Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/07/GHSA-px93-j66q-3gqm/GHSA-px93-j66q-3gqm.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-290"
+      "CWE-290",
+      "CWE-358"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/01/GHSA-gjv6-pfh4-3rff/GHSA-gjv6-pfh4-3rff.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gjv6-pfh4-3rff",
-  "modified": "2025-10-22T00:33:12Z",
+  "modified": "2025-10-31T15:30:29Z",
   "published": "2025-01-14T18:32:05Z",
   "aliases": [
     "CVE-2025-21333"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21333"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/52436"
+    },
     {
       "type": "WEB",
       "url": "https://www.vicarius.io/vsociety/posts/cve-2025-21333-elevated-privilege-exposure-in-windows-hyper-v-by-microsoft-detection-script"

advisories/unreviewed/2025/03/GHSA-h8g5-2596-xjh9/GHSA-h8g5-2596-xjh9.json

@@ -37,7 +37,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-668"
+    ],
     "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/09/GHSA-595w-v3fv-xpwf/GHSA-595w-v3fv-xpwf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-595w-v3fv-xpwf",
-  "modified": "2025-09-30T12:30:51Z",
+  "modified": "2025-10-31T15:30:30Z",
   "published": "2025-09-30T12:30:51Z",
   "aliases": [
     "CVE-2025-59668"
@@ -27,9 +27,17 @@
       "type": "WEB",
       "url": "https://jvn.jp/en/vu/JVNVU96989989"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-296-01"
+    },
     {
       "type": "WEB",
       "url": "https://www.nihonkohden.com/security.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.nihonkohden.com/security/main/01112/teaserItems3/0/linkList/0/link/NKcorporateResponse-CNS-6201_CentralMonitor_Vulnerability(CVE-2025-59668)_en_Rev2.pdf"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/10/GHSA-2cfx-ppj7-2856/GHSA-2cfx-ppj7-2856.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2cfx-ppj7-2856",
+  "modified": "2025-10-31T15:30:31Z",
+  "published": "2025-10-31T15:30:31Z",
+  "aliases": [
+    "CVE-2025-64388"
+  ],
+  "details": "Denial of service of the web server through specific requests to this protocol",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64388"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cds.thalesgroup.com/es/s21sec"
+    },
+    {
+      "type": "WEB",
+      "url": "https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010."
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-400"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-31T15:15:43Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2rj5-gh6q-72fp/GHSA-2rj5-gh6q-72fp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2rj5-gh6q-72fp",
-  "modified": "2025-10-31T00:30:35Z",
+  "modified": "2025-10-31T15:30:31Z",
   "published": "2025-10-31T00:30:35Z",
   "aliases": [
     "CVE-2025-52665"
   ],
   "details": "A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. \n \nAffected Products:\nUniFi Access Application (Version 3.3.22 through 3.4.31). \n \n\nMitigation:\nUpdate your UniFi Access Application to Version 4.0.21 or later.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-31T00:15:37Z"

advisories/unreviewed/2025/10/GHSA-3h2w-68px-r4v5/GHSA-3h2w-68px-r4v5.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3h2w-68px-r4v5",
-  "modified": "2025-10-31T09:30:26Z",
+  "modified": "2025-10-31T15:30:31Z",
   "published": "2025-10-31T09:30:26Z",
   "aliases": [
     "CVE-2025-62232"
   ],
   "details": "Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access.\nIt has been fixed in the following commit:  https://github.com/apache/apisix/pull/12629 \nUsers are recommended to upgrade to version 3.14, which fixes this issue.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-532"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-31T09:15:48Z"

advisories/unreviewed/2025/10/GHSA-4fg8-97vg-f94j/GHSA-4fg8-97vg-f94j.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4fg8-97vg-f94j",
+  "modified": "2025-10-31T15:30:31Z",
+  "published": "2025-10-31T15:30:31Z",
+  "aliases": [
+    "CVE-2024-13992"
+  ],
+  "details": "Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the \"missing page\" (404) page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI domain.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13992"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.nagios.com/changelog/nagios-xi/2024r1-1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.nagios.com/products/security/#nagios-xi"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/nagios-xi-xss-via-missing-page"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-31T13:15:33Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-4m38-cfr7-jx25/GHSA-4m38-cfr7-jx25.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4m38-cfr7-jx25",
+  "modified": "2025-10-31T15:30:31Z",
+  "published": "2025-10-31T15:30:31Z",
+  "aliases": [
+    "CVE-2025-64386"
+  ],
+  "details": "The\nequipment grants a JWT token for each connection in the timeline, but during an\nactive valid session, a hijacking of the token can be done. This will allow an\nattacker with the token modify parameters of security, access or even steal the\nsession without\nthe legitimate and active session detecting it. The web server allows the\nattacker to reuse an old session JWT token while the legitimate session is\nactive.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64386"
+    },
+    {
+      "type": "WEB",
+      "url": "https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010."
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-613"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-31T14:16:13Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-5fcf-3m52-f3q5/GHSA-5fcf-3m52-f3q5.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5fcf-3m52-f3q5",
+  "modified": "2025-10-31T15:30:31Z",
+  "published": "2025-10-31T15:30:31Z",
+  "aliases": [
+    "CVE-2025-36249"
+  ],
+  "details": "IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36249"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7249820"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-614"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-31T13:15:33Z"
+  }
+}