Publish Advisories

GHSA-qhw8-gxv4-588x
GHSA-5j47-gwc2-fhfc
GHSA-3c6p-c4v9-m5mw
GHSA-3h49-gmxg-3c7g
GHSA-3xfr-5qpm-hvr4
GHSA-445m-27cf-gr3x
GHSA-4w9g-4h2x-7qxq
GHSA-cf79-3x47-jx24
GHSA-cjfc-vqf6-fvgw
GHSA-fgvj-q3hx-cpwr
GHSA-g69v-xr79-fx7w
GHSA-gpg3-h2f7-7hcx
GHSA-h4g8-pvpv-p57j
GHSA-qf47-6jwc-r2c7
GHSA-qhg4-2m23-3vvx
GHSA-v2rc-5jqj-6rmg
GHSA-vhr7-c3p5-qrf4
GHSA-vq95-6x79-qv8j
GHSA-x66m-vvh8-f89w

Author: advisory-database[bot]

advisories/unreviewed/2022/12/GHSA-qhw8-gxv4-588x/GHSA-qhw8-gxv4-588x.json

@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-119"
+      "CWE-119",
+      "CWE-20"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2024/04/GHSA-5j47-gwc2-fhfc/GHSA-5j47-gwc2-fhfc.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/04/GHSA-3c6p-c4v9-m5mw/GHSA-3c6p-c4v9-m5mw.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3c6p-c4v9-m5mw",
+  "modified": "2025-04-18T21:31:20Z",
+  "published": "2025-04-18T21:31:20Z",
+  "aliases": [
+    "CVE-2024-57493"
+  ],
+  "details": "An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57493"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Marsman1996/pocs/tree/master/redox/CVE-2024-57493"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.redox-os.org/redox-os/relibc/-/issues/201"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.redox-os.org/redox-os/relibc/-/merge_requests/566"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-18T20:15:15Z"
+  }
+}

advisories/unreviewed/2025/04/GHSA-3h49-gmxg-3c7g/GHSA-3h49-gmxg-3c7g.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3h49-gmxg-3c7g",
+  "modified": "2025-04-18T21:31:20Z",
+  "published": "2025-04-18T21:31:20Z",
+  "aliases": [
+    "CVE-2025-25983"
+  ],
+  "details": "An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25983"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/vladko312/Research_v380_IP_camera"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25983.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-257"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-18T20:15:16Z"
+  }
+}

advisories/unreviewed/2025/04/GHSA-3xfr-5qpm-hvr4/GHSA-3xfr-5qpm-hvr4.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3xfr-5qpm-hvr4",
+  "modified": "2025-04-18T21:31:21Z",
+  "published": "2025-04-18T21:31:21Z",
+  "aliases": [
+    "CVE-2024-53591"
+  ],
+  "details": "An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53591"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/aljoharasubaie/CVE-2024-53591"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-18T21:15:43Z"
+  }
+}

advisories/unreviewed/2025/04/GHSA-445m-27cf-gr3x/GHSA-445m-27cf-gr3x.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-445m-27cf-gr3x",
+  "modified": "2025-04-18T21:31:20Z",
+  "published": "2025-04-18T21:31:20Z",
+  "aliases": [
+    "CVE-2025-28197"
+  ],
+  "details": "Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28197"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/AndrewDzzz/f49e79b09ce0643ee1fc2a829e8875e0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-18T20:15:16Z"
+  }
+}

advisories/unreviewed/2025/04/GHSA-4w9g-4h2x-7qxq/GHSA-4w9g-4h2x-7qxq.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4w9g-4h2x-7qxq",
+  "modified": "2025-04-18T21:31:21Z",
+  "published": "2025-04-18T21:31:21Z",
+  "aliases": [
+    "CVE-2025-43903"
+  ],
+  "details": "NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43903"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-347"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-18T21:15:44Z"
+  }
+}

advisories/unreviewed/2025/04/GHSA-cf79-3x47-jx24/GHSA-cf79-3x47-jx24.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cf79-3x47-jx24",
+  "modified": "2025-04-18T21:31:19Z",
+  "published": "2025-04-18T21:31:19Z",
+  "aliases": [
+    "CVE-2025-28355"
+  ],
+  "details": "Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28355"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Volmarg/personal-management-system/issues/149"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Volmarg/personal-management-system"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/abbisQQ/CVE-2025-28355/tree/main"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-18T19:15:45Z"
+  }
+}

advisories/unreviewed/2025/04/GHSA-cjfc-vqf6-fvgw/GHSA-cjfc-vqf6-fvgw.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cjfc-vqf6-fvgw",
+  "modified": "2025-04-18T21:31:19Z",
+  "published": "2025-04-18T21:31:19Z",
+  "aliases": [
+    "CVE-2025-24914"
+  ],
+  "details": "When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24914"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenable.com/security/tns-2025-05"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-276"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-04-18T19:15:45Z"
+  }
+}

advisories/unreviewed/2025/04/GHSA-fgvj-q3hx-cpwr/GHSA-fgvj-q3hx-cpwr.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fgvj-q3hx-cpwr",
-  "modified": "2025-04-18T15:31:37Z",
+  "modified": "2025-04-18T21:31:19Z",
   "published": "2025-04-18T03:31:22Z",
   "aliases": [
     "CVE-2025-25427"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/slin99/2025-25427/blob/master/readme.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tp-link.com/en/support/download/tl-wr841n/#Firmware"
     }
   ],
   "database_specific": {