vulnerable to unauthorized
modific ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9193 (A flaw has been found in TOTVS Portal Meu RH up to 12.1.17.
Impacted i ...)
TODO: check
CVE-2025-9176 (A security flaw has been discovered in neurobin shc up to
4.0.3. Impac ...)
@@ -21,15 +21,15 @@ CVE-2025-9168 (A vulnerability was found in SolidInvoice up
to 2.4.0. This issue
CVE-2025-9167 (A vulnerability has been found in SolidInvoice up to 2.4.0.
This vulne ...)
TODO: check
CVE-2025-8618 (The WPC Smart Quick View for WooCommerce plugin for WordPress
is vulne ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8364 (A crafted URL using a blob: URI could have hidden the true
origin of t ...)
TODO: check
CVE-2025-8289 (The Redirection for Contact Form 7 plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8145 (The Redirection for Contact Form 7 plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-8141 (The Redirection for Contact Form 7 plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-57791 (An issue was discovered in Commvault before 11.36.60. A
security vulne ...)
TODO: check
CVE-2025-57790 (An issue was discovered in Commvault before 11.36.60. A
security vulne ...)
@@ -53,21 +53,21 @@ CVE-2025-57743
CVE-2025-57742
REJECTED
CVE-2025-55715 (Insertion of Sensitive Information Into Sent Data
vulnerability in The ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-55706 (URL redirection to untrusted site ('Open Redirect') issue
exists in M ...)
TODO: check
CVE-2025-54750 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54735 (Incorrect Privilege Assignment vulnerability in Emraan Cheema
CubeWP F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54726 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54713 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54677 (Unrestricted Upload of File with Dangerous Type vulnerability
in vcita ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54670 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54551 (Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a
privilege ...)
TODO: check
CVE-2025-54364 (Microsoft Knack 0.12.0 allows Regular expression Denial of
Service (Re ...)
@@ -87,13 +87,13 @@ CVE-2025-54055 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-54053 (Deserialization of Untrusted Data vulnerability in Adrian
Tobey Ground ...)
TODO: check
CVE-2025-54052 (Cross-Site Request Forgery (CSRF) vulnerability in Realtyna
Realtyna O ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54049 (Incorrect Privilege Assignment vulnerability in miniOrange
Custom API ...)
TODO: check
CVE-2025-54048 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
TODO: check
CVE-2025-54046 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54044 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-54040 (Missing Authorization vulnerability in Webba Appointment
Booking Webba ...)
@@ -101,15 +101,15 @@ CVE-2025-54040 (Missing Authorization vulnerability in
Webba Appointment Booking
CVE-2025-54034 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-54032 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54031 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-54028 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54027 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-54025 (Missing Authorization vulnerability in Elliot Sowersby /
RelyWP Coupon ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54021 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
TODO: check
CVE-2025-54019 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
@@ -119,11 +119,11 @@ CVE-2025-54017 (Improper Control of Filename for
Include/Require Statement in PH
CVE-2025-54014 (Deserialization of Untrusted Data vulnerability in
QuanticaLabs MediCe ...)
TODO: check
CVE-2025-54012 (Deserialization of Untrusted Data vulnerability in nanbu
Welcart e-Com ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54008 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
TODO: check
CVE-2025-54007 (Deserialization of Untrusted Data vulnerability in PickPlugins
Post Gr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53998 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
TODO: check
CVE-2025-53993 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
@@ -139,9 +139,9 @@ CVE-2025-53985 (Insertion of Sensitive Information Into
Sent Data vulnerability
CVE-2025-53983 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
TODO: check
CVE-2025-53580 (Incorrect Privilege Assignment vulnerability in quantumcloud
Simple Bu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53577 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53567 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-53565 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
@@ -153,109 +153,109 @@ CVE-2025-53563 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-53562 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-53561 (Path Traversal vulnerability in miniOrange Prevent files /
folders acc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53560 (Deserialization of Untrusted Data vulnerability in rascals
Noisa allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53559 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-53522 (Movable Type contains an issue with use of less trusted
source. If exp ...)
TODO: check
CVE-2025-53319 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53299 (Deserialization of Untrusted Data vulnerability in ThemeMakers
ThemeMa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53226 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53213 (Unrestricted Upload of File with Dangerous Type vulnerability
in ELEXt ...)
TODO: check
CVE-2025-53212 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-53210 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53208 (Authorization Bypass Through User-Controlled Key vulnerability
in paym ...)
TODO: check
CVE-2025-53207 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53205 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-53204 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53201 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-53198 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53196 (Insertion of Sensitive Information Into Sent Data
vulnerability in Cro ...)
TODO: check
CVE-2025-53195 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53194 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
TODO: check
CVE-2025-49896 (Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP
Discord ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49894 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49893 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49892 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49891 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49890 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49889 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49438 (Deserialization of Untrusted Data vulnerability in Max Chirkov
Simple ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49436 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49434 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49428 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49426 (Cross-Site Request Forgery (CSRF) vulnerability in Dourou
Cookie Warni ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49424 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49422 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49420 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49413 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49412 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49411 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49410 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49409 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49408 (Insertion of Sensitive Information Into Sent Data
vulnerability in WPD ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49406 (Missing Authorization vulnerability in favethemes Houzez
allows Access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49400 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49399 (Cross-Site Request Forgery (CSRF) vulnerability in Basix
NEX-Forms all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49397 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49396 (Missing Authorization vulnerability in themifyme Themify
Builder allow ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49395 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49392 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49391 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch
Designs Sign- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49389 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49382 (Cross-Site Request Forgery (CSRF) vulnerability in DexignZone
JobZilla ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49381 (Cross-Site Request Forgery (CSRF) vulnerability in ads.txt
Guru ads.tx ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48302 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48298 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-48297 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -267,11 +267,11 @@ CVE-2025-48171 (Improper Control of Filename for
Include/Require Statement in PH
CVE-2025-48170 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-48169 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48168 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-48165 (Incorrect Privilege Assignment vulnerability in DELUCKS
DELUCKS SEO al ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48164 (Incorrect Privilege Assignment vulnerability in Brainstorm
Force SureD ...)
TODO: check
CVE-2025-48163 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -281,21 +281,21 @@ CVE-2025-48162 (Improper Neutralization of Input During
Web Page Generation ('Cr
CVE-2025-48160 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-48159 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48158 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48157 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-48154 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48152 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48151 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
TODO: check
CVE-2025-48149 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
TODO: check
CVE-2025-48148 (Unrestricted Upload of File with Dangerous Type vulnerability
in Store ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48142 (Incorrect Privilege Assignment vulnerability in Saad Iqbal
Bookify all ...)
TODO: check
CVE-2025-47650 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
@@ -303,7 +303,7 @@ CVE-2025-47650 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2025-30975 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
TODO: check
CVE-2025-28977 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2024-12223 (Prism Central versions prior to 2024.3.1 are vulnerable to a
stored cr ...)
TODO: check
CVE-2025-9162
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce489374dbc379dc4a946bcfb17146d36afd086
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ce489374dbc379dc4a946bcfb17146d36afd086
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
