Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2025/11/GHSA-xh5w-g8gq-r3v9/GHSA-xh5w-g8gq-r3v9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xh5w-g8gq-r3v9",
-  "modified": "2025-11-26T19:32:37Z",
+  "modified": "2025-12-16T09:31:06Z",
   "published": "2025-11-24T18:31:14Z",
   "aliases": [
     "CVE-2025-13609"
@@ -48,6 +48,10 @@
       "type": "WEB",
       "url": "https://github.com/keylime/keylime/commit/e1ae8de1f7b1385eaeec66572a92ff1338e6e157"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:23201"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-13609"

advisories/unreviewed/2025/12/GHSA-255v-hc9m-54wv/GHSA-255v-hc9m-54wv.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-255v-hc9m-54wv",
+  "modified": "2025-12-16T09:31:09Z",
+  "published": "2025-12-16T09:31:09Z",
+  "aliases": [
+    "CVE-2025-66164"
+  ],
+  "details": "Missing Authorization vulnerability in merkulove Laser laser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Laser: from n/a through <= 1.1.1.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66164"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/laser/vulnerability/wordpress-laser-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T09:15:58Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-297g-gfvh-fg6g/GHSA-297g-gfvh-fg6g.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-297g-gfvh-fg6g",
+  "modified": "2025-12-16T09:31:08Z",
+  "published": "2025-12-16T09:31:08Z",
+  "aliases": [
+    "CVE-2025-64630"
+  ],
+  "details": "Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.19.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64630"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/business-directory-plugin/vulnerability/wordpress-business-directory-plugin-6-4-19-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T09:15:55Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-2xmw-984x-wv9r/GHSA-2xmw-984x-wv9r.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2xmw-984x-wv9r",
+  "modified": "2025-12-16T09:31:08Z",
+  "published": "2025-12-16T09:31:08Z",
+  "aliases": [
+    "CVE-2025-64249"
+  ],
+  "details": "Missing Authorization vulnerability in WP-EXPERTS.IN Protect WP Admin protect-wp-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protect WP Admin: from n/a through <= 4.1.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64249"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/protect-wp-admin/vulnerability/wordpress-protect-wp-admin-plugin-4-1-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T09:15:54Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-38mm-37q5-m94p/GHSA-38mm-37q5-m94p.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-38mm-37q5-m94p",
+  "modified": "2025-12-16T09:31:08Z",
+  "published": "2025-12-16T09:31:08Z",
+  "aliases": [
+    "CVE-2025-64246"
+  ],
+  "details": "Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through <= 1.0.49.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64246"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/accessibility-by-audioeye/vulnerability/wordpress-accessibility-by-audioeye-plugin-1-0-49-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T09:15:54Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-3rgf-x42q-9hg8/GHSA-3rgf-x42q-9hg8.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3rgf-x42q-9hg8",
+  "modified": "2025-12-16T09:31:10Z",
+  "published": "2025-12-16T09:31:10Z",
+  "aliases": [
+    "CVE-2025-68086"
+  ],
+  "details": "Missing Authorization vulnerability in merkulove Reformer for Elementor reformer-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reformer for Elementor: from n/a through <= 1.0.6.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68086"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/reformer-elementor/vulnerability/wordpress-reformer-for-elementor-plugin-1-0-6-broken-access-control-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T09:16:03Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-3wxp-8m6g-m8x5/GHSA-3wxp-8m6g-m8x5.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3wxp-8m6g-m8x5",
+  "modified": "2025-12-16T09:31:10Z",
+  "published": "2025-12-16T09:31:10Z",
+  "aliases": [
+    "CVE-2025-68065"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affects Hub Core: from n/a through <= 5.0.8.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68065"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/hub-core/vulnerability/wordpress-hub-core-plugin-5-0-8-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T09:16:01Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-3xxw-5cqg-mq5w/GHSA-3xxw-5cqg-mq5w.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3xxw-5cqg-mq5w",
+  "modified": "2025-12-16T09:31:07Z",
+  "published": "2025-12-16T09:31:07Z",
+  "aliases": [
+    "CVE-2025-66635"
+  ],
+  "details": "Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66635"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN51846148"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.epson.jp/support/misc_t/251216_oshirase.htm"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T07:15:54Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-42hg-rvqc-fhf5/GHSA-42hg-rvqc-fhf5.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-42hg-rvqc-fhf5",
+  "modified": "2025-12-16T09:31:08Z",
+  "published": "2025-12-16T09:31:08Z",
+  "aliases": [
+    "CVE-2025-64251"
+  ],
+  "details": "Missing Authorization vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.3.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64251"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/indeed-learning-pro/vulnerability/wordpress-ultimate-learning-pro-plugin-3-9-3-arbitrary-content-deletion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T09:15:54Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-48pp-2gg2-9jj6/GHSA-48pp-2gg2-9jj6.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-48pp-2gg2-9jj6",
+  "modified": "2025-12-16T09:31:10Z",
+  "published": "2025-12-16T09:31:10Z",
+  "aliases": [
+    "CVE-2025-68067"
+  ],
+  "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through <= 2.4.6.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68067"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/stockholm-core/vulnerability/wordpress-stockholm-core-plugin-2-4-6-local-file-inclusion-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-98"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-16T09:16:02Z"
+  }
+}