Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/03/GHSA-9ww7-cjcf-gq83/GHSA-9ww7-cjcf-gq83.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9ww7-cjcf-gq83",
-  "modified": "2024-03-27T09:30:40Z",
+  "modified": "2025-11-26T15:34:08Z",
   "published": "2024-03-27T09:30:40Z",
   "aliases": [
     "CVE-2024-30198"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5.\n\n",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeKraft BuddyForms allows Reflected XSS.This issue affects BuddyForms: from n/a through 2.8.5.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2024/04/GHSA-jppj-cfrj-8qw6/GHSA-jppj-cfrj-8qw6.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jppj-cfrj-8qw6",
-  "modified": "2024-04-20T03:30:33Z",
+  "modified": "2025-11-26T15:34:08Z",
   "published": "2024-04-20T03:30:33Z",
   "aliases": [
     "CVE-2024-1057"
@@ -29,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/04/GHSA-q6m7-j3hp-j7rg/GHSA-q6m7-j3hp-j7rg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q6m7-j3hp-j7rg",
-  "modified": "2024-04-09T21:32:00Z",
+  "modified": "2025-11-26T15:34:08Z",
   "published": "2024-04-09T21:32:00Z",
   "aliases": [
     "CVE-2024-2946"
@@ -29,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/05/GHSA-f9q7-v97w-mgm7/GHSA-f9q7-v97w-mgm7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f9q7-v97w-mgm7",
-  "modified": "2024-05-02T18:30:55Z",
+  "modified": "2025-11-26T15:34:08Z",
   "published": "2024-05-02T18:30:55Z",
   "aliases": [
     "CVE-2024-3991"
@@ -29,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/05/GHSA-h4cg-h27h-8rj3/GHSA-h4cg-h27h-8rj3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h4cg-h27h-8rj3",
-  "modified": "2024-05-02T18:30:51Z",
+  "modified": "2025-11-26T15:34:08Z",
   "published": "2024-05-02T18:30:51Z",
   "aliases": [
     "CVE-2023-7067"
@@ -29,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-862"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/07/GHSA-pf4h-wcfc-95m7/GHSA-pf4h-wcfc-95m7.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pf4h-wcfc-95m7",
-  "modified": "2025-07-31T15:35:50Z",
+  "modified": "2025-11-26T15:34:09Z",
   "published": "2025-07-31T15:35:50Z",
   "aliases": [
     "CVE-2013-10042"
   ],
   "details": "A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/08/GHSA-cpwx-wfp4-x368/GHSA-cpwx-wfp4-x368.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cpwx-wfp4-x368",
-  "modified": "2025-11-05T00:31:25Z",
+  "modified": "2025-11-26T15:34:09Z",
   "published": "2025-08-21T03:30:25Z",
   "aliases": [
     "CVE-2025-43300"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43300"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/vulnrichment/issues/201"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md"

advisories/unreviewed/2025/08/GHSA-gfgm-2frc-x4f5/GHSA-gfgm-2frc-x4f5.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gfgm-2frc-x4f5",
-  "modified": "2025-08-01T21:31:06Z",
+  "modified": "2025-11-26T15:34:09Z",
   "published": "2025-08-01T21:31:06Z",
   "aliases": [
     "CVE-2013-10044"
   ],
   "details": "An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
@@ -46,6 +50,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-434",
       "CWE-89"
     ],
     "severity": "HIGH",

advisories/unreviewed/2025/09/GHSA-28fq-6473-mg5p/GHSA-28fq-6473-mg5p.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-28fq-6473-mg5p",
-  "modified": "2025-09-30T12:30:52Z",
+  "modified": "2025-11-26T15:34:09Z",
   "published": "2025-09-30T12:30:52Z",
   "aliases": [
     "CVE-2025-8120"
   ],
   "details": "Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution.This issue affects all 3 templates: www, bip and ww+bip.\n\nThis product is End-Of-Life and producent will not publish patches for this vulnerability.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-28mw-j8x6-mf8x/GHSA-28mw-j8x6-mf8x.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-28mw-j8x6-mf8x",
-  "modified": "2025-09-30T12:30:52Z",
+  "modified": "2025-11-26T15:34:09Z",
   "published": "2025-09-30T12:30:52Z",
   "aliases": [
     "CVE-2025-8119"
   ],
   "details": "PAD CMS is vulnerable to Cross-Site Request Forgery in reset password's functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send a POST request changing currently logged user's password to defined by the attacker value. This issue affects all 3 templates: www, bip and www+bip.\n\nThis product is End-Of-Life and producent will not publish patches for this vulnerability.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"