Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/06/GHSA-32vr-5hxf-x93f/GHSA-32vr-5hxf-x93f.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-32vr-5hxf-x93f",
-  "modified": "2025-09-18T12:30:26Z",
+  "modified": "2025-10-27T18:31:06Z",
   "published": "2025-06-12T15:31:22Z",
   "aliases": [
     "CVE-2025-6021"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-6021"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19020"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:15672"

advisories/unreviewed/2025/06/GHSA-4x4x-pv89-58q8/GHSA-4x4x-pv89-58q8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4x4x-pv89-58q8",
-  "modified": "2025-06-13T18:30:35Z",
+  "modified": "2025-10-27T18:31:06Z",
   "published": "2025-06-13T15:30:31Z",
   "aliases": [
     "CVE-2025-28381"
@@ -19,6 +19,18 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28381"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/OpenC3/cosmos/pull/1816"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/OpenC3/cosmos/pull/1816/commits/cce64c213fd2e6a70e2ccbf3622949fe8f9dcaef"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/OpenC3/cosmos/releases/tag/v6.0.2"
+    },
     {
       "type": "WEB",
       "url": "https://openc3.com"

advisories/unreviewed/2025/06/GHSA-83xx-9f6p-vwfj/GHSA-83xx-9f6p-vwfj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-83xx-9f6p-vwfj",
-  "modified": "2025-10-24T00:30:52Z",
+  "modified": "2025-10-27T18:31:07Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49796"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-49796"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19020"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18240"

advisories/unreviewed/2025/06/GHSA-9c5p-pqv5-93v2/GHSA-9c5p-pqv5-93v2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9c5p-pqv5-93v2",
-  "modified": "2025-06-13T18:30:35Z",
+  "modified": "2025-10-27T18:31:06Z",
   "published": "2025-06-13T15:30:32Z",
   "aliases": [
     "CVE-2025-28388"
@@ -19,6 +19,18 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28388"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/OpenC3/cosmos/pull/1816"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/OpenC3/cosmos/pull/1816/commits/195974a019f375f7c5a35f48e4151babb40649ac"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/OpenC3/cosmos/releases/tag/v6.0.2"
+    },
     {
       "type": "WEB",
       "url": "https://openc3.com"

advisories/unreviewed/2025/06/GHSA-gg7j-w83p-fxr9/GHSA-gg7j-w83p-fxr9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gg7j-w83p-fxr9",
-  "modified": "2025-07-09T03:30:22Z",
+  "modified": "2025-10-27T18:31:06Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49795"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:10630"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19020"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-49795"

advisories/unreviewed/2025/06/GHSA-qg4c-8pj4-qgw2/GHSA-qg4c-8pj4-qgw2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qg4c-8pj4-qgw2",
-  "modified": "2025-10-24T00:30:52Z",
+  "modified": "2025-10-27T18:31:07Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49794"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-49794"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19020"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18240"

advisories/unreviewed/2025/10/GHSA-23qm-g3r4-35xx/GHSA-23qm-g3r4-35xx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-23qm-g3r4-35xx",
-  "modified": "2025-10-27T03:30:39Z",
+  "modified": "2025-10-27T18:31:08Z",
   "published": "2025-10-27T03:30:39Z",
   "aliases": [
     "CVE-2025-62964"
   ],
   "details": "Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.4.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-27T02:15:56Z"

advisories/unreviewed/2025/10/GHSA-2rcq-28xm-f7jp/GHSA-2rcq-28xm-f7jp.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rcq-28xm-f7jp",
+  "modified": "2025-10-27T18:31:12Z",
+  "published": "2025-10-27T18:31:11Z",
+  "aliases": [
+    "CVE-2025-12297"
+  ],
+  "details": "A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. The attack may be launched remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12297"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.329965"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.329965"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.675906"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.yuque.com/yuqueyonghutxhnup/pbbo84/ruh1cg5isrmugkh3?singleDoc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T17:15:37Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-359c-qvwm-hgjp/GHSA-359c-qvwm-hgjp.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-359c-qvwm-hgjp",
+  "modified": "2025-10-27T18:31:10Z",
+  "published": "2025-10-27T18:31:10Z",
+  "aliases": [
+    "CVE-2023-37749"
+  ],
+  "details": "Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37749"
+    },
+    {
+      "type": "WEB",
+      "url": "https://app.hubspot.com/api/external-options/v2/pagedFetch/0-1/OWNER?useIndexOffset=true&portalId=22152277&clienttimeout=14000&hs_static_app=settings-ui-users&hs_static_app_version=1.43001&limit=200&q=&offset=0&includeDeleted=true"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/0xDBJ/28072f7eea42571d5b4ebaabdcb21cce"
+    },
+    {
+      "type": "WEB",
+      "url": "https://owasp.org/Top10/A01_2021-Broken_Access_Control"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T16:15:34Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-44r5-gm3r-62wj/GHSA-44r5-gm3r-62wj.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-44r5-gm3r-62wj",
-  "modified": "2025-10-27T03:30:39Z",
+  "modified": "2025-10-27T18:31:08Z",
   "published": "2025-10-27T03:30:39Z",
   "aliases": [
     "CVE-2025-62963"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Estatik estatik allows DOM-Based XSS.This issue affects Estatik: from n/a through <= 4.1.13.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-27T02:15:56Z"