Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/03/GHSA-3m2p-xpv4-jfjm/GHSA-3m2p-xpv4-jfjm.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3m2p-xpv4-jfjm",
-  "modified": "2024-03-21T03:36:46Z",
+  "modified": "2025-09-02T15:31:06Z",
   "published": "2024-03-21T03:36:46Z",
   "aliases": [
     "CVE-2024-1908"
   ],
-  "details": "An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program. \n\n\n",
+  "details": "An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program. ",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2025/05/GHSA-3p82-g7cx-7qrf/GHSA-3p82-g7cx-7qrf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3p82-g7cx-7qrf",
-  "modified": "2025-05-22T15:34:51Z",
+  "modified": "2025-09-02T15:31:06Z",
   "published": "2025-05-22T15:34:51Z",
   "aliases": [
     "CVE-2025-5078"
@@ -39,6 +39,10 @@
       "type": "WEB",
       "url": "https://vuldb.com/?submit.581432"
     },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.641751"
+    },
     {
       "type": "WEB",
       "url": "https://www.campcodes.com"

advisories/unreviewed/2025/08/GHSA-f7wf-m2qg-r9rx/GHSA-f7wf-m2qg-r9rx.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f7wf-m2qg-r9rx",
-  "modified": "2025-08-29T18:30:50Z",
+  "modified": "2025-09-02T15:31:07Z",
   "published": "2025-08-29T18:30:50Z",
   "aliases": [
     "CVE-2025-55177"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55177"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.facebook.com/security/advisories/cve-2025-55177"
+    },
     {
       "type": "WEB",
       "url": "https://www.whatsapp.com/security/advisories/2025"

advisories/unreviewed/2025/08/GHSA-fc59-q736-3r9p/GHSA-fc59-q736-3r9p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fc59-q736-3r9p",
-  "modified": "2025-08-15T15:30:23Z",
+  "modified": "2025-09-02T15:31:06Z",
   "published": "2025-08-14T18:31:28Z",
   "aliases": [
     "CVE-2025-50518"
@@ -19,6 +19,18 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50518"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/IreneTheITCrowd/blog/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/obgm/libcoap/issues/1724#issuecomment-3199631257"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/obgm/libcoap/issues/1724#issuecomment-3234613482"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/IreneTheITCrowd/blog/blob/main/libcoap-vulnerability.md"

advisories/unreviewed/2025/08/GHSA-pvrh-q8vc-9vpv/GHSA-pvrh-q8vc-9vpv.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pvrh-q8vc-9vpv",
-  "modified": "2025-08-29T12:31:12Z",
+  "modified": "2025-09-02T15:31:06Z",
   "published": "2025-08-29T12:31:12Z",
   "aliases": [
     "CVE-2025-40708"
   ],
   "details": "Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the \"/insert/event\" petition, \"name\" parameter.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/08/GHSA-rrcr-6rg5-cgmj/GHSA-rrcr-6rg5-cgmj.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rrcr-6rg5-cgmj",
-  "modified": "2025-08-29T12:31:12Z",
+  "modified": "2025-09-02T15:31:06Z",
   "published": "2025-08-29T12:31:12Z",
   "aliases": [
     "CVE-2025-40709"
   ],
   "details": "Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the \"/insert/person/<ID>” petition, \"name\" and \"alias-0” parameters.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/08/GHSA-v3v7-q6j6-7xwr/GHSA-v3v7-q6j6-7xwr.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v3v7-q6j6-7xwr",
-  "modified": "2025-08-29T12:31:12Z",
+  "modified": "2025-09-02T15:31:06Z",
   "published": "2025-08-29T12:31:12Z",
   "aliases": [
     "CVE-2025-40707"
   ],
   "details": "Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via  the \"/insert/place\" petition, \"name\" and \"alias-0” parameters.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-3qp4-ph79-wf85/GHSA-3qp4-ph79-wf85.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3qp4-ph79-wf85",
+  "modified": "2025-09-02T15:31:07Z",
+  "published": "2025-09-02T15:31:07Z",
+  "aliases": [
+    "CVE-2022-38695"
+  ],
+  "details": "In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38695"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.nccgroup.com/research-blog/there-s-another-hole-in-your-soc-unisoc-rom-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-250"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-01T08:15:32Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-48qx-3q6v-746v/GHSA-48qx-3q6v-746v.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-48qx-3q6v-746v",
+  "modified": "2025-09-02T15:31:07Z",
+  "published": "2025-09-02T15:31:07Z",
+  "aliases": [
+    "CVE-2022-38691"
+  ],
+  "details": "In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38691"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.nccgroup.com/research-blog/there-s-another-hole-in-your-soc-unisoc-rom-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-250"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-01T08:15:31Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-4pcj-2vcf-4q8j/GHSA-4pcj-2vcf-4q8j.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4pcj-2vcf-4q8j",
+  "modified": "2025-09-02T15:31:08Z",
+  "published": "2025-09-02T15:31:08Z",
+  "aliases": [
+    "CVE-2025-9790"
+  ],
+  "details": "A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9790"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/YoSheep/cve/blob/main/Online%20Hotel%20Reservation%20System%20In%20PHP%20With%20Source%20Code%20-%20SQL%20Injection%20in%20updateabout.php.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.322105"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.322105"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.641069"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-01T19:15:31Z"
+  }
+}