Skip to content

Commit 41c89aa

Browse files
advisory-database[bot]advisory-database[bot]
committed
Advisory Database Sync
1 parent abe9853 commit 41c89aa

33 files changed

Lines changed: 791 additions & 63 deletions

File tree

advisories/github-reviewed/2025/05/GHSA-q5q7-8x6x-hcg2/GHSA-q5q7-8x6x-hcg2.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-q5q7-8x6x-hcg2",
4-
"modified": "2025-07-31T18:31:56Z",
4+
"modified": "2025-07-31T21:31:32Z",
55
"published": "2025-05-26T12:30:30Z",
66
"aliases": [
77
"CVE-2025-4057"
@@ -52,6 +52,10 @@
5252
"type": "WEB",
5353
"url": "https://access.redhat.com/errata/RHSA-2025:12355"
5454
},
55+
{
56+
"type": "WEB",
57+
"url": "https://access.redhat.com/errata/RHSA-2025:12473"
58+
},
5559
{
5660
"type": "WEB",
5761
"url": "https://access.redhat.com/errata/RHSA-2025:8147"

advisories/unreviewed/2025/01/GHSA-9g4q-mq35-ffg3/GHSA-9g4q-mq35-ffg3.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-9g4q-mq35-ffg3",
4-
"modified": "2025-01-22T18:31:56Z",
4+
"modified": "2025-07-31T21:31:32Z",
55
"published": "2025-01-22T18:31:56Z",
66
"aliases": [
77
"CVE-2025-0651"
88
],
99
"details": "Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation.\n\nUser with a low system privileges  can create a set of symlinks inside the C:\\ProgramData\\Cloudflare\\warp-diag-partials folder. After triggering the 'Reset all settings\" option the WARP service will delete the files that the symlink was pointing to. Given the WARP service operates with System privileges this might lead to deleting files owned by the System user.\nThis issue affects WARP: before 2024.12.492.0.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:U/V:X/RE:L/U:Green"

advisories/unreviewed/2025/01/GHSA-w2xg-49x3-6w59/GHSA-w2xg-49x3-6w59.json

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-w2xg-49x3-6w59",
4-
"modified": "2025-02-24T12:31:59Z",
4+
"modified": "2025-07-31T21:31:32Z",
55
"published": "2025-01-30T21:31:22Z",
66
"aliases": [
77
"CVE-2024-10026"
88
],
99
"details": "A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
@@ -38,6 +42,7 @@
3842
],
3943
"database_specific": {
4044
"cwe_ids": [
45+
"CWE-326",
4146
"CWE-328"
4247
],
4348
"severity": "MODERATE",

advisories/unreviewed/2025/07/GHSA-2x45-7fc3-mxwq/GHSA-2x45-7fc3-mxwq.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2x45-7fc3-mxwq",
4+
"modified": "2025-07-31T21:31:53Z",
5+
"published": "2025-07-31T21:31:53Z",
6+
"aliases": [
7+
"CVE-2025-45769"
8+
],
9+
"details": "php-jwt v6.11.0 was discovered to contain weak encryption.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45769"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/firebase"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/firebase/php-jwt"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-326"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2025-07-31T20:15:33Z"
43+
}
44+
}

advisories/unreviewed/2025/07/GHSA-32gv-r223-hpr7/GHSA-32gv-r223-hpr7.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-32gv-r223-hpr7",
4-
"modified": "2025-07-31T18:32:03Z",
4+
"modified": "2025-07-31T21:31:52Z",
55
"published": "2025-07-31T18:32:03Z",
66
"aliases": [
77
"CVE-2025-50848"
88
],
99
"details": "A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -24,8 +29,10 @@
2429
}
2530
],
2631
"database_specific": {
27-
"cwe_ids": [],
28-
"severity": null,
32+
"cwe_ids": [
33+
"CWE-79"
34+
],
35+
"severity": "MODERATE",
2936
"github_reviewed": false,
3037
"github_reviewed_at": null,
3138
"nvd_published_at": "2025-07-31T16:15:30Z"

