Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-9fh2-8rwx-v758/GHSA-9fh2-8rwx-v758.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9fh2-8rwx-v758",
-  "modified": "2022-05-24T17:09:26Z",
+  "modified": "2025-12-15T18:30:16Z",
   "published": "2022-05-24T17:09:26Z",
   "aliases": [
     "CVE-2020-9003"
   ],
   "details": "A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,7 +37,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/07/GHSA-24m9-rp8m-h4jp/GHSA-24m9-rp8m-h4jp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-24m9-rp8m-h4jp",
-  "modified": "2025-11-03T18:31:26Z",
+  "modified": "2025-12-15T18:30:16Z",
   "published": "2025-07-25T15:30:52Z",
   "aliases": [
     "CVE-2025-38384"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: spinand: fix memory leak of ECC engine conf\n\nMemory allocated for the ECC engine conf is not released during spinand\ncleanup. Below kmemleak trace is seen for this memory leak:\n\nunreferenced object 0xffffff80064f00e0 (size 8):\n  comm \"swapper/0\", pid 1, jiffies 4294937458\n  hex dump (first 8 bytes):\n    00 00 00 00 00 00 00 00                          ........\n  backtrace (crc 0):\n    kmemleak_alloc+0x30/0x40\n    __kmalloc_cache_noprof+0x208/0x3c0\n    spinand_ondie_ecc_init_ctx+0x114/0x200\n    nand_ecc_init_ctx+0x70/0xa8\n    nanddev_ecc_engine_init+0xec/0x27c\n    spinand_probe+0xa2c/0x1620\n    spi_mem_probe+0x130/0x21c\n    spi_probe+0xf0/0x170\n    really_probe+0x17c/0x6e8\n    __driver_probe_device+0x17c/0x21c\n    driver_probe_device+0x58/0x180\n    __device_attach_driver+0x15c/0x1f8\n    bus_for_each_drv+0xec/0x150\n    __device_attach+0x188/0x24c\n    device_initial_probe+0x10/0x20\n    bus_probe_device+0x11c/0x160\n\nFix the leak by calling nanddev_ecc_engine_cleanup() inside\nspinand_cleanup().",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -44,8 +49,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-25T13:15:27Z"

advisories/unreviewed/2025/07/GHSA-795c-qm5f-2827/GHSA-795c-qm5f-2827.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-795c-qm5f-2827",
-  "modified": "2025-11-03T18:31:26Z",
+  "modified": "2025-12-15T18:30:17Z",
   "published": "2025-07-25T15:30:52Z",
   "aliases": [
     "CVE-2025-38389"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix timeline left held on VMA alloc error\n\nThe following error has been reported sporadically by CI when a test\nunbinds the i915 driver on a ring submission platform:\n\n<4> [239.330153] ------------[ cut here ]------------\n<4> [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv->mm.shrink_count)\n<4> [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n<4> [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n<4> [239.330942] Call Trace:\n<4> [239.330944]  <TASK>\n<4> [239.330949]  i915_driver_late_release+0x2b/0xa0 [i915]\n<4> [239.331202]  i915_driver_release+0x86/0xa0 [i915]\n<4> [239.331482]  devm_drm_dev_init_release+0x61/0x90\n<4> [239.331494]  devm_action_release+0x15/0x30\n<4> [239.331504]  release_nodes+0x3d/0x120\n<4> [239.331517]  devres_release_all+0x96/0xd0\n<4> [239.331533]  device_unbind_cleanup+0x12/0x80\n<4> [239.331543]  device_release_driver_internal+0x23a/0x280\n<4> [239.331550]  ? bus_find_device+0xa5/0xe0\n<4> [239.331563]  device_driver_detach+0x14/0x20\n...\n<4> [357.719679] ---[ end trace 0000000000000000 ]---\n\nIf the test also unloads the i915 module then that's followed with:\n\n<3> [357.787478] =============================================================================\n<3> [357.788006] BUG i915_vma (Tainted: G     U  W        N ): Objects remaining on __kmem_cache_shutdown()\n<3> [357.788031] -----------------------------------------------------------------------------\n<3> [357.788204] Object 0xffff888109e7f480 @offset=29824\n<3> [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244\n<4> [357.788994]  i915_vma_instance+0xee/0xc10 [i915]\n<4> [357.789290]  init_status_page+0x7b/0x420 [i915]\n<4> [357.789532]  intel_engines_init+0x1d8/0x980 [i915]\n<4> [357.789772]  intel_gt_init+0x175/0x450 [i915]\n<4> [357.790014]  i915_gem_init+0x113/0x340 [i915]\n<4> [357.790281]  i915_driver_probe+0x847/0xed0 [i915]\n<4> [357.790504]  i915_pci_probe+0xe6/0x220 [i915]\n...