Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e6fe2874 by security tracker role at 2025-08-27T20:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,186 @@
-CVE-2025-58050
+CVE-2025-9533 (A vulnerability has been found in TOTOLINK T10
4.1.8cu.5241_B20210927. ...)
+ TODO: check
+CVE-2025-9532 (A flaw has been found in Portabilis i-Educar up to 2.10. This
impacts ...)
+ TODO: check
+CVE-2025-9531 (A vulnerability was detected in Portabilis i-Educar up to 2.10.
This a ...)
+ TODO: check
+CVE-2025-9529 (A weakness has been identified in Campcodes Payroll Management
System ...)
+ TODO: check
+CVE-2025-9528 (A vulnerability was determined in Linksys E1700 1.0.0.4.003.
This vuln ...)
+ TODO: check
+CVE-2025-9527 (A vulnerability was found in Linksys E1700 1.0.0.4.003. This
affects t ...)
+ TODO: check
+CVE-2025-9526 (A vulnerability has been found in Linksys E1700 1.0.0.4.003.
Affected ...)
+ TODO: check
+CVE-2025-9525 (A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by
this v ...)
+ TODO: check
+CVE-2025-9523 (A vulnerability was detected in Tenda AC1206 15.03.06.23.
Affected is ...)
+ TODO: check
+CVE-2025-5187 (A vulnerability exists in the NodeRestriction admission
controller in ...)
+ TODO: check
+CVE-2025-5101 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
+ TODO: check
+CVE-2025-58218 (Deserialization of Untrusted Data vulnerability in
enituretechnology S ...)
+ TODO: check
+CVE-2025-58217 (Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov
Instant ...)
+ TODO: check
+CVE-2025-58216 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58213 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58212 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58211 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58209 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58208 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58205 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58204 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in E ...)
+ TODO: check
+CVE-2025-58203 (Server-Side Request Forgery (SSRF) vulnerability in solacewp
Solace Ex ...)
+ TODO: check
+CVE-2025-58202 (Cross-Site Request Forgery (CSRF) vulnerability in Plugins and
Snippet ...)
+ TODO: check
+CVE-2025-58201 (Missing Authorization vulnerability in AfterShip & Automizely
AfterShi ...)
+ TODO: check
+CVE-2025-58198 (Missing Authorization vulnerability in Xpro Xpro Theme Builder
allows ...)
+ TODO: check
+CVE-2025-58197 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58196 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58195 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58194 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
+ TODO: check
+CVE-2025-58193 (Missing Authorization vulnerability in Uncanny Owl Uncanny
Automator a ...)
+ TODO: check
+CVE-2025-58192 (Missing Authorization vulnerability in Xylus Themes WP Bulk
Delete all ...)
+ TODO: check
+CVE-2025-57821 (Basecamp's Google Sign-In adds Google sign-in to Rails
applications. P ...)
+ TODO: check
+CVE-2025-56694 (Client-side password validation (CWE-602) in lumasoft
fotoShare Cloud ...)
+ TODO: check
+CVE-2025-55618 (In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an
attacker ca ...)
+ TODO: check
+CVE-2025-55582 (D-Link DCS-825L firmware v1.08.01 contains a vulnerability in
the watc ...)
+ TODO: check
+CVE-2025-55495 (Tenda AC6 V15.03.06.23_multi was discovered to contain a
buffer overfl ...)
+ TODO: check
+CVE-2025-55422 (In FoxCMS 1.2.6, there is a reflected Cross Site Scripting
(XSS) vulne ...)
+ TODO: check
+CVE-2025-54598 (The Bevy Event service through 2025-07-22, as used for eBay
Seller Eve ...)
+ TODO: check
+CVE-2025-53105 (GLPI, which stands for Gestionnaire Libre de Parc
Informatique, is a F ...)
+ TODO: check
+CVE-2025-52122 (Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS,
contains an S ...)
+ TODO: check
+CVE-2025-51667 (An issue was discovered in simple-admin-core v1.2.0 thru
v1.6.7. The / ...)
+ TODO: check
+CVE-2025-50989 (OPNsense 25.1 contains an authenticated command injection
vulnerabilit ...)
+ TODO: check
+CVE-2025-50986 (diskover-web v2.3.0 Community Edition suffers from multiple
stored cro ...)
+ TODO: check
+CVE-2025-50985 (diskover-web v2.3.0 Community Edition is vulnerable to
multiple reflec ...)
+ TODO: check
+CVE-2025-50984 (diskover-web v2.3.0 Community Edition is vulnerable to
multiple boolea ...)
