Publish Advisories

GHSA-8mc4-q7gv-xrqv
GHSA-fqh2-qgmv-w3w8
GHSA-hjfv-pj3c-gjj3
GHSA-hr7m-hf2x-j4vh
GHSA-j7r7-3wrm-f59w
GHSA-mvwp-xpr9-3mwj
GHSA-pg34-74hm-v732
GHSA-r8ww-q8x3-4wc9

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-8mc4-q7gv-xrqv/GHSA-8mc4-q7gv-xrqv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8mc4-q7gv-xrqv",
-  "modified": "2025-12-12T21:31:39Z",
+  "modified": "2025-12-14T00:30:24Z",
   "published": "2025-12-12T21:31:39Z",
   "aliases": [
     "CVE-2025-43464"
   ],
   "details": "A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Tahoe 26.1. Visiting a website may lead to an app denial-of-service.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-12T21:15:54Z"

advisories/unreviewed/2025/12/GHSA-fqh2-qgmv-w3w8/GHSA-fqh2-qgmv-w3w8.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fqh2-qgmv-w3w8",
-  "modified": "2025-12-12T21:31:39Z",
+  "modified": "2025-12-14T00:30:24Z",
   "published": "2025-12-12T21:31:39Z",
   "aliases": [
     "CVE-2025-43467"
   ],
   "details": "This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to gain root privileges.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-12T21:15:54Z"

advisories/unreviewed/2025/12/GHSA-hjfv-pj3c-gjj3/GHSA-hjfv-pj3c-gjj3.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hjfv-pj3c-gjj3",
+  "modified": "2025-12-14T00:30:24Z",
+  "published": "2025-12-14T00:30:24Z",
+  "aliases": [
+    "CVE-2025-13832"
+  ],
+  "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13832"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-13T23:15:51Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-hr7m-hf2x-j4vh/GHSA-hr7m-hf2x-j4vh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hr7m-hf2x-j4vh",
-  "modified": "2025-12-12T21:31:39Z",
+  "modified": "2025-12-14T00:30:24Z",
   "published": "2025-12-12T21:31:39Z",
   "aliases": [
     "CVE-2025-43527"
   ],
   "details": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3. An app may be able to gain root privileges.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-280"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-12T21:15:57Z"

advisories/unreviewed/2025/12/GHSA-j7r7-3wrm-f59w/GHSA-j7r7-3wrm-f59w.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-798"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/12/GHSA-mvwp-xpr9-3mwj/GHSA-mvwp-xpr9-3mwj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mvwp-xpr9-3mwj",
-  "modified": "2025-12-12T21:31:38Z",
+  "modified": "2025-12-14T00:30:23Z",
   "published": "2025-12-12T21:31:38Z",
   "aliases": [
     "CVE-2025-43410"
   ],
   "details": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2. An attacker with physical access may be able to view deleted notes.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-524"
+    ],
+    "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-12T21:15:54Z"

advisories/unreviewed/2025/12/GHSA-pg34-74hm-v732/GHSA-pg34-74hm-v732.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pg34-74hm-v732",
-  "modified": "2025-12-13T18:30:22Z",
+  "modified": "2025-12-14T00:30:24Z",
   "published": "2025-12-13T18:30:22Z",
   "aliases": [
     "CVE-2025-9116"
   ],
   "details": "The WPS Visitor Counter Plugin WordPress plugin through 1.4.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-13T16:16:56Z"

advisories/unreviewed/2025/12/GHSA-r8ww-q8x3-4wc9/GHSA-r8ww-q8x3-4wc9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r8ww-q8x3-4wc9",
-  "modified": "2025-12-12T21:31:39Z",
+  "modified": "2025-12-14T00:30:24Z",
   "published": "2025-12-12T21:31:39Z",
   "aliases": [
     "CVE-2025-43511"
   ],
   "details": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-12T21:15:56Z"