Publish Advisories

GHSA-9f46-w24h-69w4
GHSA-2488-c4gj-6g77
GHSA-4f42-626f-cqm7
GHSA-57pf-qw33-m6q8
GHSA-7rw8-4p59-vgjq
GHSA-cmrw-mhwx-4m8w
GHSA-fq58-99h4-8g39
GHSA-gv8f-9g4r-fj8q
GHSA-hg42-5fw6-5rj9
GHSA-j4jm-c8xw-8xf7
GHSA-m8x7-m39c-62g2
GHSA-r46x-x9h4-p52r
GHSA-r5qp-7h29-v42w
GHSA-r8v7-r4ff-qv43
GHSA-xcmr-c479-3mcp
GHSA-xqwf-q6p3-jgrr
GHSA-xxqq-pg5g-cgqm

Author: advisory-database[bot]

advisories/github-reviewed/2025/11/GHSA-9f46-w24h-69w4/GHSA-9f46-w24h-69w4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9f46-w24h-69w4",
-  "modified": "2025-11-27T07:53:59Z",
+  "modified": "2025-12-17T00:31:18Z",
   "published": "2025-11-24T20:05:21Z",
   "aliases": [
     "CVE-2025-62155"

advisories/unreviewed/2025/12/GHSA-2488-c4gj-6g77/GHSA-2488-c4gj-6g77.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2488-c4gj-6g77",
+  "modified": "2025-12-17T00:31:18Z",
+  "published": "2025-12-17T00:31:18Z",
+  "aliases": [
+    "CVE-2025-34288"
+  ],
+  "details": "Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34288"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.nagios.com/changelog/nagios-xi/2026r1-1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/nagios-xi-privilege-escalation-via-writable-php-include-executed-with-sudo"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-732"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T23:15:44Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-4f42-626f-cqm7/GHSA-4f42-626f-cqm7.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-497"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/12/GHSA-57pf-qw33-m6q8/GHSA-57pf-qw33-m6q8.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-57pf-qw33-m6q8",
+  "modified": "2025-12-17T00:31:18Z",
+  "published": "2025-12-17T00:31:18Z",
+  "aliases": [
+    "CVE-2025-14466"
+  ],
+  "details": "A vulnerability in the web interface of the Güralp Fortimus Series, Minimus Series and Certimus Series allows an unauthenticated attacker with network access to send specially-crafted HTTP requests that can cause the web service process to deliberately restart. Although this mechanism limits the impact of the attack, it results in a brief denial-of-service condition during the restart.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14466"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-350-01.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T22:15:46Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-7rw8-4p59-vgjq/GHSA-7rw8-4p59-vgjq.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7rw8-4p59-vgjq",
+  "modified": "2025-12-17T00:31:18Z",
+  "published": "2025-12-17T00:31:18Z",
+  "aliases": [
+    "CVE-2025-48429"
+  ],
+  "details": "An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48429"
+    },
+    {
+      "type": "WEB",
+      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2214"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2214"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T22:15:47Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-cmrw-mhwx-4m8w/GHSA-cmrw-mhwx-4m8w.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cmrw-mhwx-4m8w",
-  "modified": "2025-12-16T09:31:09Z",
+  "modified": "2025-12-17T00:31:17Z",
   "published": "2025-12-16T09:31:09Z",
   "aliases": [
     "CVE-2025-66130"
   ],
   "details": "Missing Authorization vulnerability in etruel WP Views Counter wpecounter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Views Counter: from n/a through <= 2.1.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-16T09:15:57Z"

advisories/unreviewed/2025/12/GHSA-fq58-99h4-8g39/GHSA-fq58-99h4-8g39.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fq58-99h4-8g39",
+  "modified": "2025-12-17T00:31:19Z",
+  "published": "2025-12-17T00:31:19Z",
+  "aliases": [
+    "CVE-2025-53619"
+  ],
+  "details": "An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `null_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53619"
+    },
+    {
+      "type": "WEB",
+      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T22:15:47Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-gv8f-9g4r-fj8q/GHSA-gv8f-9g4r-fj8q.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gv8f-9g4r-fj8q",
+  "modified": "2025-12-17T00:31:18Z",
+  "published": "2025-12-17T00:31:18Z",
+  "aliases": [
+    "CVE-2025-14765"
+  ],
+  "details": "Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14765"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/448294721"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T23:15:44Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-hg42-5fw6-5rj9/GHSA-hg42-5fw6-5rj9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hg42-5fw6-5rj9",
-  "modified": "2025-12-12T21:31:39Z",
+  "modified": "2025-12-17T00:31:17Z",
   "published": "2025-12-12T21:31:39Z",
   "aliases": [
     "CVE-2025-43463"
   ],
   "details": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8.3, macOS Tahoe 26.1, macOS Sequoia 15.7.3. An app may be able to access sensitive user data.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-12T21:15:54Z"

advisories/unreviewed/2025/12/GHSA-j4jm-c8xw-8xf7/GHSA-j4jm-c8xw-8xf7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j4jm-c8xw-8xf7",
-  "modified": "2025-12-12T21:31:38Z",
+  "modified": "2025-12-17T00:31:17Z",
   "published": "2025-12-12T21:31:38Z",
   "aliases": [
     "CVE-2025-43320"
   ],
   "details": "The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.7.3. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-12T21:15:53Z"