github
/
advisory-database
зеркало из https://github.com/github/advisory-database.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Advisory Database Sync

This commit is contained in:
advisory-database[bot] 2025-01-27 15:32:49 +00:00
Родитель b9324f380b
Коммит e84ae89f9b
67 изменённых файлов: 1950 добавлений и 46 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
advisories/unreviewed/2024/03/GHSA-9h2h-gpqp-6qgg/GHSA-9h2h-gpqp-6qgg.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9h2h-gpqp-6qgg",
"modified": "2024-03-20T15:32:28Z",
"modified": "2025-01-27T15:30:54Z",
"published": "2024-03-20T15:32:28Z",
"aliases": [
"CVE-2024-2255"
@ -33,7 +33,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

4
advisories/unreviewed/2024/03/GHSA-mf8f-39mx-wrjh/GHSA-mf8f-39mx-wrjh.json
Просмотреть файл

@ -29,7 +29,9 @@
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,

15
advisories/unreviewed/2024/03/GHSA-q6px-8pwj-ppvh/GHSA-q6px-8pwj-ppvh.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-q6px-8pwj-ppvh",
"modified": "2024-03-26T18:32:07Z",
"modified": "2025-01-27T15:30:55Z",
"published": "2024-03-26T18:32:07Z",
"aliases": [
"CVE-2024-26649"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the null pointer when load rlc firmware\n\nIf the RLC firmware is invalid because of wrong header size,\nthe pointer to the rlc firmware is released in function\namdgpu_ucode_request. There will be a null pointer error\nin subsequent use. So skip validation to fix it.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
@ -28,8 +33,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-476"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-26T18:15:10Z"

15
advisories/unreviewed/2024/04/GHSA-4xxr-7xxv-w3hj/GHSA-4xxr-7xxv-w3hj.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4xxr-7xxv-w3hj",
"modified": "2024-06-27T12:30:45Z",
"modified": "2025-01-27T15:30:56Z",
"published": "2024-04-17T12:32:04Z",
"aliases": [
"CVE-2024-26863"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Fix uninit-value access in hsr_get_node()\n\nKMSAN reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n fill_frame_info net/hsr/hsr_forward.c:577 [inline]\n hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615\n hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n packet_alloc_skb net/packet/af_packet.c:2936 [inline]\n packet_snd net/packet/af_packet.c:3030 [inline]\n packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\n=====================================================\n\nIf the packet type ID field in the Ethernet header is either ETH_P_PRP or\nETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr()\nreads an invalid value as a sequence number. This causes the above issue.\n\nThis patch fixes the issue by returning NULL if the Ethernet header is not\nfollowed by an HSR tag.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
@ -60,8 +65,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-908"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T11:15:09Z"

15
advisories/unreviewed/2024/04/GHSA-52h9-53cv-vm4j/GHSA-52h9-53cv-vm4j.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-52h9-53cv-vm4j",
"modified": "2024-04-26T15:30:30Z",
"modified": "2025-01-27T15:30:56Z",
"published": "2024-04-26T15:30:30Z",
"aliases": [
"CVE-2023-52646"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\naio: fix mremap after fork null-deref\n\nCommit e4a0d3e720e7 (\"aio: Make it possible to remap aio ring\") introduced\na null-deref if mremap is called on an old aio mapping after fork as\nmm->ioctx_table will be set to NULL.\n\n[jmoyer@redhat.com: fix 80 column issue]",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
@ -44,8 +49,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-476"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-26T13:15:46Z"

15
advisories/unreviewed/2024/04/GHSA-728g-23p2-mf29/GHSA-728g-23p2-mf29.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-728g-23p2-mf29",
"modified": "2024-06-26T00:31:36Z",
"modified": "2025-01-27T15:30:56Z",
"published": "2024-04-03T18:30:43Z",
"aliases": [
"CVE-2024-26771"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Add some null pointer checks to the edma_probe\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
@ -44,8 +49,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-476"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-03T17:15:52Z"

