Publish Advisories

GHSA-76p7-773f-r4q5
GHSA-6pvv-xrf9-29m6
GHSA-458g-vvmf-jfgq
GHSA-4p72-hvvm-vvpj
GHSA-4w79-7ch5-4xhw
GHSA-78x5-c3xr-96fc
GHSA-gq25-78jf-v78c
GHSA-p43m-vh82-h4mp
GHSA-px6j-wc84-gwhf
GHSA-v825-mc9m-64qr
GHSA-xrf2-cmw5-8q98

Author: advisory-database[bot]

advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-76p7-773f-r4q5",
-  "modified": "2025-11-25T18:32:18Z",
+  "modified": "2025-11-28T21:31:18Z",
   "published": "2025-02-10T18:30:47Z",
   "aliases": [
     "CVE-2024-11831"
@@ -124,6 +124,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:10853"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:0381"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHBA-2025:0304"

advisories/unreviewed/2022/05/GHSA-6pvv-xrf9-29m6/GHSA-6pvv-xrf9-29m6.json

@@ -1,19 +1,32 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6pvv-xrf9-29m6",
-  "modified": "2022-05-24T19:05:12Z",
+  "modified": "2025-11-28T21:31:18Z",
   "published": "2022-05-24T19:05:12Z",
   "aliases": [
     "CVE-2021-26829"
   ],
   "details": "OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26829"
     },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26829"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.forescout.com/blog/anatomy-of-a-hacktivist-attack-russian-aligned-group-targets-otics"
+    },
     {
       "type": "WEB",
       "url": "https://youtu.be/Xh6LPCiLMa8"

advisories/unreviewed/2025/11/GHSA-458g-vvmf-jfgq/GHSA-458g-vvmf-jfgq.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-458g-vvmf-jfgq",
-  "modified": "2025-11-28T18:30:23Z",
+  "modified": "2025-11-28T21:31:18Z",
   "published": "2025-11-28T18:30:23Z",
   "aliases": [
     "CVE-2025-13683"
   ],
   "details": "Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-200"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-28T17:16:08Z"

advisories/unreviewed/2025/11/GHSA-4p72-hvvm-vvpj/GHSA-4p72-hvvm-vvpj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4p72-hvvm-vvpj",
-  "modified": "2025-11-21T15:31:27Z",
+  "modified": "2025-11-28T21:31:17Z",
   "published": "2025-11-21T15:31:27Z",
   "aliases": [
     "CVE-2025-66093"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through <= 4.8.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-21T13:15:50Z"

advisories/unreviewed/2025/11/GHSA-4w79-7ch5-4xhw/GHSA-4w79-7ch5-4xhw.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4w79-7ch5-4xhw",
-  "modified": "2025-11-26T18:31:03Z",
+  "modified": "2025-11-28T21:31:18Z",
   "published": "2025-11-26T18:31:03Z",
   "aliases": [
     "CVE-2025-45311"
   ],
   "details": "Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-26T16:15:47Z"

advisories/unreviewed/2025/11/GHSA-78x5-c3xr-96fc/GHSA-78x5-c3xr-96fc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-78x5-c3xr-96fc",
-  "modified": "2025-11-21T15:31:27Z",
+  "modified": "2025-11-28T21:31:17Z",
   "published": "2025-11-21T15:31:27Z",
   "aliases": [
     "CVE-2025-66092"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bqworks Accordion Slider accordion-slider allows Stored XSS.This issue affects Accordion Slider: from n/a through <= 1.9.13.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-21T13:15:50Z"

advisories/unreviewed/2025/11/GHSA-gq25-78jf-v78c/GHSA-gq25-78jf-v78c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gq25-78jf-v78c",
-  "modified": "2025-11-26T21:31:26Z",
+  "modified": "2025-11-28T21:31:18Z",
   "published": "2025-11-26T21:31:26Z",
   "aliases": [
     "CVE-2025-65681"
   ],
   "details": "An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-384"
+    ],
+    "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-26T19:15:49Z"

advisories/unreviewed/2025/11/GHSA-p43m-vh82-h4mp/GHSA-p43m-vh82-h4mp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p43m-vh82-h4mp",
-  "modified": "2025-11-26T18:31:04Z",
+  "modified": "2025-11-28T21:31:18Z",
   "published": "2025-11-26T18:31:04Z",
   "aliases": [
     "CVE-2025-55471"
   ],
   "details": "Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-26T18:15:48Z"

advisories/unreviewed/2025/11/GHSA-px6j-wc84-gwhf/GHSA-px6j-wc84-gwhf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-px6j-wc84-gwhf",
-  "modified": "2025-11-26T21:31:26Z",
+  "modified": "2025-11-28T21:31:18Z",
   "published": "2025-11-26T21:31:26Z",
   "aliases": [
     "CVE-2025-65672"
   ],
   "details": "Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-26T19:15:47Z"

advisories/unreviewed/2025/11/GHSA-v825-mc9m-64qr/GHSA-v825-mc9m-64qr.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v825-mc9m-64qr",
-  "modified": "2025-11-27T00:30:27Z",
+  "modified": "2025-11-28T21:31:18Z",
   "published": "2025-11-27T00:30:27Z",
   "aliases": [
     "CVE-2025-40934"
   ],
   "details": "XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.\n\nAn attacker can remove the signature from the XML document to make it pass the verification check.\n\nXML-Sig is a Perl module to validate signatures on XML files.  An unsigned XML file should return an error message.  The affected versions return true when attempting to validate an XML file that contains no signatures.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-347"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-26T23:15:47Z"