advisories/unreviewed/2025/07/GHSA-5qv2-823h-cg9j/GHSA-5qv2-823h-cg9j.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5qv2-823h-cg9j",
4+
"modified": "2025-07-31T21:31:54Z",
5+
"published": "2025-07-31T21:31:54Z",
6+
"aliases": [
7+
"CVE-2025-8286"
8+
],
9+
"details": "Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that \ncould allow an attacker to modify hardware configurations, manipulate \ndata, or factory reset the device.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8286"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-01"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-306"
34+
],
35+
"severity": "CRITICAL",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-07-31T20:15:46Z"
39+
}
40+
}

advisories/unreviewed/2025/07/GHSA-6fpv-q3vm-j4gh/GHSA-6fpv-q3vm-j4gh.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6fpv-q3vm-j4gh",
4-
"modified": "2025-07-31T18:32:04Z",
4+
"modified": "2025-07-31T21:31:53Z",
55
"published": "2025-07-31T18:32:04Z",
66
"aliases": [
77
"CVE-2025-51383"
88
],
99
"details": "D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -24,8 +29,10 @@
2429
}
2530
],
2631
"database_specific": {
27-
"cwe_ids": [],
28-
"severity": null,
32+
"cwe_ids": [
33+
"CWE-121"
34+
],
35+
"severity": "LOW",
2936
"github_reviewed": false,
3037
"github_reviewed_at": null,
3138
"nvd_published_at": "2025-07-31T18:15:41Z"

advisories/unreviewed/2025/07/GHSA-6vjc-2rp5-c2hr/GHSA-6vjc-2rp5-c2hr.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6vjc-2rp5-c2hr",
4-
"modified": "2025-07-31T15:35:50Z",
4+
"modified": "2025-07-31T21:31:50Z",
55
"published": "2025-07-31T15:35:50Z",
66
"aliases": [
77
"CVE-2025-29557"
88
],
99
"details": "ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -24,8 +29,10 @@
2429
}
2530
],
2631
"database_specific": {
27-
"cwe_ids": [],
28-
"severity": null,
32+
"cwe_ids": [
33+
"CWE-284"
34+
],
35+
"severity": "MODERATE",
2936
"github_reviewed": false,
3037
"github_reviewed_at": null,
3138
"nvd_published_at": "2025-07-31T15:15:36Z"

advisories/unreviewed/2025/07/GHSA-75pq-m89c-9h5r/GHSA-75pq-m89c-9h5r.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-75pq-m89c-9h5r",
4-
"modified": "2025-07-31T18:32:04Z",
4+
"modified": "2025-07-31T21:31:53Z",
55
"published": "2025-07-31T18:32:04Z",
66
"aliases": [
77
"CVE-2025-50866"
88
],
99
"details": "CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -20,8 +25,10 @@
2025
}
2126
],
2227
"database_specific": {
23-
"cwe_ids": [],
24-
"severity": null,
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "MODERATE",
2532
"github_reviewed": false,
2633
"github_reviewed_at": null,
2734
"nvd_published_at": "2025-07-31T17:15:30Z"

advisories/unreviewed/2025/07/GHSA-782f-gxj5-xvqc/GHSA-782f-gxj5-xvqc.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-782f-gxj5-xvqc",
4-
"modified": "2025-07-31T18:32:04Z",
4+
"modified": "2025-07-31T21:31:53Z",
55
"published": "2025-07-31T18:32:04Z",
66
"aliases": [
77
"CVE-2025-51503"
88
],
99
"details": "A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -28,8 +33,10 @@
2833
}
2934
],
3035
"database_specific": {
31-
"cwe_ids": [],
32-
"severity": null,
36+
"cwe_ids": [
37+
"CWE-79"
38+
],
39+
"severity": "HIGH",
3340
"github_reviewed": false,
3441
"github_reviewed_at": null,
3542
"nvd_published_at": "2025-07-31T18:15:42Z"

0 commit comments

Comments
 (0)