+ TODO: check
+CVE-2025-50983 (SQL Injection vulnerability exists in the sortKey parameter of
the GET ...)
+ TODO: check
+CVE-2025-50979 (NodeBB v4.3.0 is vulnerable to SQL injection in its
search-categories ...)
+ TODO: check
+CVE-2025-50978 (In Gitblit v1.7.1, a reflected cross-site scripting (XSS)
vulnerabilit ...)
+ TODO: check
+CVE-2025-50977 (A template injection vulnerability leading to reflected
cross-site scr ...)
+ TODO: check
+CVE-2025-50972 (SQL Injection vulnerability in AbanteCart 1.4.2, allows
unauthenticate ...)
+ TODO: check
+CVE-2025-50428 (In RaspAP raspap-webgui 3.3.2 and earlier, a command injection
vulnera ...)
+ TODO: check
+CVE-2025-4225 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-43882 (Dell ThinOS 10, versions prior to 2508_10.0127, contains an
Unverified ...)
+ TODO: check
+CVE-2025-43730 (Dell ThinOS 10, versions prior to 2508_10.0127, contains an
Improper N ...)
+ TODO: check
+CVE-2025-43729 (Dell ThinOS 10, versions prior to 2508_10.0127, contains an
Incorrect ...)
+ TODO: check
+CVE-2025-43728 (Dell ThinOS 10, versions prior to 2508_10.0127, contain a
Protection M ...)
+ TODO: check
+CVE-2025-3601 (An issue has been discovered in GitLab CE/EE affecting all
versions fr ...)
+ TODO: check
+CVE-2025-34161 (Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to
a remote ...)
+ TODO: check
+CVE-2025-34159 (Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to
a remote ...)
+ TODO: check
+CVE-2025-34157 (Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to
a stored ...)
+ TODO: check
+CVE-2025-30064 (An insufficiently secured internal function allows session
generation ...)
+ TODO: check
+CVE-2025-30063 (The configuration file containing database logins and
passwords is rea ...)
+ TODO: check
+CVE-2025-30061 (In the "utils/Reporter/OpenReportWindow.pl" service, there is
an SQL i ...)
+ TODO: check
+CVE-2025-30060 (In the ReturnUserUnitsXML.pl service, the "getUserInfo"
function is vu ...)
+ TODO: check
+CVE-2025-30059 (In the PrepareCDExportJSON.pl service, the "getPerfServiceIds"
functio ...)
+ TODO: check
+CVE-2025-30058 (In the PatientService.pl service, the "getPatientIdentifier"
function ...)
+ TODO: check
+CVE-2025-30057 (In UHCRTFDoc, the filename parameter can be exploited to
execute arbit ...)
+ TODO: check
+CVE-2025-30056 (The RunCommand function accepts any parameter, which is then
passed fo ...)
+ TODO: check
+CVE-2025-30055 (The "system" function receives untrusted input from the user.
If the " ...)
+ TODO: check
+CVE-2025-30048 (The "serverConfig" endpoint, which returns the module
configuration in ...)
+ TODO: check
+CVE-2025-30041 (The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl",
"/cgi-bin/Clin ...)
+ TODO: check
+CVE-2025-30040 (The vulnerability allows unauthenticated users to download a
file cont ...)
+ TODO: check
+CVE-2025-30039 (Unauthenticated access to the
"/cgi-bin/CliniNET.prd/GetActiveSessions ...)
+ TODO: check
+CVE-2025-30038 (The vulnerability consists of a session ID leak when saving a
file dow ...)
+ TODO: check
+CVE-2025-30037 (The system exposes several endpoints, typically including
"/int/" in t ...)
+ TODO: check
+CVE-2025-30036 (Stored XSS vulnerability exists in the "Oddzia\u0142" (Ward)
module, i ...)
+ TODO: check
+CVE-2025-2313 (In the Print.pl service, the "uhcPrintServerPrint" function
allows exe ...)
+ TODO: check
+CVE-2025-2246 (An issue has been discovered in GitLab CE/EE affecting all
versions be ...)
+ TODO: check
+CVE-2025-20348 (A vulnerability in the REST API endpoints of Cisco Nexus
Dashboard and ...)
+ TODO: check
+CVE-2025-20347 (A vulnerability in the REST API endpoints of Cisco Nexus
Dashboard and ...)
+ TODO: check
+CVE-2025-20344 (A vulnerability in the backup restore functionality of Cisco
Nexus Das ...)
