Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cf023c4f by Salvatore Bonaccorso at 2025-09-16T22:26:37+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,55 +5,55 @@ CVE-2025-8893 (A maliciously crafted PDF file, when parsed
through certain Autod
CVE-2025-8446 (The Blaze Demo Importer plugin for WordPress is vulnerable to
unauthor ...)
NOT-FOR-US: WordPress plugin
CVE-2025-8276 (Improper Encoding or Escaping of Output, Improper
Neutralization of Sp ...)
- TODO: check
+ NOT-FOR-US: Patika Global Technologies HumanSuite
CVE-2025-8057 (Authorization Bypass Through User-Controlled Key, Externally
Controlle ...)
- TODO: check
+ NOT-FOR-US: Patika Global Technologies HumanSuite
CVE-2025-7744 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Dolusoft Omaspot
CVE-2025-7743 (Cleartext Transmission of Sensitive Information vulnerability
in Dolus ...)
- TODO: check
+ NOT-FOR-US: Omaspot
CVE-2025-7355 (Authorization Bypass Through User-Controlled Key vulnerability
in Beef ...)
- TODO: check
+ NOT-FOR-US: Beefull App
CVE-2025-6575 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
- TODO: check
+ NOT-FOR-US: Omaspot
CVE-2025-5519 (Insertion of Sensitive Information Into Sent Data vulnerability
in Arg ...)
- TODO: check
+ NOT-FOR-US: ArgusTech BILGER
CVE-2025-59336 (Luanox is a module host for Lua packages. Prior to 0.1.1, a
file trave ...)
- TODO: check
+ NOT-FOR-US: Luanox
CVE-2025-59334 (Linkr is a lightweight file delivery system that downloads
files from ...)
- TODO: check
+ NOT-FOR-US: Linkr
CVE-2025-59333 (The mcp-database-server (MCP Server) 1.1.0 and earlier, as
distributed ...)
- TODO: check
+ NOT-FOR-US: mcp-database-server (MCP Server)
CVE-2025-59270 (psPAS PowerShell module does not explicitly enforce TLS 1.2
within the ...)
- TODO: check
+ NOT-FOR-US: psPAS PowerShell module
CVE-2025-59161 (Element Web is a Matrix web client built using the Matrix
React SDK. E ...)
TODO: check
CVE-2025-59160 (Matrix JavaScript SDK is a Matrix Client-Server SDK for
JavaScript and ...)
TODO: check
CVE-2025-59050 (Greenshot is an open source Windows screenshot utility.
Greenshot 1.3. ...)
- TODO: check
+ NOT-FOR-US: Greenshot
CVE-2025-58749 (WebAssembly Micro Runtime (WAMR) is a lightweight standalone
WebAssemb ...)
- TODO: check
+ NOT-FOR-US: WebAssembly Micro Runtime (WAMR)
CVE-2025-58174 (LDAP Account Manager (LAM) is a webfrontend for managing
entries store ...)
TODO: check
CVE-2025-57631 (SQL Injection vulnerability in TDuckCloud v.5.1 allows a
remote attack ...)
- TODO: check
+ NOT-FOR-US: TDuckCloud
CVE-2025-57625 (CYRISMA Sensor before 444 for Windows has an Insecure Folder
and File ...)
- TODO: check
+ NOT-FOR-US: CYRISMA Sensor
CVE-2025-57624 (A DLL hijacking vulnerability in CYRISMA Agent before 444
allows local ...)
- TODO: check
+ NOT-FOR-US: CYRISMA Agent
CVE-2025-57145 (A cross-site scripting (XSS) vulnerability exists in the
search-autoot ...)
- TODO: check
+ NOT-FOR-US: ATSMS web application
CVE-2025-57119 (An issue in Online Library Management System v.3.0 allows an
attacker ...)
- TODO: check
+ NOT-FOR-US: Online Library Management System
CVE-2025-56706 (Edimax BR-6473AX v1.0.28 was discovered to contain a remote
code execu ...)
- TODO: check
+ NOT-FOR-US: Edimax BR-6473AX
CVE-2025-56697 (A Stored Cross-Site Scripting (XSS) vulnerability was
discovered in th ...)
- TODO: check
+ NOT-FOR-US: Kashipara Computer Base Test
CVE-2025-56562 (An incorrect API discovered in Signify Wiz Connected 1.9.1
allows atta ...)
- TODO: check
+ NOT-FOR-US: Signify Wiz Connected
CVE-2025-56557 (An issue discovered in the Tuya Smart Life App 5.6.1 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Tuya Smart Life App
CVE-2025-56295 (code-projects Computer Laboratory System 1.0 has a file upload
vulnera ...)
NOT-FOR-US: code-projects
CVE-2025-56293 (code-projects Human Resource Integrated System 1.0 is
vulnerable to Cr ...)
@@ -65,11 +65,11 @@ CVE-2025-56280 (code-projects Food Ordering Review System
1.0 is vulnerable to C
CVE-2025-56276 (code-projects Food Ordering Review System 1.0 is vulnerable to
Cross S ...)
NOT-FOR-US: code-projects
CVE-2025-56264 (The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains
a denial ...)
- TODO: check
+ NOT-FOR-US: zhangyd-c OneBlog
CVE-2025-56263 (by-night sms V1.0 has an Arbitrary File Upload vulnerability.
The /api ...)
- TODO: check
+ NOT-FOR-US: by-night sms
CVE-2025-55834 (A Cross Site Scripting vulnerability in JeeWMS v.3.7 and
before allows ...)
- TODO: check
+ NOT-FOR-US: JeeWMS
CVE-2025-55118 (Memory corruptions can be remotely triggered in the
Control-M/Agent wh ...)
TODO: check
CVE-2025-55117 (A stack-based buffer overflow can be remotely triggered when
formattin ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf023c4f7c88905aef476b9ba968f2cd6038d44d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf023c4f7c88905aef476b9ba968f2cd6038d44d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
