Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-856v-8qm2-9wjv",
-  "modified": "2025-08-07T21:59:46Z",
+  "modified": "2025-10-30T15:32:20Z",
   "published": "2025-08-07T21:31:08Z",
   "aliases": [
     "CVE-2025-7195"
@@ -40,6 +40,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7195"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19335"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-7195"

advisories/unreviewed/2025/03/GHSA-83h3-pmwm-wj9j/GHSA-83h3-pmwm-wj9j.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-83h3-pmwm-wj9j",
-  "modified": "2025-03-27T18:31:24Z",
+  "modified": "2025-10-30T15:32:20Z",
   "published": "2025-03-27T18:31:23Z",
   "aliases": [
     "CVE-2022-49743"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: Use \"buf\" flexible array for memcpy() destination\n\nThe \"buf\" flexible array needs to be the memcpy() destination to avoid\nfalse positive run-time warning from the recent FORTIFY_SOURCE\nhardening:\n\n  memcpy: detected field-spanning write (size 93) of single field \"&fh->fb\"\n  at fs/overlayfs/export.c:799 (size 21)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-03-27T17:15:38Z"

advisories/unreviewed/2025/08/GHSA-54w6-m43p-jffg/GHSA-54w6-m43p-jffg.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-54w6-m43p-jffg",
-  "modified": "2025-09-15T18:31:06Z",
+  "modified": "2025-10-30T15:32:20Z",
   "published": "2025-08-16T06:30:21Z",
   "aliases": [
     "CVE-2025-38501"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: limit repeated connections from clients with the same IP\n\nRepeated connections from clients with the same IP address may exhaust\nthe max connections and prevent other normal client connections.\nThis patch limit repeated connections from clients with the same IP.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-400"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-08-16T06:15:27Z"

advisories/unreviewed/2025/09/GHSA-m873-c52f-87pg/GHSA-m873-c52f-87pg.json

@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-285"
+      "CWE-285",
+      "CWE-352"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/10/GHSA-2326-jr9x-m329/GHSA-2326-jr9x-m329.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2326-jr9x-m329",
+  "modified": "2025-10-30T15:32:36Z",
+  "published": "2025-10-30T15:32:36Z",
+  "aliases": [
+    "CVE-2025-63608"
+  ],
+  "details": "A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63608"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Huu1j/CSZ_CMS-exploit/blob/main/csz-cms-vulnerability-analysis.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T13:15:33Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-273c-4g26-4jpm/GHSA-273c-4g26-4jpm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-273c-4g26-4jpm",
-  "modified": "2025-10-30T12:31:11Z",
+  "modified": "2025-10-30T15:32:36Z",
   "published": "2025-10-30T12:31:11Z",
   "aliases": [
     "CVE-2025-62402"
   ],
   "details": "API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-250"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-30T10:15:35Z"

advisories/unreviewed/2025/10/GHSA-27fv-rpgj-4c6m/GHSA-27fv-rpgj-4c6m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-27fv-rpgj-4c6m",
-  "modified": "2025-10-30T00:31:03Z",
+  "modified": "2025-10-30T15:32:35Z",
   "published": "2025-10-30T00:31:03Z",
   "aliases": [
     "CVE-2025-10930"
   ],
   "details": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-352"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-30T00:15:34Z"

advisories/unreviewed/2025/10/GHSA-27mc-9399-r9mx/GHSA-27mc-9399-r9mx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-27mc-9399-r9mx",
-  "modified": "2025-10-30T00:31:03Z",
+  "modified": "2025-10-30T15:32:35Z",
   "published": "2025-10-30T00:31:03Z",
   "aliases": [
     "CVE-2025-10928"
   ],
   "details": "Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-307"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-30T00:15:34Z"

advisories/unreviewed/2025/10/GHSA-2cf6-j6g5-qmwq/GHSA-2cf6-j6g5-qmwq.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2cf6-j6g5-qmwq",
+  "modified": "2025-10-30T15:32:37Z",
+  "published": "2025-10-30T15:32:37Z",
+  "aliases": [
+    "CVE-2025-5347"
+  ],
+  "details": "Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5347"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-5347.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T15:15:40Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-3f7x-5hc9-j6v5/GHSA-3f7x-5hc9-j6v5.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3f7x-5hc9-j6v5",
+  "modified": "2025-10-30T15:32:36Z",
+  "published": "2025-10-30T15:32:36Z",
+  "aliases": [
+    "CVE-2025-10348"
+  ],
+  "details": "URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without any form of authentication.\n\nThis issue was fixed in version 1.1.24.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10348"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert.pl/posts/2025/10/CVE-2025-10348"
+    },
+    {
+      "type": "WEB",
+      "url": "https://smartoffice.expert"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-30T13:15:32Z"
+  }
+}