Publish Advisories

GHSA-mwcf-jv2p-mmpx
GHSA-fjfx-vwp2-gqr8
GHSA-3f5h-5c3g-c68c
GHSA-63pj-5r52-f4r5
GHSA-6r59-g78h-c4cv
GHSA-73mg-mfgw-wp2f
GHSA-77vr-pq23-x7j9
GHSA-79pw-q4gj-75xq
GHSA-7gf4-x8pc-4cmm
GHSA-83pg-pgfw-gr9w
GHSA-chcx-vrjh-r97h
GHSA-f5hm-xp7h-8c66
GHSA-jq7c-628x-vm55
GHSA-mhf4-25mj-9r4x
GHSA-p2cp-6qqj-8xqc
GHSA-p4hm-7946-7354
GHSA-pf82-283x-jp7r
GHSA-pp48-5c6r-4v2g
GHSA-q4qj-8g79-gj6r
GHSA-rx74-p2rx-rwpq
GHSA-w2p6-m52v-4469
GHSA-w96r-r8jf-prf6
GHSA-wj7q-322r-2rrc

Author: advisory-database[bot]

advisories/unreviewed/2025/05/GHSA-mwcf-jv2p-mmpx/GHSA-mwcf-jv2p-mmpx.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mwcf-jv2p-mmpx",
-  "modified": "2025-11-19T18:31:15Z",
+  "modified": "2025-11-25T06:33:11Z",
   "published": "2025-05-19T18:30:47Z",
   "aliases": [
     "CVE-2025-4945"
@@ -67,6 +67,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:21772"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22013"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-4945"

advisories/unreviewed/2025/09/GHSA-fjfx-vwp2-gqr8/GHSA-fjfx-vwp2-gqr8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fjfx-vwp2-gqr8",
-  "modified": "2025-11-19T18:31:18Z",
+  "modified": "2025-11-25T06:33:11Z",
   "published": "2025-09-26T09:31:12Z",
   "aliases": [
     "CVE-2025-11021"
@@ -67,6 +67,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:21772"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22013"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-11021"

advisories/unreviewed/2025/11/GHSA-3f5h-5c3g-c68c/GHSA-3f5h-5c3g-c68c.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3f5h-5c3g-c68c",
+  "modified": "2025-11-25T06:33:11Z",
+  "published": "2025-11-25T06:33:11Z",
+  "aliases": [
+    "CVE-2025-13558"
+  ],
+  "details": "The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the status of arbitrary posts to trash.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13558"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.7.0/includes/Ajax/Post.php#L1858"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php?rev=3401934#L1867"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/61b590f5-7854-42f7-b5e2-e6feaaf03a73?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-25T05:16:09Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-63pj-5r52-f4r5/GHSA-63pj-5r52-f4r5.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-63pj-5r52-f4r5",
+  "modified": "2025-11-25T06:33:11Z",
+  "published": "2025-11-25T06:33:11Z",
+  "aliases": [
+    "CVE-2025-66179"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66179"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-25T04:15:45Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-6r59-g78h-c4cv/GHSA-6r59-g78h-c4cv.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6r59-g78h-c4cv",
+  "modified": "2025-11-25T06:33:11Z",
+  "published": "2025-11-25T06:33:11Z",
+  "aliases": [
+    "CVE-2025-66187"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66187"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-25T04:15:46Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-73mg-mfgw-wp2f/GHSA-73mg-mfgw-wp2f.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-73mg-mfgw-wp2f",
+  "modified": "2025-11-25T06:33:12Z",
+  "published": "2025-11-25T06:33:12Z",
+  "aliases": [
+    "CVE-2025-13644"
+  ],
+  "details": "MongoDB Server may experience an invariant failure during batched delete operations when handling documents. The issue arises when the server mistakenly assumes the presence of multiple documents in a batch based solely on document size exceeding BSONObjMaxSize. This issue affects MongoDB Server v7.0 versions prior to 7.0.26, MongoDB Server v8.0 versions prior to 8.0.13, and MongoDB Server v8.1 versions prior to 8.1.2",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13644"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jira.mongodb.org/browse/SERVER-101180"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-617"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-25T06:15:45Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-77vr-pq23-x7j9/GHSA-77vr-pq23-x7j9.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-77vr-pq23-x7j9",
+  "modified": "2025-11-25T06:33:12Z",
+  "published": "2025-11-25T06:33:12Z",
+  "aliases": [
+    "CVE-2025-12742"
+  ],
+  "details": "A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters.\n\nLooker-hosted and Self-hosted were found to be vulnerable.\nThis issue has already been mitigated for Looker-hosted instances. No user action is required for these.\n\n\nSelf-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.\nThe versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page  https://download.looker.com/ :\n  *  24.12.108+\n  *  24.18.200+\n  *  25.0.78+\n  *  25.6.65+\n  *  25.8.47+\n  *  25.12.10+\n  *  25.14+",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12742"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cloud.google.com/support/bulletins#gcp-2025-052"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-25T06:15:45Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-79pw-q4gj-75xq/GHSA-79pw-q4gj-75xq.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-79pw-q4gj-75xq",
+  "modified": "2025-11-25T06:33:11Z",
+  "published": "2025-11-25T06:33:11Z",
+  "aliases": [
+    "CVE-2025-66186"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66186"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-25T04:15:46Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-7gf4-x8pc-4cmm/GHSA-7gf4-x8pc-4cmm.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7gf4-x8pc-4cmm",
+  "modified": "2025-11-25T06:33:11Z",
+  "published": "2025-11-25T06:33:11Z",
+  "aliases": [
+    "CVE-2025-66181"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66181"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-25T04:15:46Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-83pg-pgfw-gr9w/GHSA-83pg-pgfw-gr9w.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-83pg-pgfw-gr9w",
+  "modified": "2025-11-25T06:33:11Z",
+  "published": "2025-11-25T06:33:11Z",
+  "aliases": [
+    "CVE-2025-66183"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66183"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-25T04:15:46Z"
+  }
+}