[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) Tue, 17 Jun 2025 13:14:27 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
8520b6c2 by security tracker role at 2025-06-17T20:14:15+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,11 +9,11 @@ CVE-2025-6050 (Mezzanine CMS, in versions prior to 6.1.1, 
contains a Stored Cros
 CVE-2025-5777 (Insufficient input validation leading to memory overreadon the 
NetScal ...)
        TODO: check
 CVE-2025-5700 (The Simple Logo Carousel plugin for WordPress is vulnerable to 
Stored  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-5349 (Improper access control on the NetScaler Management Interface 
in NetSc ...)
        TODO: check
 CVE-2025-5291 (The Master Slider \u2013 Responsive Touch Slider plugin for 
WordPress  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-5141 (A binary in the BoKS Server Agent component of Fortra's Core 
Privilege ...)
        TODO: check
 CVE-2025-4879 (Local Privilege escalation allows a low-privileged user to gain 
SYSTEM ...)
@@ -25,49 +25,49 @@ CVE-2025-4404 (A privilege escalation from host to domain 
vulnerability was foun
 CVE-2025-4365 (Arbitrary file read inNetScaler Console and NetScaler SDX (SVM))
        TODO: check
 CVE-2025-49882 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49881 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49880 (Missing Authorization vulnerability in Emraan Cheema CubeWP 
Forms allo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49879 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        TODO: check
 CVE-2025-49878 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49877 (Server-Side Request Forgery (SSRF) vulnerability in Metagauss 
ProfileG ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49875 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49874 (Missing Authorization vulnerability in tychesoftwares Arconix 
FAQ allo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49872 (Missing Authorization vulnerability in WPExperts.io myCred 
allows Acce ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49871 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49868 (URL Redirection to Untrusted Site ('Open Redirect') 
vulnerability in F ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49865 (Cross-Site Request Forgery (CSRF) vulnerability in Helmut 
Wandl Advanc ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49864 (Missing Authorization vulnerability in AFS Analytics AFS 
Analytics all ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49863 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49862 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49861 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49859 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49858 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49857 (Missing Authorization vulnerability in WPExperts.io myCred 
allows Expl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49856 (Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps 
Respons ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49855 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49854 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49850 (A Heap-based Buffer Overflow vulnerability exists within the 
parsing o ...)
        TODO: check
 CVE-2025-49849 (An Out-of-bounds Read vulnerability exists within the parsing 
of PRJ f ...)
@@ -97,11 +97,11 @@ CVE-2025-49331 (Deserialization of Untrusted Data 
vulnerability in impleCode eCo
 CVE-2025-49330 (Deserialization of Untrusted Data vulnerability in CRM Perks 
Integrati ...)
        TODO: check
 CVE-2025-49316 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49312 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49266 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49261 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        TODO: check
 CVE-2025-49260 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
@@ -125,7 +125,7 @@ CVE-2025-49252 (Improper Control of Filename for 
Include/Require Statement in PH
 CVE-2025-49251 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        TODO: check
 CVE-2025-49234 (Missing Authorization vulnerability in Deepak anand WP Dummy 
Content G ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-49220 (An insecure deserialization operation in Trend Micro Apex 
Central belo ...)
        TODO: check
 CVE-2025-49219 (An insecure deserialization operation in Trend Micro Apex 
Central belo ...)
@@ -147,11 +147,11 @@ CVE-2025-48333 (Improper Neutralization of Input During 
Web Page Generation ('Cr
 CVE-2025-48274 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        TODO: check
 CVE-2025-48145 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-48118 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        TODO: check
 CVE-2025-48111 (Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES 
YITH PayPa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47867 (A Local File Inclusion vulnerability in a Trend Micro Apex 
Central wid ...)
        TODO: check
 CVE-2025-47866 (An unrestricted file upload vulnerability in a Trend Micro 
Apex Centra ...)
@@ -159,11 +159,11 @@ CVE-2025-47866 (An unrestricted file upload vulnerability 
in a Trend Micro Apex
 CVE-2025-47865 (A Local File Inclusion vulnerability in a Trend Micro Apex 
Central wid ...)
        TODO: check
 CVE-2025-47573 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47572 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        TODO: check
 CVE-2025-47559 (Unrestricted Upload of File with Dangerous Type vulnerability 
in Roman ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-47452 (Unrestricted Upload of File with Dangerous Type vulnerability 
in RexTh ...)
        TODO: check
 CVE-2025-45880 (A cross-site scripting (XSS) vulnerability in the data 
resource manage ...)
@@ -179,15 +179,15 @@ CVE-2025-45525 (A null pointer dereference vulnerability 
was discovered in micro
 CVE-2025-40674 (Reflected Cross-Site Scripting (XSS) in osCommerce v4. This 
vulnerabil ...)
        TODO: check
 CVE-2025-3880 (The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin 
for WordP ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-3515 (The Drag and Drop Multiple File Upload for Contact Form 7 
plugin for W ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2025-39508 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-39486 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-39479 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-34511 (Sitecore PowerShell Extensions, an add-on to Sitecore 
Experience Manag ...)
        TODO: check
 CVE-2025-34510 (Sitecore Experience Manager (XM), Experience Platform (XP), 
and Experi ...)
@@ -197,11 +197,11 @@ CVE-2025-34509 (Sitecore Experience Manager (XM) and 
Experience Platform (XP) ve
 CVE-2025-34508 (A path traversal vulnerability exists in the file dropoff 
functionalit ...)
        TODO: check
 CVE-2025-33122 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain 
elevated  ...)
-       TODO: check
+       NOT-FOR-US: IBM
 CVE-2025-32549 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        TODO: check
 CVE-2025-32510 (Unrestricted Upload of File with Dangerous Type vulnerability 
in ovath ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31919 (Deserialization of Untrusted Data vulnerability in themeton 
Spare allo ...)
        TODO: check
 CVE-2025-30988 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -213,9 +213,9 @@ CVE-2025-30679 (A Server-side Request Forgery (SSRF) 
vulnerability in Trend Micr
 CVE-2025-30678 (A Server-side Request Forgery (SSRF) vulnerability in Trend 
Micro Apex ...)
        TODO: check
 CVE-2025-30618 (Deserialization of Untrusted Data vulnerability in yuliaz 
Rapyd Paymen ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-30562 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin or theme
 CVE-2025-29002 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        TODO: check
 CVE-2025-28991 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8520b6c282da18870501ea87239e7d3b3df0c2bb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8520b6c282da18870501ea87239e7d3b3df0c2bb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Reply via email to