Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d57e2ed by Salvatore Bonaccorso at 2025-07-23T07:33:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-8019 (A vulnerability was found in Shenzhen Libituo Technology
LBT-T300-T310 ...)
- TODO: check
+ NOT-FOR-US: seShenzhen Libituo Technology
CVE-2025-8018 (A vulnerability was found in code-projects Food Ordering Review
System ...)
NOT-FOR-US: code-projects
CVE-2025-8017 (A vulnerability was found in Tenda AC7 15.03.06.44. It has been
classi ...)
@@ -7,19 +7,19 @@ CVE-2025-8017 (A vulnerability was found in Tenda AC7
15.03.06.44. It has been c
CVE-2025-8015 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7953 (A vulnerability, which was classified as problematic, has been
found i ...)
- TODO: check
+ NOT-FOR-US: Sanluan PublicCMS
CVE-2025-7952 (A vulnerability classified as critical was found in TOTOLINK T6
4.1.5c ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2025-7951 (A vulnerability classified as problematic has been found in
code-proje ...)
NOT-FOR-US: code-projects
CVE-2025-7950 (A vulnerability was found in code-projects Public Chat Room
1.0. It ha ...)
- TODO: check
+ NOT-FOR-US: code-projects Public Chat Room
CVE-2025-7949 (A vulnerability was found in Sanluan PublicCMS up to
5.202506.a. It ha ...)
- TODO: check
+ NOT-FOR-US: Sanluan PublicCMS
CVE-2025-7948 (A vulnerability classified as problematic was found in jshERP
up to 3. ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2025-7947 (A vulnerability classified as critical has been found in jshERP
up to ...)
- TODO: check
+ NOT-FOR-US: jshERP
CVE-2025-7946 (A vulnerability was found in PHPGurukul Apartment Visitors
Management ...)
NOT-FOR-US: PHPGurukul
CVE-2025-7945 (A vulnerability was found in D-Link DIR-513 up to 20190831. It
has bee ...)
@@ -33,13 +33,13 @@ CVE-2025-7942 (A vulnerability has been found in PHPGurukul
Taxi Stand Managemen
CVE-2025-7941 (A vulnerability, which was classified as problematic, was found
in PHP ...)
NOT-FOR-US: PHPGurukul
CVE-2025-7940 (A vulnerability was found in Genshin Albedo Cat House App 1.0.2
on And ...)
- TODO: check
+ NOT-FOR-US: Genshin Albedo Cat House App
CVE-2025-7939 (A vulnerability was found in jerryshensjf JPACookieShop
\u86cb\u7cd5\u ...)
- TODO: check
+ NOT-FOR-US: jerryshensjf JPACookieShop
CVE-2025-7900 (The femanager extension for TYPO3 allows Insecure Direct Object
Refere ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2025-7899 (The powermail extension for TYPO3 allows Insecure Direct Object
Refere ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension
CVE-2025-7705 (: Active Debug Code vulnerability in ABB Switch Actuator 4
DU-83330, A ...)
NOT-FOR-US: ABB group
CVE-2025-7692 (The Orion Login with SMS plugin for WordPress is vulnerable to
Authent ...)
@@ -57,9 +57,9 @@ CVE-2025-7495 (The WP-Members Membership Plugin plugin for
WordPress is vulnerab
CVE-2025-7486 (The Ebook Store plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
NOT-FOR-US: WordPress plugin
CVE-2025-7427 (Uncontrolled Search Path Element in Arm Development Studio
before 2025 ...)
- TODO: check
+ NOT-FOR-US: Arm Development Studio
CVE-2025-7371 (Okta On-Premises Provisioning (OPP) agents log certain user
data durin ...)
- TODO: check
+ NOT-FOR-US: Okta
CVE-2025-6831 (The User Registration plugin for WordPress is vulnerable to
Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6741 (Improper access control in secure message component in
Devolutions Ser ...)
@@ -97,77 +97,77 @@ CVE-2025-54355
CVE-2025-54354
REJECTED
CVE-2025-54134 (HAX CMS NodeJs allows users to manage their microsite universe
with a ...)
- TODO: check
+ NOT-FOR-US: HAX CMS NodeJs
CVE-2025-54129 (HAXiam is a packaging wrapper for HAXcms which allows anyone
to spawn ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2025-54128 (HAX CMS NodeJs allows users to manage their microsite universe
with a ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2025-54127 (HAXcms with nodejs backend allows users to start the server in
any HAX ...)
- TODO: check
+ NOT-FOR-US: HAX CMS
CVE-2025-54122 (Manager-io/Manager is accounting software. A critical
unauthenticated ...)
- TODO: check
+ NOT-FOR-US: Manager-io/Manager
CVE-2025-53832 (Lara Translate MCP Server is a Model Context Protocol (MCP)
Server for ...)
- TODO: check
+ NOT-FOR-US: Lara Translate MCP Server
CVE-2025-53528 (Cadwyn creates production-ready community-driven modern
Stripe-like AP ...)
- TODO: check
+ NOT-FOR-US: Cadwyn
CVE-2025-53472 (WRC-BE36QS-B and WRC-W701-B contain an improper neutralization
of spec ...)
- TODO: check
+ NOT-FOR-US: Elecom
CVE-2025-52580 (Insertion of sensitive information into log file issue exists
in "regi ...)
- TODO: check
+ NOT-FOR-US: region Pay App for Android
CVE-2025-51867 (Insecure Direct Object Reference (IDOR) vulnerability in
Deepfiction A ...)
