Publish Advisories

GHSA-6w73-x38p-26g5
GHSA-2m3v-4j99-jmf6
GHSA-2m76-j3f4-m2c2
GHSA-3r4p-72g5-w4r3
GHSA-5mpf-fq9j-7qf9
GHSA-6387-rwfw-jgm3
GHSA-7mwr-c268-44gh
GHSA-c2rp-3h56-jmqg
GHSA-gx77-xgc2-4888
GHSA-hp4f-w8jh-876j
GHSA-mhrr-77xx-8394
GHSA-px84-5w57-pc84
GHSA-q763-2mvp-6vvq
GHSA-v29h-3j56-98h5
GHSA-x68q-wm6j-wxhc

Author: advisory-database[bot]

advisories/unreviewed/2025/10/GHSA-6w73-x38p-26g5/GHSA-6w73-x38p-26g5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6w73-x38p-26g5",
-  "modified": "2025-11-06T03:30:24Z",
+  "modified": "2025-11-27T03:30:25Z",
   "published": "2025-10-22T15:31:09Z",
   "aliases": [
     "CVE-2025-11411"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2025/11/26/4"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/11/GHSA-2m3v-4j99-jmf6/GHSA-2m3v-4j99-jmf6.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2m3v-4j99-jmf6",
+  "modified": "2025-11-27T03:30:27Z",
+  "published": "2025-11-27T03:30:27Z",
+  "aliases": [
+    "CVE-2025-66314"
+  ],
+  "details": "Improper Privilege Management vulnerability in ZTE ElasticNet UME R32 on Linux allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ElasticNet UME R32: ElasticNet_UME_R32_V16.23.20.04.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66314"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/2180460616364429350"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-27T03:15:58Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-2m76-j3f4-m2c2/GHSA-2m76-j3f4-m2c2.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2m76-j3f4-m2c2",
+  "modified": "2025-11-27T03:30:25Z",
+  "published": "2025-11-27T03:30:25Z",
+  "aliases": [
+    "CVE-2024-5539"
+  ],
+  "details": "The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the \n\nweb based building automation server.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5539"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.corporate.carrier.com/product-security/advisories-resources"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-27T01:15:46Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-3r4p-72g5-w4r3/GHSA-3r4p-72g5-w4r3.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3r4p-72g5-w4r3",
+  "modified": "2025-11-27T03:30:26Z",
+  "published": "2025-11-27T03:30:26Z",
+  "aliases": [
+    "CVE-2025-12670"
+  ],
+  "details": "The wp-twitpic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'twitpic' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12670"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wp-twitpic/tags/1.0/wp-twitpic.php#L42"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wp-twitpic"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb36fd27-bcea-481c-a7aa-815dc684ed8b?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-27T03:15:57Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-5mpf-fq9j-7qf9/GHSA-5mpf-fq9j-7qf9.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5mpf-fq9j-7qf9",
+  "modified": "2025-11-27T03:30:26Z",
+  "published": "2025-11-27T03:30:26Z",
+  "aliases": [
+    "CVE-2025-13762"
+  ],
+  "details": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13762"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromewebstore.google.com/detail/cyberark-secure-web-sessi/ohfinlfcbaehgokpmkjcmkgdcbgamgln?hl=en"
+    },
+    {
+      "type": "WEB",
+      "url": "https://microsoftedge.microsoft.com/addons/detail/cyberark-secure-web-sessi/gmfjibhpaliafbemoifjjdkmgaknhohb?hl=en-US"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-27T03:15:58Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-6387-rwfw-jgm3/GHSA-6387-rwfw-jgm3.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6387-rwfw-jgm3",
+  "modified": "2025-11-27T03:30:26Z",
+  "published": "2025-11-27T03:30:26Z",
+  "aliases": [
+    "CVE-2025-12666"
+  ],
+  "details": "The Google Drive upload and download link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter of the 'atachfilegoogle' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12666"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/google-drive-upload-and-download-link/tags/1.0/pickergoogledirve.php#L27"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/google-drive-upload-and-download-link"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/14ee4247-4cfe-440b-add2-d5d840b1f114?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-27T03:15:57Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-7mwr-c268-44gh/GHSA-7mwr-c268-44gh.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7mwr-c268-44gh",
+  "modified": "2025-11-27T03:30:25Z",
+  "published": "2025-11-27T03:30:25Z",
+  "aliases": [
+    "CVE-2024-5540"
+  ],
+  "details": "The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a \n\nmalicious actor to compromise the client browser\n\n.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5540"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.corporate.carrier.com/product-security/advisories-resources"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-27T01:15:46Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-c2rp-3h56-jmqg/GHSA-c2rp-3h56-jmqg.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c2rp-3h56-jmqg",
+  "modified": "2025-11-27T03:30:26Z",
+  "published": "2025-11-27T03:30:26Z",
+  "aliases": [
+    "CVE-2025-12579"
+  ],
+  "details": "The Reuters Direct plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'logoff' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to reset the plugin's settings.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12579"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/reuters-direct"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4360f293-201c-40c1-9603-931d72cc79bc?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-27T03:15:57Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-gx77-xgc2-4888/GHSA-gx77-xgc2-4888.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gx77-xgc2-4888",
+  "modified": "2025-11-27T03:30:26Z",
+  "published": "2025-11-27T03:30:26Z",
+  "aliases": [
+    "CVE-2025-34351"
+  ],
+  "details": "Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces (including the dashboard and Jobs API) is disabled unless explicitly enabled by setting RAY_AUTH_MODE=token. In the default unauthenticated state, a remote attacker with network access to these interfaces can submit jobs and execute arbitrary code on the Ray cluster. NOTE: The vendor plans to enable token authentication by default in a future release. They recommend enabling token authentication to protect your cluster from unauthorized access.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-w8vc-465m-jjw6"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34351"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.ray.io/en/latest/ray-security/token-auth.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/anyscale-ray-token-authentication-disabled-by-default-insecure-configuration"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1188"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-27T03:15:58Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-hp4f-w8jh-876j/GHSA-hp4f-w8jh-876j.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hp4f-w8jh-876j",
+  "modified": "2025-11-27T03:30:26Z",
+  "published": "2025-11-27T03:30:26Z",
+  "aliases": [
+    "CVE-2025-12578"
+  ],
+  "details": "The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12578"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/reuters-direct"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0e98a899-1578-45bf-ba1d-92703e38abd9?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-27T03:15:57Z"
+  }
+}