Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit f1f0449d363e · 2025-12-31T03:32:36.000Z
GHSA-5rp3-83j5-w2g4 GHSA-4425-3v92-m6q6 GHSA-7695-f938-c2jf GHSA-78cp-c4p5-694f GHSA-98h2-7j4h-7xc5 GHSA-crvx-w25m-8x7c GHSA-f282-55f7-242h GHSA-3j8r-26jq-jj7w GHSA-6952-99fq-g3mw GHSA-777r-h845-392r GHSA-8m8h-xwp6-pgjf GHSA-prw8-xqmj-467g GHSA-4695-qj73-37p4 GHSA-53h7-g6w8-rxxc GHSA-5fgj-7r84-vwrr GHSA-9qhr-gr34-rmgj GHSA-x25x-vjrm-h7qq
diff --git a/advisories/unreviewed/2023/12/GHSA-5rp3-83j5-w2g4/GHSA-5rp3-83j5-w2g4.json b/advisories/unreviewed/2023/12/GHSA-5rp3-83j5-w2g4/GHSA-5rp3-83j5-w2g4.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5rp3-83j5-w2g4",
-  "modified": "2023-12-12T15:30:58Z",
+  "modified": "2025-12-31T03:30:27Z",
   "published": "2023-12-07T06:30:18Z",
   "aliases": [
     "CVE-2023-40238"
diff --git a/advisories/unreviewed/2024/01/GHSA-4425-3v92-m6q6/GHSA-4425-3v92-m6q6.json b/advisories/unreviewed/2024/01/GHSA-4425-3v92-m6q6/GHSA-4425-3v92-m6q6.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4425-3v92-m6q6",
-  "modified": "2024-01-23T06:30:21Z",
+  "modified": "2025-12-31T03:30:26Z",
   "published": "2024-01-23T06:30:21Z",
   "aliases": [
     "CVE-2024-22772"
diff --git a/advisories/unreviewed/2024/01/GHSA-7695-f938-c2jf/GHSA-7695-f938-c2jf.json b/advisories/unreviewed/2024/01/GHSA-7695-f938-c2jf/GHSA-7695-f938-c2jf.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7695-f938-c2jf",
-  "modified": "2024-01-23T06:30:21Z",
+  "modified": "2025-12-31T03:30:26Z",
   "published": "2024-01-23T06:30:21Z",
   "aliases": [
     "CVE-2024-22771"
diff --git a/advisories/unreviewed/2024/01/GHSA-78cp-c4p5-694f/GHSA-78cp-c4p5-694f.json b/advisories/unreviewed/2024/01/GHSA-78cp-c4p5-694f/GHSA-78cp-c4p5-694f.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-78cp-c4p5-694f",
-  "modified": "2024-01-23T06:30:22Z",
+  "modified": "2025-12-31T03:30:27Z",
   "published": "2024-01-23T06:30:22Z",
   "aliases": [
     "CVE-2024-23842"
diff --git a/advisories/unreviewed/2024/01/GHSA-98h2-7j4h-7xc5/GHSA-98h2-7j4h-7xc5.json b/advisories/unreviewed/2024/01/GHSA-98h2-7j4h-7xc5/GHSA-98h2-7j4h-7xc5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-98h2-7j4h-7xc5",
-  "modified": "2024-01-23T06:30:21Z",
+  "modified": "2025-12-31T03:30:26Z",
   "published": "2024-01-23T06:30:21Z",
   "aliases": [
     "CVE-2024-22770"
diff --git a/advisories/unreviewed/2024/01/GHSA-crvx-w25m-8x7c/GHSA-crvx-w25m-8x7c.json b/advisories/unreviewed/2024/01/GHSA-crvx-w25m-8x7c/GHSA-crvx-w25m-8x7c.json
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-crvx-w25m-8x7c",
-  "modified": "2024-01-23T06:30:21Z",
+  "modified": "2025-12-31T03:30:26Z",
   "published": "2024-01-23T06:30:21Z",
   "aliases": [
     "CVE-2024-22768"
   ],
-  "details": "Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.\n",
+  "details": "Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW.",
   "severity": [
     {
       "type": "CVSS_V3",
diff --git a/advisories/unreviewed/2024/01/GHSA-f282-55f7-242h/GHSA-f282-55f7-242h.json b/advisories/unreviewed/2024/01/GHSA-f282-55f7-242h/GHSA-f282-55f7-242h.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f282-55f7-242h",
-  "modified": "2024-01-23T06:30:21Z",
+  "modified": "2025-12-31T03:30:26Z",
   "published": "2024-01-23T06:30:21Z",
   "aliases": [
     "CVE-2024-22769"
diff --git a/advisories/unreviewed/2024/03/GHSA-3j8r-26jq-jj7w/GHSA-3j8r-26jq-jj7w.json b/advisories/unreviewed/2024/03/GHSA-3j8r-26jq-jj7w/GHSA-3j8r-26jq-jj7w.json
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3j8r-26jq-jj7w",
-  "modified": "2024-08-05T15:30:50Z",
+  "modified": "2025-12-31T03:30:32Z",
   "published": "2024-03-18T00:30:44Z",
   "aliases": [
     "CVE-2024-23138"
   ],
-  "details": "A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\n",