15
advisories/unreviewed/2024/04/GHSA-c37g-rxhp-7mqc/GHSA-c37g-rxhp-7mqc.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-c37g-rxhp-7mqc",
"modified": "2024-04-17T12:32:04Z",
"modified": "2025-01-27T15:30:56Z",
"published": "2024-04-17T12:32:04Z",
"aliases": [
"CVE-2024-26866"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: lpspi: Avoid potential use-after-free in probe()\n\nfsl_lpspi_probe() is allocating/disposing memory manually with\nspi_alloc_host()/spi_alloc_target(), but uses\ndevm_spi_register_controller(). In case of error after the latter call the\nmemory will be explicitly freed in the probe function by\nspi_controller_put() call, but used afterwards by \"devm\" management outside\nprobe() (spi_unregister_controller() <- devm_spi_unregister() below).\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000070\n...\nCall trace:\n kernfs_find_ns\n kernfs_find_and_get_ns\n sysfs_remove_group\n sysfs_remove_groups\n device_remove_attrs\n device_del\n spi_unregister_controller\n devm_spi_unregister\n release_nodes\n devres_release_all\n really_probe\n driver_probe_device\n __device_attach_driver\n bus_for_each_drv\n __device_attach\n device_initial_probe\n bus_probe_device\n deferred_probe_work_func\n process_one_work\n worker_thread\n kthread\n ret_from_fork",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
@ -32,8 +37,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-416"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T11:15:09Z"

15
advisories/unreviewed/2024/04/GHSA-g64m-m7r3-j854/GHSA-g64m-m7r3-j854.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-g64m-m7r3-j854",
"modified": "2024-04-17T12:32:05Z",
"modified": "2025-01-27T15:30:56Z",
"published": "2024-04-17T12:32:05Z",
"aliases": [
"CVE-2024-26893"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix double free in SMC transport cleanup path\n\nWhen the generic SCMI code tears down a channel, it calls the chan_free\ncallback function, defined by each transport. Since multiple protocols\nmight share the same transport_info member, chan_free() might want to\nclean up the same member multiple times within the given SCMI transport\nimplementation. In this case, it is SMC transport. This will lead to a NULL\npointer dereference at the second time:\n\n | scmi_protocol scmi_dev.1: Enabled polling mode TX channel - prot_id:16\n | arm-scmi firmware:scmi: SCMI Notifications - Core Enabled.\n | arm-scmi firmware:scmi: unable to communicate with SCMI\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n | Mem abort info:\n | ESR = 0x0000000096000004\n | EC = 0x25: DABT (current EL), IL = 32 bits\n | SET = 0, FnV = 0\n | EA = 0, S1PTW = 0\n | FSC = 0x04: level 0 translation fault\n | Data abort info:\n | ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n | CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n | GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n | user pgtable: 4k pages, 48-bit VAs, pgdp=0000000881ef8000\n | [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n | Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n | Modules linked in:\n | CPU: 4 PID: 1 Comm: swapper/0 Not tainted 6.7.0-rc2-00124-g455ef3d016c9-dirty #793\n | Hardware name: FVP Base RevC (DT)\n | pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n | pc : smc_chan_free+0x3c/0x6c\n | lr : smc_chan_free+0x3c/0x6c\n | Call trace:\n | smc_chan_free+0x3c/0x6c\n | idr_for_each+0x68/0xf8\n | scmi_cleanup_channels.isra.0+0x2c/0x58\n | scmi_probe+0x434/0x734\n | platform_probe+0x68/0xd8\n | really_probe+0x110/0x27c\n | __driver_probe_device+0x78/0x12c\n | driver_probe_device+0x3c/0x118\n | __driver_attach+0x74/0x128\n | bus_for_each_dev+0x78/0xe0\n | driver_attach+0x24/0x30\n | bus_add_driver+0xe4/0x1e8\n | driver_register+0x60/0x128\n | __platform_driver_register+0x28/0x34\n | scmi_driver_init+0x84/0xc0\n | do_one_initcall+0x78/0x33c\n | kernel_init_freeable+0x2b8/0x51c\n | kernel_init+0x24/0x130\n | ret_from_fork+0x10/0x20\n | Code: f0004701 910a0021 aa1403e5 97b91c70 (b9400280)\n | ---[ end trace 0000000000000000 ]---\n\nSimply check for the struct pointer being NULL before trying to access\nits members, to avoid this situation.\n\nThis was found when a transport doesn't really work (for instance no SMC\nservice), the probe routines then tries to clean up, and triggers a crash.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
@ -36,8 +41,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-415"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T11:15:10Z"

15
advisories/unreviewed/2024/04/GHSA-jp9p-8gwp-x6cf/GHSA-jp9p-8gwp-x6cf.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jp9p-8gwp-x6cf",
"modified": "2024-04-03T18:30:43Z",
"modified": "2025-01-27T15:30:56Z",
"published": "2024-04-03T18:30:43Z",
"aliases": [
"CVE-2024-26770"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nvidia-shield: Add missing null pointer checks to LED initialization\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.\n\n[jkosina@suse.com: tweak changelog a bit]",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
@ -28,8 +33,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-476"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-03T17:15:52Z"

