Publish Advisories

GHSA-x53h-2cjp-mwcx
GHSA-m54w-mhp6-x65m
GHSA-r5vq-m2mp-cpfj
GHSA-v736-7qxc-59qf
GHSA-2f87-396w-g74p
GHSA-3h3r-3rfq-2jpj
GHSA-4gf6-p85h-2wcf
GHSA-4hp4-5c2h-v77h
GHSA-9q4p-xjj8-72mp
GHSA-9r36-6gf8-7cx8
GHSA-9r66-8r5r-2mqr
GHSA-g69h-jvx8-9vh5
GHSA-gw8r-j5vv-6qr8
GHSA-jrq2-rj4w-rhc5
GHSA-mcgc-vc2p-cf7x
GHSA-mj8x-h68g-7c4m
GHSA-pmjj-h5jm-vxh4
GHSA-r2h2-g46h-8mx8
GHSA-r9q2-28x2-qh78
GHSA-rxfw-3x38-vmhv
GHSA-w32p-pwv5-9jr3

Author: advisory-database[bot]

advisories/unreviewed/2024/05/GHSA-x53h-2cjp-mwcx/GHSA-x53h-2cjp-mwcx.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x53h-2cjp-mwcx",
-  "modified": "2024-05-14T21:34:44Z",
+  "modified": "2025-12-19T15:31:16Z",
   "published": "2024-05-14T21:34:44Z",
   "aliases": [
     "CVE-2021-22280"
   ],
-  "details": "\nImproper DLL loading algorithms in B&R Automation Studio may allow an authenticated local attacker to\nexecute code with elevated privileges.\n\nThis issue affects Automation Studio versions before 4.12.\n\n",
+  "details": "Improper DLL loading algorithms in B&R Automation Studio may allow an authenticated local attacker to\nexecute code with elevated privileges.\n\nThis issue affects Automation Studio versions before 4.12.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-20"
+      "CWE-20",
+      "CWE-427"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2024/08/GHSA-m54w-mhp6-x65m/GHSA-m54w-mhp6-x65m.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m54w-mhp6-x65m",
-  "modified": "2024-08-12T15:30:51Z",
+  "modified": "2025-12-19T15:31:16Z",
   "published": "2024-08-12T15:30:51Z",
   "aliases": [
     "CVE-2024-5800"
   ],
   "details": "Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2024/11/GHSA-r5vq-m2mp-cpfj/GHSA-r5vq-m2mp-cpfj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r5vq-m2mp-cpfj",
-  "modified": "2024-11-27T18:34:02Z",
+  "modified": "2025-12-19T15:31:17Z",
   "published": "2024-11-27T18:34:02Z",
   "aliases": [
     "CVE-2024-30896"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/XenoM0rph97/CVE-2024-30896"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/influxdata/influxdb/releases/tag/v2.8.0"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/09/GHSA-v736-7qxc-59qf/GHSA-v736-7qxc-59qf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v736-7qxc-59qf",
-  "modified": "2025-09-07T03:30:19Z",
+  "modified": "2025-12-19T15:31:17Z",
   "published": "2025-09-07T03:30:19Z",
   "aliases": [
     "CVE-2025-36100"

advisories/unreviewed/2025/12/GHSA-2f87-396w-g74p/GHSA-2f87-396w-g74p.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2f87-396w-g74p",
+  "modified": "2025-12-19T15:31:19Z",
+  "published": "2025-12-19T15:31:19Z",
+  "aliases": [
+    "CVE-2025-66909"
+  ],
+  "details": "Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66909"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66909_report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/turms-im/turms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/turms-im/turms/blob/develop/turms-ai-serving/src/main/java/ai/djl/opencv/ExtendedOpenCVImage.java#L37"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T15:15:56Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-3h3r-3rfq-2jpj/GHSA-3h3r-3rfq-2jpj.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3h3r-3rfq-2jpj",
+  "modified": "2025-12-19T15:31:19Z",
+  "published": "2025-12-19T15:31:19Z",
+  "aliases": [
+    "CVE-2025-1928"
+  ],
+  "details": "Improper Restriction of Excessive Authentication Attempts vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Password Recovery Exploitation.This issue affects Online Food Delivery System: through 19122025.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1928"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usom.gov.tr/bildirim/tr-25-0469"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-307"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T13:16:03Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-4gf6-p85h-2wcf/GHSA-4gf6-p85h-2wcf.json

@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-119"
+      "CWE-119",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-4hp4-5c2h-v77h/GHSA-4hp4-5c2h-v77h.json

@@ -30,7 +30,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-120"
+      "CWE-120",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-9q4p-xjj8-72mp/GHSA-9q4p-xjj8-72mp.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9q4p-xjj8-72mp",
+  "modified": "2025-12-19T15:31:19Z",
+  "published": "2025-12-19T15:31:19Z",
+  "aliases": [
+    "CVE-2025-14950"
+  ],
+  "details": "A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14950"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/gx922/CVE/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.337586"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.337586"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.716123"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-19T14:15:50Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-9r36-6gf8-7cx8/GHSA-9r36-6gf8-7cx8.json

@@ -30,7 +30,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-120"
+      "CWE-120",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,