+  "details": "A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-121"
+      "CWE-121",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,
diff --git a/advisories/unreviewed/2025/03/GHSA-6952-99fq-g3mw/GHSA-6952-99fq-g3mw.json b/advisories/unreviewed/2025/03/GHSA-6952-99fq-g3mw/GHSA-6952-99fq-g3mw.json
@@ -37,7 +37,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-416"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
diff --git a/advisories/unreviewed/2025/11/GHSA-777r-h845-392r/GHSA-777r-h845-392r.json b/advisories/unreviewed/2025/11/GHSA-777r-h845-392r/GHSA-777r-h845-392r.json
@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-777r-h845-392r",
-  "modified": "2025-11-18T18:32:53Z",
+  "modified": "2025-12-31T03:30:32Z",
   "published": "2025-11-18T18:32:53Z",
   "aliases": [
     "CVE-2025-34324"
   ],
   "details": "GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed, so its authenticity relies solely on the underlying TLS channel. In affected versions, TLS certificate validation can be disabled when a proxy is configured, allowing an attacker who can intercept network traffic to supply a malicious update manifest and corresponding package with a matching hash. This can cause the client to download and install a tampered update, resulting in arbitrary code execution with the privileges of the GoSign Desktop user on Windows and macOS, or with elevated privileges on some Linux deployments. A local attacker who can modify proxy settings may also abuse this behavior to escalate privileges by forcing installation of a crafted update.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
diff --git a/advisories/unreviewed/2025/11/GHSA-8m8h-xwp6-pgjf/GHSA-8m8h-xwp6-pgjf.json b/advisories/unreviewed/2025/11/GHSA-8m8h-xwp6-pgjf/GHSA-8m8h-xwp6-pgjf.json
@@ -30,6 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-190",
       "CWE-835"
     ],
     "severity": "MODERATE",
diff --git a/advisories/unreviewed/2025/11/GHSA-prw8-xqmj-467g/GHSA-prw8-xqmj-467g.json b/advisories/unreviewed/2025/11/GHSA-prw8-xqmj-467g/GHSA-prw8-xqmj-467g.json
@@ -30,6 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-22",
       "CWE-78"
     ],
     "severity": "MODERATE",
diff --git a/advisories/unreviewed/2025/12/GHSA-4695-qj73-37p4/GHSA-4695-qj73-37p4.json b/advisories/unreviewed/2025/12/GHSA-4695-qj73-37p4/GHSA-4695-qj73-37p4.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4695-qj73-37p4",
+  "modified": "2025-12-31T03:30:35Z",
+  "published": "2025-12-31T03:30:35Z",
+  "aliases": [
+    "CVE-2025-15372"
+  ],
+  "details": "A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15372"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/AnalogyC0de/public_exp/blob/main/archives/vue3-element-admin/report.md#proof-of-concept"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.339080"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.339080"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.718345"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-31T03:15:53Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-53h7-g6w8-rxxc/GHSA-53h7-g6w8-rxxc.json b/advisories/unreviewed/2025/12/GHSA-53h7-g6w8-rxxc/GHSA-53h7-g6w8-rxxc.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-53h7-g6w8-rxxc",
+  "modified": "2025-12-31T03:30:34Z",
+  "published": "2025-12-31T03:30:34Z",
+  "aliases": [
+    "CVE-2025-11964"
+  ],
+  "details": "On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11964"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-31T01:15:54Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-5fgj-7r84-vwrr/GHSA-5fgj-7r84-vwrr.json b/advisories/unreviewed/2025/12/GHSA-5fgj-7r84-vwrr/GHSA-5fgj-7r84-vwrr.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5fgj-7r84-vwrr",
+  "modified": "2025-12-31T03:30:35Z",
