Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 15922116b57f · 2025-11-26T06:33:07.000Z
GHSA-49pm-cgmh-hw25 GHSA-892r-x96w-jh76 GHSA-h4r4-6hvf-34r8 GHSA-2mq8-jgr8-vqp6 GHSA-386p-68hx-6mgx GHSA-3v7v-j7vf-jhpq GHSA-9rgf-7h5w-27fh GHSA-c7f7-759c-x26f GHSA-cjqm-vx8j-mxwg GHSA-fh6r-5h64-cfgx GHSA-jgc9-7v68-88ff GHSA-r8j3-whr2-75m5 GHSA-w8m8-x5xx-45wx GHSA-x6xw-626g-7c49 GHSA-xg9q-4rvh-3xhc
diff --git a/advisories/unreviewed/2025/10/GHSA-49pm-cgmh-hw25/GHSA-49pm-cgmh-hw25.json b/advisories/unreviewed/2025/10/GHSA-49pm-cgmh-hw25/GHSA-49pm-cgmh-hw25.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-49pm-cgmh-hw25",
-  "modified": "2025-11-25T18:32:22Z",
+  "modified": "2025-11-26T06:31:27Z",
   "published": "2025-10-30T06:30:53Z",
   "aliases": [
     "CVE-2025-62229"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62229"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22164"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22096"
diff --git a/advisories/unreviewed/2025/10/GHSA-892r-x96w-jh76/GHSA-892r-x96w-jh76.json b/advisories/unreviewed/2025/10/GHSA-892r-x96w-jh76/GHSA-892r-x96w-jh76.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-892r-x96w-jh76",
-  "modified": "2025-11-25T18:32:22Z",
+  "modified": "2025-11-26T06:31:27Z",
   "published": "2025-10-30T06:30:54Z",
   "aliases": [
     "CVE-2025-62230"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62230"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22164"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22096"
diff --git a/advisories/unreviewed/2025/10/GHSA-h4r4-6hvf-34r8/GHSA-h4r4-6hvf-34r8.json b/advisories/unreviewed/2025/10/GHSA-h4r4-6hvf-34r8/GHSA-h4r4-6hvf-34r8.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h4r4-6hvf-34r8",
-  "modified": "2025-11-25T18:32:22Z",
+  "modified": "2025-11-26T06:31:27Z",
   "published": "2025-10-30T06:30:53Z",
   "aliases": [
     "CVE-2025-62231"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62231"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22164"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22096"
diff --git a/advisories/unreviewed/2025/11/GHSA-2mq8-jgr8-vqp6/GHSA-2mq8-jgr8-vqp6.json b/advisories/unreviewed/2025/11/GHSA-2mq8-jgr8-vqp6/GHSA-2mq8-jgr8-vqp6.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2mq8-jgr8-vqp6",
+  "modified": "2025-11-26T06:31:28Z",
+  "published": "2025-11-26T06:31:28Z",
+  "aliases": [
+    "CVE-2025-55174"
+  ],
+  "details": "In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55174"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/KDE/skanpage/tags"
+    },
+    {
+      "type": "WEB",
+      "url": "https://invent.kde.org/utilities/skanpage/-/commit/de3ad2941054a26920e022dc7c4a3dc16c065b5a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://kde.org/info/security/advisory-20250811-1.txt"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-684"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T06:15:44Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-386p-68hx-6mgx/GHSA-386p-68hx-6mgx.json b/advisories/unreviewed/2025/11/GHSA-386p-68hx-6mgx/GHSA-386p-68hx-6mgx.json
@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-386p-68hx-6mgx",
+  "modified": "2025-11-26T06:31:28Z",
+  "published": "2025-11-26T06:31:28Z",
+  "aliases": [
+    "CVE-2025-66231"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66231"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T04:15:57Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-3v7v-j7vf-jhpq/GHSA-3v7v-j7vf-jhpq.json b/advisories/unreviewed/2025/11/GHSA-3v7v-j7vf-jhpq/GHSA-3v7v-j7vf-jhpq.json
@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3v7v-j7vf-jhpq",
+  "modified": "2025-11-26T06:31:27Z",
+  "published": "2025-11-26T06:31:27Z",
+  "aliases": [
+    "CVE-2025-66228"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66228"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T04:15:56Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-9rgf-7h5w-27fh/GHSA-9rgf-7h5w-27fh.json b/advisories/unreviewed/2025/11/GHSA-9rgf-7h5w-27fh/GHSA-9rgf-7h5w-27fh.json
@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9rgf-7h5w-27fh",
+  "modified": "2025-11-26T06:31:27Z",
+  "published": "2025-11-26T06:31:27Z",
