Publish Advisories

GHSA-64r9-7879-fmg9
GHSA-6wwx-2f48-jxh8
GHSA-7565-8whx-jmg5
GHSA-q6mw-555r-hgcg
GHSA-q7r9-4c9w-4548
GHSA-v52q-48v6-rmj4
GHSA-vrvm-qc4x-35pw
GHSA-x6wm-h4q7-p8hv

Author: advisory-database[bot]

advisories/unreviewed/2025/09/GHSA-64r9-7879-fmg9/GHSA-64r9-7879-fmg9.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-64r9-7879-fmg9",
+  "modified": "2025-09-26T12:31:08Z",
+  "published": "2025-09-26T12:31:08Z",
+  "aliases": [
+    "CVE-2025-11012"
+  ],
+  "details": "A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument error_msgs_buffer can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called cb6c7514efa628adb8180b58b4c9ccdebbe096e3. A patch should be applied to remediate this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11012"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1006"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BehaviorTree/BehaviorTree.CPP/pull/1007"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BehaviorTree/BehaviorTree.CPP/commit/cb6c7514efa628adb8180b58b4c9ccdebbe096e3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/user-attachments/files/22251337/poc.zip"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.325955"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.325955"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.654074"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-26T12:15:35Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-6wwx-2f48-jxh8/GHSA-6wwx-2f48-jxh8.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6wwx-2f48-jxh8",
+  "modified": "2025-09-26T12:31:07Z",
+  "published": "2025-09-26T12:31:07Z",
+  "aliases": [
+    "CVE-2025-10544"
+  ],
+  "details": "Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files that compromise the system. In addition, it is vulnerable to Path Traversal, which allows files to be written to arbitrary directories within the web root.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10544"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-uploading-dangerous-file-types-avepoint-products"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-434"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-26T10:15:44Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-7565-8whx-jmg5/GHSA-7565-8whx-jmg5.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7565-8whx-jmg5",
+  "modified": "2025-09-26T12:31:08Z",
+  "published": "2025-09-26T12:31:08Z",
+  "aliases": [
+    "CVE-2025-11011"
+  ],
+  "details": "A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d. It is suggested to install a patch to address this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11011"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1008"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BehaviorTree/BehaviorTree.CPP/pull/1009"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BehaviorTree/BehaviorTree.CPP/commit/4b23dcaf0ce951a31299ebdd61df69f9ce99a76d"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/user-attachments/files/22270928/poc.zip"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.325954"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.325954"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.654073"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-404"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-26T12:15:34Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-q6mw-555r-hgcg/GHSA-q6mw-555r-hgcg.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q6mw-555r-hgcg",
+  "modified": "2025-09-26T12:31:08Z",
+  "published": "2025-09-26T12:31:08Z",
+  "aliases": [
+    "CVE-2025-5069"
+  ],
+  "details": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's project.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5069"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hackerone.com/reports/3019236"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/544926"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-708"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-26T10:15:47Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-q7r9-4c9w-4548/GHSA-q7r9-4c9w-4548.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q7r9-4c9w-4548",
+  "modified": "2025-09-26T12:31:08Z",
+  "published": "2025-09-26T12:31:08Z",
+  "aliases": [
+    "CVE-2025-11010"
+  ],
+  "details": "A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_include_common of the file /src/ucl_util.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11010"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/vstakhov/libucl/issues/337"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/user-attachments/files/22317650/poc.zip"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.325953"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.325953"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.654068"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-26T11:15:38Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-v52q-48v6-rmj4/GHSA-v52q-48v6-rmj4.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-v52q-48v6-rmj4",
+  "modified": "2025-09-26T12:31:08Z",
+  "published": "2025-09-26T12:31:07Z",
+  "aliases": [
+    "CVE-2025-11042"
+  ],
+  "details": "An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while using specific GraphQL queries.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11042"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/550374"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-26T10:15:47Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-vrvm-qc4x-35pw/GHSA-vrvm-qc4x-35pw.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vrvm-qc4x-35pw",
+  "modified": "2025-09-26T12:31:07Z",
+  "published": "2025-09-26T12:31:07Z",
+  "aliases": [
+    "CVE-2025-10868"
+  ],
+  "details": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10868"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/526482"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-09-26T10:15:46Z"
+  }
+}

advisories/unreviewed/2025/09/GHSA-x6wm-h4q7-p8hv/GHSA-x6wm-h4q7-p8hv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x6wm-h4q7-p8hv",
-  "modified": "2025-09-15T12:31:25Z",
+  "modified": "2025-09-26T12:31:07Z",
   "published": "2025-09-15T12:31:25Z",
   "aliases": [
     "CVE-2025-9826"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://product.m-files.com/security-advisories/cve-2024-9826"
+    },
+    {
+      "type": "WEB",
+      "url": "https://product.m-files.com/security-advisories/cve-2025-9826"
     }
   ],
   "database_specific": {