diff --git a/advisories/unreviewed/2023/10/GHSA-79jx-q243-6wc7/GHSA-79jx-q243-6wc7.json b/advisories/unreviewed/2023/10/GHSA-79jx-q243-6wc7/GHSA-79jx-q243-6wc7.json index f8f317e203e..fdac3516f69 100644 --- a/advisories/unreviewed/2023/10/GHSA-79jx-q243-6wc7/GHSA-79jx-q243-6wc7.json +++ b/advisories/unreviewed/2023/10/GHSA-79jx-q243-6wc7/GHSA-79jx-q243-6wc7.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-79jx-q243-6wc7", - "modified": "2023-10-31T23:35:13Z", + "modified": "2025-04-16T00:31:29Z", "published": "2023-10-31T12:30:24Z", "aliases": [ "CVE-2023-38994" @@ -27,6 +27,10 @@ "type": "WEB", "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=56324#c0" }, + { + "type": "WEB", + "url": "https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_of_some_simple_bugs_that_led_to_the_complete_compromise_of_a_network_en.html" + }, { "type": "WEB", "url": "https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network" diff --git a/advisories/unreviewed/2024/02/GHSA-82rx-j336-57m8/GHSA-82rx-j336-57m8.json b/advisories/unreviewed/2024/02/GHSA-82rx-j336-57m8/GHSA-82rx-j336-57m8.json index f4a0e7928af..8230b1aef72 100644 --- a/advisories/unreviewed/2024/02/GHSA-82rx-j336-57m8/GHSA-82rx-j336-57m8.json +++ b/advisories/unreviewed/2024/02/GHSA-82rx-j336-57m8/GHSA-82rx-j336-57m8.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-82rx-j336-57m8", - "modified": "2024-02-13T09:30:31Z", + "modified": "2025-04-16T00:31:30Z", "published": "2024-02-02T09:30:23Z", "aliases": [ "CVE-2024-22851" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22851" }, + { + "type": "WEB", + "url": "https://raeph123.github.io/BlogPosts/LiveConfig/LiveConfig_Advisory_CVE-2024-22851_en.html" + }, { "type": "WEB", "url": "https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851" diff --git a/advisories/unreviewed/2024/04/GHSA-3524-72hj-ch2v/GHSA-3524-72hj-ch2v.json b/advisories/unreviewed/2024/04/GHSA-3524-72hj-ch2v/GHSA-3524-72hj-ch2v.json index 4f203484d80..e41691047a4 100644 --- a/advisories/unreviewed/2024/04/GHSA-3524-72hj-ch2v/GHSA-3524-72hj-ch2v.json +++ b/advisories/unreviewed/2024/04/GHSA-3524-72hj-ch2v/GHSA-3524-72hj-ch2v.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-3524-72hj-ch2v", - "modified": "2025-02-11T00:31:31Z", + "modified": "2025-04-16T00:31:30Z", "published": "2024-04-10T21:30:33Z", "aliases": [ "CVE-2024-29502" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29502" }, + { + "type": "WEB", + "url": "https://raeph123.github.io/BlogPosts/inteset/Inteset_Secure_Lockdown_Multi_Application_Edition_-_Vulnerabilities_and_Hardening_Measures_en.html" + }, { "type": "WEB", "url": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening" diff --git a/advisories/unreviewed/2024/04/GHSA-4fv8-fm6j-xc9r/GHSA-4fv8-fm6j-xc9r.json b/advisories/unreviewed/2024/04/GHSA-4fv8-fm6j-xc9r/GHSA-4fv8-fm6j-xc9r.json index 4e7f8f1ff2c..fe801b4064e 100644 --- a/advisories/unreviewed/2024/04/GHSA-4fv8-fm6j-xc9r/GHSA-4fv8-fm6j-xc9r.json +++ b/advisories/unreviewed/2024/04/GHSA-4fv8-fm6j-xc9r/GHSA-4fv8-fm6j-xc9r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-4fv8-fm6j-xc9r", - "modified": "2024-07-08T15:31:54Z", + "modified": "2025-04-16T00:31:30Z", "published": "2024-04-10T21:30:33Z", "aliases": [ "CVE-2024-29500" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29500" }, + { + "type": "WEB", + "url": "https://raeph123.github.io/BlogPosts/inteset/Inteset_Secure_Lockdown_Multi_Application_Edition_-_Vulnerabilities_and_Hardening_Measures_en.html" + }, { "type": "WEB", "url": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening" diff --git a/advisories/unreviewed/2025/03/GHSA-23vw-j76w-cpcq/GHSA-23vw-j76w-cpcq.json b/advisories/unreviewed/2025/03/GHSA-23vw-j76w-cpcq/GHSA-23vw-j76w-cpcq.json index 0d44f191c5e..80c179f1c67 100644 --- a/advisories/unreviewed/2025/03/GHSA-23vw-j76w-cpcq/GHSA-23vw-j76w-cpcq.json +++ b/advisories/unreviewed/2025/03/GHSA-23vw-j76w-cpcq/GHSA-23vw-j76w-cpcq.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-23vw-j76w-cpcq", - "modified": "2025-03-05T15:30:56Z", + "modified": "2025-04-16T00:31:33Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27680" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-33xg-68r6-57fc/GHSA-33xg-68r6-57fc.json b/advisories/unreviewed/2025/03/GHSA-33xg-68r6-57fc/GHSA-33xg-68r6-57fc.json index 6eae79e5df5..7027bda218c 100644 --- a/advisories/unreviewed/2025/03/GHSA-33xg-68r6-57fc/GHSA-33xg-68r6-57fc.json +++ b/advisories/unreviewed/2025/03/GHSA-33xg-68r6-57fc/GHSA-33xg-68r6-57fc.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-33xg-68r6-57fc", - "modified": "2025-03-05T18:32:08Z", + "modified": "2025-04-16T00:31:32Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27674" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-6v75-2jr8-rwxg/GHSA-6v75-2jr8-rwxg.json b/advisories/unreviewed/2025/03/GHSA-6v75-2jr8-rwxg/GHSA-6v75-2jr8-rwxg.json index e8d78d1f620..ba503209043 100644 --- a/advisories/unreviewed/2025/03/GHSA-6v75-2jr8-rwxg/GHSA-6v75-2jr8-rwxg.json +++ b/advisories/unreviewed/2025/03/GHSA-6v75-2jr8-rwxg/GHSA-6v75-2jr8-rwxg.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-6v75-2jr8-rwxg", - "modified": "2025-03-05T21:32:11Z", + "modified": "2025-04-16T00:31:33Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27684" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-7fxc-245r-5w9m/GHSA-7fxc-245r-5w9m.json b/advisories/unreviewed/2025/03/GHSA-7fxc-245r-5w9m/GHSA-7fxc-245r-5w9m.json index d7168a6eff2..f14e10686c7 100644 --- a/advisories/unreviewed/2025/03/GHSA-7fxc-245r-5w9m/GHSA-7fxc-245r-5w9m.json +++ b/advisories/unreviewed/2025/03/GHSA-7fxc-245r-5w9m/GHSA-7fxc-245r-5w9m.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-7fxc-245r-5w9m", - "modified": "2025-03-05T18:32:07Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:42Z", "aliases": [ "CVE-2025-27654" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-82qh-7crj-p5wh/GHSA-82qh-7crj-p5wh.json b/advisories/unreviewed/2025/03/GHSA-82qh-7crj-p5wh/GHSA-82qh-7crj-p5wh.json index c2380571d05..9e2d190c569 100644 --- a/advisories/unreviewed/2025/03/GHSA-82qh-7crj-p5wh/GHSA-82qh-7crj-p5wh.json +++ b/advisories/unreviewed/2025/03/GHSA-82qh-7crj-p5wh/GHSA-82qh-7crj-p5wh.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-82qh-7crj-p5wh", - "modified": "2025-03-05T21:32:11Z", + "modified": "2025-04-16T00:31:33Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27685" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-8646-xpx9-p8qm/GHSA-8646-xpx9-p8qm.json b/advisories/unreviewed/2025/03/GHSA-8646-xpx9-p8qm/GHSA-8646-xpx9-p8qm.json index 2a2687aa57f..4e78ea8e7e5 100644 --- a/advisories/unreviewed/2025/03/GHSA-8646-xpx9-p8qm/GHSA-8646-xpx9-p8qm.json +++ b/advisories/unreviewed/2025/03/GHSA-8646-xpx9-p8qm/GHSA-8646-xpx9-p8qm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-8646-xpx9-p8qm", - "modified": "2025-03-05T18:32:06Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27642" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-8gh5-grf4-93jr/GHSA-8gh5-grf4-93jr.json b/advisories/unreviewed/2025/03/GHSA-8gh5-grf4-93jr/GHSA-8gh5-grf4-93jr.json index 2296b3221d6..21ff7a41b6f 100644 --- a/advisories/unreviewed/2025/03/GHSA-8gh5-grf4-93jr/GHSA-8gh5-grf4-93jr.json +++ b/advisories/unreviewed/2025/03/GHSA-8gh5-grf4-93jr/GHSA-8gh5-grf4-93jr.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-8gh5-grf4-93jr", - "modified": "2025-03-05T15:30:56Z", + "modified": "2025-04-16T00:31:33Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27682" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-8x7j-pw2c-rmw3/GHSA-8x7j-pw2c-rmw3.json b/advisories/unreviewed/2025/03/GHSA-8x7j-pw2c-rmw3/GHSA-8x7j-pw2c-rmw3.json index b9efd5a3857..b9c218e83c1 100644 --- a/advisories/unreviewed/2025/03/GHSA-8x7j-pw2c-rmw3/GHSA-8x7j-pw2c-rmw3.json +++ b/advisories/unreviewed/2025/03/GHSA-8x7j-pw2c-rmw3/GHSA-8x7j-pw2c-rmw3.