Skip to content

File tree

9 files changed

+213
-4
lines changed

9 files changed

+213
-4
lines changed

advisories/unreviewed/2024/04/GHSA-9576-cchc-4f79/GHSA-9576-cchc-4f79.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,9 @@
2525
}
2626
],
2727
"database_specific": {
28-
"cwe_ids": [],
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
2931
"severity": "MODERATE",
3032
"github_reviewed": false,
3133
"github_reviewed_at": null,

advisories/unreviewed/2024/11/GHSA-c75m-w45q-rj2j/GHSA-c75m-w45q-rj2j.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,9 @@
2525
}
2626
],
2727
"database_specific": {
28-
"cwe_ids": [],
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
2931
"severity": "MODERATE",
3032
"github_reviewed": false,
3133
"github_reviewed_at": null,

advisories/unreviewed/2024/11/GHSA-w4vv-pf24-vw92/GHSA-w4vv-pf24-vw92.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,9 @@
2525
}
2626
],
2727
"database_specific": {
28-
"cwe_ids": [],
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
2931
"severity": "MODERATE",
3032
"github_reviewed": false,
3133
"github_reviewed_at": null,

advisories/unreviewed/2025/03/GHSA-g8qj-jv5h-78cp/GHSA-g8qj-jv5h-78cp.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-g8qj-jv5h-78cp",
4-
"modified": "2025-05-06T18:30:36Z",
4+
"modified": "2025-05-07T00:31:34Z",
55
"published": "2025-03-11T15:31:00Z",
66
"aliases": [
77
"CVE-2025-27363"
@@ -70,6 +70,10 @@
7070
{
7171
"type": "WEB",
7272
"url": "http://www.openwall.com/lists/oss-security/2025/03/14/4"
73+
},
74+
{
75+
"type": "WEB",
76+
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/3"
7377
}
7478
],
7579
"database_specific": {
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-267q-f3g2-2vj4",
4+
"modified": "2025-05-07T00:31:34Z",
5+
"published": "2025-05-07T00:31:34Z",
6+
"aliases": [
7+
"CVE-2025-0853"
8+
],
9+
"details": "The PGS Core plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'save_header_builder' function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0853"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/changelog"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca41c951-318f-47a7-9a30-c1d4eea1b1b5?source=cve"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-89"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-05-06T22:15:16Z"
39+
}
40+
}
Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2vq3-r375-cjhg",
4+
"modified": "2025-05-07T00:31:34Z",
5+
"published": "2025-05-07T00:31:34Z",
6+
"aliases": [
7+
"CVE-2025-4372"
8+
],
9+
"details": "Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4372"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://issues.chromium.org/issues/412057896"
24+
}
25+
],
26+
"database_specific": {
27+
"cwe_ids": [
28+
"CWE-416"
29+
],
30+
"severity": null,
31+
"github_reviewed": false,
32+
"github_reviewed_at": null,
33+
"nvd_published_at": "2025-05-06T22:15:17Z"
34+
}
35+
}
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5cr4-86qx-f59h",
4+
"modified": "2025-05-07T00:31:34Z",
5+
"published": "2025-05-07T00:31:34Z",
6+
"aliases": [
7+
"CVE-2025-47420"
8+
],
9+
"details": "266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47420"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://security.crestron.com"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-269"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2025-05-06T22:15:17Z"
43+
}
44+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jpqq-22mr-fmc5",
4+
"modified": "2025-05-07T00:31:34Z",
5+
"published": "2025-05-07T00:31:34Z",
6+
"aliases": [
7+
"CVE-2025-0856"
8+
],
9+
"details": "The PGS Core plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.8.0. This makes it possible for unauthenticated attackers to add, modify, or plugin options.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0856"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/changelog"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c33b1cb-6eb1-48cd-b706-5ec270f4ae7e?source=cve"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-862"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-05-06T23:15:51Z"
39+
}
40+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-r822-jq42-473c",
4+
"modified": "2025-05-07T00:31:34Z",
5+
"published": "2025-05-07T00:31:34Z",
6+
"aliases": [
7+
"CVE-2025-0855"
8+
],
9+
"details": "The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0855"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/changelog"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5dfc2249-3761-49c6-966e-73c33be74c0e?source=cve"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-502"
34+
],
35+
"severity": "CRITICAL",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-05-06T23:15:50Z"
39+
}
40+
}

0 commit comments

Comments
 (0)