+  "published": "2025-12-31T03:30:35Z",
+  "aliases": [
+    "CVE-2025-15223"
+  ],
+  "details": "A vulnerability was found in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. Impacted is an unknown function of the file /login.php. Performing manipulation of the argument Username results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure and makes clear that the product is \"[f]or educational purposes only\".",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15223"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/sun-huizhi/dazhi/issues/IDBUOY"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.338608"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.338608"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.710150"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-31T03:15:53Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-9qhr-gr34-rmgj/GHSA-9qhr-gr34-rmgj.json b/advisories/unreviewed/2025/12/GHSA-9qhr-gr34-rmgj/GHSA-9qhr-gr34-rmgj.json
@@ -0,0 +1,80 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9qhr-gr34-rmgj",
+  "modified": "2025-12-31T03:30:34Z",
+  "published": "2025-12-31T03:30:34Z",
+  "aliases": [
+    "CVE-2025-15371"
+  ],
+  "details": "A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15371"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/vuln-1/vuln/blob/main/Tenda/i24v3.0_V3.0.0.8/report-1.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.339075"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.339075"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.727155"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.727283"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.727284"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.727285"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.727302"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.727305"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.727306"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-259"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-31T01:15:54Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-x25x-vjrm-h7qq/GHSA-x25x-vjrm-h7qq.json b/advisories/unreviewed/2025/12/GHSA-x25x-vjrm-h7qq/GHSA-x25x-vjrm-h7qq.json

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-5rp3-83j5-w2g4",`
`4`		`- "modified": "2023-12-12T15:30:58Z",`
	`4`	`+ "modified": "2025-12-31T03:30:27Z",`
`5`	`5`	`"published": "2023-12-07T06:30:18Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2023-40238"`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-4425-3v92-m6q6",`
`4`		`- "modified": "2024-01-23T06:30:21Z",`
	`4`	`+ "modified": "2025-12-31T03:30:26Z",`
`5`	`5`	`"published": "2024-01-23T06:30:21Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2024-22772"`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-7695-f938-c2jf",`
`4`		`- "modified": "2024-01-23T06:30:21Z",`
	`4`	`+ "modified": "2025-12-31T03:30:26Z",`
`5`	`5`	`"published": "2024-01-23T06:30:21Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2024-22771"`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-78cp-c4p5-694f",`
`4`		`- "modified": "2024-01-23T06:30:22Z",`
	`4`	`+ "modified": "2025-12-31T03:30:27Z",`
`5`	`5`	`"published": "2024-01-23T06:30:22Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2024-23842"`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-98h2-7j4h-7xc5",`
`4`		`- "modified": "2024-01-23T06:30:21Z",`
	`4`	`+ "modified": "2025-12-31T03:30:26Z",`
`5`	`5`	`"published": "2024-01-23T06:30:21Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2024-22770"`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-f282-55f7-242h",`
`4`		`- "modified": "2024-01-23T06:30:21Z",`
	`4`	`+ "modified": "2025-12-31T03:30:26Z",`
`5`	`5`	`"published": "2024-01-23T06:30:21Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2024-22769"`