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-8x7j-pw2c-rmw3", - "modified": "2025-03-05T15:30:56Z", + "modified": "2025-04-16T00:31:33Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27681" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-8xvr-2xvr-m437/GHSA-8xvr-2xvr-m437.json b/advisories/unreviewed/2025/03/GHSA-8xvr-2xvr-m437/GHSA-8xvr-2xvr-m437.json index db610180a68..2a18d06ea41 100644 --- a/advisories/unreviewed/2025/03/GHSA-8xvr-2xvr-m437/GHSA-8xvr-2xvr-m437.json +++ b/advisories/unreviewed/2025/03/GHSA-8xvr-2xvr-m437/GHSA-8xvr-2xvr-m437.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-8xvr-2xvr-m437", - "modified": "2025-03-05T21:32:09Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27645" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-9cf6-w6g4-wf93/GHSA-9cf6-w6g4-wf93.json b/advisories/unreviewed/2025/03/GHSA-9cf6-w6g4-wf93/GHSA-9cf6-w6g4-wf93.json index 5537f093944..a2e6d1a8580 100644 --- a/advisories/unreviewed/2025/03/GHSA-9cf6-w6g4-wf93/GHSA-9cf6-w6g4-wf93.json +++ b/advisories/unreviewed/2025/03/GHSA-9cf6-w6g4-wf93/GHSA-9cf6-w6g4-wf93.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-9cf6-w6g4-wf93", - "modified": "2025-03-05T21:32:09Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27646" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-9wc4-4f8p-mmhx/GHSA-9wc4-4f8p-mmhx.json b/advisories/unreviewed/2025/03/GHSA-9wc4-4f8p-mmhx/GHSA-9wc4-4f8p-mmhx.json index 471938c6a69..93d3a8901a5 100644 --- a/advisories/unreviewed/2025/03/GHSA-9wc4-4f8p-mmhx/GHSA-9wc4-4f8p-mmhx.json +++ b/advisories/unreviewed/2025/03/GHSA-9wc4-4f8p-mmhx/GHSA-9wc4-4f8p-mmhx.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-9wc4-4f8p-mmhx", - "modified": "2025-03-05T18:32:06Z", + "modified": "2025-04-16T00:31:30Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27639" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-c22c-c436-hqcq/GHSA-c22c-c436-hqcq.json b/advisories/unreviewed/2025/03/GHSA-c22c-c436-hqcq/GHSA-c22c-c436-hqcq.json index 98b486f57e2..97c18dd4085 100644 --- a/advisories/unreviewed/2025/03/GHSA-c22c-c436-hqcq/GHSA-c22c-c436-hqcq.json +++ b/advisories/unreviewed/2025/03/GHSA-c22c-c436-hqcq/GHSA-c22c-c436-hqcq.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-c22c-c436-hqcq", - "modified": "2025-03-05T21:32:09Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27648" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-c558-7gx5-7hf4/GHSA-c558-7gx5-7hf4.json b/advisories/unreviewed/2025/03/GHSA-c558-7gx5-7hf4/GHSA-c558-7gx5-7hf4.json index 7c5593e82e7..b14c3b87e7e 100644 --- a/advisories/unreviewed/2025/03/GHSA-c558-7gx5-7hf4/GHSA-c558-7gx5-7hf4.json +++ b/advisories/unreviewed/2025/03/GHSA-c558-7gx5-7hf4/GHSA-c558-7gx5-7hf4.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-c558-7gx5-7hf4", - "modified": "2025-03-05T18:32:05Z", + "modified": "2025-04-16T00:31:30Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27637" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-c8p5-vh9m-2ggj/GHSA-c8p5-vh9m-2ggj.json b/advisories/unreviewed/2025/03/GHSA-c8p5-vh9m-2ggj/GHSA-c8p5-vh9m-2ggj.json index b9b00e83235..0c186b73840 100644 --- a/advisories/unreviewed/2025/03/GHSA-c8p5-vh9m-2ggj/GHSA-c8p5-vh9m-2ggj.json +++ b/advisories/unreviewed/2025/03/GHSA-c8p5-vh9m-2ggj/GHSA-c8p5-vh9m-2ggj.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-c8p5-vh9m-2ggj", - "modified": "2025-03-05T18:32:07Z", + "modified": "2025-04-16T00:31:32Z", "published": "2025-03-05T06:31:42Z", "aliases": [ "CVE-2025-27657" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-cj4j-rhvm-wqq7/GHSA-cj4j-rhvm-wqq7.json b/advisories/unreviewed/2025/03/GHSA-cj4j-rhvm-wqq7/GHSA-cj4j-rhvm-wqq7.json index b5439ffabb1..2642a04efa3 100644 --- a/advisories/unreviewed/2025/03/GHSA-cj4j-rhvm-wqq7/GHSA-cj4j-rhvm-wqq7.json +++ b/advisories/unreviewed/2025/03/GHSA-cj4j-rhvm-wqq7/GHSA-cj4j-rhvm-wqq7.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-cj4j-rhvm-wqq7", - "modified": "2025-03-05T21:32:11Z", + "modified": "2025-04-16T00:31:33Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27683" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-f83c-647q-q27r/GHSA-f83c-647q-q27r.json b/advisories/unreviewed/2025/03/GHSA-f83c-647q-q27r/GHSA-f83c-647q-q27r.json index 6bb8b760de0..d346216b0e4 100644 --- a/advisories/unreviewed/2025/03/GHSA-f83c-647q-q27r/GHSA-f83c-647q-q27r.json +++ b/advisories/unreviewed/2025/03/GHSA-f83c-647q-q27r/GHSA-f83c-647q-q27r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-f83c-647q-q27r", - "modified": "2025-03-05T18:32:09Z", + "modified": "2025-04-16T00:31:32Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27677" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-f84w-xq57-rqf4/GHSA-f84w-xq57-rqf4.json b/advisories/unreviewed/2025/03/GHSA-f84w-xq57-rqf4/GHSA-f84w-xq57-rqf4.json index 7b3479b4e7a..6c062338ea9 100644 --- a/advisories/unreviewed/2025/03/GHSA-f84w-xq57-rqf4/GHSA-f84w-xq57-rqf4.json +++ b/advisories/unreviewed/2025/03/GHSA-f84w-xq57-rqf4/GHSA-f84w-xq57-rqf4.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-f84w-xq57-rqf4", - "modified": "2025-03-05T21:32:08Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27643" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-fhvj-xr7h-8mmg/GHSA-fhvj-xr7h-8mmg.json b/advisories/unreviewed/2025/03/GHSA-fhvj-xr7h-8mmg/GHSA-fhvj-xr7h-8mmg.json index ed62b1ad05d..6bed4eaacb5 100644 --- a/advisories/unreviewed/2025/03/GHSA-fhvj-xr7h-8mmg/GHSA-fhvj-xr7h-8mmg.json +++ b/advisories/unreviewed/2025/03/GHSA-fhvj-xr7h-8mmg/GHSA-fhvj-xr7h-8mmg.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-fhvj-xr7h-8mmg", - "modified": "2025-03-05T18:32:07Z", + "modified": "2025-04-16T00:31:32Z", "published": "2025-03-05T06:31:42Z", "aliases": [ "CVE-2025-27656" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-fv6c-6rqc-j6m8/GHSA-fv6c-6rqc-j6m8.json b/advisories/unreviewed/2025/03/GHSA-fv6c-6rqc-j6m8/GHSA-fv6c-6rqc-j6m8.json index 690da24eef1..998c97d2a84 100644 --- a/advisories/unreviewed/2025/03/GHSA-fv6c-6rqc-j6m8/GHSA-fv6c-6rqc-j6m8.json +++ b/advisories/unreviewed/2025/03/GHSA-fv6c-6rqc-j6m8/GHSA-fv6c-6rqc-j6m8.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-fv6c-6rqc-j6m8", - "modified": "2025-03-05T18:32:06Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:42Z", "aliases": [ "CVE-2025-27653" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-g2m6-q89m-g82f/GHSA-g2m6-q89m-g82f.json b/advisories/unreviewed/2025/03/GHSA-g2m6-q89m-g82f/GHSA-g2m6-q89m-g82f.json index 832b5c9792f..edf464ea8f1 100644 --- a/advisories/unreviewed/2025/03/GHSA-g2m6-q89m-g82f/GHSA-g2m6-q89m-g82f.json +++ b/advisories/unreviewed/2025/03/GHSA-g2m6-q89m-g82f/GHSA-g2m6-q89m-g82f.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-g2m6-q89m-g82f", - "modified": "2025-03-05T21:32:09Z", + "modified": "2025-04-16T00:31:32Z", "published": "2025-03-05T06:31:42Z", "aliases": [ "CVE-2025-27650" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-gxmw-96jw-fwjw/GHSA-gxmw-96jw-fwjw.json b/advisories/unreviewed/2025/03/GHSA-gxmw-96jw-fwjw/GHSA-gxmw-96jw-fwjw.json index 9a509deb4a3..ba9f8c98669 100644 --- a/advisories/unreviewed/2025/03/GHSA-gxmw-96jw-fwjw/GHSA-gxmw-96jw-fwjw.json +++ b/advisories/unreviewed/2025/03/GHSA-gxmw-96jw-fwjw/GHSA-gxmw-96jw-fwjw.