Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/09/GHSA-g6q4-chqv-724q/GHSA-g6q4-chqv-724q.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g6q4-chqv-724q",
-  "modified": "2025-11-12T18:31:04Z",
+  "modified": "2025-11-13T15:30:28Z",
   "published": "2025-09-17T09:30:44Z",
   "aliases": [
     "CVE-2025-9242"
   ],
   "details": "An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/11/GHSA-38r9-v43g-rpq7/GHSA-38r9-v43g-rpq7.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-38r9-v43g-rpq7",
+  "modified": "2025-11-13T15:30:31Z",
+  "published": "2025-11-13T15:30:31Z",
+  "aliases": [
+    "CVE-2025-62482"
+  ],
+  "details": "Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62482"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25046"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T15:15:51Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-3r87-4xwq-xh86/GHSA-3r87-4xwq-xh86.json

@@ -29,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-326"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/11/GHSA-5f88-rr7v-c4qv/GHSA-5f88-rr7v-c4qv.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5f88-rr7v-c4qv",
+  "modified": "2025-11-13T15:30:31Z",
+  "published": "2025-11-13T15:30:31Z",
+  "aliases": [
+    "CVE-2025-62483"
+  ],
+  "details": "Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62483"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25047"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-212"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T15:15:51Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-5p3h-545h-3hhq/GHSA-5p3h-545h-3hhq.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5p3h-545h-3hhq",
+  "modified": "2025-11-13T15:30:31Z",
+  "published": "2025-11-13T15:30:31Z",
+  "aliases": [
+    "CVE-2025-13115"
+  ],
+  "details": "A security flaw has been discovered in macrozheng mall-swarm up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing manipulation of the argument orderId results in improper authorization. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13115"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Hwwg/cve/issues/6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.332320"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.332320"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.683222"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T14:15:48Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-8mr3-4h49-rv3h/GHSA-8mr3-4h49-rv3h.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8mr3-4h49-rv3h",
+  "modified": "2025-11-13T15:30:30Z",
+  "published": "2025-11-13T15:30:30Z",
+  "aliases": [
+    "CVE-2025-13114"
+  ],
+  "details": "A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13114"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Hwwg/cve/issues/5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.332319"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.332319"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.683221"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T14:15:48Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-99gr-hh5m-m76m/GHSA-99gr-hh5m-m76m.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-99gr-hh5m-m76m",
+  "modified": "2025-11-13T15:30:31Z",
+  "published": "2025-11-13T15:30:31Z",
+  "aliases": [
+    "CVE-2025-64738"
+  ],
+  "details": "External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64738"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25040"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-73"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T15:15:53Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-99qj-9hw7-85x8/GHSA-99qj-9hw7-85x8.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-99qj-9hw7-85x8",
+  "modified": "2025-11-13T15:30:30Z",
+  "published": "2025-11-13T15:30:30Z",
+  "aliases": [
+    "CVE-2025-12817"
+  ],
+  "details": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema.  A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail.  Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.postgresql.org/support/security/CVE-2025-12817"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T13:15:45Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-9jfx-65hv-g39h/GHSA-9jfx-65hv-g39h.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-122"
+      "CWE-122",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/11/GHSA-c4m5-ghw8-h8qf/GHSA-c4m5-ghw8-h8qf.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c4m5-ghw8-h8qf",
+  "modified": "2025-11-13T15:30:31Z",
+  "published": "2025-11-13T15:30:31Z",
+  "aliases": [
+    "CVE-2025-64739"
+  ],
+  "details": "External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64739"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25041"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-73"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-13T15:15:53Z"
+  }
+}