Skip to content

Commit 8e8f474

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-444q-fgvg-7w24 GHSA-4mcw-rvpf-x558 GHSA-656h-6g23-9xp5 GHSA-6m83-3rq7-m92j GHSA-6m8v-pq64-q6hg GHSA-727f-526p-8ccx GHSA-7xqg-7c5j-24w3 GHSA-88px-4mf5-697p GHSA-95fc-r8xp-4x43 GHSA-9hh4-4r9p-r9jg GHSA-cvf4-jqv5-w8rm GHSA-f332-93r7-qwc7 GHSA-q627-rgcq-vfvp GHSA-qv5q-qmv4-27rm GHSA-wvq4-h5jc-w23x
1 parent c9bdc17 commit 8e8f474

File tree

15 files changed

+407
-1
lines changed

15 files changed

+407
-1
lines changed

advisories/unreviewed/2025/12/GHSA-444q-fgvg-7w24/GHSA-444q-fgvg-7w24.json

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-444q-fgvg-7w24",
4+
"modified": "2025-12-10T06:30:23Z",
5+
"published": "2025-12-10T06:30:23Z",
6+
"aliases": [
7+
"CVE-2025-67612"
8+
],
9+
"details": "Rejected reason: Not used",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67612"
16+
}
17+
],
18+
"database_specific": {
19+
"cwe_ids": [],
20+
"severity": null,
21+
"github_reviewed": false,
22+
"github_reviewed_at": null,
23+
"nvd_published_at": "2025-12-10T04:15:58Z"
24+
}
25+
}

advisories/unreviewed/2025/12/GHSA-4mcw-rvpf-x558/GHSA-4mcw-rvpf-x558.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-4mcw-rvpf-x558",
4-
"modified": "2025-12-05T18:31:11Z",
4+
"modified": "2025-12-10T06:30:23Z",
55
"published": "2025-12-05T18:31:11Z",
66
"aliases": [
77
"CVE-2024-9183"
@@ -23,6 +23,10 @@
2323
"type": "WEB",
2424
"url": "https://hackerone.com/reports/2707421"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/494478"

advisories/unreviewed/2025/12/GHSA-656h-6g23-9xp5/GHSA-656h-6g23-9xp5.json

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-656h-6g23-9xp5",
4+
"modified": "2025-12-10T06:30:23Z",
5+
"published": "2025-12-10T06:30:23Z",
6+
"aliases": [
7+
"CVE-2025-9056"
8+
],
9+
"details": "Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9056"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://security.tecno.com/SRC/securityUpdates"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [
24+
"CWE-863"
25+
],
26+
"severity": null,
27+
"github_reviewed": false,
28+
"github_reviewed_at": null,
29+
"nvd_published_at": "2025-12-10T04:15:58Z"
30+
}
31+
}

advisories/unreviewed/2025/12/GHSA-6m83-3rq7-m92j/GHSA-6m83-3rq7-m92j.json

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6m83-3rq7-m92j",
4+
"modified": "2025-12-10T06:30:23Z",
5+
"published": "2025-12-10T06:30:23Z",
6+
"aliases": [
7+
"CVE-2025-67608"
8+
],
9+
"details": "Rejected reason: Not used",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67608"
16+
}
17+
],
18+
"database_specific": {
19+
"cwe_ids": [],
20+
"severity": null,
21+
"github_reviewed": false,
22+
"github_reviewed_at": null,
23+
"nvd_published_at": "2025-12-10T04:15:58Z"
24+
}
25+
}

advisories/unreviewed/2025/12/GHSA-6m8v-pq64-q6hg/GHSA-6m8v-pq64-q6hg.json

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6m8v-pq64-q6hg",
4+
"modified": "2025-12-10T06:30:23Z",
5+
"published": "2025-12-10T06:30:23Z",
6+
"aliases": [
7+
"CVE-2025-67609"
8+
],
9+
"details": "Rejected reason: Not used",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67609"
16+
}
17+
],
18+
"database_specific": {
19+
"cwe_ids": [],
20+
"severity": null,
21+
"github_reviewed": false,
22+
"github_reviewed_at": null,
23+
"nvd_published_at": "2025-12-10T04:15:58Z"
24+
}
25+
}

advisories/unreviewed/2025/12/GHSA-727f-526p-8ccx/GHSA-727f-526p-8ccx.json

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-727f-526p-8ccx",
4+
"modified": "2025-12-10T06:30:23Z",
5+
"published": "2025-12-10T06:30:23Z",
6+
"aliases": [
7+
"CVE-2025-67605"
8+
],
9+
"details": "Rejected reason: Not used",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67605"
16+
}
17+
],
18+
"database_specific": {
19+
"cwe_ids": [],
20+
"severity": null,
21+
"github_reviewed": false,
22+
"github_reviewed_at": null,
23+
"nvd_published_at": "2025-12-10T04:15:58Z"
24+
}
25+
}

advisories/unreviewed/2025/12/GHSA-7xqg-7c5j-24w3/GHSA-7xqg-7c5j-24w3.json

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-7xqg-7c5j-24w3",
4+
"modified": "2025-12-10T06:30:23Z",
5+
"published": "2025-12-10T06:30:23Z",
6+
"aliases": [
7+
"CVE-2025-67611"
8+
],
9+
"details": "Rejected reason: Not used",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67611"
16+
}
17+
],
18+
"database_specific": {
19+
"cwe_ids": [],
20+
"severity": null,
21+
"github_reviewed": false,
22+
"github_reviewed_at": null,
23+
"nvd_published_at": "2025-12-10T04:15:58Z"
24+
}
25+
}

advisories/unreviewed/2025/12/GHSA-88px-4mf5-697p/GHSA-88px-4mf5-697p.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-88px-4mf5-697p",
4+
"modified": "2025-12-10T06:30:23Z",
5+
"published": "2025-12-10T06:30:23Z",
6+
"aliases": [
7+
"CVE-2025-13072"
8+
],
9+
"details": "The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13072"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://wpscan.com/vulnerability/e3795f29-b886-4b92-a7d6-5f5afd7090aa"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2025-12-10T06:15:45Z"
28+
}
29+
}

advisories/unreviewed/2025/12/GHSA-95fc-r8xp-4x43/GHSA-95fc-r8xp-4x43.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-95fc-r8xp-4x43",
4+
"modified": "2025-12-10T06:30:23Z",
5+
"published": "2025-12-10T06:30:23Z",
6+
"aliases": [
7+
"CVE-2025-13339"
8+
],
9+
"details": "The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13339"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/changeset/3412701"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/06900b4b-6607-4b25-b4bc-2e2906160421?source=cve"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-22"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-12-10T05:16:02Z"
39+
}
40+
}

advisories/unreviewed/2025/12/GHSA-9hh4-4r9p-r9jg/GHSA-9hh4-4r9p-r9jg.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9hh4-4r9p-r9jg",
4+
"modified": "2025-12-10T06:30:24Z",
5+
"published": "2025-12-10T06:30:23Z",
6+
"aliases": [
7+
"CVE-2025-13073"
8+
],
9+
"details": "The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13073"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://wpscan.com/vulnerability/697fc4be-782c-44cc-840a-774c8ab3ccd8"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2025-12-10T06:15:45Z"
28+
}
29+
}

0 commit comments

Comments
 (0)