15
advisories/unreviewed/2024/04/GHSA-m7wr-q7cm-56rh/GHSA-m7wr-q7cm-56rh.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m7wr-q7cm-56rh",
"modified": "2024-04-10T21:30:30Z",
"modified": "2025-01-27T15:30:56Z",
"published": "2024-04-10T21:30:30Z",
"aliases": [
"CVE-2021-47183"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix link down processing to address NULL pointer dereference\n\nIf an FC link down transition while PLOGIs are outstanding to fabric well\nknown addresses, outstanding ABTS requests may result in a NULL pointer\ndereference. Driver unload requests may hang with repeated \"2878\" log\nmessages.\n\nThe Link down processing results in ABTS requests for outstanding ELS\nrequests. The Abort WQEs are sent for the ELSs before the driver had set\nthe link state to down. Thus the driver is sending the Abort with the\nexpectation that an ABTS will be sent on the wire. The Abort request is\nstalled waiting for the link to come up. In some conditions the driver may\nauto-complete the ELSs thus if the link does come up, the Abort completions\nmay reference an invalid structure.\n\nFix by ensuring that Abort set the flag to avoid link traffic if issued due\nto conditions where the link failed.",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
@ -24,8 +29,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-476"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T19:15:47Z"

15
advisories/unreviewed/2024/04/GHSA-vcx4-7ph7-jfww/GHSA-vcx4-7ph7-jfww.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vcx4-7ph7-jfww",
"modified": "2024-04-17T12:32:05Z",
"modified": "2025-01-27T15:30:56Z",
"published": "2024-04-17T12:32:04Z",
"aliases": [
"CVE-2024-26879"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: meson: Add missing clocks to axg_clk_regmaps\n\nSome clocks were missing from axg_clk_regmaps, which caused kernel panic\nduring cat /sys/kernel/debug/clk/clk_summary\n\n[ 57.349402] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001fc\n...\n[ 57.430002] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 57.436900] pc : regmap_read+0x1c/0x88\n[ 57.440608] lr : clk_regmap_gate_is_enabled+0x3c/0xb0\n[ 57.445611] sp : ffff800082f1b690\n[ 57.448888] x29: ffff800082f1b690 x28: 0000000000000000 x27: ffff800080eb9a70\n[ 57.455961] x26: 0000000000000007 x25: 0000000000000016 x24: 0000000000000000\n[ 57.463033] x23: ffff800080e8b488 x22: 0000000000000015 x21: ffff00000e7e7000\n[ 57.470106] x20: ffff00000400ec00 x19: 0000000000000000 x18: ffffffffffffffff\n[ 57.477178] x17: 0000000000000000 x16: 0000000000000000 x15: ffff0000042a3000\n[ 57.484251] x14: 0000000000000000 x13: ffff0000042a2fec x12: 0000000005f5e100\n[ 57.491323] x11: abcc77118461cefd x10: 0000000000000020 x9 : ffff8000805e4b24\n[ 57.498396] x8 : ffff0000028063c0 x7 : ffff800082f1b710 x6 : ffff800082f1b710\n[ 57.505468] x5 : 00000000ffffffd0 x4 : ffff800082f1b6e0 x3 : 0000000000001000\n[ 57.512541] x2 : ffff800082f1b6e4 x1 : 000000000000012c x0 : 0000000000000000\n[ 57.519615] Call trace:\n[ 57.522030] regmap_read+0x1c/0x88\n[ 57.525393] clk_regmap_gate_is_enabled+0x3c/0xb0\n[ 57.530050] clk_core_is_enabled+0x44/0x120\n[ 57.534190] clk_summary_show_subtree+0x154/0x2f0\n[ 57.538847] clk_summary_show_subtree+0x220/0x2f0\n[ 57.543505] clk_summary_show_subtree+0x220/0x2f0\n[ 57.548162] clk_summary_show_subtree+0x220/0x2f0\n[ 57.552820] clk_summary_show_subtree+0x220/0x2f0\n[ 57.557477] clk_summary_show_subtree+0x220/0x2f0\n[ 57.562135] clk_summary_show_subtree+0x220/0x2f0\n[ 57.566792] clk_summary_show_subtree+0x220/0x2f0\n[ 57.571450] clk_summary_show+0x84/0xb8\n[ 57.575245] seq_read_iter+0x1bc/0x4b8\n[ 57.578954] seq_read+0x8c/0xd0\n[ 57.582059] full_proxy_read+0x68/0xc8\n[ 57.585767] vfs_read+0xb0/0x268\n[ 57.588959] ksys_read+0x70/0x108\n[ 57.592236] __arm64_sys_read+0x24/0x38\n[ 57.596031] invoke_syscall+0x50/0x128\n[ 57.599740] el0_svc_common.constprop.0+0x48/0xf8\n[ 57.604397] do_el0_svc+0x28/0x40\n[ 57.607675] el0_svc+0x34/0xb8\n[ 57.610694] el0t_64_sync_handler+0x13c/0x158\n[ 57.615006] el0t_64_sync+0x190/0x198\n[ 57.618635] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (b941fc00)\n[ 57.624668] ---[ end trace 0000000000000000 ]---\n\n[jbrunet: add missing Fixes tag]",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
@ -40,8 +45,10 @@
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"cwe_ids": [
"CWE-476"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-17T11:15:09Z"

