Publish Advisories

GHSA-wp3j-xq48-xpjw
GHSA-7h23-57pg-3hwc
GHSA-2j99-5q75-3f57
GHSA-vg58-9g8j-fj6x
GHSA-929j-57v4-m4wf
GHSA-943j-4893-6rfq
GHSA-hh67-847q-q3h9
GHSA-3vrj-524h-5r3h
GHSA-4x6w-65jr-r5pv
GHSA-6267-4qx7-2rpc
GHSA-g6hc-m8v7-fmx8
GHSA-gh9x-3cw9-hgvh
GHSA-gv8f-8v42-mgrm
GHSA-j5j6-gp3m-h3vx
GHSA-jcjw-279r-m433
GHSA-m5ff-hjh4-q487
GHSA-mhmp-wxqj-ph8c
GHSA-pg3q-qhg7-vjw9
GHSA-pg9g-332m-ffgw
GHSA-wffg-fw64-5mvq
GHSA-wvcp-4gpj-hp72
GHSA-xmm5-6h48-9wvp
GHSA-xvgg-cwcr-cr95

Author: advisory-database[bot]

advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wp3j-xq48-xpjw",
-  "modified": "2025-10-30T09:30:27Z",
+  "modified": "2025-11-11T15:31:20Z",
   "published": "2025-09-04T20:01:54Z",
   "aliases": [
     "CVE-2025-9566"
@@ -82,6 +82,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-9566"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:20909"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19094"

advisories/unreviewed/2025/01/GHSA-7h23-57pg-3hwc/GHSA-7h23-57pg-3hwc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7h23-57pg-3hwc",
-  "modified": "2025-11-03T21:32:24Z",
+  "modified": "2025-11-11T15:31:20Z",
   "published": "2025-01-28T00:32:13Z",
   "aliases": [
     "CVE-2025-24085"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24085"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201"
+    },
     {
       "type": "WEB",
       "url": "https://support.apple.com/en-us/122066"

advisories/unreviewed/2025/03/GHSA-2j99-5q75-3f57/GHSA-2j99-5q75-3f57.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2j99-5q75-3f57",
-  "modified": "2025-11-03T21:33:09Z",
+  "modified": "2025-11-11T15:31:20Z",
   "published": "2025-03-11T18:32:19Z",
   "aliases": [
     "CVE-2025-24201"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24201"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201"
+    },
     {
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"

advisories/unreviewed/2025/09/GHSA-vg58-9g8j-fj6x/GHSA-vg58-9g8j-fj6x.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vg58-9g8j-fj6x",
-  "modified": "2025-09-09T18:31:21Z",
+  "modified": "2025-11-11T15:31:19Z",
   "published": "2025-09-09T18:31:21Z",
   "aliases": [
     "CVE-2025-54115"
@@ -22,6 +22,14 @@
     {
       "type": "WEB",
       "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54115"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-54115-detection-script-privilege-elevation-vulnerability-in-windows-hyper-v"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-54115-mitigation-script-privilege-elevation-vulnerability-in-windows-hyper-v"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/10/GHSA-929j-57v4-m4wf/GHSA-929j-57v4-m4wf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-929j-57v4-m4wf",
-  "modified": "2025-10-14T18:30:32Z",
+  "modified": "2025-11-11T15:31:19Z",
   "published": "2025-10-14T18:30:32Z",
   "aliases": [
     "CVE-2025-58726"
@@ -22,6 +22,14 @@
     {
       "type": "WEB",
       "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58726"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-58726-detection-script-improper-access-control-affecting-smb-server-by-microsoft"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-58726-mitigation-script-improper-access-control-affecting-smb-server-by-microsoft"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/10/GHSA-943j-4893-6rfq/GHSA-943j-4893-6rfq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-943j-4893-6rfq",
-  "modified": "2025-10-27T15:30:21Z",
+  "modified": "2025-11-11T15:31:20Z",
   "published": "2025-10-14T18:30:36Z",
   "aliases": [
     "CVE-2025-59287"
@@ -38,6 +38,14 @@
     {
       "type": "WEB",
       "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59287"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-59287-detection-script-rce-vulnerability-in-windows-server-update-service"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-59287-mitigation-script-rce-vulnerability-in-windows-server-update-service"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/10/GHSA-hh67-847q-q3h9/GHSA-hh67-847q-q3h9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hh67-847q-q3h9",
-  "modified": "2025-11-05T00:31:29Z",
+  "modified": "2025-11-11T15:31:19Z",
   "published": "2025-10-06T21:30:45Z",
   "aliases": [
     "CVE-2025-61984"
@@ -35,6 +35,14 @@
       "type": "WEB",
       "url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-61984-detection-script-remote-code-execution-vulnerability-affecting-openssh"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/cve-2025-61984-mitigation-script-remote-code-execution-vulnerability-affecting-openssh"
+    },
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2025/10/07/1"

advisories/unreviewed/2025/11/GHSA-3vrj-524h-5r3h/GHSA-3vrj-524h-5r3h.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3vrj-524h-5r3h",
+  "modified": "2025-11-11T15:31:20Z",
+  "published": "2025-11-11T15:31:20Z",
+  "aliases": [
+    "CVE-2025-8324"
+  ],
+  "details": "Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8324"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.manageengine.com/analytics-plus/CVE-2025-8324.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T13:15:45Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-4x6w-65jr-r5pv/GHSA-4x6w-65jr-r5pv.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4x6w-65jr-r5pv",
+  "modified": "2025-11-11T15:31:20Z",
+  "published": "2025-11-11T15:31:20Z",
+  "aliases": [
+    "CVE-2025-11084"
+  ],
+  "details": "A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11084"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1758.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-1390"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T14:15:34Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-6267-4qx7-2rpc/GHSA-6267-4qx7-2rpc.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6267-4qx7-2rpc",
+  "modified": "2025-11-11T15:31:20Z",
+  "published": "2025-11-11T15:31:20Z",
+  "aliases": [
+    "CVE-2025-41105"
+  ],
+  "details": "HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41105"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fairsketchs-rise-crm-framework"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-11T13:15:44Z"
+  }
+}