Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 966ca54a7842 · 2025-11-14T03:32:40.000Z
GHSA-3fjr-cx6c-863c GHSA-8pxf-65qh-4qrc GHSA-9f83-3gqq-cv2v GHSA-c3h3-5hxq-qpc7 GHSA-f87p-wjm9-4rp5 GHSA-g4hf-8p4f-p7g3 GHSA-h3xj-4mp2-qr5w GHSA-hwc8-vf72-jqqw GHSA-j3qx-c2ff-2p64 GHSA-jm26-2m6v-322r GHSA-q7v7-xg85-x35m GHSA-qx5q-4m37-mp7p GHSA-rw6m-2gvw-353g
diff --git a/advisories/unreviewed/2025/11/GHSA-3fjr-cx6c-863c/GHSA-3fjr-cx6c-863c.json b/advisories/unreviewed/2025/11/GHSA-3fjr-cx6c-863c/GHSA-3fjr-cx6c-863c.json
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3fjr-cx6c-863c",
+  "modified": "2025-11-14T03:30:53Z",
+  "published": "2025-11-14T03:30:53Z",
+  "aliases": [
+    "CVE-2024-11919"
+  ],
+  "details": "Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11919"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/352516283"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-14T03:15:54Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-8pxf-65qh-4qrc/GHSA-8pxf-65qh-4qrc.json b/advisories/unreviewed/2025/11/GHSA-8pxf-65qh-4qrc/GHSA-8pxf-65qh-4qrc.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8pxf-65qh-4qrc",
-  "modified": "2025-11-06T09:30:27Z",
+  "modified": "2025-11-14T03:30:53Z",
   "published": "2025-11-06T09:30:27Z",
   "aliases": [
     "CVE-2025-10259"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://jvn.jp/vu/JVNVU92088475"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-01"
+    },
     {
       "type": "WEB",
       "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-014_en.pdf"
diff --git a/advisories/unreviewed/2025/11/GHSA-9f83-3gqq-cv2v/GHSA-9f83-3gqq-cv2v.json b/advisories/unreviewed/2025/11/GHSA-9f83-3gqq-cv2v/GHSA-9f83-3gqq-cv2v.json
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9f83-3gqq-cv2v",
+  "modified": "2025-11-14T03:30:54Z",
+  "published": "2025-11-14T03:30:54Z",
+  "aliases": [
+    "CVE-2025-13097"
+  ],
+  "details": "Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13097"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/402791076"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-14T03:15:56Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-c3h3-5hxq-qpc7/GHSA-c3h3-5hxq-qpc7.json b/advisories/unreviewed/2025/11/GHSA-c3h3-5hxq-qpc7/GHSA-c3h3-5hxq-qpc7.json
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c3h3-5hxq-qpc7",
+  "modified": "2025-11-14T03:30:54Z",
+  "published": "2025-11-14T03:30:54Z",
+  "aliases": [
+    "CVE-2024-13983"
+  ],
+  "details": "Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13983"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/379818904"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-14T03:15:55Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-f87p-wjm9-4rp5/GHSA-f87p-wjm9-4rp5.json b/advisories/unreviewed/2025/11/GHSA-f87p-wjm9-4rp5/GHSA-f87p-wjm9-4rp5.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f87p-wjm9-4rp5",
+  "modified": "2025-11-14T03:30:54Z",
+  "published": "2025-11-14T03:30:54Z",
+  "aliases": [
+    "CVE-2025-12904"
+  ],
+  "details": "The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12904"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3392176/h5pxapikatchu"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90552d5a-6103-48c7-ad44-52ee8ecac114?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-14T03:15:56Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-g4hf-8p4f-p7g3/GHSA-g4hf-8p4f-p7g3.json b/advisories/unreviewed/2025/11/GHSA-g4hf-8p4f-p7g3/GHSA-g4hf-8p4f-p7g3.json
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g4hf-8p4f-p7g3",
+  "modified": "2025-11-14T03:30:54Z",
+  "published": "2025-11-14T03:30:54Z",
+  "aliases": [
+    "CVE-2024-7017"
+  ],
+  "details": "Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7017"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/338248595"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-14T03:15:55Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-h3xj-4mp2-qr5w/GHSA-h3xj-4mp2-qr5w.json b/advisories/unreviewed/2025/11/GHSA-h3xj-4mp2-qr5w/GHSA-h3xj-4mp2-qr5w.json
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h3xj-4mp2-qr5w",
+  "modified": "2025-11-14T03:30:54Z",
+  "published": "2025-11-14T03:30:54Z",
+  "aliases": [
+    "CVE-2025-13102"
+  ],
+  "details": "Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13102"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/351564774"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-14T03:15:56Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-hwc8-vf72-jqqw/GHSA-hwc8-vf72-jqqw.json b/advisories/unreviewed/2025/11/GHSA-hwc8-vf72-jqqw/GHSA-hwc8-vf72-jqqw.json
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hwc8-vf72-jqqw",
+  "modified": "2025-11-14T03:30:54Z",
+  "published": "2025-11-14T03:30:54Z",
+  "aliases": [
+    "CVE-2025-13107"
+  ],
+  "details": "Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13107"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/429440615"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-14T03:15:56Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-j3qx-c2ff-2p64/GHSA-j3qx-c2ff-2p64.json b/advisories/unreviewed/2025/11/GHSA-j3qx-c2ff-2p64/GHSA-j3qx-c2ff-2p64.json
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j3qx-c2ff-2p64",
+  "modified": "2025-11-14T03:30:54Z",
+  "published": "2025-11-14T03:30:54Z",
+  "aliases": [
+    "CVE-2024-7021"
+  ],
+  "details": "Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7021"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/40064701"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-14T03:15:55Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-jm26-2m6v-322r/GHSA-jm26-2m6v-322r.json b/advisories/unreviewed/2025/11/GHSA-jm26-2m6v-322r/GHSA-jm26-2m6v-322r.json
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jm26-2m6v-322r",
+  "modified": "2025-11-14T03:30:53Z",
+  "published": "2025-11-14T03:30:53Z",
+  "aliases": [
+    "CVE-2024-11920"
+  ],
+  "details": "Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11920"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/371840056"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-14T03:15:55Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-q7v7-xg85-x35m/GHSA-q7v7-xg85-x35m.json b/advisories/unreviewed/2025/11/GHSA-q7v7-xg85-x35m/GHSA-q7v7-xg85-x35m.json
@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q7v7-xg85-x35m",
+  "modified": "2025-11-14T03:30:54Z",
+  "published": "2025-11-14T03:30:54Z",
+  "aliases": [
+    "CVE-2024-9126"
+  ],
+  "details": "Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9126"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/349653218"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-14T03:15:55Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-qx5q-4m37-mp7p/GHSA-qx5q-4m37-mp7p.json b/advisories/unreviewed/2025/11/GHSA-qx5q-4m37-mp7p/GHSA-qx5q-4m37-mp7p.json
diff --git a/advisories/unreviewed/2025/11/GHSA-rw6m-2gvw-353g/GHSA-rw6m-2gvw-353g.json b/advisories/unreviewed/2025/11/GHSA-rw6m-2gvw-353g/GHSA-rw6m-2gvw-353g.json