6
advisories/unreviewed/2024/12/GHSA-3jj9-9287-pj45/GHSA-3jj9-9287-pj45.json
Просмотреть файл

@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3jj9-9287-pj45",
"modified": "2024-12-16T15:31:38Z",
"modified": "2025-01-27T15:30:56Z",
"published": "2024-12-16T15:31:37Z",
"aliases": [
"CVE-2024-56012"
@ -22,6 +22,10 @@
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/flashnews-fading-effect-pearlbells/vulnerability/wordpress-flash-news-post-responsive-plugin-4-1-csrf-to-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/flashnews-typewriter-pearlbells/vulnerability/wordpress-post-title-typewriter-plugin-4-1-csrf-to-privilege-escalation-vulnerability?_s_id=cve"
}
],
"database_specific": {

3
advisories/unreviewed/2025/01/GHSA-222x-q267-pmwg/GHSA-222x-q267-pmwg.json
Просмотреть файл

@ -26,7 +26,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-120"
"CWE-120",
"CWE-125"
],
"severity": "HIGH",
"github_reviewed": false,

36
advisories/unreviewed/2025/01/GHSA-27xq-hgcj-7p95/GHSA-27xq-hgcj-7p95.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-27xq-hgcj-7p95",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24593"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24593"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/edwiser-bridge/vulnerability/wordpress-edwiser-bridge-plugin-3-0-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:14Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-34gm-qfww-6gwm/GHSA-34gm-qfww-6gwm.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-34gm-qfww-6gwm",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24680"
],
"details": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24680"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-multi-store-locator/vulnerability/wordpress-wp-multi-store-locator-plugin-2-4-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-80"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:15Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-3h34-f36h-gxv5/GHSA-3h34-f36h-gxv5.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3h34-f36h-gxv5",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23656"
],
"details": "Missing Authorization vulnerability in Saul Morales Pacheco Donate visa allows Stored XSS. This issue affects Donate visa: from n/a through 1.0.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23656"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/donate-visa/vulnerability/wordpress-donate-visa-plugin-1-0-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:12Z"
}
}

3
advisories/unreviewed/2025/01/GHSA-3mqp-g9h4-rcqw/GHSA-3mqp-g9h4-rcqw.json
Просмотреть файл

@ -26,7 +26,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-120"
"CWE-120",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

29
advisories/unreviewed/2025/01/GHSA-3v4j-7fgr-fp96/GHSA-3v4j-7fgr-fp96.json Normal file
Просмотреть файл

