Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-856v-8qm2-9wjv",
-  "modified": "2025-12-01T12:30:27Z",
+  "modified": "2025-12-01T15:30:16Z",
   "published": "2025-08-07T21:31:08Z",
   "aliases": [
     "CVE-2025-7195"
@@ -64,10 +64,22 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:21885"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22415"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:22416"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22418"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:22420"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-7195"

advisories/unreviewed/2025/11/GHSA-4w79-7ch5-4xhw/GHSA-4w79-7ch5-4xhw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4w79-7ch5-4xhw",
-  "modified": "2025-11-28T21:31:18Z",
+  "modified": "2025-12-01T15:30:16Z",
   "published": "2025-11-26T18:31:03Z",
   "aliases": [
     "CVE-2025-45311"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45311"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/fail2ban/fail2ban/issues/4110"
+    },
     {
       "type": "WEB",
       "url": "https://gist.github.com/R-Security/1c707a08f9c7f9a91d9d84b5010aaed2"

advisories/unreviewed/2025/11/GHSA-q82r-57vj-xrfh/GHSA-q82r-57vj-xrfh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q82r-57vj-xrfh",
-  "modified": "2025-11-29T06:30:13Z",
+  "modified": "2025-12-01T15:30:17Z",
   "published": "2025-11-29T06:30:13Z",
   "aliases": [
     "CVE-2025-65892"
   ],
   "details": "Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-29T04:15:57Z"

advisories/unreviewed/2025/11/GHSA-wq3v-qm63-hhj6/GHSA-wq3v-qm63-hhj6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wq3v-qm63-hhj6",
-  "modified": "2025-11-29T06:30:13Z",
+  "modified": "2025-12-01T15:30:16Z",
   "published": "2025-11-29T06:30:13Z",
   "aliases": [
     "CVE-2025-65540"
   ],
   "details": "Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-11-29T04:15:56Z"

advisories/unreviewed/2025/11/GHSA-xmfq-xm97-g58p/GHSA-xmfq-xm97-g58p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xmfq-xm97-g58p",
-  "modified": "2025-11-25T15:31:33Z",
+  "modified": "2025-12-01T15:30:16Z",
   "published": "2025-11-25T15:31:33Z",
   "aliases": [
     "CVE-2025-36134"

advisories/unreviewed/2025/12/GHSA-728r-qj99-48p2/GHSA-728r-qj99-48p2.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-728r-qj99-48p2",
+  "modified": "2025-12-01T15:30:17Z",
+  "published": "2025-12-01T15:30:17Z",
+  "aliases": [
+    "CVE-2025-49643"
+  ],
+  "details": "An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49643"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.zabbix.com/browse/ZBX-27284"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-405"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T14:16:06Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-8444-jvgr-g6c6/GHSA-8444-jvgr-g6c6.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8444-jvgr-g6c6",
-  "modified": "2025-12-01T03:30:26Z",
+  "modified": "2025-12-01T15:30:17Z",
   "published": "2025-12-01T03:30:26Z",
   "aliases": [
     "CVE-2025-13798"
@@ -38,6 +38,10 @@
     {
       "type": "WEB",
       "url": "https://www.notion.so/2a60c75766a8805a8973d2ff6a6bcb26"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/Report-8-2a60c75766a8805a8973d2ff6a6bcb26"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/12/GHSA-96fr-rv8q-2885/GHSA-96fr-rv8q-2885.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-96fr-rv8q-2885",
+  "modified": "2025-12-01T15:30:18Z",
+  "published": "2025-12-01T15:30:18Z",
+  "aliases": [
+    "CVE-2025-13129"
+  ],
+  "details": "Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co. Onaylarım allows Functionality Misuse.This issue affects Onaylarım: from 25.09.26.01 through 18112025.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13129"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usom.gov.tr/bildirim/tr-25-0422"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-841"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T15:15:48Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-c2vx-rx6x-m9wj/GHSA-c2vx-rx6x-m9wj.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c2vx-rx6x-m9wj",
+  "modified": "2025-12-01T15:30:18Z",
+  "published": "2025-12-01T15:30:18Z",
+  "aliases": [
+    "CVE-2025-63520"
+  ],
+  "details": "Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63520"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/liufee/cms/issues/74"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63520.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T15:15:50Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-gm93-3f63-r64c/GHSA-gm93-3f63-r64c.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gm93-3f63-r64c",
+  "modified": "2025-12-01T15:30:17Z",
+  "published": "2025-12-01T15:30:17Z",
+  "aliases": [
+    "CVE-2025-49642"
+  ],
+  "details": "Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49642"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.zabbix.com/browse/ZBX-27283"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-426"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T14:16:05Z"
+  }
+}