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-gxmw-96jw-fwjw", - "modified": "2025-03-05T18:32:09Z", + "modified": "2025-04-16T00:31:32Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27676" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-h39x-rmxf-4p9x/GHSA-h39x-rmxf-4p9x.json b/advisories/unreviewed/2025/03/GHSA-h39x-rmxf-4p9x/GHSA-h39x-rmxf-4p9x.json index 02d63494db0..fd7c4869d7a 100644 --- a/advisories/unreviewed/2025/03/GHSA-h39x-rmxf-4p9x/GHSA-h39x-rmxf-4p9x.json +++ b/advisories/unreviewed/2025/03/GHSA-h39x-rmxf-4p9x/GHSA-h39x-rmxf-4p9x.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-h39x-rmxf-4p9x", - "modified": "2025-03-05T18:32:06Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27638" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-hc9m-j5rq-cphm/GHSA-hc9m-j5rq-cphm.json b/advisories/unreviewed/2025/03/GHSA-hc9m-j5rq-cphm/GHSA-hc9m-j5rq-cphm.json index 06558db00a5..4d61fa535b4 100644 --- a/advisories/unreviewed/2025/03/GHSA-hc9m-j5rq-cphm/GHSA-hc9m-j5rq-cphm.json +++ b/advisories/unreviewed/2025/03/GHSA-hc9m-j5rq-cphm/GHSA-hc9m-j5rq-cphm.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-hc9m-j5rq-cphm", - "modified": "2025-03-05T21:32:09Z", + "modified": "2025-04-16T00:31:32Z", "published": "2025-03-05T06:31:42Z", "aliases": [ "CVE-2025-27651" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-j695-2cjc-466g/GHSA-j695-2cjc-466g.json b/advisories/unreviewed/2025/03/GHSA-j695-2cjc-466g/GHSA-j695-2cjc-466g.json index c7bb1d5bb91..61eb483ff79 100644 --- a/advisories/unreviewed/2025/03/GHSA-j695-2cjc-466g/GHSA-j695-2cjc-466g.json +++ b/advisories/unreviewed/2025/03/GHSA-j695-2cjc-466g/GHSA-j695-2cjc-466g.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-j695-2cjc-466g", - "modified": "2025-03-12T21:31:29Z", + "modified": "2025-04-16T00:31:34Z", "published": "2025-03-12T21:31:29Z", "aliases": [ "CVE-2024-26290" @@ -23,6 +23,10 @@ "type": "WEB", "url": "https://kb.avid.com/pkb/articles/troubleshooting/en239659" }, + { + "type": "WEB", + "url": "https://raeph123.github.io/BlogPosts/Avid_Nexis/Advisory_Avid_Nexus_Agent_Multiple_Vulnerabilities_en.html" + }, { "type": "WEB", "url": "https://www.drive-byte.de/en/blog/avid-nexis-agent-multiple-vulnerabilities" diff --git a/advisories/unreviewed/2025/03/GHSA-jcv4-98x3-hrjw/GHSA-jcv4-98x3-hrjw.json b/advisories/unreviewed/2025/03/GHSA-jcv4-98x3-hrjw/GHSA-jcv4-98x3-hrjw.json index c6f609f4cd3..1777356b635 100644 --- a/advisories/unreviewed/2025/03/GHSA-jcv4-98x3-hrjw/GHSA-jcv4-98x3-hrjw.json +++ b/advisories/unreviewed/2025/03/GHSA-jcv4-98x3-hrjw/GHSA-jcv4-98x3-hrjw.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-jcv4-98x3-hrjw", - "modified": "2025-03-05T21:32:09Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27644" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-jp47-j92m-38q6/GHSA-jp47-j92m-38q6.json b/advisories/unreviewed/2025/03/GHSA-jp47-j92m-38q6/GHSA-jp47-j92m-38q6.json index 2f251c4c1c9..d6e59619ce3 100644 --- a/advisories/unreviewed/2025/03/GHSA-jp47-j92m-38q6/GHSA-jp47-j92m-38q6.json +++ b/advisories/unreviewed/2025/03/GHSA-jp47-j92m-38q6/GHSA-jp47-j92m-38q6.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-jp47-j92m-38q6", - "modified": "2025-03-05T21:32:09Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:42Z", "aliases": [ "CVE-2025-27649" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-m2hr-w7qh-g6f3/GHSA-m2hr-w7qh-g6f3.json b/advisories/unreviewed/2025/03/GHSA-m2hr-w7qh-g6f3/GHSA-m2hr-w7qh-g6f3.json index 22fa4568699..e0ea3f055d8 100644 --- a/advisories/unreviewed/2025/03/GHSA-m2hr-w7qh-g6f3/GHSA-m2hr-w7qh-g6f3.json +++ b/advisories/unreviewed/2025/03/GHSA-m2hr-w7qh-g6f3/GHSA-m2hr-w7qh-g6f3.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-m2hr-w7qh-g6f3", - "modified": "2025-03-05T15:30:56Z", + "modified": "2025-04-16T00:31:33Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27679" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-mrwr-hqqx-f887/GHSA-mrwr-hqqx-f887.json b/advisories/unreviewed/2025/03/GHSA-mrwr-hqqx-f887/GHSA-mrwr-hqqx-f887.json index 4cdc8f3b269..1cf5b8ccf56 100644 --- a/advisories/unreviewed/2025/03/GHSA-mrwr-hqqx-f887/GHSA-mrwr-hqqx-f887.json +++ b/advisories/unreviewed/2025/03/GHSA-mrwr-hqqx-f887/GHSA-mrwr-hqqx-f887.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-mrwr-hqqx-f887", - "modified": "2025-03-05T18:32:06Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27641" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-pvcg-63x2-w4px/GHSA-pvcg-63x2-w4px.json b/advisories/unreviewed/2025/03/GHSA-pvcg-63x2-w4px/GHSA-pvcg-63x2-w4px.json index a138fff8d0e..c24cb024da5 100644 --- a/advisories/unreviewed/2025/03/GHSA-pvcg-63x2-w4px/GHSA-pvcg-63x2-w4px.json +++ b/advisories/unreviewed/2025/03/GHSA-pvcg-63x2-w4px/GHSA-pvcg-63x2-w4px.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-pvcg-63x2-w4px", - "modified": "2025-03-05T21:32:09Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:41Z", "aliases": [ "CVE-2025-27647" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-rfj8-j94q-wxfj/GHSA-rfj8-j94q-wxfj.json b/advisories/unreviewed/2025/03/GHSA-rfj8-j94q-wxfj/GHSA-rfj8-j94q-wxfj.json index c7fe83f5382..fd9a5253c1e 100644 --- a/advisories/unreviewed/2025/03/GHSA-rfj8-j94q-wxfj/GHSA-rfj8-j94q-wxfj.json +++ b/advisories/unreviewed/2025/03/GHSA-rfj8-j94q-wxfj/GHSA-rfj8-j94q-wxfj.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-rfj8-j94q-wxfj", - "modified": "2025-03-05T21:32:10Z", + "modified": "2025-04-16T00:31:31Z", "published": "2025-03-05T06:31:42Z", "aliases": [ "CVE-2025-27652" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-v3vq-c35p-xgqh/GHSA-v3vq-c35p-xgqh.json b/advisories/unreviewed/2025/03/GHSA-v3vq-c35p-xgqh/GHSA-v3vq-c35p-xgqh.json index 104521d7681..6e42f76c65c 100644 --- a/advisories/unreviewed/2025/03/GHSA-v3vq-c35p-xgqh/GHSA-v3vq-c35p-xgqh.json +++ b/advisories/unreviewed/2025/03/GHSA-v3vq-c35p-xgqh/GHSA-v3vq-c35p-xgqh.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-v3vq-c35p-xgqh", - "modified": "2025-03-05T18:32:09Z", + "modified": "2025-04-16T00:31:32Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27675" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-vwxx-w68r-9cm2/GHSA-vwxx-w68r-9cm2.json b/advisories/unreviewed/2025/03/GHSA-vwxx-w68r-9cm2/GHSA-vwxx-w68r-9cm2.json index ff77e807f62..8a585f70ae9 100644 --- a/advisories/unreviewed/2025/03/GHSA-vwxx-w68r-9cm2/GHSA-vwxx-w68r-9cm2.json +++ b/advisories/unreviewed/2025/03/GHSA-vwxx-w68r-9cm2/GHSA-vwxx-w68r-9cm2.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-vwxx-w68r-9cm2", - "modified": "2025-03-05T18:32:07Z", + "modified": "2025-04-16T00:31:32Z", "published": "2025-03-05T06:31:42Z", "aliases": [ "CVE-2025-27655" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/03/GHSA-wfc2-7fm3-v49c/GHSA-wfc2-7fm3-v49c.json b/advisories/unreviewed/2025/03/GHSA-wfc2-7fm3-v49c/GHSA-wfc2-7fm3-v49c.json index 3aafe4e7ffc..df83a8b1930 100644 --- a/advisories/unreviewed/2025/03/GHSA-wfc2-7fm3-v49c/GHSA-wfc2-7fm3-v49c.json +++ b/advisories/unreviewed/2025/03/GHSA-wfc2-7fm3-v49c/GHSA-wfc2-7fm3-v49c.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-wfc2-7fm3-v49c", - "modified": "2025-03-05T18:32:09Z", + "modified": "2025-04-16T00:31:32Z", "published": "2025-03-05T06:31:43Z", "aliases": [ "CVE-2025-27678" @@ -22,6 +22,10 @@ { "type": "WEB", "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm" + }, + { + "type": "WEB", + "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html" } ], "database_specific": { diff --git a/advisories/unreviewed/2025/04/GHSA-258c-748x-qf4g/GHSA-258c-748x-qf4g.json b/advisories/unreviewed/2025/04/GHSA-258c-748x-qf4g/GHSA-258c-748x-qf4g.json new file mode 100644 index 00000000000..7de6be5d931 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-258c-748x-qf4g/GHSA-258c-748x-qf4g.