Publish Advisories

GHSA-g5jc-hc65-x4vm
GHSA-9x68-7qq6-v523
GHSA-5686-39p2-jcpx
GHSA-www6-qmfj-v924
GHSA-33x2-whwf-gwv7
GHSA-jffx-85pq-vrr5
GHSA-r4f7-5v86-4w55
GHSA-wcw3-c785-7q5x

Author: advisory-database[bot]

advisories/unreviewed/2022/12/GHSA-g5jc-hc65-x4vm/GHSA-g5jc-hc65-x4vm.json

@@ -30,6 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-707",
       "CWE-89"
     ],
     "severity": "CRITICAL",

advisories/unreviewed/2025/01/GHSA-9x68-7qq6-v523/GHSA-9x68-7qq6-v523.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9x68-7qq6-v523",
-  "modified": "2025-12-22T12:30:21Z",
+  "modified": "2025-12-22T15:30:20Z",
   "published": "2025-01-14T18:32:00Z",
   "aliases": [
     "CVE-2024-12087"
@@ -59,6 +59,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:2600"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23858"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23854"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:23853"

advisories/unreviewed/2025/10/GHSA-5686-39p2-jcpx/GHSA-5686-39p2-jcpx.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5686-39p2-jcpx",
-  "modified": "2025-10-03T21:30:59Z",
+  "modified": "2025-12-22T15:30:20Z",
   "published": "2025-10-03T21:30:59Z",
   "aliases": [
     "CVE-2025-10695"
   ],
   "details": "Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and service interaction.\n\nThis issue affects OpenSupports: 4.11.0.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/10/GHSA-www6-qmfj-v924/GHSA-www6-qmfj-v924.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-www6-qmfj-v924",
-  "modified": "2025-10-03T21:30:59Z",
+  "modified": "2025-12-22T15:30:21Z",
   "published": "2025-10-03T21:30:59Z",
   "aliases": [
     "CVE-2025-10696"
   ],
   "details": "OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party (the target user), who can then view the tickets of the added 'supervised' users. This breaks the authorization model and filters the content of other users' tickets.This issue affects OpenSupports: 4.11.0.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/12/GHSA-33x2-whwf-gwv7/GHSA-33x2-whwf-gwv7.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-33x2-whwf-gwv7",
+  "modified": "2025-12-22T15:30:21Z",
+  "published": "2025-12-22T15:30:21Z",
+  "aliases": [
+    "CVE-2025-67826"
+  ],
+  "details": "An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit any registry key, leading to a full compromise as SYSTEM.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67826"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-22nd-Dec-2025"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.k7computing.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T15:16:00Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-jffx-85pq-vrr5/GHSA-jffx-85pq-vrr5.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jffx-85pq-vrr5",
+  "modified": "2025-12-22T15:30:21Z",
+  "published": "2025-12-22T15:30:21Z",
+  "aliases": [
+    "CVE-2025-14018"
+  ],
+  "details": "Unquoted Search Path or Element vulnerability in NetBT Consulting Services Inc. E-Fatura allows Leveraging/Manipulating Configuration File Search Paths, Redirect Access to Libraries.This issue affects e-Fatura: before 1.2.15.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14018"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usom.gov.tr/bildirim/tr-25-0474"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-428"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T14:15:59Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-r4f7-5v86-4w55/GHSA-r4f7-5v86-4w55.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r4f7-5v86-4w55",
+  "modified": "2025-12-22T15:30:21Z",
+  "published": "2025-12-22T15:30:21Z",
+  "aliases": [
+    "CVE-2025-61740"
+  ],
+  "details": "Authentication issue that does not verify the source of a packet which could allow an attacker to create a denial-of-service condition or modify the configuration of the device.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61740"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-346"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T15:16:00Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-wcw3-c785-7q5x/GHSA-wcw3-c785-7q5x.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wcw3-c785-7q5x",
+  "modified": "2025-12-22T15:30:21Z",
+  "published": "2025-12-22T15:30:21Z",
+  "aliases": [
+    "CVE-2025-26379"
+  ],
+  "details": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26379"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-338"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T15:16:00Z"
+  }
+}