Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca3896d5 by security tracker role at 2025-09-09T20:14:37+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,37 +3,37 @@ CVE-2025-9994 (The Amp\u2019ed RF BT-AP 111 Bluetooth access
point's HTTP admin
CVE-2025-9951 (A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which
allows ...)
TODO: check
CVE-2025-9872 (Insufficient filename validation in Ivanti Endpoint Manager
before 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-9712 (Insufficient filename validation in Ivanti Endpoint Manager
before 202 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-9364 (An open database issue exists in the affected product and
version. The ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9269 (A Server-Side Request Forgery (SSRF) vulnerability has been
identified ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2025-9166 (A denial-of-service security issue exists in the affected
product and ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9161 (A security issue exists within FactoryTalk Optix MQTT broker
due to th ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9160 (A code execution security issue exists in the affected product.
An att ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-9065 (A server-side request forgery security issue exists within
Rockwell Au ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-8712 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-8711 (CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti
Policy ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-8277 (A flaw was found in libssh's handling of key exchange (KEX)
processes ...)
TODO: check
CVE-2025-8008 (A security issue exists in the protected mode of EN4TR devices,
where ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-8007 (A security issue exists in the protected mode of 1756-EN4TR and
1756-E ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-7970 (A security issue exists within FactoryTalk Activation Manager.
An err ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-7635 (Unauthenticated Telnet access vulnerability in Calix GigaCenter
ONT al ...)
TODO: check
CVE-2025-7350 (A security issue affecting multiple Cisco devices also directly
impact ...)
- TODO: check
+ NOT-FOR-US: Rockwell Automation
CVE-2025-5500 (A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on
Android. ...)
TODO: check
CVE-2025-5005 (A vulnerability was detected in Shanghai Lingdang Information
Technolo ...)
@@ -53,45 +53,45 @@ CVE-2025-59014 (An uncaught exception in the Bookmark
Toolbar of TYPO3 CMS versi
CVE-2025-59013 (An open\u2011redirect vulnerability in
GeneralUtility::sanitizeLocalUr ...)
TODO: check
CVE-2025-59008 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-59005 (Missing Authorization vulnerability in frenify Categorify
allows Explo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58997 (Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow
allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58993 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58991 (Cross-Site Request Forgery (CSRF) vulnerability in Cristiano
Zanca Woo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58990 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58989 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58988 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58987 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58985 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58984 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58983 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58982 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58981 (Missing Authorization vulnerability in Equalize Digital
Accessibility ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58980 (Missing Authorization vulnerability in recorp Export WP Page
to Static ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58979 (Missing Authorization vulnerability in BerqWP BerqWP allows
Exploiting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58978 (Missing Authorization vulnerability in WP Swings PDF Generator
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58977 (Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne
WP eBay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58976 (Missing Authorization vulnerability in Equalize Digital
Accessibility ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58975 (Cross-Site Request Forgery (CSRF) vulnerability in Helmut
Wandl Advanc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58762 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
TODO: check
CVE-2025-58761 (Tautulli is a Python based monitoring and tracking tool for
Plex Media ...)
@@ -111,7 +111,7 @@ CVE-2025-58435 (Open OnDemand is an open-source HPC portal.
Prior to versions 3.
CVE-2025-58430 (listmonk is a standalone, self-hosted, newsletter and mailing
list man ...)
TODO: check
CVE-2025-58215 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-58180 (OctoPrint provides a web interface for controlling consumer 3D
printer ...)
TODO: check
CVE-2025-58063 (CoreDNS is a DNS server that chains plugins. Starting in
version 1.2.0 ...)
@@ -127,45 +127,45 @@ CVE-2025-57538 (A stored cross-site scripting (XSS)
vulnerability in the HTTP Pr
CVE-2025-57278 (The LB-Link BL-CPE300M AX300 4G LTE Router firmware version
BL-R8800_B ...)
TODO: check
CVE-2025-57087 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a
stack overfl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57086 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a
stack overfl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57085 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a
stack overfl ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57078 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57072 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57071 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57070 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57069 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57064 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57063 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57062 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57061 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple
stack o ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57060 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57059 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57058 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple
stack o ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-57057 (Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack
overflow ...)
