Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
39e7fad3 by Salvatore Bonaccorso at 2025-05-02T10:34:52+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27,19 +27,19 @@ CVE-2025-4180 (A vulnerability was found in PCMan FTP
Server 2.0.7. It has been
CVE-2025-4179 (The Flynax Bridge plugin for WordPress is vulnerable to limited
Privil ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4178 (A vulnerability was found in xiaowei1118 java_server up to
11a5bac8f4b ...)
- TODO: check
+ NOT-FOR-US: xiaowei1118 java_server
CVE-2025-4177 (The Flynax Bridge plugin for WordPress is vulnerable to
unauthorized l ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4176 (A vulnerability has been found in PHPGurukul Blood Bank & Donor
Manage ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4175 (A vulnerability, which was classified as critical, was found in
AlanBi ...)
- TODO: check
+ NOT-FOR-US: AlanBinu007 Spring-Boot-Advanced-Projects
CVE-2025-4131 (The GmapsMania plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2025-47201 (In Intrexx Portal Server before 12.0.4, multiple
Velocity-Scripts are ...)
- TODO: check
+ NOT-FOR-US: Intrexx Portal Server
CVE-2025-43595 (An insecure file system permissions vulnerability in MSP360
Backup 4.3 ...)
- TODO: check
+ NOT-FOR-US: MSP360
CVE-2025-3858 (The Formality plugin for WordPress is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3748 (The Taxonomy Chain Menu plugin for WordPress is vulnerable to
Stored C ...)
@@ -47,11 +47,11 @@ CVE-2025-3748 (The Taxonomy Chain Menu plugin for WordPress
is vulnerable to Sto
CVE-2025-3746 (The OTP-less one tap Sign in plugin for WordPress is vulnerable
to pri ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3709 (Agentflow from Flowring Technology has an Account Lockout
Bypass vulne ...)
- TODO: check
+ NOT-FOR-US: Agentflow from Flowring Technology
CVE-2025-3708 (Le-show medical practice management system from Le-yan has a
SQL Injec ...)
- TODO: check
+ NOT-FOR-US: Le-show medical practice management system
CVE-2025-3707 (The eHDR CTMS from Sunnet has a SQL Injection vulnerability,
allowing ...)
- TODO: check
+ NOT-FOR-US: eHDR CTMS from Sunnet
CVE-2025-3670 (The KiwiChat NextClient plugin for WordPress is vulnerable to
Stored C ...)
NOT-FOR-US: WordPress plugin
CVE-2025-3514 (The SureForms WordPress plugin before 1.4.4 does not sanitise
and esc ...)
@@ -87,11 +87,11 @@ CVE-2024-55909 (IBM Concert Software 1.0.0 through 1.0.5
could allow an authenti
CVE-2024-52903 (IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is
vulnerable to ...)
NOT-FOR-US: IBM
CVE-2024-48907 (Sematell ReplyOne 7.4.3.0 allows SSRF via the application
server API.)
- TODO: check
+ NOT-FOR-US: Sematell ReplyOne
CVE-2024-48906 (Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail
attachment ...)
- TODO: check
+ NOT-FOR-US: Sematell ReplyOne
CVE-2024-48905 (Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the
/rest/sessi ...)
- TODO: check
+ NOT-FOR-US: Sematell ReplyOne
CVE-2024-13860 (The Buddyboss Platform plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13859 (The Buddyboss Platform plugin for WordPress is vulnerable to
Stored Cr ...)
@@ -111,7 +111,7 @@ CVE-2024-13322 (The Ads Pro Plugin - Multi-Purpose
WordPress Advertising Manager
CVE-2024-12023 (The FULL \u2013 Cliente plugin for WordPress is vulnerable to
SQL Inje ...)
NOT-FOR-US: WordPress plugin
CVE-2024-11142 (Cross-Site Request Forgery (CSRF) vulnerability in Gosoft
Software Pro ...)
- TODO: check
+ NOT-FOR-US: Gosoft Software Proticaret E-Commerce
CVE-2025-4174 (A vulnerability, which was classified as critical, has been
found in P ...)
NOT-FOR-US: PHPGurukul
CVE-2025-4173 (A vulnerability classified as critical was found in
SourceCodester Onl ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e7fad3c97e9139d446e6b5839fb4b5b4239894
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e7fad3c97e9139d446e6b5839fb4b5b4239894
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
