Skip to content

Commit 46249e2

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2x38-j7v9-v23r GHSA-5p88-83gf-rfq5 GHSA-8p73-6vvr-52x7 GHSA-9cx6-52c2-phg6 GHSA-p268-fqx2-j4vp GHSA-q6m2-f497-3j77 GHSA-vxgr-f3wg-f3r8 GHSA-wwvm-vmw2-56q8
1 parent de0920f commit 46249e2

File tree

8 files changed

+320
-0
lines changed

8 files changed

+320
-0
lines changed

advisories/unreviewed/2025/12/GHSA-2x38-j7v9-v23r/GHSA-2x38-j7v9-v23r.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2x38-j7v9-v23r",
4+
"modified": "2025-12-12T03:30:19Z",
5+
"published": "2025-12-12T03:30:19Z",
6+
"aliases": [
7+
"CVE-2025-10451"
8+
],
9+
"details": "Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10451"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.insyde.com/security-pledge/sa-2025009"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-787"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-12T01:15:45Z"
35+
}
36+
}

advisories/unreviewed/2025/12/GHSA-5p88-83gf-rfq5/GHSA-5p88-83gf-rfq5.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5p88-83gf-rfq5",
4+
"modified": "2025-12-12T03:30:20Z",
5+
"published": "2025-12-12T03:30:20Z",
6+
"aliases": [
7+
"CVE-2025-13665"
8+
],
9+
"details": "The System Console Utility for Windows is vulnerable to a DLL planting vulnerability",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13665"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.altera.com/security/security-advisory/asa-0002"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-427"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-12-12T03:15:51Z"
39+
}
40+
}

advisories/unreviewed/2025/12/GHSA-8p73-6vvr-52x7/GHSA-8p73-6vvr-52x7.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8p73-6vvr-52x7",
4+
"modified": "2025-12-12T03:30:21Z",
5+
"published": "2025-12-12T03:30:21Z",
6+
"aliases": [
7+
"CVE-2025-13839"
8+
],
9+
"details": "The LJUsers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'ljuser' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13839"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/ljusers/tags/1.2.0/ljusers.php#L194"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/ljusers/trunk/ljusers.php#L194"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/841adf53-930a-4286-96d0-9ee8b0c188c4?source=cve"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-79"
38+
],
39+
"severity": "MODERATE",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2025-12-12T03:15:52Z"
43+
}
44+
}

advisories/unreviewed/2025/12/GHSA-9cx6-52c2-phg6/GHSA-9cx6-52c2-phg6.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9cx6-52c2-phg6",
4+
"modified": "2025-12-12T03:30:19Z",
5+
"published": "2025-12-12T03:30:19Z",
6+
"aliases": [
7+
"CVE-2025-13052"
8+
],
9+
"details": "When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the SMTP.\n\nAffected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RKD2 as well as from ADM 5.0.0 through ADM 5.1.0.RN42.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13052"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.asustor.com/security/security_advisory_detail?id=49"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-295"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-12T03:15:50Z"
35+
}
36+
}

advisories/unreviewed/2025/12/GHSA-p268-fqx2-j4vp/GHSA-p268-fqx2-j4vp.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-p268-fqx2-j4vp",
4+
"modified": "2025-12-12T03:30:21Z",
5+
"published": "2025-12-12T03:30:21Z",
6+
"aliases": [
7+
"CVE-2025-13670"
8+
],
9+
"details": "The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13670"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.altera.com/security/security-advisory/asa-0003"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-427"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-12-12T03:15:51Z"
39+
}
40+
}

advisories/unreviewed/2025/12/GHSA-q6m2-f497-3j77/GHSA-q6m2-f497-3j77.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-q6m2-f497-3j77",
4+
"modified": "2025-12-12T03:30:21Z",
5+
"published": "2025-12-12T03:30:21Z",
6+
"aliases": [
7+
"CVE-2025-13669"
8+
],
9+
"details": "Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13669"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.altera.com/security/security-advisory/asa-0003"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-427"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-12-12T03:15:51Z"
39+
}
40+
}

advisories/unreviewed/2025/12/GHSA-vxgr-f3wg-f3r8/GHSA-vxgr-f3wg-f3r8.json

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-vxgr-f3wg-f3r8",
4+
"modified": "2025-12-12T03:30:21Z",
5+
"published": "2025-12-12T03:30:21Z",
6+
"aliases": [
7+
"CVE-2025-13886"
8+
],
9+
"details": "The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter in the `book` shortcode due to insufficient path sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where files such as wp-config.php can be included.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13886"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/lt-unleashed/tags/1.1.1/lt-unleashed.php#L315"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/lt-unleashed/trunk/lt-unleashed.php#L241"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/lt-unleashed/trunk/lt-unleashed.php#L315"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c72099cc-e70a-4afe-92c0-8f9f8c1e91b7?source=cve"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-98"
42+
],
43+
"severity": "HIGH",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2025-12-12T03:15:52Z"
47+
}
48+
}

advisories/unreviewed/2025/12/GHSA-wwvm-vmw2-56q8/GHSA-wwvm-vmw2-56q8.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wwvm-vmw2-56q8",
4+
"modified": "2025-12-12T03:30:20Z",
5+
"published": "2025-12-12T03:30:20Z",
6+
"aliases": [
7+
"CVE-2025-13053"
8+
],
9+
"details": "When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle (MITM) attack, which may obtain the sensitive information of the UPS server configuation.\n\nThis issue affects ADM: from 4.1.0 through 4.3.3.RKD2, from 5.0.0 through 5.1.0.RN42.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13053"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.asustor.com/security/security_advisory_detail?id=49"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-311"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-12-12T03:15:51Z"
35+
}
36+
}

0 commit comments

Comments
 (0)