- TODO: check
+ NOT-FOR-US: Tenda
CVE-2025-55730 (XWiki Remote Macros provides XWiki rendering macros that are
useful wh ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-55729 (XWiki Remote Macros provides XWiki rendering macros that are
useful wh ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-55728 (XWiki Remote Macros provides XWiki rendering macros that are
useful wh ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-55727 (XWiki Remote Macros provides XWiki rendering macros that are
useful wh ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2025-55317 (Improper link resolution before file access ('link following')
in Micr ...)
TODO: check
CVE-2025-55316 (External control of file name or path in Azure Arc allows an
authorize ...)
@@ -193,23 +193,23 @@ CVE-2025-55224 (Concurrent execution using shared
resource with improper synchro
CVE-2025-55223 (Concurrent execution using shared resource with improper
synchronizati ...)
TODO: check
CVE-2025-55148 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55147 (CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2,
Ivanti Policy ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55146 (An unchecked return value in Ivanti Connect Secure before
22.7R2.9 or ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55145 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55144 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55143 (Reflected text injection in Ivanti Connect Secure before
22.7R2.9 or 2 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55142 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55141 (Missing authorization in Ivanti Connect Secure before 22.7R2.9
or 22.8 ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55139 (SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2,
Ivanti Policy ...)
- TODO: check
+ NOT-FOR-US: Ivanti
CVE-2025-55054 (CWE-79 Improper Neutralization of Input During Web Page
Generation (XS ...)
TODO: check
CVE-2025-55053 (CWE-328: Use of Weak Hash)
@@ -275,33 +275,33 @@ CVE-2025-54895 (Integer overflow or wraparound in Windows
SPNEGO Extended Negoti
CVE-2025-54894 (Local Security Authority Subsystem Service Elevation of
Privilege Vuln ...)
TODO: check
CVE-2025-54709 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-54261 (ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are
affected ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54257 (Acrobat Reader versions 24.001.30254, 20.005.30774,
25.001.20672 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54256 (Dreamweaver Desktop versions 21.5 and earlier are affected by
a Cross- ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54255 (Acrobat Reader versions 24.001.30254, 20.005.30774,
25.001.20672 and e ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54252 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54251 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54250 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54249 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54248 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54247 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54246 (Adobe Experience Manager versions 6.5.23.0 and earlier are
affected by ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54242 (Premiere Pro versions 25.3, 24.6.5 and earlier are affected by
a Use A ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54236 (Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7,
2.4.6-p12, 2 ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2025-54116 (Improper access control in Windows MultiPoint Services allows
an autho ...)
TODO: check
CVE-2025-54115 (Concurrent execution using shared resource with improper
synchronizati ...)
@@ -387,15 +387,15 @@ CVE-2025-53797 (Buffer over-read in Windows Routing and
Remote Access Service (R
CVE-2025-53796 (Buffer over-read in Windows Routing and Remote Access Service
(RRAS) a ...)
TODO: check
CVE-2025-53609 (A Relative Path Traversal vulnerability [CWE-23] in FortiWeb
7.6.0 thr ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-53348 (Missing Authorization vulnerability in Laborator Kalium. This
issue af ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53340 (Missing Authorization vulnerability in awesomesupport Awesome
Support. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53303 (Deserialization of Untrusted Data vulnerability in ThemeMove
ThemeMove ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-53291 (Missing Authorization vulnerability in spoddev2021
Spreadconnect. This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-52915 (K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware
suite, al ...)
TODO: check
CVE-2025-52322 (An issue in Open5GS v2.7.2 and before allows a remote attacker
to caus ...)
@@ -403,77 +403,77 @@ CVE-2025-52322 (An issue in Open5GS v2.7.2 and before
allows a remote attacker t
CVE-2025-52277 (Cross Site Scripting vulnerability in YesWiki v.4.54 allows a
remote a ...)
TODO: check
CVE-2025-49860 (Missing Authorization vulnerability in Majestic Support
Majestic Suppo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-49734 (Improper restriction of communication channel to intended
endpoints in ...)
TODO: check
CVE-2025-49692 (Improper access control in Azure Windows Virtual Machine Agent
allows ...)
TODO: check
CVE-2025-49430 (Server-Side Request Forgery (SSRF) vulnerability in FWDesign
Ultimate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-48208 (Improper Neutralization of Special Elements used in an LDAP
Query ('LD ...)
TODO: check
CVE-2025-48101 (Deserialization of Untrusted Data vulnerability in
webdevstudios Const ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47997 (Concurrent execution using shared resource with improper
synchronizati ...)