+ TODO: check
+CVE-2025-20342 (A vulnerability in the Virtual Keyboard Video Monitor (vKVM)
connectio ...)
+ TODO: check
+CVE-2025-20317 (A vulnerability in the Virtual Keyboard Video Monitor (vKVM)
connectio ...)
+ TODO: check
+CVE-2025-20296 (A vulnerability in the web-based management interface of Cisco
UCS Man ...)
+ TODO: check
+CVE-2025-20295 (A vulnerability in the CLI of Cisco UCS Manager Software could
allow a ...)
+ TODO: check
+CVE-2025-20294 (Multiple vulnerabilities in the CLI and web-based management
interface ...)
+ TODO: check
+CVE-2025-20292 (A vulnerability in the CLI of Cisco NX-OS Software could allow
an auth ...)
+ TODO: check
+CVE-2025-20290 (A vulnerability in the logging feature of Cisco NX-OS Software
for Cis ...)
+ TODO: check
+CVE-2025-20262 (A vulnerability in the Protocol Independent Multicast Version
6 (PIM6) ...)
+ TODO: check
+CVE-2025-20241 (A vulnerability in the Intermediate System-to-Intermediate
System (IS- ...)
+ TODO: check
+CVE-2024-37777 (O2OA v9.0.3 was discovered to contain a remote code execution
(RCE) vu ...)
+ TODO: check
+CVE-2025-58050 (The PCRE2 library is a set of C functions that implement
regular expre ...)
- pcre2 <unfixed>
[bookworm] - pcre2 <not-affected> (Vulnerable code not present)
[bullseye] - pcre2 <not-affected> (Vulnerable code not present)
@@ -30626,7 +30808,7 @@ CVE-2024-53827 (Ericsson Packet Core Controller (PCC)
contains a vulnerability w
NOT-FOR-US: Ericsson
CVE-2024-51475 (IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable
to HTML ...)
NOT-FOR-US: IBM
-CVE-2024-4665 (The EventPrime WordPress plugin before 3.5.0 does not properly
valida ...)
+CVE-2024-4665 (The EventPrime WordPress plugin before 3.5.0 does not properly
validat ...)
NOT-FOR-US: WordPress plugin
CVE-2024-4091 (The Responsive Gallery Grid WordPress plugin before 2.3.15 does
not sa ...)
NOT-FOR-US: WordPress plugin
@@ -38578,7 +38760,7 @@ CVE-2025-2987 (IBM Maximo Asset Management 7.6.1.3 is
vulnerable to server-side
NOT-FOR-US: IBM
CVE-2025-2839 (The WP Import Export Lite plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: WordPress plugin
-CVE-2025-2594 (The User Registration & Membership WordPress plugin before
4.1.3 does ...)
+CVE-2025-2594 (The User Registration & Membership WordPress plugin before
4.1.3 does ...)
NOT-FOR-US: WordPress plugin
CVE-2025-2300 (Hitachi Ops Center Common Services within Hitachi Ops Center
OVA conta ...)
NOT-FOR-US: Hitachi
@@ -65741,7 +65923,7 @@ CVE-2025-20881 (Out-of-bounds write in accessing buffer
storing the decoded vide
NOT-FOR-US: Samsung
CVE-2025-1003 (A potential vulnerability has been identified in HP Anyware
Agent for ...)
NOT-FOR-US: HP
-CVE-2025-0466 (The Sensei LMS WordPress plugin before 4.24.4 does not
properly prote ...)
+CVE-2025-0466 (The Sensei LMS WordPress plugin before 4.24.4 does not properly
protec ...)
NOT-FOR-US: WordPress plugin
CVE-2025-0368 (The Banner Garden Plugin for WordPress plugin through 0.1.3
does not s ...)
NOT-FOR-US: WordPress plugin
@@ -101474,7 +101656,7 @@ CVE-2024-9292 (The Bridge Core plugin for WordPress
is vulnerable to Stored Cros
NOT-FOR-US: WordPress plugin
CVE-2024-9021 (In the process of testing the Relevanssi WordPress plugin
before 4.23 ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-8983 (Custom Twitter Feeds WordPress plugin before 2.2.3 is not
filtering s ...)
+CVE-2024-8983 (Custom Twitter Feeds WordPress plugin before 2.2.3 does not
sanitise a ...)
NOT-FOR-US: WordPress plugin
CVE-2024-8964 (The Image Optimizer, Resizer and CDN \u2013 Sirv plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6fe28743232f2b821f251e78b1f90ce469cba32
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6fe28743232f2b821f251e78b1f90ce469cba32
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
