Publish Advisories

GHSA-q28p-82xj-hwh7
GHSA-43w7-g3v2-94w3
GHSA-6r3p-62p9-53qf
GHSA-7v6r-wcm9-2v47
GHSA-83c9-w22j-g8qq
GHSA-8jw8-pgw4-rc28
GHSA-9956-2fv5-m3gf
GHSA-cprf-mp87-92j8
GHSA-f7m4-f638-5p2j
GHSA-j4p8-5vj7-45mf
GHSA-m7xh-548p-355r
GHSA-mvgr-2wf6-g44v
GHSA-q54j-fwxq-mwm7
GHSA-qrgh-xx65-9fhw
GHSA-wvx3-j2j6-g5g8

Author: advisory-database[bot]

advisories/unreviewed/2022/12/GHSA-q28p-82xj-hwh7/GHSA-q28p-82xj-hwh7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q28p-82xj-hwh7",
-  "modified": "2022-12-31T03:30:26Z",
+  "modified": "2025-12-24T06:30:25Z",
   "published": "2022-12-24T00:30:19Z",
   "aliases": [
     "CVE-2022-40011"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://gist.github.com/wangking1/61bdd1967367301a950ffbb3d10386f3"
     },
+    {
+      "type": "WEB",
+      "url": "https://typora.io/releases/all"
+    },
     {
       "type": "WEB",
       "url": "http://typora.com"

advisories/unreviewed/2025/12/GHSA-43w7-g3v2-94w3/GHSA-43w7-g3v2-94w3.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-43w7-g3v2-94w3",
+  "modified": "2025-12-24T06:30:26Z",
+  "published": "2025-12-24T06:30:26Z",
+  "aliases": [
+    "CVE-2025-68693"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68693"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T04:15:56Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-6r3p-62p9-53qf/GHSA-6r3p-62p9-53qf.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6r3p-62p9-53qf",
+  "modified": "2025-12-24T06:30:26Z",
+  "published": "2025-12-24T06:30:26Z",
+  "aliases": [
+    "CVE-2025-68688"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68688"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T04:15:56Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-7v6r-wcm9-2v47/GHSA-7v6r-wcm9-2v47.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7v6r-wcm9-2v47",
+  "modified": "2025-12-24T06:30:26Z",
+  "published": "2025-12-24T06:30:26Z",
+  "aliases": [
+    "CVE-2025-68695"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68695"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T04:15:56Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-83c9-w22j-g8qq/GHSA-83c9-w22j-g8qq.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-83c9-w22j-g8qq",
+  "modified": "2025-12-24T06:30:26Z",
+  "published": "2025-12-24T06:30:26Z",
+  "aliases": [
+    "CVE-2025-68691"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68691"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T04:15:56Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-8jw8-pgw4-rc28/GHSA-8jw8-pgw4-rc28.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8jw8-pgw4-rc28",
+  "modified": "2025-12-24T06:30:26Z",
+  "published": "2025-12-24T06:30:26Z",
+  "aliases": [
+    "CVE-2025-68690"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68690"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T04:15:56Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-9956-2fv5-m3gf/GHSA-9956-2fv5-m3gf.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9956-2fv5-m3gf",
+  "modified": "2025-12-24T06:30:26Z",
+  "published": "2025-12-24T06:30:26Z",
+  "aliases": [
+    "CVE-2025-13773"
+  ],
+  "details": "The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in the 'WooCommerce_Delivery_Notes::update' function, PHP enabled in Dompdf, and missing escape in the 'template.php' file. This makes it possible for unauthenticated attackers to execute code on the server.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13773"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/includes/class-woocommerce-delivery-notes.php#L347"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/includes/class-woocommerce-delivery-notes.php#L473"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/includes/front/vendor/dompdf/dompdf/src/PhpEvaluator.php#L52"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/includes/front/wcdn-front-function.php#L37"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/templates/pdf/simple/invoice/template.php#L36"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3426119/woocommerce-delivery-notes"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e52b34fe-2414-4d6f-bf43-9c5b65ebf769?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T05:16:05Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-cprf-mp87-92j8/GHSA-cprf-mp87-92j8.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cprf-mp87-92j8",
+  "modified": "2025-12-24T06:30:26Z",
+  "published": "2025-12-24T06:30:26Z",
+  "aliases": [
+    "CVE-2025-68689"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68689"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T04:15:56Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-f7m4-f638-5p2j/GHSA-f7m4-f638-5p2j.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f7m4-f638-5p2j",
+  "modified": "2025-12-24T06:30:26Z",
+  "published": "2025-12-24T06:30:26Z",
+  "aliases": [
+    "CVE-2025-13407"
+  ],
+  "details": "The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload path.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13407"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/e09908fb-f5ad-45ca-8698-c0d596fd39cc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T06:15:43Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-j4p8-5vj7-45mf/GHSA-j4p8-5vj7-45mf.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j4p8-5vj7-45mf",
+  "modified": "2025-12-24T06:30:26Z",
+  "published": "2025-12-24T06:30:26Z",
+  "aliases": [
+    "CVE-2025-66445"
+  ],
+  "details": "Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66445"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-133/index.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-24T05:16:08Z"
+  }
+}