\n\nCloser analysis of CI results history has revealed a dependency of the\nerror on a few IGT tests, namely:\n- igt@api_intel_allocator@fork-simple-stress-signal,\n- igt@api_intel_allocator@two-level-inception-interruptible,\n- igt@gem_linear_blits@interruptible,\n- igt@prime_mmap_coherency@ioctl-errors,\nwhich invisibly trigger the issue, then exhibited with first driver unbind\nattempt.\n\nAll of the above tests perform actions which are actively interrupted with\nsignals.  Further debugging has allowed to narrow that scope down to\nDRM_IOCTL_I915_GEM_EXECBUFFER2, and ring_context_alloc(), specific to ring\nsubmission, in particular.\n\nIf successful then that function, or its execlists or GuC submission\nequivalent, is supposed to be called only once per GEM context engine,\nfollowed by raise of a flag that prevents the function from being called\nagain.  The function is expected to unwind its internal errors itself, so\nit may be safely called once more after it returns an error.\n\nIn case of ring submission, the function first gets a reference to the\nengine's legacy timeline and then allocates a VMA.  If the VMA allocation\nfails, e.g. when i915_vma_instance() called from inside is interrupted\nwith a signal, then ring_context_alloc() fails, leaving the timeline held\nreferenced.  On next I915_GEM_EXECBUFFER2 IOCTL, another reference to the\ntimeline is got, and only that last one is put on successful completion.\nAs a consequence, the legacy timeline, with its underlying engine status\npage's VMA object, is still held and not released on driver unbind.\n\nGet the legacy timeline only after successful allocation of the context\nengine's VMA.\n\nv2: Add a note on other submission methods (Krzysztof Karas):\n    Both execlists and GuC submission use lrc_alloc() which seems free\n    from a similar issue.\n\n(cherry picked from commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -57,7 +62,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-25T13:15:28Z"

advisories/unreviewed/2025/07/GHSA-926h-7qf4-c3hq/GHSA-926h-7qf4-c3hq.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-926h-7qf4-c3hq",
-  "modified": "2025-11-03T18:31:26Z",
+  "modified": "2025-12-15T18:30:16Z",
   "published": "2025-07-25T15:30:52Z",
   "aliases": [
     "CVE-2025-38382"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix iteration of extrefs during log replay\n\nAt __inode_add_ref() when processing extrefs, if we jump into the next\nlabel we have an undefined value of victim_name.len, since we haven't\ninitialized it before we did the goto. This results in an invalid memory\naccess in the next iteration of the loop since victim_name.len was not\ninitialized to the length of the name of the current extref.\n\nFix this by initializing victim_name.len with the current extref's name\nlength.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -40,8 +45,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-908"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-25T13:15:27Z"

advisories/unreviewed/2025/07/GHSA-j523-44v9-5g5c/GHSA-j523-44v9-5g5c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j523-44v9-5g5c",
-  "modified": "2025-11-03T18:31:26Z",
+  "modified": "2025-12-15T18:30:16Z",
   "published": "2025-07-25T15:30:52Z",
   "aliases": [
     "CVE-2025-38386"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Refuse to evaluate a method if arguments are missing\n\nAs reported in [1], a platform firmware update that increased the number\nof method parameters and forgot to update a least one of its callers,\ncaused ACPICA to crash due to use-after-free.\n\nSince this a result of a clear AML issue that arguably cannot be fixed\nup by the interpreter (it cannot produce missing data out of thin air),\naddress it by making ACPICA refuse to evaluate a method if the caller\nattempts to pass fewer arguments than expected to it.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-25T13:15:27Z"

