Publish Advisories

GHSA-57f7-wfqr-87r7
GHSA-489c-c5ff-93gr
GHSA-gc32-f5qg-q57v
GHSA-gxp8-m5rq-3m38
GHSA-j4j8-jphm-rf4q
GHSA-qhh9-jphj-p4xw

Author: advisory-database[bot]

advisories/unreviewed/2025/05/GHSA-57f7-wfqr-87r7/GHSA-57f7-wfqr-87r7.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-367"
+      "CWE-367",
+      "CWE-59"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/10/GHSA-489c-c5ff-93gr/GHSA-489c-c5ff-93gr.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-489c-c5ff-93gr",
+  "modified": "2025-10-13T12:31:11Z",
+  "published": "2025-10-13T12:31:11Z",
+  "aliases": [
+    "CVE-2025-9337"
+  ],
+  "details": "A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD).\nRefer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9337"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.asus.com/security-advisory"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-13T10:15:46Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-gc32-f5qg-q57v/GHSA-gc32-f5qg-q57v.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gc32-f5qg-q57v",
+  "modified": "2025-10-13T12:31:10Z",
+  "published": "2025-10-13T12:31:10Z",
+  "aliases": [
+    "CVE-2025-10720"
+  ],
+  "details": "The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10720"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/5295e8da-7aba-4322-981b-80d692b3bc35"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-13T10:15:45Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-gxp8-m5rq-3m38/GHSA-gxp8-m5rq-3m38.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gxp8-m5rq-3m38",
+  "modified": "2025-10-13T12:31:10Z",
+  "published": "2025-10-13T12:31:10Z",
+  "aliases": [
+    "CVE-2025-11183"
+  ],
+  "details": "Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 <2025.08.14\nallows an authorized attacker to plant arbitrary JavaScript code in the page",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:L/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11183"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hub.ntc.swiss/ntcf-2025-4286"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-13T10:15:45Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-j4j8-jphm-rf4q/GHSA-j4j8-jphm-rf4q.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j4j8-jphm-rf4q",
+  "modified": "2025-10-13T12:31:11Z",
+  "published": "2025-10-13T12:31:11Z",
+  "aliases": [
+    "CVE-2025-9336"
+  ],
+  "details": "A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. \nRefer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9336"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.asus.com/security-advisory"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-13T10:15:46Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-qhh9-jphj-p4xw/GHSA-qhh9-jphj-p4xw.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qhh9-jphj-p4xw",
+  "modified": "2025-10-13T12:31:10Z",
+  "published": "2025-10-13T12:31:10Z",
+  "aliases": [
+    "CVE-2025-11184"
+  ],
+  "details": "Cross-site scripting vulnerability in QGIS QWC2 Registration GUI <=v2025.03.31\nallows an authorized attacker to plant arbitrary JavaScript code in the page",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:L/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11184"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hub.ntc.swiss/ntcf-2025-7724"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-13T10:15:46Z"
+  }
+}