Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
17009a66 by Moritz Muehlenhoff at 2025-09-23T15:37:08+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -893,11 +893,11 @@ CVE-2025-57437 (The Blackmagic Web Presenter HD firmware
version 3.3 exposes sen
CVE-2025-57434 (Creacast Creabox Manager contains a critical authentication
flaw that ...)
NOT-FOR-US: Creacast Creabox Manager
CVE-2025-57433 (The 2wcom IP-4c 2.15.5 device's web interface includes an
information ...)
- TODO: check
+ NOT-FOR-US: 2wcom IP-4c
CVE-2025-57432 (Blackmagic Web Presenter version 3.3 exposes a Telnet service
on port ...)
NOT-FOR-US: Blackmagic Web Presenter
CVE-2025-57431 (The Sound4 PULSE-ECO AES67 1.22 web-based management interface
is vuln ...)
- TODO: check
+ NOT-FOR-US: Sound4 PULSE-ECO AES67
CVE-2025-57430 (Creacast Creabox Manager 4.4.4 exposes sensitive configuration
data vi ...)
NOT-FOR-US: Creacast Creabox Manager
CVE-2025-57203 (MagicProject AI version 9.1 is affected by a Cross-Site
Scripting (XSS ...)
@@ -907,13 +907,13 @@ CVE-2025-56075 (A SQL Injection vulnerability was
discovered in the normal-bwdat
CVE-2025-56074 (A SQL Injection vulnerability was discovered in the
foreigner-bwdates- ...)
NOT-FOR-US: PHPGurukul
CVE-2025-55888 (Cross-Site Scripting (XSS) vulnerability was discovered in the
Ajax tr ...)
- TODO: check
+ NOT-FOR-US: ARD
CVE-2025-55887 (Cross-Site Scripting (XSS) vulnerability was discovered in the
meal re ...)
- TODO: check
+ NOT-FOR-US: ARD
CVE-2025-55886 (An Insecure Direct Object Reference (IDOR) vulnerability was
discovere ...)
- TODO: check
+ NOT-FOR-US: ARD
CVE-2025-55885 (SQL Injection vulnerability in Alpes Recherche et
Developpement ARD GE ...)
- TODO: check
+ NOT-FOR-US: ARD
CVE-2025-53570 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-53469 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -955,13 +955,13 @@ CVE-2025-53451 (Cross-Site Request Forgery (CSRF)
vulnerability in mihdan Mihdan
CVE-2025-53450 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-52367 (Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3
allows a ...)
- TODO: check
+ NOT-FOR-US: PivotX CMS
CVE-2025-51006 (Within tcpreplay's tcprewrite, a double free vulnerability has
been id ...)
TODO: check
CVE-2025-46711 (Software installed and run as a non-privileged user may
conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2025-43953 (In 2wcom IP-4c 2.16, the web interface allows admin and
manager users ...)
- TODO: check
+ NOT-FOR-US: 2wcom IP-4c
CVE-2025-43807 (Stored cross-site scripting (XSS) vulnerability in the
notifications w ...)
NOT-FOR-US: Liferay
CVE-2025-36202 (IBM webMethods Integration 10.15 and 11.1 could allow an
authenticated ...)
@@ -971,13 +971,13 @@ CVE-2025-36064 (IBM Sterling Connect:Express for
Microsoft Windows 3.1.0.0 throu
CVE-2025-36037 (IBM webMethods Integration 10.15 and 11.1 is vulnerable to
server-si ...)
NOT-FOR-US: IBM
CVE-2025-35042 (Airship AI Acropolis includes a default administrative account
that us ...)
- TODO: check
+ NOT-FOR-US: Airship AI Acropolis
CVE-2025-35041 (Airship AI Acropolis allows unlimited MFA attempts for 15
minutes afte ...)
- TODO: check
+ NOT-FOR-US: Airship AI Acropolis
CVE-2025-25177 (Software installed and run as a non-privileged user may
conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2025-10854 (The txtai framework allows the loading of compressed tar files
as embe ...)
- TODO: check
+ NOT-FOR-US: txtai
CVE-2025-10813 (A vulnerability was found in code-projects Hostel Management
System 1. ...)
NOT-FOR-US: code-projects
CVE-2025-10812 (A vulnerability has been found in code-projects Hostel
Management Syst ...)
@@ -1005,7 +1005,7 @@ CVE-2025-10802 (A flaw has been found in code-projects
Online Bidding System 1.0
CVE-2025-10801 (A security vulnerability has been detected in SourceCodester
Pet Groom ...)
NOT-FOR-US: SourceCodester
CVE-2025-10800 (A weakness has been identified in itsourcecode Online
Discussion Forum ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Online Discussion Forum
CVE-2025-10799 (A security flaw has been discovered in code-projects Hostel
Management ...)
NOT-FOR-US: code-projects
CVE-2025-10798 (A vulnerability was identified in code-projects Hostel
Management Syst ...)
@@ -1019,7 +1019,7 @@ CVE-2025-10795 (A vulnerability has been found in
code-projects Online Bidding S
CVE-2025-10794 (A flaw has been found in PHPGurukul Car Rental Project 3.0.
Affected b ...)
NOT-FOR-US: PHPGurukul
CVE-2025-10793 (A vulnerability was detected in code-projects E-Commerce
Website 1.0. ...)
- TODO: check
+ NOT-FOR-US: code-projects
CVE-2025-10792 (A security vulnerability has been detected in D-Link DIR-513
A1FW110. ...)
NOT-FOR-US: D-Link
CVE-2025-10791 (A weakness has been identified in code-projects Online Bidding
System ...)
@@ -1027,7 +1027,7 @@ CVE-2025-10791 (A weakness has been identified in
code-projects Online Bidding S
CVE-2025-10790 (A security flaw has been discovered in SourceCodester Simple
Forum Dis ...)
NOT-FOR-US: SourceCodester
CVE-2025-10009 (Incorrect handling of uploaded files in the admin "Restore"
function i ...)
- TODO: check
+ NOT-FOR-US: invoiceninja
CVE-2025-9541 (The Markup Markdown WordPress plugin before 3.20.10 allows
links to co ...)
NOT-FOR-US: WordPress plugin
CVE-2025-9540 (The Markup Markdown WordPress plugin before 3.20.10 allows
links to co ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17009a66df63c3432e6dadb0f74a0427558dd773
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17009a66df63c3432e6dadb0f74a0427558dd773
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