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-258c-748x-qf4g", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-25458" + ], + "details": "Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25458" + }, + { + "type": "WEB", + "url": "https://gist.github.com/xyqer1/d195ea1eb37ba1cc5f709b1d4fc1a2c6" + }, + { + "type": "WEB", + "url": "https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-serverName2-StackOverflow" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T23:15:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-25jh-wfqw-8v39/GHSA-25jh-wfqw-8v39.json b/advisories/unreviewed/2025/04/GHSA-25jh-wfqw-8v39/GHSA-25jh-wfqw-8v39.json new file mode 100644 index 00000000000..8a75e21a0e0 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-25jh-wfqw-8v39/GHSA-25jh-wfqw-8v39.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-25jh-wfqw-8v39", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-32923" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. This issue affects Tourmaster: from n/a through n/a.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32923" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/tourmaster/vulnerability/wordpress-tourmaster-plugin-5-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:28Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-3vcc-wpcm-9vgm/GHSA-3vcc-wpcm-9vgm.json b/advisories/unreviewed/2025/04/GHSA-3vcc-wpcm-9vgm/GHSA-3vcc-wpcm-9vgm.json new file mode 100644 index 00000000000..dd29f077fa8 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-3vcc-wpcm-9vgm/GHSA-3vcc-wpcm-9vgm.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3vcc-wpcm-9vgm", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-27561" + ], + "details": "Unauthenticated attackers can rename \"rooms\" of arbitrary users.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27561" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-458q-4x98-hjwr/GHSA-458q-4x98-hjwr.json b/advisories/unreviewed/2025/04/GHSA-458q-4x98-hjwr/GHSA-458q-4x98-hjwr.json new file mode 100644 index 00000000000..b797d7b4444 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-458q-4x98-hjwr/GHSA-458q-4x98-hjwr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-458q-4x98-hjwr", + "modified": "2025-04-16T00:31:35Z", + "published": "2025-04-16T00:31:35Z", + "aliases": [ + "CVE-2025-25276" + ], + "details": "An unauthenticated attacker can hijack other users' devices and potentially control them.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25276" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-4gwp-27ph-2qrj/GHSA-4gwp-27ph-2qrj.json b/advisories/unreviewed/2025/04/GHSA-4gwp-27ph-2qrj/GHSA-4gwp-27ph-2qrj.json new file mode 100644 index 00000000000..2bcb9ff6b59 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-4gwp-27ph-2qrj/GHSA-4gwp-27ph-2qrj.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4gwp-27ph-2qrj", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-27929" + ], + "details": "Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27929" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-6jhq-f3cp-jgmp/GHSA-6jhq-f3cp-jgmp.json b/advisories/unreviewed/2025/04/GHSA-6jhq-f3cp-jgmp/GHSA-6jhq-f3cp-jgmp.json new file mode 100644 index 00000000000..899b9cb6e77 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-6jhq-f3cp-jgmp/GHSA-6jhq-f3cp-jgmp.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6jhq-f3cp-jgmp", + "modified": "2025-04-16T00:31:35Z", + "published": "2025-04-16T00:31:35Z", + "aliases": [ + "CVE-2025-24850" + ], + "details": "An attacker can export other users' plant information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24850" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-753f-jpp4-mp46/GHSA-753f-jpp4-mp46.json b/advisories/unreviewed/2025/04/GHSA-753f-jpp4-mp46/GHSA-753f-jpp4-mp46.json new file mode 100644 index 00000000000..8d248fe5403 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-753f-jpp4-mp46/GHSA-753f-jpp4-mp46.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-753f-jpp4-mp46", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-27927" + ], + "details": "An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27927" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-76qf-f82q-h3c3/GHSA-76qf-f82q-h3c3.json b/advisories/unreviewed/2025/04/GHSA-76qf-f82q-h3c3/GHSA-76qf-f82q-h3c3.json new file mode 100644 index 00000000000..c6ac34d3e77 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-76qf-f82q-h3c3/GHSA-76qf-f82q-h3c3.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-76qf-f82q-h3c3", + "modified": "2025-04-16T00:31:34Z", + "published": "2025-04-16T00:31:34Z", + "aliases": [ + "CVE-2025-22269" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Real Testimonials allows Stored XSS. This issue affects Real Testimonials: from n/a through 3.1.6.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22269" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/testimonial-free/vulnerability/wordpress-real-testimonials-plugin-3-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-76w7-gcrw-2h29/GHSA-76w7-gcrw-2h29.json b/advisories/unreviewed/2025/04/GHSA-76w7-gcrw-2h29/GHSA-76w7-gcrw-2h29.json new file mode 100644 index 00000000000..bc27e376038 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-76w7-gcrw-2h29/GHSA-76w7-gcrw-2h29.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-76w7-gcrw-2h29", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-30257" + ], + "details": "Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30257" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-8266-2wq4-3fxv/GHSA-8266-2wq4-3fxv.json b/advisories/unreviewed/2025/04/GHSA-8266-2wq4-3fxv/GHSA-8266-2wq4-3fxv.json new file mode 100644 index 00000000000..7602c74f6d6 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-8266-2wq4-3fxv/GHSA-8266-2wq4-3fxv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8266-2wq4-3fxv", + "modified": "2025-04-16T00:31:35Z", + "published": "2025-04-16T00:31:35Z", + "aliases": [ + "CVE-2025-26730" + ], + "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26730" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/macro-admin-email-data-optin-calculator/vulnerability/wordpress-macro-calculator-with-admin-email-optin-data-plugin-1-0-multiple-vulnerabilities-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-497" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-88m8-cgv4-46m9/GHSA-88m8-cgv4-46m9.json b/advisories/unreviewed/2025/04/GHSA-88m8-cgv4-46m9/GHSA-88m8-cgv4-46m9.json new file mode 100644 index 00000000000..1b8706763be --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-88m8-cgv4-46m9/GHSA-88m8-cgv4-46m9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-88m8-cgv4-46m9", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26996" + ], + "details": "Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26996" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/sign-up-sheets/vulnerability/wordpress-sign-up-sheets-plugin-2-3-0-1-shortcode-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-8pwh-7cm4-r7r2/GHSA-8pwh-7cm4-r7r2.json b/advisories/unreviewed/2025/04/GHSA-8pwh-7cm4-r7r2/GHSA-8pwh-7cm4-r7r2.json new file mode 100644 index 00000000000..97c9acd2ad6 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-8pwh-7cm4-r7r2/GHSA-8pwh-7cm4-r7r2.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-8pwh-7cm4-r7r2", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-27565" + ], + "details": "An unauthenticated attacker can delete any user's \"rooms\" by knowing the user's and room IDs.