Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/10/GHSA-253g-qmmx-2x98/GHSA-253g-qmmx-2x98.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-253g-qmmx-2x98",
-  "modified": "2025-10-27T03:30:38Z",
+  "modified": "2025-10-28T15:30:40Z",
   "published": "2025-10-27T03:30:37Z",
   "aliases": [
     "CVE-2025-62902"
   ],
   "details": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-497"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-27T02:15:49Z"

advisories/unreviewed/2025/10/GHSA-28jm-jxrw-gvxg/GHSA-28jm-jxrw-gvxg.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-28jm-jxrw-gvxg",
+  "modified": "2025-10-28T15:30:43Z",
+  "published": "2025-10-28T15:30:43Z",
+  "aliases": [
+    "CVE-2025-1038"
+  ],
+  "details": "The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute several set-uid (SUID) applications to ultimately gain root access to the TropOS device.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1038"
+    },
+    {
+      "type": "WEB",
+      "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000214&LanguageCode=en&DocumentPartId=&Action=Launch"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-28T13:15:56Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2hwv-ff5w-xmw9/GHSA-2hwv-ff5w-xmw9.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2hwv-ff5w-xmw9",
+  "modified": "2025-10-28T15:30:44Z",
+  "published": "2025-10-28T15:30:44Z",
+  "aliases": [
+    "CVE-2025-34304"
+  ],
+  "details": "IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows an authenticated attacker to manipulate the SQL query used when viewing OpenVPN connection logs via the CONNECTION_NAME parameter. When viewing a range of OpenVPN connection logs, the application issues an HTTP POST request to the Request-URI /cgi-bin/logs.cgi/ovpnclients.dat and inserts the value of the CONNECTION_NAME parameter directly into the WHERE clause without proper sanitization or parameterization. The unsanitized value can alter the executed query and be used to disclose sensitive information from the database.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34304"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.ipfire.org/show_bug.cgi?id=13879"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/ipfire-sqli-via-openvpn-connection-logs"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-28T15:16:10Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2r2f-xx92-v4f7/GHSA-2r2f-xx92-v4f7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2r2f-xx92-v4f7",
-  "modified": "2025-10-27T03:30:38Z",
+  "modified": "2025-10-28T15:30:41Z",
   "published": "2025-10-27T03:30:38Z",
   "aliases": [
     "CVE-2025-62935"
   ],
   "details": "Missing Authorization vulnerability in ilmosys Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.8.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-27T02:15:53Z"

advisories/unreviewed/2025/10/GHSA-2rjw-37q7-prrc/GHSA-2rjw-37q7-prrc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2rjw-37q7-prrc",
-  "modified": "2025-10-27T03:30:39Z",
+  "modified": "2025-10-28T15:30:41Z",
   "published": "2025-10-27T03:30:39Z",
   "aliases": [
     "CVE-2025-62957"
   ],
   "details": "Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-352"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-27T02:15:56Z"

advisories/unreviewed/2025/10/GHSA-2w76-84vx-75wq/GHSA-2w76-84vx-75wq.json

@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-119"
+      "CWE-119",
+      "CWE-787"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/10/GHSA-2wmf-f2cc-qq97/GHSA-2wmf-f2cc-qq97.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2wmf-f2cc-qq97",
+  "modified": "2025-10-28T15:30:45Z",
+  "published": "2025-10-28T15:30:45Z",
+  "aliases": [
+    "CVE-2025-34309"
+  ],
+  "details": "IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SERVICE, LOGIN, and PASSWORD parameters when creating or editing a Dynamic DNS host. When a new Dynamic DNS host is added, the application issues an HTTP POST request to /cgi-bin/ddns.cgi and saves the values of the LOGIN, PASSWORD, and SERVICE parameters. The SERVICE value is displayed after the host entry is created, and the LOGIN and PASSWORD values are displayed when that host entry is edited. The values of these parameters are stored and later rendered in the web interface without proper sanitation or encoding, allowing injected scripts to execute in the context of other users who view or edit the affected Dynamic DNS entries.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34309"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.ipfire.org/show_bug.cgi?id=13884"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/ipfire-stored-xss-via-dynamic-dns-host"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-28T15:16:11Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2x26-r374-v69m/GHSA-2x26-r374-v69m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2x26-r374-v69m",
-  "modified": "2025-10-27T03:30:38Z",
+  "modified": "2025-10-28T15:30:40Z",
   "published": "2025-10-27T03:30:37Z",
   "aliases": [
     "CVE-2025-62905"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through <= 0.3.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-27T02:15:49Z"

advisories/unreviewed/2025/10/GHSA-2x76-q69m-x8p7/GHSA-2x76-q69m-x8p7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2x76-q69m-x8p7",
-  "modified": "2025-10-27T03:30:39Z",
+  "modified": "2025-10-28T15:30:41Z",
   "published": "2025-10-27T03:30:39Z",
   "aliases": [
     "CVE-2025-62953"
   ],
   "details": "Missing Authorization vulnerability in nanbu Welcart e-Commerce usc-e-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcart e-Commerce: from n/a through <= 2.11.24.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-27T02:15:55Z"

advisories/unreviewed/2025/10/GHSA-32xv-355r-2ff6/GHSA-32xv-355r-2ff6.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-32xv-355r-2ff6",
+  "modified": "2025-10-28T15:30:46Z",
+  "published": "2025-10-28T15:30:46Z",
+  "aliases": [
+    "CVE-2025-34312"
+  ],
+  "details": "IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BE_NAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST to /cgi-bin/urlfilter.cgi and interpolates the value of BE_NAME directly into a shell invocation without appropriate sanitation. Crafted input can inject shell metacharacters, leading to arbitrary command execution in the context of the 'nobody' user.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34312"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.ipfire.org/show_bug.cgi?id=13887"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ipfire.org/blog/ipfire-2-29-core-update-198-released"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/ipfire-command-injection-via-url-filter-blacklist"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-28T15:16:11Z"
+  }
+}