@ -0,0 +1,29 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3v4j-7fgr-fp96",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2024-57590"
],
"details": "TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface \"ntp_sync.cgi\",which allows remote attackers to execute arbitrary commands via parameter \"ntp_server\" passed to the \"ntp_sync.cgi\" binary through a POST request.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57590"
},
{
"type": "WEB",
"url": "https://github.com/IdaJea/IOT_vuln_1/blob/master/tew632/ntp_sync.md"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:11Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-4f3p-p55q-669g/GHSA-4f3p-p55q-669g.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4f3p-p55q-669g",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-24664"
],
"details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24664"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/ltl-freight-quotes-worldwide-express-edition/vulnerability/wordpress-ltl-freight-quotes-plugin-5-0-20-sql-injection-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:29Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-4p3m-85w6-62v7/GHSA-4p3m-85w6-62v7.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-4p3m-85w6-62v7",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24653"
],
"details": "Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24653"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/admin-site-enhancements-pro/vulnerability/wordpress-admin-and-site-enhancements-ase-pro-plugin-7-6-1-1-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:15Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-58c8-5c83-6qg2/GHSA-58c8-5c83-6qg2.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-58c8-5c83-6qg2",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24671"
],
"details": "Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection. This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.4.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24671"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/save-as-pdf-by-pdfcrowd/vulnerability/wordpress-save-as-pdf-plugin-by-pdfcrowd-plugin-4-4-0-php-object-injection-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:15Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-5fc9-q89f-p74h/GHSA-5fc9-q89f-p74h.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5fc9-q89f-p74h",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24734"
],
"details": "Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24734"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/real-time-auto-find-and-replace/vulnerability/wordpress-better-find-and-replace-plugin-1-6-7-privilege-escalation-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:16Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-5r47-frw5-cmw5/GHSA-5r47-frw5-cmw5.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-5r47-frw5-cmw5",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24606"
],
"details": "Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24606"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/sprout-invoices/vulnerability/wordpress-client-invoicing-by-sprout-invoices-easy-estimates-and-invoices-for-wordpress-plugin-20-8-1-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:14Z"
}
}

11
advisories/unreviewed/2025/01/GHSA-69jp-7vgw-2cgr/GHSA-69jp-7vgw-2cgr.json
Просмотреть файл

@ -1,13 +1,18 @@
{
"schema_version": "1.4.0",
"id": "GHSA-69jp-7vgw-2cgr",
"modified": "2025-01-27T06:30:26Z",
"modified": "2025-01-27T15:30:56Z",
"published": "2025-01-27T06:30:26Z",
"aliases": [
"CVE-2024-12774"
],
"details": "The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack",
"severity": [],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
}
],
"affected": [],
"references": [
{
@ -21,7 +26,7 @@
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T06:15:22Z"

