Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-22vc-cp5h-m3m9/GHSA-22vc-cp5h-m3m9.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-22vc-cp5h-m3m9",
-  "modified": "2025-12-24T15:30:41Z",
+  "modified": "2025-12-24T21:30:28Z",
   "published": "2025-12-24T15:30:40Z",
   "aliases": [
     "CVE-2025-68494"
   ],
   "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a through <= 4.11.53.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-497"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-24T13:16:19Z"

advisories/unreviewed/2025/12/GHSA-24q7-r72h-hcm2/GHSA-24q7-r72h-hcm2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-24q7-r72h-hcm2",
-  "modified": "2025-12-24T15:30:43Z",
+  "modified": "2025-12-24T21:30:30Z",
   "published": "2025-12-24T15:30:43Z",
   "aliases": [
     "CVE-2025-68606"
   ],
   "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-497"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-24T13:16:28Z"

advisories/unreviewed/2025/12/GHSA-266w-r6vg-579f/GHSA-266w-r6vg-579f.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-266w-r6vg-579f",
-  "modified": "2025-12-24T15:30:41Z",
+  "modified": "2025-12-24T21:30:28Z",
   "published": "2025-12-24T15:30:41Z",
   "aliases": [
     "CVE-2025-68522"
   ],
   "details": "Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-24T13:16:21Z"

advisories/unreviewed/2025/12/GHSA-2gg3-j2hg-72f4/GHSA-2gg3-j2hg-72f4.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2gg3-j2hg-72f4",
+  "modified": "2025-12-24T21:30:34Z",
+  "published": "2025-12-24T21:30:34Z",
+  "aliases": [
+    "CVE-2019-25256"
+  ],
+  "details": "VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25256"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/44386"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5454.php"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.video-flow.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T20:15:54Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2gww-fh48-p92f/GHSA-2gww-fh48-p92f.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2gww-fh48-p92f",
+  "modified": "2025-12-24T21:30:33Z",
+  "published": "2025-12-24T21:30:33Z",
+  "aliases": [
+    "CVE-2019-25235"
+  ],
+  "details": "Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25235"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/47595"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.smartwares.eu"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5540.php"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T20:15:51Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2h6j-3v9m-2v47/GHSA-2h6j-3v9m-2v47.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2h6j-3v9m-2v47",
-  "modified": "2025-12-24T15:30:43Z",
+  "modified": "2025-12-24T21:30:30Z",
   "published": "2025-12-24T15:30:43Z",
   "aliases": [
     "CVE-2025-68602"
   ],
   "details": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-601"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-24T13:16:27Z"

advisories/unreviewed/2025/12/GHSA-2whw-f57x-r8vq/GHSA-2whw-f57x-r8vq.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2whw-f57x-r8vq",
-  "modified": "2025-12-24T15:30:41Z",
+  "modified": "2025-12-24T21:30:28Z",
   "published": "2025-12-24T15:30:41Z",
   "aliases": [
     "CVE-2025-68513"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Timeline Lite bold-timeline-lite allows Stored XSS.This issue affects Bold Timeline Lite: from n/a through <= 1.2.7.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-24T13:16:21Z"

advisories/unreviewed/2025/12/GHSA-2wpw-x29g-2vrh/GHSA-2wpw-x29g-2vrh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2wpw-x29g-2vrh",
-  "modified": "2025-12-24T15:30:42Z",
+  "modified": "2025-12-24T21:30:29Z",
   "published": "2025-12-24T15:30:42Z",
   "aliases": [
     "CVE-2025-68571"
   ],
   "details": "Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through <= 3.9.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-24T13:16:24Z"

advisories/unreviewed/2025/12/GHSA-2xwp-gm9f-mwxv/GHSA-2xwp-gm9f-mwxv.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2xwp-gm9f-mwxv",
-  "modified": "2025-12-24T15:30:41Z",
+  "modified": "2025-12-24T21:30:29Z",
   "published": "2025-12-24T15:30:41Z",
   "aliases": [
     "CVE-2025-68537"
   ],
   "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-98"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-24T13:16:22Z"

advisories/unreviewed/2025/12/GHSA-36q5-9xfc-m5q6/GHSA-36q5-9xfc-m5q6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-36q5-9xfc-m5q6",
-  "modified": "2025-12-24T15:30:43Z",
+  "modified": "2025-12-24T21:30:30Z",
   "published": "2025-12-24T15:30:43Z",
   "aliases": [
     "CVE-2025-68598"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.0.5.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-12-24T13:16:27Z"