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27565" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-99gc-fxf4-398x/GHSA-99gc-fxf4-398x.json b/advisories/unreviewed/2025/04/GHSA-99gc-fxf4-398x/GHSA-99gc-fxf4-398x.json new file mode 100644 index 00000000000..7f030c29038 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-99gc-fxf4-398x/GHSA-99gc-fxf4-398x.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-99gc-fxf4-398x", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26951" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks allows DOM-Based XSS. This issue affects C9 Blocks: from n/a through 1.7.7.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26951" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/c9-blocks/vulnerability/wordpress-c9-blocks-plugin-1-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-9p7w-r275-r9wg/GHSA-9p7w-r275-r9wg.json b/advisories/unreviewed/2025/04/GHSA-9p7w-r275-r9wg/GHSA-9p7w-r275-r9wg.json new file mode 100644 index 00000000000..24685286324 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-9p7w-r275-r9wg/GHSA-9p7w-r275-r9wg.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9p7w-r275-r9wg", + "modified": "2025-04-16T00:31:36Z", + "published": "2025-04-16T00:31:36Z", + "aliases": [ + "CVE-2025-26870" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetEngine allows DOM-Based XSS. This issue affects JetEngine: from n/a through 3.6.4.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26870" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-6-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-c5cf-2xw6-jfpr/GHSA-c5cf-2xw6-jfpr.json b/advisories/unreviewed/2025/04/GHSA-c5cf-2xw6-jfpr/GHSA-c5cf-2xw6-jfpr.json new file mode 100644 index 00000000000..9e44b520ab9 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-c5cf-2xw6-jfpr/GHSA-c5cf-2xw6-jfpr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c5cf-2xw6-jfpr", + "modified": "2025-04-16T00:31:36Z", + "published": "2025-04-16T00:31:36Z", + "aliases": [ + "CVE-2025-26857" + ], + "details": "Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26857" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-cc9c-7qxf-mf3r/GHSA-cc9c-7qxf-mf3r.json b/advisories/unreviewed/2025/04/GHSA-cc9c-7qxf-mf3r/GHSA-cc9c-7qxf-mf3r.json new file mode 100644 index 00000000000..25146fa6e0f --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-cc9c-7qxf-mf3r/GHSA-cc9c-7qxf-mf3r.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cc9c-7qxf-mf3r", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26950" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonsPress Nepali Date Converter allows Stored XSS. This issue affects Nepali Date Converter: from n/a through 2.0.8.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26950" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/nepali-date-converter/vulnerability/wordpress-nepali-date-converter-plugin-2-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-cm3v-8rjf-ggr8/GHSA-cm3v-8rjf-ggr8.json b/advisories/unreviewed/2025/04/GHSA-cm3v-8rjf-ggr8/GHSA-cm3v-8rjf-ggr8.json new file mode 100644 index 00000000000..deab56fa4f0 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-cm3v-8rjf-ggr8/GHSA-cm3v-8rjf-ggr8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cm3v-8rjf-ggr8", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26906" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts allows DOM-Based XSS. This issue affects WP Delete User Accounts: from n/a through 1.2.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26906" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/wp-delete-user-accounts/vulnerability/wordpress-wp-delete-user-accounts-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-fm53-whg6-6h7w/GHSA-fm53-whg6-6h7w.json b/advisories/unreviewed/2025/04/GHSA-fm53-whg6-6h7w/GHSA-fm53-whg6-6h7w.json new file mode 100644 index 00000000000..36bc0128f60 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-fm53-whg6-6h7w/GHSA-fm53-whg6-6h7w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fm53-whg6-6h7w", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26903" + ], + "details": "Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery allows Cross Site Request Forgery. This issue affects InPost Gallery: from n/a through 2.1.4.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26903" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/inpost-gallery/vulnerability/wordpress-inpost-gallery-plugin-2-1-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-fp9c-2fxx-c9q4/GHSA-fp9c-2fxx-c9q4.json b/advisories/unreviewed/2025/04/GHSA-fp9c-2fxx-c9q4/GHSA-fp9c-2fxx-c9q4.json new file mode 100644 index 00000000000..de2e56ca718 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-fp9c-2fxx-c9q4/GHSA-fp9c-2fxx-c9q4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fp9c-2fxx-c9q4", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-31360" + ], + "details": "Unauthenticated attackers can trigger device actions associated with specific \"scenes\" of arbitrary users.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31360" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-fvm9-c9qf-h767/GHSA-fvm9-c9qf-h767.json b/advisories/unreviewed/2025/04/GHSA-fvm9-c9qf-h767/GHSA-fvm9-c9qf-h767.json new file mode 100644 index 00000000000..f1f4f2034bd --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-fvm9-c9qf-h767/GHSA-fvm9-c9qf-h767.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fvm9-c9qf-h767", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-27575" + ], + "details": "An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27575" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-gcw4-vxg9-h5rv/GHSA-gcw4-vxg9-h5rv.json b/advisories/unreviewed/2025/04/GHSA-gcw4-vxg9-h5rv/GHSA-gcw4-vxg9-h5rv.json new file mode 100644 index 00000000000..be8c3af6479 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-gcw4-vxg9-h5rv/GHSA-gcw4-vxg9-h5rv.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gcw4-vxg9-h5rv", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-30982" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media allows Stored XSS. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30982" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/mybookprogress/vulnerability/wordpress-mybookprogress-by-stormhill-media-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-gv66-5jhq-833c/GHSA-gv66-5jhq-833c.json b/advisories/unreviewed/2025/04/GHSA-gv66-5jhq-833c/GHSA-gv66-5jhq-833c.json new file mode 100644 index 00000000000..91e70f36099 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-gv66-5jhq-833c/GHSA-gv66-5jhq-833c.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gv66-5jhq-833c", + "modified": "2025-04-16T00:31:39Z", + "published": "2025-04-16T00:31:39Z", + "aliases": [ + "CVE-2025-25453" + ], + "details": "Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25453" + }, + { + "type": "WEB", + "url": "https://gist.github.com/xyqer1/84dc6d8b3f92597d1d597b2799c2c45f" + }, + { + "type": "WEB", + "url": "https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-serviceName2-StackOverflow" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T23:15:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-gvjv-gp9v-cgcq/GHSA-gvjv-gp9v-cgcq.json b/advisories/unreviewed/2025/04/GHSA-gvjv-gp9v-cgcq/GHSA-gvjv-gp9v-cgcq.json new file mode 100644 index 00000000000..c2e8847ebab --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-gvjv-gp9v-cgcq/GHSA-gvjv-gp9v-cgcq.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gvjv-gp9v-cgcq", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-30967" + ], + "details": "Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30967" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-gwfx-rx3p-m9qf/GHSA-gwfx-rx3p-m9qf.json b/advisories/unreviewed/2025/04/GHSA-gwfx-rx3p-m9qf/GHSA-gwfx-rx3p-m9qf.json new file mode 100644 index 00000000000..7774e927eb2 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-gwfx-rx3p-m9qf/GHSA-gwfx-rx3p-m9qf.