36
advisories/unreviewed/2025/01/GHSA-6m68-x6g5-76xx/GHSA-6m68-x6g5-76xx.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-6m68-x6g5-76xx",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24741"
],
"details": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24741"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/kb-support/vulnerability/wordpress-kb-support-plugin-1-6-7-open-redirection-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:16Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-7h65-cqmw-w88p/GHSA-7h65-cqmw-w88p.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-7h65-cqmw-w88p",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24540"
],
"details": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Cross Site Request Forgery. This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.18.9.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24540"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/coming-soon/vulnerability/wordpress-website-builder-by-seedprod-plugin-6-18-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:13Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-8cgh-g4jm-qrhx/GHSA-8cgh-g4jm-qrhx.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-8cgh-g4jm-qrhx",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24626"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24626"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/music-store/vulnerability/wordpress-music-store-wordpress-ecommerce-plugin-1-1-19-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:14Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-94rc-xhf4-73hj/GHSA-94rc-xhf4-73hj.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-94rc-xhf4-73hj",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24743"
],
"details": "Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24743"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:16Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-97gh-5pvf-m9wm/GHSA-97gh-5pvf-m9wm.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-97gh-5pvf-m9wm",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24600"
],
"details": "Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24600"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/rsvpmaker/vulnerability/wordpress-rsvpmaker-plugin-11-4-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:14Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-9gr5-3r4c-wx78/GHSA-9gr5-3r4c-wx78.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9gr5-3r4c-wx78",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23982"
],
"details": "Missing Authorization vulnerability in Marian Kanev Cab fare calculator allows Stored XSS. This issue affects Cab fare calculator: from n/a through 1.1.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23982"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/cab-fare-calculator/vulnerability/wordpress-fare-calculator-plugin-1-1-csrf-to-stored-cross-site-scripting-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:13Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-9v7v-vv4w-gxh3/GHSA-9v7v-vv4w-gxh3.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9v7v-vv4w-gxh3",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-24685"
],
"details": "Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP Local File Inclusion. This issue affects Morkva UA Shipping: from n/a through 1.0.18.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24685"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/morkva-ua-shipping/vulnerability/wordpress-morkva-ua-shipping-plugin-1-0-18-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-35"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:29Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-c3f5-rvxj-625x/GHSA-c3f5-rvxj-625x.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-c3f5-rvxj-625x",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24689"
],
"details": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24689"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/import-users-from-csv-with-meta/vulnerability/wordpress-import-and-export-users-and-customers-plugin-1-27-12-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-538"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:16Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-cmcq-wxqx-v9r5/GHSA-cmcq-wxqx-v9r5.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-cmcq-wxqx-v9r5",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24782"
],
"details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.10.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24782"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/post-grid-carousel-ultimate/vulnerability/wordpress-post-grid-slider-carousel-ultimate-with-shortcode-gutenberg-block-elementor-widget-plugin-1-6-10-local-file-inclusion-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-98"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:17Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-f8xw-g352-95p4/GHSA-f8xw-g352-95p4.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f8xw-g352-95p4",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-24584"
],
"details": "Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24584"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/ultimate-store-kit/vulnerability/wordpress-ultimate-store-kit-elementor-addons-plugin-2-3-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:28Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-f9hp-mwxx-5mjg/GHSA-f9hp-mwxx-5mjg.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f9hp-mwxx-5mjg",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:56Z",
"aliases": [
"CVE-2025-23792"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint allows Reflected XSS. This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through 1.1.6.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23792"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/passwordless-wp/vulnerability/wordpress-passwordless-wp-login-with-your-glance-or-fingerprint-plugin-1-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:28Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-ffm9-4hv2-v4gg/GHSA-ffm9-4hv2-v4gg.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-ffm9-4hv2-v4gg",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24665"
],
"details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.8.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24665"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/small-package-quotes-unishippers-edition/vulnerability/wordpress-small-package-quotes-plugin-2-4-8-sql-injection-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:15Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-gg54-9mc3-533v/GHSA-gg54-9mc3-533v.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-gg54-9mc3-533v",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:56Z",
"aliases": [
"CVE-2024-11348"
],
"details": "Eura7 CMSmanager in version 4.6 and below is vulnerable to Reflected XSS attacks through manipulation of return GET request parameter sent to a specific endpoint.\nThe vulnerability has been fixed by a patche patch 17012022 addressing all affected versions in use.",
"severity": [
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11348"
},
{
"type": "WEB",
"url": "https://cert.pl/en/posts/2025/01/CVE-2024-11348"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:27Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-ghjg-mfjj-w82r/GHSA-ghjg-mfjj-w82r.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-ghjg-mfjj-w82r",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23574"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM allows Reflected XSS. This issue affects CubePM: from n/a through 1.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23574"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/cubepm/vulnerability/wordpress-cubepm-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:12Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-h82v-8v2q-882m/GHSA-h82v-8v2q-882m.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-h82v-8v2q-882m",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24708"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Reflected XSS. This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.6.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24708"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/cf7-dynamics-crm/vulnerability/wordpress-wp-dynamics-crm-plugin-1-1-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:16Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-hmhc-953c-9459/GHSA-hmhc-953c-9459.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hmhc-953c-9459",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24628"
],
"details": "Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24628"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/google-captcha/vulnerability/wordpress-recaptcha-by-bestwebsoft-plugin-1-78-captcha-bypass-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-290"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:14Z"
}
}

33
advisories/unreviewed/2025/01/GHSA-hrpc-m3r9-f5w5/GHSA-hrpc-m3r9-f5w5.json Normal file
Просмотреть файл

@ -0,0 +1,33 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hrpc-m3r9-f5w5",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2024-57595"
],
"details": "DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter \"wps_pin\" passed to the apc_client_pin.cgi binary through a POST request.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57595"
},
{
"type": "WEB",
"url": "https://github.com/IdaJea/IOT_vuln_1/blob/master/DIR825/wps_pin.md"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"database_specific": {
"cwe_ids": [],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:11Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-hw5g-vm2x-j26q/GHSA-hw5g-vm2x-j26q.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-hw5g-vm2x-j26q",
"modified": "2025-01-27T15:30:56Z",
"published": "2025-01-27T15:30:56Z",
"aliases": [
"CVE-2025-22513"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple Locator allows Reflected XSS. This issue affects Simple Locator: from n/a through 2.0.4.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22513"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/simple-locator/vulnerability/wordpress-simple-locator-plugin-2-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:28Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-jqv5-vcwq-87cj/GHSA-jqv5-vcwq-87cj.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jqv5-vcwq-87cj",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24667"
],
"details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.17.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24667"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-plugin-5-2-17-sql-injection-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:15Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-m3xv-cj33-8m4w/GHSA-m3xv-cj33-8m4w.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-m3xv-cj33-8m4w",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24603"
],
"details": "Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24603"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/a4-barcode-generator/vulnerability/wordpress-print-labels-with-barcodes-create-price-tags-product-labels-order-labels-for-woocommerce-plugin-3-4-10-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:14Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-mvcm-g7x3-9g76/GHSA-mvcm-g7x3-9g76.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-mvcm-g7x3-9g76",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24740"
],
"details": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24740"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/learnpress/vulnerability/wordpress-learnpress-plugin-4-2-7-1-open-redirection-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-601"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:16Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-p2jh-xm2m-qvxq/GHSA-p2jh-xm2m-qvxq.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-p2jh-xm2m-qvxq",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-24601"
],
"details": "Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24601"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/fundpress/vulnerability/wordpress-fundpress-plugin-2-0-6-php-object-injection-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:28Z"
}
}

