Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/03/GHSA-gv64-36xp-c47j/GHSA-gv64-36xp-c47j.json

@@ -26,6 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-644",
       "CWE-74"
     ],
     "severity": "MODERATE",

advisories/unreviewed/2025/10/GHSA-259w-3jff-442h/GHSA-259w-3jff-442h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-259w-3jff-442h",
-  "modified": "2025-10-24T06:31:21Z",
+  "modified": "2025-10-24T15:31:25Z",
   "published": "2025-10-24T06:31:21Z",
   "aliases": [
     "CVE-2025-10723"
   ],
   "details": "The PixelYourSite  WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-24T06:15:34Z"

advisories/unreviewed/2025/10/GHSA-2m57-2jcm-c3xj/GHSA-2m57-2jcm-c3xj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2m57-2jcm-c3xj",
-  "modified": "2025-10-22T15:31:18Z",
+  "modified": "2025-10-24T15:31:23Z",
   "published": "2025-10-22T15:31:18Z",
   "aliases": [
     "CVE-2025-60238"
   ],
   "details": "Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 8.72.34.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-502"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-22T15:16:00Z"

advisories/unreviewed/2025/10/GHSA-2p9w-4jwx-hjx2/GHSA-2p9w-4jwx-hjx2.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2p9w-4jwx-hjx2",
-  "modified": "2025-10-22T18:30:38Z",
+  "modified": "2025-10-24T15:31:24Z",
   "published": "2025-10-22T18:30:38Z",
   "aliases": [
     "CVE-2025-22178"
   ],
   "details": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view items on the \"Why\" page.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/10/GHSA-2v22-4548-2w5h/GHSA-2v22-4548-2w5h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2v22-4548-2w5h",
-  "modified": "2025-10-22T15:31:19Z",
+  "modified": "2025-10-24T15:31:24Z",
   "published": "2025-10-22T15:31:19Z",
   "aliases": [
     "CVE-2025-62009"
   ],
   "details": "Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of \"UKR Solution\") UPC/EAN/GTIN Code Generator upc-ean-barcode-generator allows Cross Site Request Forgery.This issue affects UPC/EAN/GTIN Code Generator: from n/a through <= 2.0.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-352"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-22T15:16:02Z"

advisories/unreviewed/2025/10/GHSA-3ppx-8h63-84vp/GHSA-3ppx-8h63-84vp.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3ppx-8h63-84vp",
-  "modified": "2025-10-22T18:30:38Z",
+  "modified": "2025-10-24T15:31:24Z",
   "published": "2025-10-22T18:30:38Z",
   "aliases": [
     "CVE-2025-22174"
   ],
   "details": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to view portfolio rooms without the required permission.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/10/GHSA-4h86-cv74-q3gp/GHSA-4h86-cv74-q3gp.json

@@ -30,7 +30,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-125"
+      "CWE-125",
+      "CWE-22"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/10/GHSA-4j2f-66wq-wgg2/GHSA-4j2f-66wq-wgg2.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4j2f-66wq-wgg2",
+  "modified": "2025-10-24T15:31:27Z",
+  "published": "2025-10-24T15:31:27Z",
+  "aliases": [
+    "CVE-2025-8536"
+  ],
+  "details": "A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks.\n\nThis issue affects older branches of this software.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8536"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert.pl/posts/2025/10/CVE-2025-8536"
+    },
+    {
+      "type": "WEB",
+      "url": "https://studiofabryka.pl/systemy_cms.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T15:15:41Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-52jh-vhcr-cg5r/GHSA-52jh-vhcr-cg5r.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-52jh-vhcr-cg5r",
-  "modified": "2025-10-22T18:30:38Z",
+  "modified": "2025-10-24T15:31:24Z",
   "published": "2025-10-22T18:30:38Z",
   "aliases": [
     "CVE-2025-22169"
   ],
   "details": "Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/10/GHSA-577q-2j8x-rg25/GHSA-577q-2j8x-rg25.json

@@ -0,0 +1,57 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-577q-2j8x-rg25",
+  "modified": "2025-10-24T15:31:25Z",
+  "published": "2025-10-24T15:31:25Z",
+  "aliases": [
+    "CVE-2025-40020"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40020"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/176c81cbf9c4e348610a421aad800087c0401f60"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/17edec1830e48c0becd61642d0e40bc753243b16"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/394c58017e5f41043584c345106cae16a4613710"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/48822a59ecc47d353400d38b1941d3ae7591ffff"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/572c656802781cc57f4a3231eefa83547e75ed78"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/61b1dd4c614935169d12bdecc26906e37b508618"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c443be70aaee42c2d1d251e0329e0a69dd96ae54"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/eb79ed970670344380e77d62f8188e8015648d94"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-24T13:15:47Z"
+  }
+}