advisories/unreviewed/2025/07/GHSA-q2mh-4m4x-85qc/GHSA-q2mh-4m4x-85qc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q2mh-4m4x-85qc",
-  "modified": "2025-11-03T18:31:26Z",
+  "modified": "2025-12-15T18:30:16Z",
   "published": "2025-07-25T15:30:52Z",
   "aliases": [
     "CVE-2025-38385"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect\n\nRemove redundant netif_napi_del() call from disconnect path.\n\nA WARN may be triggered in __netif_napi_del_locked() during USB device\ndisconnect:\n\n  WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n\nThis happens because netif_napi_del() is called in the disconnect path while\nNAPI is still enabled. However, it is not necessary to call netif_napi_del()\nexplicitly, since unregister_netdev() will handle NAPI teardown automatically\nand safely. Removing the redundant call avoids triggering the warning.\n\nFull trace:\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x000000c4. ret = -ENODEV\n lan78xx 1-1:1.0 enu1: Failed to set MAC down with error -ENODEV\n lan78xx 1-1:1.0 enu1: Link is Down\n lan78xx 1-1:1.0 enu1: Failed to read register index 0x00000120. ret = -ENODEV\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 11 at net/core/dev.c:7417 __netif_napi_del_locked+0x2b4/0x350\n Modules linked in: flexcan can_dev fuse\n CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted 6.16.0-rc2-00624-ge926949dab03 #9 PREEMPT\n Hardware name: SKOV IMX8MP CPU revC - bd500 (DT)\n Workqueue: usb_hub_wq hub_event\n pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __netif_napi_del_locked+0x2b4/0x350\n lr : __netif_napi_del_locked+0x7c/0x350\n sp : ffffffc085b673c0\n x29: ffffffc085b673c0 x28: ffffff800b7f2000 x27: ffffff800b7f20d8\n x26: ffffff80110bcf58 x25: ffffff80110bd978 x24: 1ffffff0022179eb\n x23: ffffff80110bc000 x22: ffffff800b7f5000 x21: ffffff80110bc000\n x20: ffffff80110bcf38 x19: ffffff80110bcf28 x18: dfffffc000000000\n x17: ffffffc081578940 x16: ffffffc08284cee0 x15: 0000000000000028\n x14: 0000000000000006 x13: 0000000000040000 x12: ffffffb0022179e8\n x11: 1ffffff0022179e7 x10: ffffffb0022179e7 x9 : dfffffc000000000\n x8 : 0000004ffdde8619 x7 : ffffff80110bcf3f x6 : 0000000000000001\n x5 : ffffff80110bcf38 x4 : ffffff80110bcf38 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 1ffffff0022179e7 x0 : 0000000000000000\n Call trace:\n  __netif_napi_del_locked+0x2b4/0x350 (P)\n  lan78xx_disconnect+0xf4/0x360\n  usb_unbind_interface+0x158/0x718\n  device_remove+0x100/0x150\n  device_release_driver_internal+0x308/0x478\n  device_release_driver+0x1c/0x30\n  bus_remove_device+0x1a8/0x368\n  device_del+0x2e0/0x7b0\n  usb_disable_device+0x244/0x540\n  usb_disconnect+0x220/0x758\n  hub_event+0x105c/0x35e0\n  process_one_work+0x760/0x17b0\n  worker_thread+0x768/0xce8\n  kthread+0x3bc/0x690\n  ret_from_fork+0x10/0x20\n irq event stamp: 211604\n hardirqs last  enabled at (211603): [<ffffffc0828cc9ec>] _raw_spin_unlock_irqrestore+0x84/0x98\n hardirqs last disabled at (211604): [<ffffffc0828a9a84>] el1_dbg+0x24/0x80\n softirqs last  enabled at (211296): [<ffffffc080095f10>] handle_softirqs+0x820/0xbc8\n softirqs last disabled at (210993): [<ffffffc080010288>] __do_softirq+0x18/0x20\n ---[ end trace 0000000000000000 ]---\n lan78xx 1-1:1.0 enu1: failed to kill vid 0081/0",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -41,7 +46,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-25T13:15:27Z"

advisories/unreviewed/2025/07/GHSA-v7p5-3x5h-w67g/GHSA-v7p5-3x5h-w67g.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v7p5-3x5h-w67g",
-  "modified": "2025-11-03T18:31:26Z",
+  "modified": "2025-12-15T18:30:16Z",