31
advisories/unreviewed/2025/01/GHSA-pff9-53m5-qr56/GHSA-pff9-53m5-qr56.json Normal file
Просмотреть файл

@ -0,0 +1,31 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pff9-53m5-qr56",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24783"
],
"details": "** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon.\n\nThis issue affects Apache Cocoon: all versions.\n\nWhen a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to.\n\nAs a mitigation, you may enable the \"session-bound-continuations\" option to make sure continuations are not shared across sessions.\n\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
"severity": [],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24783"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz"
}
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"severity": null,
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:17Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-pg2v-rrfp-r8gh/GHSA-pg2v-rrfp-r8gh.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pg2v-rrfp-r8gh",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23754"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ulrich Sossou The Loops allows Reflected XSS. This issue affects The Loops: from n/a through 1.0.2.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23754"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/the-loops/vulnerability/wordpress-the-loops-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:12Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-pm64-j9g7-q8pp/GHSA-pm64-j9g7-q8pp.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pm64-j9g7-q8pp",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24662"
],
"details": "Missing Authorization vulnerability in NotFound LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LearnDash LMS: from n/a through 4.20.0.1.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24662"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/sfwd-lms/vulnerability/wordpress-learndash-lms-plugin-4-20-0-1-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:15Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-pqhj-wjj5-567j/GHSA-pqhj-wjj5-567j.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-pqhj-wjj5-567j",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23849"
],
"details": "Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PAPERCITE: from n/a through 0.5.18.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23849"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/papercite/vulnerability/wordpress-papercite-plugin-0-5-18-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:13Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-q427-677q-cw5w/GHSA-q427-677q-cw5w.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-q427-677q-cw5w",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-24537"
],
"details": "Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery. This issue affects The Events Calendar: from n/a through 6.7.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24537"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/the-events-calendar/vulnerability/wordpress-the-events-calendar-plugin-6-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:13Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-q96q-g66j-qrq7/GHSA-q96q-g66j-qrq7.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-q96q-g66j-qrq7",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24742"
],
"details": "Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24742"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-google-maps/vulnerability/wordpress-wp-google-maps-plugin-9-0-40-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:16Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-q9cv-wr45-v4mq/GHSA-q9cv-wr45-v4mq.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-q9cv-wr45-v4mq",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23752"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CGD Arrange Terms allows Reflected XSS. This issue affects CGD Arrange Terms: from n/a through 1.1.3.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23752"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/shopp-arrange/vulnerability/wordpress-cgd-arrange-terms-plugin-1-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:12Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-qvv2-vrvp-prm4/GHSA-qvv2-vrvp-prm4.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-qvv2-vrvp-prm4",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23457"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clodeo Shipdeo allows Reflected XSS. This issue affects Shipdeo: from n/a through 1.2.8.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23457"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/shipdeo-woo/vulnerability/wordpress-shipdeo-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:28Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-qx4f-g6f2-8q4v/GHSA-qx4f-g6f2-8q4v.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-qx4f-g6f2-8q4v",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-24754"
],
"details": "Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24754"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/theme/houzez/vulnerability/wordpress-houzez-theme-3-4-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:29Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-r28c-fp93-v9rh/GHSA-r28c-fp93-v9rh.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-r28c-fp93-v9rh",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23756"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Chernyakov LawPress – Law Firm Website Management allows Reflected XSS. This issue affects LawPress – Law Firm Website Management: from n/a through 1.4.5.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23756"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/lawpress/vulnerability/wordpress-lawpress-plugin-1-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:12Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-r7f7-xvfh-9v3p/GHSA-r7f7-xvfh-9v3p.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-r7f7-xvfh-9v3p",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-24612"
],
"details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24612"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/nova-poshta-ttn/vulnerability/wordpress-shipping-for-nova-poshta-plugin-1-19-6-sql-injection-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:29Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-v3xg-67q9-3425/GHSA-v3xg-67q9-3425.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-v3xg-67q9-3425",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24590"
],
"details": "Missing Authorization vulnerability in Haptiq picu – Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects picu – Online Photo Proofing Gallery: from n/a through 2.4.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24590"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/picu/vulnerability/wordpress-picu-online-photo-proofing-gallery-plugin-2-4-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:13Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-vv37-655f-x6r8/GHSA-vv37-655f-x6r8.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-vv37-655f-x6r8",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23531"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David F. Carr RSVPMaker Volunteer Roles allows Reflected XSS. This issue affects RSVPMaker Volunteer Roles: from n/a through 1.5.1.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23531"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/rsvpmaker-volunteer-roles/vulnerability/wordpress-rsvpmaker-volunteer-roles-plugin-1-5-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:11Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-wc52-h2xh-5248/GHSA-wc52-h2xh-5248.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-wc52-h2xh-5248",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-24538"
],
"details": "Cross-Site Request Forgery (CSRF) vulnerability in slaFFik BuddyPress Groups Extras allows Cross Site Request Forgery. This issue affects BuddyPress Groups Extras: from n/a through 3.6.10.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24538"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/buddypress-groups-extras/vulnerability/wordpress-buddypress-groups-extras-plugin-3-6-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:13Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-whrw-h6g2-qpqp/GHSA-whrw-h6g2-qpqp.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-whrw-h6g2-qpqp",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:56Z",
"aliases": [
"CVE-2025-24533"
],
"details": "Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider allows Cross Site Request Forgery. This issue affects Responsive Slider by MetaSlider: from n/a through 3.92.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24533"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/ml-slider/vulnerability/wordpress-metaslider-plugin-3-92-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:28Z"
}
}

