Publish Advisories

GHSA-856v-8qm2-9wjv
GHSA-433r-68jw-r53j
GHSA-mw57-63xv-7mx2
GHSA-3cjf-7xfg-396f
GHSA-4jvg-m2cx-p4xv
GHSA-5pv9-gvf5-hfgv
GHSA-5qp2-82v4-wwr8
GHSA-6hx6-8jw7-pgww
GHSA-7pvj-rp26-vxxc
GHSA-86rh-8633-4r2v
GHSA-962p-4p89-4946
GHSA-cx2q-9f4q-7mgw
GHSA-whfp-rmwr-4q53
GHSA-x4fp-gjpv-c6r5

Author: advisory-database[bot]

advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-856v-8qm2-9wjv",
-  "modified": "2025-11-20T21:30:30Z",
+  "modified": "2025-12-01T12:30:27Z",
   "published": "2025-08-07T21:31:08Z",
   "aliases": [
     "CVE-2025-7195"
@@ -64,6 +64,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:21885"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22416"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-7195"

advisories/unreviewed/2025/08/GHSA-433r-68jw-r53j/GHSA-433r-68jw-r53j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-433r-68jw-r53j",
-  "modified": "2025-11-26T18:30:59Z",
+  "modified": "2025-12-01T12:30:28Z",
   "published": "2025-08-22T18:31:22Z",
   "aliases": [
     "CVE-2025-38627"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/39868685c2a94a70762bc6d77dc81d781d05bff5"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5d604d40cd3232b09cb339941ef958e49283ed0a"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/8fae5b6addd5f6895e03797b56e3c7b9f9cd15c9"

advisories/unreviewed/2025/08/GHSA-mw57-63xv-7mx2/GHSA-mw57-63xv-7mx2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mw57-63xv-7mx2",
-  "modified": "2025-11-02T15:30:12Z",
+  "modified": "2025-12-01T12:30:28Z",
   "published": "2025-08-22T18:31:22Z",
   "aliases": [
     "CVE-2025-38643"
@@ -26,6 +26,10 @@
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/7022df2248c08c6f75a01714163ac902333bf3db"
     },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/b3d24038eb775f2f7a1dfef58d8e1dc444a12820"
+    },
     {
       "type": "WEB",
       "url": "https://git.kernel.org/stable/c/dbce810607726408f889d3358f4780fd1436861e"

advisories/unreviewed/2025/12/GHSA-3cjf-7xfg-396f/GHSA-3cjf-7xfg-396f.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3cjf-7xfg-396f",
+  "modified": "2025-12-01T12:30:28Z",
+  "published": "2025-12-01T12:30:28Z",
+  "aliases": [
+    "CVE-2025-58408"
+  ],
+  "details": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free.\n\nThe Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58408"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T12:15:46Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-4jvg-m2cx-p4xv/GHSA-4jvg-m2cx-p4xv.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4jvg-m2cx-p4xv",
+  "modified": "2025-12-01T12:30:28Z",
+  "published": "2025-12-01T12:30:28Z",
+  "aliases": [
+    "CVE-2025-41070"
+  ],
+  "details": "Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetes_varies.php'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41070"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-sanomas-clickedu"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T11:15:48Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-5pv9-gvf5-hfgv/GHSA-5pv9-gvf5-hfgv.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5pv9-gvf5-hfgv",
+  "modified": "2025-12-01T12:30:28Z",
+  "published": "2025-12-01T12:30:28Z",
+  "aliases": [
+    "CVE-2025-13819"
+  ],
+  "details": "Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter, facilitating phishing or social engineering attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13819"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mobile-industrial-robots.com/security-advisories/cve-2025-13819-open-redirect"
+    },
+    {
+      "type": "WEB",
+      "url": "https://supportportal.mobile-industrial-robots.com/documentation/mir-cybersecurity-guide/mir-cybersecurity-guide"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-601"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T10:15:59Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-5qp2-82v4-wwr8/GHSA-5qp2-82v4-wwr8.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5qp2-82v4-wwr8",
+  "modified": "2025-12-01T12:30:28Z",
+  "published": "2025-12-01T12:30:28Z",
+  "aliases": [
+    "CVE-2025-41739"
+  ],
+  "details": "An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41739"
+    },
+    {
+      "type": "WEB",
+      "url": "https://certvde.com/de/advisories/VDE-2025-099"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T10:16:01Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-6hx6-8jw7-pgww/GHSA-6hx6-8jw7-pgww.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6hx6-8jw7-pgww",
+  "modified": "2025-12-01T12:30:28Z",
+  "published": "2025-12-01T12:30:28Z",
+  "aliases": [
+    "CVE-2025-2879"
+  ],
+  "details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2879"
+    },
+    {
+      "type": "WEB",
+      "url": "https://developer.arm.com/documentation/110697/latest"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T11:15:46Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-7pvj-rp26-vxxc/GHSA-7pvj-rp26-vxxc.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7pvj-rp26-vxxc",
+  "modified": "2025-12-01T12:30:28Z",
+  "published": "2025-12-01T12:30:28Z",
+  "aliases": [
+    "CVE-2025-41738"
+  ],
+  "details": "An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41738"
+    },
+    {
+      "type": "WEB",
+      "url": "https://certvde.com/de/advisories/VDE-2025-100"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-843"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T10:16:01Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-86rh-8633-4r2v/GHSA-86rh-8633-4r2v.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-86rh-8633-4r2v",
+  "modified": "2025-12-01T12:30:28Z",
+  "published": "2025-12-01T12:30:28Z",
+  "aliases": [
+    "CVE-2025-13296"
+  ],
+  "details": "Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13296"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usom.gov.tr/bildirim/tr-25-0421"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T12:15:45Z"
+  }
+}