Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-89f8-292w-gfh4/GHSA-89f8-292w-gfh4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89f8-292w-gfh4",
-  "modified": "2025-11-14T21:30:28Z",
+  "modified": "2025-12-15T15:30:30Z",
   "published": "2025-11-12T18:31:25Z",
   "aliases": [
     "CVE-2025-11700"
@@ -23,6 +23,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11700"
     },
+    {
+      "type": "WEB",
+      "url": "https://me.n-able.com/s/security-advisory/aArVy0000000rabKAA"
+    },
     {
       "type": "WEB",
       "url": "https://me.n-able.com/s/security-advisory/aArVy0000000rabKAA/cve202511700-ncentral-importservicefromfile-xxe-injection"

advisories/unreviewed/2025/12/GHSA-22mw-r5qh-44m8/GHSA-22mw-r5qh-44m8.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-22mw-r5qh-44m8",
+  "modified": "2025-12-15T15:30:31Z",
+  "published": "2025-12-15T15:30:31Z",
+  "aliases": [
+    "CVE-2025-13728"
+  ],
+  "details": "The FluentAuth – The Ultimate Authorization & Security Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fluent_auth_reset_password` shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13728"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3409232/fluent-security/tags/2.1.0/app/Hooks/Handlers/CustomAuthHandler.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a3187d3e-e1da-4af7-a1fa-9657389f9e22?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-15T15:15:48Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2gvp-7c85-h6vg/GHSA-2gvp-7c85-h6vg.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2gvp-7c85-h6vg",
+  "modified": "2025-12-15T15:30:32Z",
+  "published": "2025-12-15T15:30:32Z",
+  "aliases": [
+    "CVE-2025-34412"
+  ],
+  "details": "The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Resource-Policy, and implement incomplete clickjacking protections. The application also issues session cookies with insecure or inconsistent attributes by default, including duplicate ASP.NET_SessionId values, an affinity cookie missing the Secure attribute, and mixed or absent SameSite settings. These deficiencies weaken browser-side isolation and session integrity, increasing exposure to client-side attacks, session fixation, and cross-site session leakage.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34412"
+    },
+    {
+      "type": "WEB",
+      "url": "https://seclists.org/fulldisclosure/2025/Dec/4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.convercent.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.eqs.com/en-us/platform-convercent-clients"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/convercent-whisteblowing-platform-protection-mechanism-failure-insecure-default-browser-and-session-controls"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-693"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-15T15:15:50Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2v76-28wf-qm87/GHSA-2v76-28wf-qm87.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2v76-28wf-qm87",
-  "modified": "2025-12-12T21:31:39Z",
+  "modified": "2025-12-15T15:30:30Z",
   "published": "2025-12-12T21:31:39Z",
   "aliases": [
     "CVE-2025-43466"
   ],
   "details": "An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-95"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-12T21:15:54Z"

advisories/unreviewed/2025/12/GHSA-3xp3-wg78-f5gc/GHSA-3xp3-wg78-f5gc.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3xp3-wg78-f5gc",
+  "modified": "2025-12-15T15:30:31Z",
+  "published": "2025-12-15T15:30:31Z",
+  "aliases": [
+    "CVE-2025-13610"
+  ],
+  "details": "The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RM_Forms' shortcode in all versions up to, and including, 6.0.6.7 due to insufficient input sanitization and output escaping on the 'theme' attribute. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13610"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3414853/custom-registration-form-builder-with-submission-manager"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4be512bd-190a-415a-bd20-a49373f63fbb?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-15T15:15:48Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-4444-xfvc-v5mv/GHSA-4444-xfvc-v5mv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4444-xfvc-v5mv",
-  "modified": "2025-12-12T21:31:39Z",
+  "modified": "2025-12-15T15:30:30Z",
   "published": "2025-12-12T21:31:39Z",
   "aliases": [
     "CVE-2025-43494"
   ],
   "details": "A mail header parsing issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. An attacker may be able to cause a persistent denial-of-service.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-12T21:15:55Z"

advisories/unreviewed/2025/12/GHSA-5789-492j-vc3f/GHSA-5789-492j-vc3f.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5789-492j-vc3f",
+  "modified": "2025-12-15T15:30:32Z",
+  "published": "2025-12-15T15:30:32Z",
+  "aliases": [
+    "CVE-2025-34411"
+  ],
+  "details": "The Convercent Whistleblowing Platform operated by EQS Group exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. A remote unauthenticated attacker can query the endpoint using common legal-suffix terms to enumerate Convercent tenants, identifying organizations using the platform. This disclosure can facilitate targeted phishing, extortion, or other attacks against whistleblowing programs and reveals sensitive business relationships and compliance infrastructure.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34411"
+    },
+    {
+      "type": "WEB",
+      "url": "https://seclists.org/fulldisclosure/2025/Dec/4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.convercent.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.eqs.com/en-us/platform-convercent-clients"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/convercent-whisteblowing-platform-unauthenticated-getlegalentity-endpoing-enables-customer-enumeration"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-15T15:15:49Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-58xj-43wp-5wf8/GHSA-58xj-43wp-5wf8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-58xj-43wp-5wf8",
-  "modified": "2025-12-14T06:30:24Z",
+  "modified": "2025-12-15T15:30:30Z",
   "published": "2025-12-14T06:30:24Z",
   "aliases": [
     "CVE-2025-12696"
   ],
   "details": "The HelloLeads CRM Form Shortcode WordPress plugin through 1.0 does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-14T06:15:37Z"

advisories/unreviewed/2025/12/GHSA-635w-84xv-8jjv/GHSA-635w-84xv-8jjv.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-635w-84xv-8jjv",
+  "modified": "2025-12-15T15:30:32Z",
+  "published": "2025-12-15T15:30:32Z",
+  "aliases": [
+    "CVE-2025-34180"
+  ],
+  "details": "NetSupport Manager < 14.12.0001  relies on a shared Gateway Key for authentication between Manager/Control, Client, and Connectivity Server components. The key is stored using a reversible encoding scheme. An attacker who obtains access to a deployed client configuration file can decode the stored value to recover the plaintext Gateway Key. Possession of the Gateway Key allows unauthorized access to NetSupport Manager connectivity services and enables remote control of systems managed through the same key.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34180"
+    },
+    {
+      "type": "WEB",
+      "url": "https://kb.netsupportsoftware.com/knowledge-base/updating-and-securing-netsupport-manager"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/netsupport-manager-gateway-key-reversible-encoding-credential-recovery"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-257"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-15T15:15:49Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-6hp6-j394-rmqr/GHSA-6hp6-j394-rmqr.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6hp6-j394-rmqr",
-  "modified": "2025-12-15T06:31:16Z",
+  "modified": "2025-12-15T15:30:31Z",
   "published": "2025-12-15T06:31:16Z",
   "aliases": [
     "CVE-2025-12684"
   ],
   "details": "The URL Shortify  WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-15T06:15:42Z"