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gwfx-rx3p-m9qf", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-22911" + ], + "details": "RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22911" + }, + { + "type": "WEB", + "url": "https://gist.github.com/xyqer1/6145c00a51093baad7ab5b8293a06e80" + }, + { + "type": "WEB", + "url": "https://github.com/xyqer1/RE11S_1.11-formiNICbasicREP-StackOverflow" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T23:15:42Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-gx9q-pjvg-g34q/GHSA-gx9q-pjvg-g34q.json b/advisories/unreviewed/2025/04/GHSA-gx9q-pjvg-g34q/GHSA-gx9q-pjvg-g34q.json new file mode 100644 index 00000000000..0975289bd1d --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-gx9q-pjvg-g34q/GHSA-gx9q-pjvg-g34q.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gx9q-pjvg-g34q", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-31147" + ], + "details": "Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31147" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-h769-2vfr-4wxg/GHSA-h769-2vfr-4wxg.json b/advisories/unreviewed/2025/04/GHSA-h769-2vfr-4wxg/GHSA-h769-2vfr-4wxg.json new file mode 100644 index 00000000000..c3ab75afc4d --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-h769-2vfr-4wxg/GHSA-h769-2vfr-4wxg.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h769-2vfr-4wxg", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-31945" + ], + "details": "An unauthenticated attacker can obtain other users' charger information.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31945" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-hmjj-c274-5v4r/GHSA-hmjj-c274-5v4r.json b/advisories/unreviewed/2025/04/GHSA-hmjj-c274-5v4r/GHSA-hmjj-c274-5v4r.json new file mode 100644 index 00000000000..5f70c6a615e --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-hmjj-c274-5v4r/GHSA-hmjj-c274-5v4r.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hmjj-c274-5v4r", + "modified": "2025-04-16T00:31:36Z", + "published": "2025-04-16T00:31:36Z", + "aliases": [ + "CVE-2025-26749" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through 1.7.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26749" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/product-tabs-for-woocommerce/vulnerability/wordpress-additional-custom-product-tabs-for-woocommerce-plugin-1-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-hq35-q7v2-3jcx/GHSA-hq35-q7v2-3jcx.json b/advisories/unreviewed/2025/04/GHSA-hq35-q7v2-3jcx/GHSA-hq35-q7v2-3jcx.json new file mode 100644 index 00000000000..251583da7cb --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-hq35-q7v2-3jcx/GHSA-hq35-q7v2-3jcx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hq35-q7v2-3jcx", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26919" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tainá allows Stored XSS. This issue affects Tainá: from n/a through 0.2.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26919" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/theme/taina/vulnerability/wordpress-taina-plugin-0-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-j9hj-57xw-whpw/GHSA-j9hj-57xw-whpw.json b/advisories/unreviewed/2025/04/GHSA-j9hj-57xw-whpw/GHSA-j9hj-57xw-whpw.json new file mode 100644 index 00000000000..16c9a1a77fb --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-j9hj-57xw-whpw/GHSA-j9hj-57xw-whpw.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-j9hj-57xw-whpw", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26908" + ], + "details": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratör allows SQL Injection. This issue affects Kargo Entegratör: from n/a through 1.1.14.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26908" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/kargo-entegrator/vulnerability/wordpress-kargo-entegratoer-plugin-1-1-14-sql-injection-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-89" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-jh6f-6q67-5q7v/GHSA-jh6f-6q67-5q7v.json b/advisories/unreviewed/2025/04/GHSA-jh6f-6q67-5q7v/GHSA-jh6f-6q67-5q7v.json new file mode 100644 index 00000000000..b9a32e81412 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-jh6f-6q67-5q7v/GHSA-jh6f-6q67-5q7v.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jh6f-6q67-5q7v", + "modified": "2025-04-16T00:31:35Z", + "published": "2025-04-16T00:31:35Z", + "aliases": [ + "CVE-2025-24297" + ], + "details": "Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24297" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-jr9m-x45v-846g/GHSA-jr9m-x45v-846g.json b/advisories/unreviewed/2025/04/GHSA-jr9m-x45v-846g/GHSA-jr9m-x45v-846g.json new file mode 100644 index 00000000000..637d2c3c83b --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-jr9m-x45v-846g/GHSA-jr9m-x45v-846g.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jr9m-x45v-846g", + "modified": "2025-04-16T00:31:36Z", + "published": "2025-04-16T00:31:36Z", + "aliases": [ + "CVE-2025-26746" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Advanced Custom Fields: Link Picker Field allows Reflected XSS. This issue affects Advanced Custom Fields: Link Picker Field: from n/a through 1.2.8.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26746" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/acf-link-picker-field/vulnerability/wordpress-advanced-custom-fields-link-picker-field-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-jw7f-23qw-5686/GHSA-jw7f-23qw-5686.json b/advisories/unreviewed/2025/04/GHSA-jw7f-23qw-5686/GHSA-jw7f-23qw-5686.json new file mode 100644 index 00000000000..bc6dc27e319 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-jw7f-23qw-5686/GHSA-jw7f-23qw-5686.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jw7f-23qw-5686", + "modified": "2025-04-16T00:31:34Z", + "published": "2025-04-16T00:31:34Z", + "aliases": [ + "CVE-2025-22263" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22263" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/global-gallery/vulnerability/wordpress-global-gallery-plugin-8-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-jx72-hjqg-63p5/GHSA-jx72-hjqg-63p5.json b/advisories/unreviewed/2025/04/GHSA-jx72-hjqg-63p5/GHSA-jx72-hjqg-63p5.json new file mode 100644 index 00000000000..b2de870417d --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-jx72-hjqg-63p5/GHSA-jx72-hjqg-63p5.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jx72-hjqg-63p5", + "modified": "2025-04-16T00:31:34Z", + "published": "2025-04-16T00:31:34Z", + "aliases": [ + "CVE-2024-49200" + ], + "details": "An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. This can be leveraged by an attacker to perform arbitrary writes, potentially leading to arbitrary code execution. The issue has been fixed in kernel 5.2, Version 05.29.44; kernel 5.3, Version 05.38.44; kernel 5.4, Version 05.46.44; kernel 5.5, Version 05.54.44; kernel 5.6, Version 05.61.44; and kernel 5.7, Version 05.70.44.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49200" + }, + { + "type": "WEB", + "url": "https://www.insyde.com/security-pledge/SA-2024015" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-m5v9-79h2-cg6f/GHSA-m5v9-79h2-cg6f.json b/advisories/unreviewed/2025/04/GHSA-m5v9-79h2-cg6f/GHSA-m5v9-79h2-cg6f.json new file mode 100644 index 00000000000..5befbc4f9de --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-m5v9-79h2-cg6f/GHSA-m5v9-79h2-cg6f.