Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/08/GHSA-3jw2-chpc-h229/GHSA-3jw2-chpc-h229.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3jw2-chpc-h229",
-  "modified": "2025-08-16T00:30:43Z",
+  "modified": "2025-09-10T15:31:13Z",
   "published": "2025-08-13T18:31:25Z",
   "aliases": [
     "CVE-2025-8920"

advisories/unreviewed/2025/08/GHSA-927x-jxxv-p35p/GHSA-927x-jxxv-p35p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-927x-jxxv-p35p",
-  "modified": "2025-08-15T21:31:17Z",
+  "modified": "2025-09-10T15:31:13Z",
   "published": "2025-08-13T18:31:25Z",
   "aliases": [
     "CVE-2025-8919"

advisories/unreviewed/2025/09/GHSA-29cj-cxw4-v4j2/GHSA-29cj-cxw4-v4j2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-29cj-cxw4-v4j2",
-  "modified": "2025-09-09T15:31:20Z",
+  "modified": "2025-09-10T15:31:15Z",
   "published": "2025-09-09T15:31:20Z",
   "aliases": [
     "CVE-2025-52277"
   ],
   "details": "Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-09T15:15:33Z"

advisories/unreviewed/2025/09/GHSA-2p4j-7hmq-hf5r/GHSA-2p4j-7hmq-hf5r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2p4j-7hmq-hf5r",
-  "modified": "2025-09-09T18:31:24Z",
+  "modified": "2025-09-10T15:31:15Z",
   "published": "2025-09-09T18:31:24Z",
   "aliases": [
     "CVE-2025-57540"
   ],
   "details": "A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment (PVE) 8.4. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page, enabling client-side attacks.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-09T17:16:10Z"

advisories/unreviewed/2025/09/GHSA-3cpj-wv4r-5r58/GHSA-3cpj-wv4r-5r58.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3cpj-wv4r-5r58",
-  "modified": "2025-09-09T15:31:19Z",
+  "modified": "2025-09-10T15:31:15Z",
   "published": "2025-09-09T15:31:19Z",
   "aliases": [
     "CVE-2025-9364"
   ],
   "details": "An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-3jfv-rhc4-5hmj/GHSA-3jfv-rhc4-5hmj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3jfv-rhc4-5hmj",
-  "modified": "2025-09-09T18:31:24Z",
+  "modified": "2025-09-10T15:31:15Z",
   "published": "2025-09-09T18:31:24Z",
   "aliases": [
     "CVE-2025-57064"
   ],
   "details": "Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-09T17:16:09Z"

advisories/unreviewed/2025/09/GHSA-3q48-cqgx-wj5v/GHSA-3q48-cqgx-wj5v.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3q48-cqgx-wj5v",
+  "modified": "2025-09-10T15:31:16Z",
+  "published": "2025-09-10T15:31:16Z",
+  "aliases": [
+    "CVE-2025-10221"
+  ],
+  "details": "Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10221"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-532"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-10T13:15:35Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-4hm3-rc3w-g6pc/GHSA-4hm3-rc3w-g6pc.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4hm3-rc3w-g6pc",
+  "modified": "2025-09-10T15:31:16Z",
+  "published": "2025-09-10T15:31:16Z",
+  "aliases": [
+    "CVE-2025-10220"
+  ],
+  "details": "Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute arbitrary code or bypass security features via exploitation of vulnerable third-party packages such as Google.Protobuf, DynamicData, System.Runtime.CompilerServices.Unsafe, and others.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10220"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1104"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-10T13:15:35Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-576x-vr78-m4v5/GHSA-576x-vr78-m4v5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-576x-vr78-m4v5",
-  "modified": "2025-09-09T18:31:24Z",
+  "modified": "2025-09-10T15:31:15Z",
   "published": "2025-09-09T18:31:24Z",
   "aliases": [
     "CVE-2025-57063"
   ],
   "details": "Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-09T17:16:09Z"

advisories/unreviewed/2025/09/GHSA-5gf5-mr4v-87q2/GHSA-5gf5-mr4v-87q2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5gf5-mr4v-87q2",
-  "modified": "2025-09-09T18:31:23Z",
+  "modified": "2025-09-10T15:31:15Z",
   "published": "2025-09-09T18:31:23Z",
   "aliases": [
     "CVE-2025-57058"
   ],
   "details": "Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-09-09T17:16:08Z"