Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d1749e0b by Moritz Mühlenhoff at 2025-07-08T17:01:05+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-7346 (Any unauthenticated attacker can bypass the localhost
restrictions po ...)
- TODO: check
+ - pyload <itp> (bug #1001980)
CVE-2025-7327 (The Widget for Google Reviews plugin for WordPress is
vulnerable to Di ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7168 (A vulnerability was found in code-projects Crime Reporting
System 1.0. ...)
@@ -27,11 +27,11 @@ CVE-2025-7158 (A vulnerability was found in PHPGurukul Zoo
Management System 2.1
CVE-2025-7157 (A vulnerability was found in code-projects Online Note Sharing
1.0. It ...)
NOT-FOR-US: code-projects
CVE-2025-7156 (A vulnerability has been found in hitsz-ids airda 0.0.3 and
classified ...)
- TODO: check
+ NOT-FOR-US: hitsz-ids airda
CVE-2025-7155 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
NOT-FOR-US: PHPGurukul
CVE-2025-7154 (A vulnerability, which was classified as critical, has been
found in T ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-7153 (A vulnerability classified as problematic was found in
CodeAstro Simpl ...)
NOT-FOR-US: CodeAstro
CVE-2025-7152 (A vulnerability classified as critical has been found in
Campcodes Adv ...)
@@ -47,7 +47,7 @@ CVE-2025-7148 (A vulnerability was found in CodeAstro Simple
Hospital Management
CVE-2025-7147 (A vulnerability has been found in CodeAstro Patient Record
Management ...)
NOT-FOR-US: CodeAstro
CVE-2025-7146 (The iPublish System developed by Jhenggao has an Arbitrary File
Readin ...)
- TODO: check
+ NOT-FOR-US: iPublish
CVE-2025-7144 (A vulnerability has been found in SourceCodester Best Salon
Management ...)
NOT-FOR-US: SourceCodester
CVE-2025-6746 (The WoodMart plugin for WordPress is vulnerable to Local File
Inclusio ...)
@@ -395,21 +395,21 @@ CVE-2025-43930 (Hashview 0.8.1 allows account takeover
via the password reset fe
CVE-2025-3920 (A vulnerability was identified in SUR-FBD CMMS where hard-coded
creden ...)
NOT-FOR-US: SUR-FBD CMMS
CVE-2025-3777 (Hugging Face Transformers versions up to 4.49.0 are affected by
an imp ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-3705 (A physical attacker with no privileges can gain full control of
the af ...)
- TODO: check
+ NOT-FOR-US: Frauscher
CVE-2025-3626 (A remote attacker with administrator account can gain full
control of ...)
- TODO: check
+ NOT-FOR-US: Frauscher
CVE-2025-3467 (An XSS vulnerability exists in langgenius/dify versions prior
to 1.1.3 ...)
NOT-FOR-US: Dify
CVE-2025-3466 (langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to
unsanitized ...)
NOT-FOR-US: Dify
CVE-2025-3264 (A Regular Expression Denial of Service (ReDoS) vulnerability
was disco ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-3263 (A Regular Expression Denial of Service (ReDoS) vulnerability
was disco ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-3262 (A Regular Expression Denial of Service (ReDoS) vulnerability
was disco ...)
- TODO: check
+ NOT-FOR-US: Hugging Face Transformers
CVE-2025-3225 (An XML Entity Expansion vulnerability, also known as a 'billion
laughs ...)
NOT-FOR-US: run-llama/llama_index
CVE-2025-3046 (A vulnerability in the `ObsidianReader` class of the
run-llama/llama_i ...)
@@ -563,7 +563,7 @@ CVE-2025-53167 (Authentication vulnerability in the
distributed collaboration fr
CVE-2025-48501 (An OS command injection issue exists in Nimesa Backup and
Recovery v2. ...)
NOT-FOR-US: Nimesa Backup and Recovery
CVE-2025-41672 (A remote unauthenticated attacker may use default certificates
to gene ...)
- TODO: check
+ NOT-FOR-US: WAGO
CVE-2025-3108 (A critical deserialization vulnerability exists in the
run-llama/llama ...)
NOT-FOR-US: run-llama/llama_index
CVE-2025-24508 (Extraction of Account Connectivity Credentials (ACCs) from the
IT Mana ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1749e0baefd0a2b89a1805959fe7ae118451640
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1749e0baefd0a2b89a1805959fe7ae118451640
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