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m5v9-79h2-cg6f", + "modified": "2025-04-16T00:31:36Z", + "published": "2025-04-16T00:31:36Z", + "aliases": [ + "CVE-2025-26748" + ], + "details": "Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26748" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/theme/arkhe/vulnerability/wordpress-arkhe-theme-3-11-0-csrf-to-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-352" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-mfmq-xx6g-hmw8/GHSA-mfmq-xx6g-hmw8.json b/advisories/unreviewed/2025/04/GHSA-mfmq-xx6g-hmw8/GHSA-mfmq-xx6g-hmw8.json new file mode 100644 index 00000000000..314242ae5bd --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-mfmq-xx6g-hmw8/GHSA-mfmq-xx6g-hmw8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mfmq-xx6g-hmw8", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-30970" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Contact allows Reflected XSS. This issue affects Easy Contact: from n/a through 0.1.2.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30970" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/easy-contact/vulnerability/wordpress-easy-contact-plugin-0-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-mfp8-q392-37mj/GHSA-mfp8-q392-37mj.json b/advisories/unreviewed/2025/04/GHSA-mfp8-q392-37mj/GHSA-mfp8-q392-37mj.json new file mode 100644 index 00000000000..b45b0bd8aaf --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-mfp8-q392-37mj/GHSA-mfp8-q392-37mj.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mfp8-q392-37mj", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-31654" + ], + "details": "An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., \"rooms\").", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31654" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-mj7c-v2g5-mrv5/GHSA-mj7c-v2g5-mrv5.json b/advisories/unreviewed/2025/04/GHSA-mj7c-v2g5-mrv5/GHSA-mj7c-v2g5-mrv5.json new file mode 100644 index 00000000000..3e6a803b2e2 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-mj7c-v2g5-mrv5/GHSA-mj7c-v2g5-mrv5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mj7c-v2g5-mrv5", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26953" + ], + "details": "Missing Authorization vulnerability in NotFound JetMenu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetMenu: from n/a through 2.4.9.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26953" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/jet-menu/vulnerability/wordpress-jetmenu-2-4-9-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-p52r-cg8w-6pjj/GHSA-p52r-cg8w-6pjj.json b/advisories/unreviewed/2025/04/GHSA-p52r-cg8w-6pjj/GHSA-p52r-cg8w-6pjj.json new file mode 100644 index 00000000000..ee317a42aac --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-p52r-cg8w-6pjj/GHSA-p52r-cg8w-6pjj.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-p52r-cg8w-6pjj", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-27011" + ], + "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager allows PHP Local File Inclusion. This issue affects Booking and Rental Manager: from n/a through 2.2.8.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27011" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/booking-and-rental-manager-for-woocommerce/vulnerability/wordpress-booking-and-rental-manager-plugin-2-2-8-local-file-inclusion-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-98" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-ph7f-9627-5v9m/GHSA-ph7f-9627-5v9m.json b/advisories/unreviewed/2025/04/GHSA-ph7f-9627-5v9m/GHSA-ph7f-9627-5v9m.json new file mode 100644 index 00000000000..3a4438d1b4a --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-ph7f-9627-5v9m/GHSA-ph7f-9627-5v9m.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-ph7f-9627-5v9m", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26934" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphthemes Glossy Blog allows Stored XSS. This issue affects Glossy Blog: from n/a through 1.0.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26934" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/theme/glossy-blog/vulnerability/wordpress-glossy-blog-theme-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-pqqp-3627-c6r6/GHSA-pqqp-3627-c6r6.json b/advisories/unreviewed/2025/04/GHSA-pqqp-3627-c6r6/GHSA-pqqp-3627-c6r6.json new file mode 100644 index 00000000000..878d13ea973 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-pqqp-3627-c6r6/GHSA-pqqp-3627-c6r6.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pqqp-3627-c6r6", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-27008" + ], + "details": "Missing Authorization vulnerability in NotFound Unlimited Timeline allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Unlimited Timeline: from n/a through n/a.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27008" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/unlimited-timeline/vulnerability/wordpress-unlimited-timeline-1-6-1-broken-access-control-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-862" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-q267-qx6f-jxqx/GHSA-q267-qx6f-jxqx.json b/advisories/unreviewed/2025/04/GHSA-q267-qx6f-jxqx/GHSA-q267-qx6f-jxqx.json new file mode 100644 index 00000000000..b7a3f0e7060 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-q267-qx6f-jxqx/GHSA-q267-qx6f-jxqx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q267-qx6f-jxqx", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-31950" + ], + "details": "An unauthenticated attacker can obtain EV charger energy consumption information of other users.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31950" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-qg6g-c2hr-fv6w/GHSA-qg6g-c2hr-fv6w.json b/advisories/unreviewed/2025/04/GHSA-qg6g-c2hr-fv6w/GHSA-qg6g-c2hr-fv6w.json new file mode 100644 index 00000000000..9ea2d61664e --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-qg6g-c2hr-fv6w/GHSA-qg6g-c2hr-fv6w.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qg6g-c2hr-fv6w", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26998" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.8.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26998" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/skt-blocks/vulnerability/wordpress-skt-blocks-gutenberg-based-page-builder-plugin-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-qxr8-wmc9-gc6q/GHSA-qxr8-wmc9-gc6q.json b/advisories/unreviewed/2025/04/GHSA-qxr8-wmc9-gc6q/GHSA-qxr8-wmc9-gc6q.json new file mode 100644 index 00000000000..150438c8b47 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-qxr8-wmc9-gc6q/GHSA-qxr8-wmc9-gc6q.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qxr8-wmc9-gc6q", + "modified": "2025-04-16T00:31:36Z", + "published": "2025-04-16T00:31:36Z", + "aliases": [ + "CVE-2025-26880" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar allows Stored XSS. This issue affects SKT Skill Bar: from n/a through 2.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26880" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/skt-skill-bar/vulnerability/wordpress-skt-skill-bar-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-rcrq-pv9x-j35x/GHSA-rcrq-pv9x-j35x.json b/advisories/unreviewed/2025/04/GHSA-rcrq-pv9x-j35x/GHSA-rcrq-pv9x-j35x.json new file mode 100644 index 00000000000..8c6c4a6c53e --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-rcrq-pv9x-j35x/GHSA-rcrq-pv9x-j35x.