- TODO: check
+ NOT-FOR-US: Deepfiction AI
CVE-2025-51865 (Ai2 playground web service (playground.allenai.org) LLM chat
through 2 ...)
- TODO: check
+ NOT-FOR-US: Ai2 playground web service (playground.allenai.org) LLM chat
CVE-2025-51864 (A reflected cross-site scripting (XSS) vulnerability exists in
AIBOX L ...)
- TODO: check
+ NOT-FOR-US: AIBOX LLM chat (chat.aibox365.cn)
CVE-2025-51863 (Self Cross Site Scripting (XSS) vulnerability in ChatGPT Unli
(ChatGPT ...)
- TODO: check
+ NOT-FOR-US: ChatGPT Unli (ChatGPTUnli.com)
CVE-2025-51862 (Insecure Direct Object Reference (IDOR) vulnerability in
TelegAI (tele ...)
- TODO: check
+ NOT-FOR-US: TelegAI (telegai.com)
CVE-2025-51860 (Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com)
2025-05-26 ...)
- TODO: check
+ NOT-FOR-US: TelegAI (telegai.com)
CVE-2025-51859 (Stored Cross-Site Scripting (XSS) vulnerability in Chaindesk
thru 2025 ...)
- TODO: check
+ NOT-FOR-US: Chaindesk
CVE-2025-51858 (Self Cross-Site Scripting (XSS) vulnerability in
ChatPlayground.ai thr ...)
- TODO: check
+ NOT-FOR-US: ChatPlayground.ai
CVE-2025-51482 (Remote Code Execution in
letta.server.rest_api.routers.v1.tools.run_to ...)
- TODO: check
+ NOT-FOR-US: letta-ai Letta
CVE-2025-51481 (Local File Inclusion in dagster._grpc.impl.get_notebook_data
in Dagste ...)
- TODO: check
+ NOT-FOR-US: Dagster
CVE-2025-51480 (Path Traversal vulnerability in
onnx.external_data_helper.save_externa ...)
- TODO: check
+ NOT-FOR-US: ONNX
CVE-2025-51479 (Authorization bypass in update_user_group in onyx-dot-app Onyx
Enterpr ...)
- TODO: check
+ NOT-FOR-US: nyx-dot-app Onyx Enterprise Edition
CVE-2025-51475 (Arbitrary File Overwrite (AFO) in
superagi.controllers.resources.uploa ...)
- TODO: check
+ NOT-FOR-US: TransformerOptimus SuperAGI
CVE-2025-51472 (Code Injection in AgentTemplate.eval_agent_config in
TransformerOptimu ...)
- TODO: check
+ NOT-FOR-US: TransformerOptimus SuperAGI
CVE-2025-51471 (Cross-Domain Token Exposure in
server.auth.getAuthorizationToken in Ol ...)
TODO: check
CVE-2025-51464 (Cross-site Scripting (XSS) in aimhubio Aim 3.28.0 allows
remote attack ...)
- TODO: check
+ NOT-FOR-US: aimhubio Aim
CVE-2025-51463 (Path Traversal in restore_run_backup() in AIM 3.28.0 allows
remote att ...)
- TODO: check
+ NOT-FOR-US: aimhubio Aim
CVE-2025-51459 (File Upload vulnerability in
agent.hub.controller.refresh_plugins in e ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai DB-GPT
CVE-2025-51458 (SQL Injection in editor_sql_run and query_ex in eosphoros-ai
DB-GPT 0. ...)
- TODO: check
+ NOT-FOR-US: eosphoros-ai DB-GPT
CVE-2025-4295 (Improper Validation of Certificate with Host Mismatch
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: HotelRunner B2B
CVE-2025-4294 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: HotelRunner B2B
CVE-2025-4285 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Agentis
CVE-2025-4284 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Agentis
CVE-2025-48964 (ping in iputils through 20240905 allows a denial of service
(applicati ...)
TODO: check
CVE-2025-48498 (A null pointer dereference vulnerability exists in the
Distributed Tra ...)
- TODO: check
+ NOT-FOR-US: Bloomberg Comdb2
CVE-2025-46354 (A denial of service vulnerability exists in the Distributed
Transactio ...)
- TODO: check
+ NOT-FOR-US: Bloomberg Comdb2
CVE-2025-46267 (Hidden functionality issue exists in WRC-BE36QS-B and
WRC-W701-B. If e ...)
- TODO: check
+ NOT-FOR-US: Elecom
CVE-2025-36520 (A null pointer dereference vulnerability exists in the
net_connectmsg ...)
TODO: check
CVE-2025-36512 (A denial of service vulnerability exists in the Bloomberg
Comdb2 8.1 d ...)
@@ -457,7 +457,7 @@ CVE-2025-54121 (Starlette is a lightweight ASGI
(Asynchronous Server Gateway Int
NOTE: Fixed by:
https://github.com/encode/starlette/commit/9f7ec2eb512fcc3fe90b43cb9dd9e1d08696bec1
(0.47.2)
NOTE:
https://github.com/encode/starlette/discussions/2927#discussioncomment-13721403
CVE-2025-54082 (marshmallow-packages/nova-tiptap is a rich text editor for
Laravel Nov ...)
- TODO: check
+ NOT-FOR-US: marshmallow-packages/nova-tiptap
CVE-2025-54071 (RomM (ROM Manager) allows users to scan, enrich, browse and
play their ...)
NOT-FOR-US: RomM
CVE-2025-52575 (EspoCRM is an Open Source CRM (Customer Relationship
Management) softw ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d57e2edc270396aa4827f5baeb70af038323f82
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d57e2edc270396aa4827f5baeb70af038323f82
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