TODO: check
CVE-2025-47695 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47694 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47579 (Deserialization of Untrusted Data vulnerability in ThemeGoods
Photogra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47571 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47570 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47569 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47437 (Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed
Technolo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-47416 (A vulnerability exists in the
ConsoleFindCommandMatchListfunction in l ...)
- TODO: check
+ NOT-FOR-US: Crestron
CVE-2025-47415 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
- TODO: check
+ NOT-FOR-US: Crestron
CVE-2025-44594 (halo v2.20.17 and before is vulnerable to server-side request
forgery ...)
TODO: check
CVE-2025-43786 (Enumeration of ERC from object entry in Liferay Portal 7.4.0
through 7 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43781 (Reflected cross-site scripting (XSS) vulnerability in Liferay
Portal 7 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43776 (A Stored cross-site scripting vulnerability in the Liferay
Portal 7.4 ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-43775 (Stored cross-site scripting (XSS) vulnerability in Liferay
Portal 7.4. ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2025-41701 (An unauthenticated attacker can trick a local user into
executing arbi ...)
TODO: check
CVE-2025-40804 (A vulnerability has been identified in SIMATIC Virtualization
as a Ser ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40803 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40802 (A vulnerability has been identified in RUGGEDCOM RST2428P
(6GK6242-6PA ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40798 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40797 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40796 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40795 (A vulnerability has been identified in SIMATIC PCS neo V4.1
(All versi ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40757 (A vulnerability has been identified in APOGEE PXC Series
(BACnet) (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-40594 (A vulnerability has been identified in SINAMICS G220 V6.4 (All
version ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2025-39553 (Missing Authorization vulnerability in andy_moyle Church
Admin. This i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39541 (Missing Authorization vulnerability in Roland Murg WP Simple
Booking C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-39523 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-36125 (IBM Hardware Management Console - Power 10.3.1050.0 and
11.1.1110.0 is ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36011 (IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does
not set ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-34175 (In pfSense CE/usr/local/www/suricata/suricata_filecheck.php,
the value ...)
TODO: check
CVE-2025-34174 (In pfSense CE/usr/local/www/status_traffic_totals.php, the
value of th ...)
@@ -483,17 +483,17 @@ CVE-2025-34173 (In pfSense
CE/usr/local/www/snort/snort_ip_reputation.php, the v
CVE-2025-34172 (In pfSense CE/usr/local/www/haproxy/haproxy_stats.php, the
value of th ...)
TODO: check
CVE-2025-33045 (APTIOV contains vulnerabilities in the BIOS where a privileged
user ma ...)
- TODO: check
+ NOT-FOR-US: AMI
CVE-2025-32689 (Improper Validation of Specified Quantity in Input
vulnerability in Th ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32688 (Missing Authorization vulnerability in Sovica Target Video
Easy Publis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-32486 (Weak Password Recovery Mechanism for Forgotten Password
vulnerability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-30875 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin or theme
CVE-2025-29089 (An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130)
allows a rem ...)
- TODO: check
+ NOT-FOR-US: TP-Link
CVE-2025-24404 (XML Injection RCE by parse http sitemap xml response
vulnerability in ...)
TODO: check
CVE-2025-10199 (A local privilege escalation vulnerability exists in Sunshine
for Wind ...)
@@ -505,13 +505,13 @@ CVE-2025-10183 (A blind XML External Entity (XXE)
injection in the OpenMessaging
CVE-2025-10164 (A security flaw has been discovered in lmsys sglang 0.4.6.
Affected by ...)
TODO: check
CVE-2025-10134 (The Goza - Nonprofit Charity WordPress Theme theme for
WordPress is vu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10107 (A vulnerability has been found in TRENDnet TEW-831DR 1.0
(601.130.1.14 ...)
- TODO: check
+ NOT-FOR-US: TRENDnet
CVE-2025-10095 (A SQL injection vulnerability has been identified in the SMPP
server c ...)
TODO: check
CVE-2024-45325 (An improper neutralization of special elements used in an OS
command ( ...)
- TODO: check
+ NOT-FOR-US: Fortinet
CVE-2025-9542 (The AutomatorWP \u2013 Automator plugin for no-code
automations, webho ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9539 (The AutomatorWP \u2013 Automator plugin for no-code
automations, webho ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3896d5537e9786ac184a90346c375aec1f912b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca3896d5537e9786ac184a90346c375aec1f912b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