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rcrq-pv9x-j35x", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26927" + ], + "details": "Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26927" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/theme/aihub/vulnerability/wordpress-ai-hub-plugin-1-3-3-arbitrary-file-upload-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-434" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-rjgx-x4rm-x6hx/GHSA-rjgx-x4rm-x6hx.json b/advisories/unreviewed/2025/04/GHSA-rjgx-x4rm-x6hx/GHSA-rjgx-x4rm-x6hx.json new file mode 100644 index 00000000000..08bbbb8fb9d --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-rjgx-x4rm-x6hx/GHSA-rjgx-x4rm-x6hx.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rjgx-x4rm-x6hx", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-26930" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services allows DOM-Based XSS. This issue affects Home Services: from n/a through 1.2.6.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26930" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/theme/home-services/vulnerability/wordpress-home-services-plugin-1-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-rw2h-rfm9-p3m9/GHSA-rw2h-rfm9-p3m9.json b/advisories/unreviewed/2025/04/GHSA-rw2h-rfm9-p3m9/GHSA-rw2h-rfm9-p3m9.json new file mode 100644 index 00000000000..1a202452666 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-rw2h-rfm9-p3m9/GHSA-rw2h-rfm9-p3m9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rw2h-rfm9-p3m9", + "modified": "2025-04-16T00:31:35Z", + "published": "2025-04-16T00:31:35Z", + "aliases": [ + "CVE-2025-26740" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware SpaBiz allows DOM-Based XSS. This issue affects SpaBiz: from n/a through 1.0.18.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26740" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/theme/spabiz/vulnerability/wordpress-spabiz-plugin-1-0-18-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-rwm7-rv79-m4qr/GHSA-rwm7-rv79-m4qr.json b/advisories/unreviewed/2025/04/GHSA-rwm7-rv79-m4qr/GHSA-rwm7-rv79-m4qr.json new file mode 100644 index 00000000000..e369373eccd --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-rwm7-rv79-m4qr/GHSA-rwm7-rv79-m4qr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rwm7-rv79-m4qr", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-30510" + ], + "details": "An attacker can upload an arbitrary file instead of a plant image.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30510" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-351" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-v2g6-2gw9-gx3g/GHSA-v2g6-2gw9-gx3g.json b/advisories/unreviewed/2025/04/GHSA-v2g6-2gw9-gx3g/GHSA-v2g6-2gw9-gx3g.json new file mode 100644 index 00000000000..2c4b14e5e72 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-v2g6-2gw9-gx3g/GHSA-v2g6-2gw9-gx3g.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v2g6-2gw9-gx3g", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-30966" + ], + "details": "Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30966" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-path-traversal-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-35" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-v2v4-3r8g-pm8r/GHSA-v2v4-3r8g-pm8r.json b/advisories/unreviewed/2025/04/GHSA-v2v4-3r8g-pm8r/GHSA-v2v4-3r8g-pm8r.json new file mode 100644 index 00000000000..1a45e5d2654 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-v2v4-3r8g-pm8r/GHSA-v2v4-3r8g-pm8r.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v2v4-3r8g-pm8r", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-30984" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SEO Tools allows Reflected XSS. This issue affects SEO Tools: from n/a through 4.0.7.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30984" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/seo-automatic-seo-tools/vulnerability/wordpress-seo-tools-plugin-4-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:27Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-v943-7xrm-g7pr/GHSA-v943-7xrm-g7pr.json b/advisories/unreviewed/2025/04/GHSA-v943-7xrm-g7pr/GHSA-v943-7xrm-g7pr.json new file mode 100644 index 00000000000..e82c1366fef --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-v943-7xrm-g7pr/GHSA-v943-7xrm-g7pr.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v943-7xrm-g7pr", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-29471" + ], + "details": "Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29471" + }, + { + "type": "WEB", + "url": "https://www.exploit-db.com/exploits/52117" + }, + { + "type": "WEB", + "url": "https://www.nagios.com/changelog/#log-server" + }, + { + "type": "WEB", + "url": "https://youtu.be/MvJuIkdTSQg" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:25Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-vwxg-w3v9-2mh7/GHSA-vwxg-w3v9-2mh7.json b/advisories/unreviewed/2025/04/GHSA-vwxg-w3v9-2mh7/GHSA-vwxg-w3v9-2mh7.json new file mode 100644 index 00000000000..0f3c497ad94 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-vwxg-w3v9-2mh7/GHSA-vwxg-w3v9-2mh7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vwxg-w3v9-2mh7", + "modified": "2025-04-16T00:31:34Z", + "published": "2025-04-16T00:31:34Z", + "aliases": [ + "CVE-2025-22268" + ], + "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.7.0.1.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22268" + }, + { + "type": "WEB", + "url": "https://patchstack.com/database/wordpress/plugin/uncanny-learndash-toolkit/vulnerability/wordpress-uncanny-toolkit-for-learndash-plugin-3-7-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-w66m-ff3x-xxxr/GHSA-w66m-ff3x-xxxr.json b/advisories/unreviewed/2025/04/GHSA-w66m-ff3x-xxxr/GHSA-w66m-ff3x-xxxr.json new file mode 100644 index 00000000000..13cf99110f5 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-w66m-ff3x-xxxr/GHSA-w66m-ff3x-xxxr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w66m-ff3x-xxxr", + "modified": "2025-04-16T00:31:35Z", + "published": "2025-04-16T00:31:35Z", + "aliases": [ + "CVE-2025-24315" + ], + "details": "Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24315" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-w9fx-47f2-7vff/GHSA-w9fx-47f2-7vff.json b/advisories/unreviewed/2025/04/GHSA-w9fx-47f2-7vff/GHSA-w9fx-47f2-7vff.json new file mode 100644 index 00000000000..89b3e8acf15 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-w9fx-47f2-7vff/GHSA-w9fx-47f2-7vff.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-w9fx-47f2-7vff", + "modified": "2025-04-16T00:31:38Z", + "published": "2025-04-16T00:31:38Z", + "aliases": [ + "CVE-2025-30512" + ], + "details": "Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30512" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-15" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:26Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2025/04/GHSA-wgfp-rrxc-px93/GHSA-wgfp-rrxc-px93.json b/advisories/unreviewed/2025/04/GHSA-wgfp-rrxc-px93/GHSA-wgfp-rrxc-px93.json new file mode 100644 index 00000000000..4ed1496e491 --- /dev/null +++ b/advisories/unreviewed/2025/04/GHSA-wgfp-rrxc-px93/GHSA-wgfp-rrxc-px93.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wgfp-rrxc-px93", + "modified": "2025-04-16T00:31:37Z", + "published": "2025-04-16T00:31:37Z", + "aliases": [ + "CVE-2025-27719" + ], + "details": "Unauthenticated attackers can query an API endpoint and get device details.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27719" + }, + { + "type": "WEB", + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-639" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2025-04-15T22:15:25Z" + } +} \ No newline at end of file