40
advisories/unreviewed/2025/01/GHSA-whw8-9r74-7rm5/GHSA-whw8-9r74-7rm5.json Normal file
Просмотреть файл

@ -0,0 +1,40 @@
{
"schema_version": "1.4.0",
"id": "GHSA-whw8-9r74-7rm5",
"modified": "2025-01-27T15:30:56Z",
"published": "2025-01-27T15:30:56Z",
"aliases": [
"CVE-2022-4975"
],
"details": "A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id=\"pdf-table\"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4975"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-4975"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071527"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "HIGH",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T14:15:27Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-ww43-86vr-pw2g/GHSA-ww43-86vr-pw2g.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-ww43-86vr-pw2g",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24744"
],
"details": "Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24744"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/bridge-core/vulnerability/wordpress-bridge-core-plugin-3-3-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:17Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-x2f4-46j7-4vr6/GHSA-x2f4-46j7-4vr6.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x2f4-46j7-4vr6",
"modified": "2025-01-27T15:30:58Z",
"published": "2025-01-27T15:30:58Z",
"aliases": [
"CVE-2025-24747"
],
"details": "Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24747"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/theme/houzez/vulnerability/wordpress-houzez-theme-3-4-0-broken-access-control-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:17Z"
}
}

36
advisories/unreviewed/2025/01/GHSA-x3qq-f5ph-gwv5/GHSA-x3qq-f5ph-gwv5.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-x3qq-f5ph-gwv5",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23529"
],
"details": "Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23529"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/minterpress/vulnerability/wordpress-minterpress-plugin-1-0-5-arbitrary-content-deletion-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-862"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:11Z"
}
}

3
advisories/unreviewed/2025/01/GHSA-x9mf-2j92-52jm/GHSA-x9mf-2j92-52jm.json
Просмотреть файл

@ -26,7 +26,8 @@
],
"database_specific": {
"cwe_ids": [
"CWE-120"
"CWE-120",
"CWE-787"
],
"severity": "HIGH",
"github_reviewed": false,

36
advisories/unreviewed/2025/01/GHSA-xrcw-mf6x-47h4/GHSA-xrcw-mf6x-47h4.json Normal file
Просмотреть файл

@ -0,0 +1,36 @@
{
"schema_version": "1.4.0",
"id": "GHSA-xrcw-mf6x-47h4",
"modified": "2025-01-27T15:30:57Z",
"published": "2025-01-27T15:30:57Z",
"aliases": [
"CVE-2025-23669"
],
"details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nurul Amin, Mohammad Saiful Islam WP Smart Tooltip allows Stored XSS. This issue affects WP Smart Tooltip: from n/a through 1.0.0.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23669"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-smart-tool-tip/vulnerability/wordpress-wp-smart-tooltip-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"severity": "MODERATE",
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T15:15:12Z"
}
}