+  "aliases": [
+    "CVE-2025-66229"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66229"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T04:15:57Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-c7f7-759c-x26f/GHSA-c7f7-759c-x26f.json b/advisories/unreviewed/2025/11/GHSA-c7f7-759c-x26f/GHSA-c7f7-759c-x26f.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c7f7-759c-x26f",
+  "modified": "2025-11-26T06:31:28Z",
+  "published": "2025-11-26T06:31:28Z",
+  "aliases": [
+    "CVE-2025-64983"
+  ],
+  "details": "Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via Telnet and gain access to the device.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64983"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN67185535"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.switch-bot.com/products/switchbot-video-doorbell?srsltid=AfmBOooGEZArqUag9p59qB8ti2fDP0vCOzxX33NGlpJ8yDlZnzC3vJ_f"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-489"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T05:16:18Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-cjqm-vx8j-mxwg/GHSA-cjqm-vx8j-mxwg.json b/advisories/unreviewed/2025/11/GHSA-cjqm-vx8j-mxwg/GHSA-cjqm-vx8j-mxwg.json
@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cjqm-vx8j-mxwg",
+  "modified": "2025-11-26T06:31:27Z",
+  "published": "2025-11-26T06:31:27Z",
+  "aliases": [
+    "CVE-2025-66230"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66230"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T04:15:57Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-fh6r-5h64-cfgx/GHSA-fh6r-5h64-cfgx.json b/advisories/unreviewed/2025/11/GHSA-fh6r-5h64-cfgx/GHSA-fh6r-5h64-cfgx.json
@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fh6r-5h64-cfgx",
+  "modified": "2025-11-26T06:31:28Z",
+  "published": "2025-11-26T06:31:28Z",
+  "aliases": [
+    "CVE-2025-66232"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66232"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T04:15:57Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-jgc9-7v68-88ff/GHSA-jgc9-7v68-88ff.json b/advisories/unreviewed/2025/11/GHSA-jgc9-7v68-88ff/GHSA-jgc9-7v68-88ff.json
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jgc9-7v68-88ff",
+  "modified": "2025-11-26T06:31:28Z",
+  "published": "2025-11-26T06:31:28Z",
+  "aliases": [
+    "CVE-2025-12061"
+  ],
+  "details": "The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12061"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/1015dd69-faa5-4008-8884-f497ff980ed3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T06:15:44Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-r8j3-whr2-75m5/GHSA-r8j3-whr2-75m5.json b/advisories/unreviewed/2025/11/GHSA-r8j3-whr2-75m5/GHSA-r8j3-whr2-75m5.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r8j3-whr2-75m5",
+  "modified": "2025-11-26T06:31:28Z",
+  "published": "2025-11-26T06:31:28Z",
+  "aliases": [
+    "CVE-2025-59820"
+  ],
+  "details": "In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59820"
+    },
+    {
+      "type": "WEB",
+      "url": "https://invent.kde.org/graphics/krita"
+    },
+    {
+      "type": "WEB",
+      "url": "https://invent.kde.org/graphics/krita/-/commit/6d3651ac4df88efb68e013d21061de9846e83fe8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://kde.org/info/security/advisory-20250929-1.txt"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T06:15:45Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-w8m8-x5xx-45wx/GHSA-w8m8-x5xx-45wx.json b/advisories/unreviewed/2025/11/GHSA-w8m8-x5xx-45wx/GHSA-w8m8-x5xx-45wx.json
@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-w8m8-x5xx-45wx",
+  "modified": "2025-11-26T06:31:28Z",
+  "published": "2025-11-26T06:31:28Z",
+  "aliases": [
+    "CVE-2025-66235"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66235"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-26T04:15:57Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-x6xw-626g-7c49/GHSA-x6xw-626g-7c49.json b/advisories/unreviewed/2025/11/GHSA-x6xw-626g-7c49/GHSA-x6xw-626g-7c49.json
diff --git a/advisories/unreviewed/2025/11/GHSA-xg9q-4rvh-3xhc/GHSA-xg9q-4rvh-3xhc.json b/advisories/unreviewed/2025/11/GHSA-xg9q-4rvh-3xhc/GHSA-xg9q-4rvh-3xhc.json