   "published": "2025-07-25T15:30:52Z",
   "aliases": [
     "CVE-2025-38387"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert\n\nThe obj_event may be loaded immediately after inserted, then if the\nlist_head is not initialized then we may get a poisonous pointer.  This\nfixes the crash below:\n\n mlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)\n mlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056\n mlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0\n mlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps\n IPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n Mem abort info:\n   ESR = 0x96000006\n   EC = 0x25: DABT (current EL), IL = 32 bits\n   SET = 0, FnV = 0\n   EA = 0, S1PTW = 0\n Data abort info:\n   ISV = 0, ISS = 0x00000006\n   CM = 0, WnR = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000\n [0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000\n Internal error: Oops: 96000006 [#1] SMP\n Modules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) micrel(E) mlxbf_bootctl(OE) virtio_ring(E) virtio(E) ipmi_devintf(E) ipmi_msghandler(E)\n  [last unloaded: mst_pci]\n CPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G           OE K   5.10.134-13.1.an8.aarch64 #1\n Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023\n pstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--)\n pc : dispatch_event_fd+0x68/0x300 [mlx5_ib]\n lr : devx_event_notifier+0xcc/0x228 [mlx5_ib]\n sp : ffff80001005bcf0\n x29: ffff80001005bcf0 x28: 0000000000000001\n x27: ffff244e0740a1d8 x26: ffff244e0740a1d0\n x25: ffffda56beff5ae0 x24: ffffda56bf911618\n x23: ffff244e0596a480 x22: ffff244e0596a480\n x21: ffff244d8312ad90 x20: ffff244e0596a480\n x19: fffffffffffffff0 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffda56be66d620\n x15: 0000000000000000 x14: 0000000000000000\n x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000040 x10: ffffda56bfcafb50\n x9 : ffffda5655c25f2c x8 : 0000000000000010\n x7 : 0000000000000000 x6 : ffff24545a2e24b8\n x5 : 0000000000000003 x4 : ffff80001005bd28\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : ffff244e0596a480 x0 : ffff244d8312ad90\n Call trace:\n  dispatch_event_fd+0x68/0x300 [mlx5_ib]\n  devx_event_notifier+0xcc/0x228 [mlx5_ib]\n  atomic_notifier_call_chain+0x58/0x80\n  mlx5_eq_async_int+0x148/0x2b0 [mlx5_core]\n  atomic_notifier_call_chain+0x58/0x80\n  irq_int_handler+0x20/0x30 [mlx5_core]\n  __handle_irq_event_percpu+0x60/0x220\n  handle_irq_event_percpu+0x3c/0x90\n  handle_irq_event+0x58/0x158\n  handle_fasteoi_irq+0xfc/0x188\n  generic_handle_irq+0x34/0x48\n  ...",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -56,8 +61,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-476"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-25T13:15:28Z"

advisories/unreviewed/2025/08/GHSA-6mh8-4qwq-prc5/GHSA-6mh8-4qwq-prc5.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6mh8-4qwq-prc5",
-  "modified": "2025-08-05T00:30:26Z",
+  "modified": "2025-12-15T18:30:17Z",
   "published": "2025-08-05T00:30:26Z",
   "aliases": [
     "CVE-2025-4599"
   ],
   "details": "The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-based XSS because it allows a remote non-authenticated attacker to inject JavaScript into the fragment portlet URL.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/09/GHSA-687m-mwvq-fx42/GHSA-687m-mwvq-fx42.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-687m-mwvq-fx42",
-  "modified": "2025-09-24T03:30:26Z",
+  "modified": "2025-12-15T18:30:18Z",
   "published": "2025-09-24T03:30:26Z",
   "aliases": [
     "CVE-2025-43779"
   ],
   "details": "A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_commerce_product_definitions_web_internal_portlet_CPDefinitionsPortlet_productTypeName parameter. This malicious payload is then reflected and executed within the user's browser.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"