Publish Advisories

GHSA-75hx-6r6j-hw56
GHSA-43j4-83fv-5vcm
GHSA-49pm-cgmh-hw25
GHSA-892r-x96w-jh76
GHSA-h4r4-6hvf-34r8
GHSA-2h6w-r2g4-rxfc
GHSA-3rc9-46g7-hmvc
GHSA-69mp-993w-437h
GHSA-6jjc-phv4-j2fp
GHSA-886v-hrxv-5rgm
GHSA-97cc-r33q-cw44
GHSA-9xx7-3hq7-4975
GHSA-ch6c-54cm-9r5p
GHSA-f45p-2w4f-m93w
GHSA-ffwv-rh62-3hm2
GHSA-fm3w-pc9f-x993
GHSA-j6hx-64j5-82hf
GHSA-pwmw-cgj8-wp6j
GHSA-r868-m699-r7cm
GHSA-rfjw-j3x6-277p
GHSA-rg4c-8999-6r63
GHSA-wvwp-w4ww-6277

Author: advisory-database[bot]

advisories/github-reviewed/2025/11/GHSA-75hx-6r6j-hw56/GHSA-75hx-6r6j-hw56.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-75hx-6r6j-hw56",
-  "modified": "2025-11-28T16:51:29Z",
+  "modified": "2025-12-01T09:30:26Z",
   "published": "2025-11-26T21:31:25Z",
   "aliases": [
     "CVE-2021-4472"
@@ -52,6 +52,14 @@
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417321"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00002.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00003.html"
+    },
     {
       "type": "PACKAGE",
       "url": "https://opendev.org/openstack/mistral-dashboard"

advisories/unreviewed/2025/10/GHSA-43j4-83fv-5vcm/GHSA-43j4-83fv-5vcm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-43j4-83fv-5vcm",
-  "modified": "2025-10-09T18:30:36Z",
+  "modified": "2025-12-01T09:30:26Z",
   "published": "2025-10-09T18:30:36Z",
   "aliases": [
     "CVE-2025-52960"
@@ -23,6 +23,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52960"
     },
+    {
+      "type": "WEB",
+      "url": "https://kb.juniper.net/JSA103143"
+    },
     {
       "type": "WEB",
       "url": "https://supportportal.juniper.net/JSA103143"

advisories/unreviewed/2025/10/GHSA-49pm-cgmh-hw25/GHSA-49pm-cgmh-hw25.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-49pm-cgmh-hw25",
-  "modified": "2025-11-26T09:31:21Z",
+  "modified": "2025-12-01T09:30:27Z",
   "published": "2025-10-30T06:30:53Z",
   "aliases": [
     "CVE-2025-62229"
@@ -31,6 +31,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62229"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22365"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22364"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22167"

advisories/unreviewed/2025/10/GHSA-892r-x96w-jh76/GHSA-892r-x96w-jh76.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-892r-x96w-jh76",
-  "modified": "2025-11-26T09:31:21Z",
+  "modified": "2025-12-01T09:30:27Z",
   "published": "2025-10-30T06:30:54Z",
   "aliases": [
     "CVE-2025-62230"
@@ -31,6 +31,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62230"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22365"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22364"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22167"

advisories/unreviewed/2025/10/GHSA-h4r4-6hvf-34r8/GHSA-h4r4-6hvf-34r8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h4r4-6hvf-34r8",
-  "modified": "2025-11-26T09:31:21Z",
+  "modified": "2025-12-01T09:30:27Z",
   "published": "2025-10-30T06:30:53Z",
   "aliases": [
     "CVE-2025-62231"
@@ -31,6 +31,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62231"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22365"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22364"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22167"

advisories/unreviewed/2025/12/GHSA-2h6w-r2g4-rxfc/GHSA-2h6w-r2g4-rxfc.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2h6w-r2g4-rxfc",
+  "modified": "2025-12-01T09:30:27Z",
+  "published": "2025-12-01T09:30:26Z",
+  "aliases": [
+    "CVE-2025-13811"
+  ],
+  "details": "A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13811"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/WebStack-Guns-SQLInjection-1/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/WebStack-Guns-SQLInjection-1/report.md#proof-of-concept"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333821"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333821"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.692084"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T07:16:01Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-3rc9-46g7-hmvc/GHSA-3rc9-46g7-hmvc.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3rc9-46g7-hmvc",
+  "modified": "2025-12-01T09:30:27Z",
+  "published": "2025-12-01T09:30:27Z",
+  "aliases": [
+    "CVE-2025-61609"
+  ],
+  "details": "In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61609"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.unisoc.com/en/support/announcement/1995394837938163714"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T08:15:48Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-69mp-993w-437h/GHSA-69mp-993w-437h.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-69mp-993w-437h",
+  "modified": "2025-12-01T09:30:27Z",
+  "published": "2025-12-01T09:30:27Z",
+  "aliases": [
+    "CVE-2025-13815"
+  ],
+  "details": "A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13815"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-unrestricted_upload-1/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-unrestricted_upload-1/report.md#proof-of-concept"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333824"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333824"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.692106"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T09:16:05Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-6jjc-phv4-j2fp/GHSA-6jjc-phv4-j2fp.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6jjc-phv4-j2fp",
+  "modified": "2025-12-01T09:30:27Z",
+  "published": "2025-12-01T09:30:27Z",
+  "aliases": [
+    "CVE-2025-11132"
+  ],
+  "details": "In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11132"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.unisoc.com/en/support/announcement/1995394837938163714"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T08:15:47Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-886v-hrxv-5rgm/GHSA-886v-hrxv-5rgm.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-886v-hrxv-5rgm",
+  "modified": "2025-12-01T09:30:27Z",
+  "published": "2025-12-01T09:30:27Z",
+  "aliases": [
+    "CVE-2025-13816"
+  ],
+  "details": "A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13816"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-zip_slip-1/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-zip_slip-1/report.md#proof-of-concept"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333825"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333825"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.692107"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T09:16:05Z"
+  }
+}