Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/06/GHSA-wppx-2c2r-43hc/GHSA-wppx-2c2r-43hc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wppx-2c2r-43hc",
-  "modified": "2025-09-02T21:30:56Z",
+  "modified": "2026-03-25T15:31:23Z",
   "published": "2025-06-20T21:32:06Z",
   "aliases": [
     "CVE-2025-6193"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/trustyai-explainability/trustyai-service-operator/pull/504"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5807"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-6193"

advisories/unreviewed/2025/09/GHSA-mj23-mw6g-p34x/GHSA-mj23-mw6g-p34x.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mj23-mw6g-p34x",
-  "modified": "2025-09-25T15:30:23Z",
+  "modified": "2026-03-25T15:31:23Z",
   "published": "2025-09-25T15:30:23Z",
   "aliases": [
     "CVE-2025-10947"

advisories/unreviewed/2025/10/GHSA-57c3-6898-289j/GHSA-57c3-6898-289j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-57c3-6898-289j",
-  "modified": "2025-10-05T06:30:14Z",
+  "modified": "2026-03-25T15:31:24Z",
   "published": "2025-10-05T06:30:14Z",
   "aliases": [
     "CVE-2025-11282"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://gist.github.com/0xHamy/c2a81f2d1c779c513fa3db6f3ad24544#steps-to-reproduce"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/frappe/lms"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.327016"

advisories/unreviewed/2026/02/GHSA-cc7r-67vc-28jh/GHSA-cc7r-67vc-28jh.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cc7r-67vc-28jh",
-  "modified": "2026-02-03T00:30:19Z",
+  "modified": "2026-03-25T15:31:24Z",
   "published": "2026-02-03T00:30:19Z",
   "aliases": [
     "CVE-2025-61642"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php.\n\nThis issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/02/GHSA-jrq3-c447-h584/GHSA-jrq3-c447-h584.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jrq3-c447-h584",
-  "modified": "2026-02-03T03:30:26Z",
+  "modified": "2026-03-25T15:31:24Z",
   "published": "2026-02-03T03:30:26Z",
   "aliases": [
     "CVE-2025-11261"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js.\n\nThis issue affects MediaWiki: from * before 1.39.15, 1.43.5, 1.44.2.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/02/GHSA-pw42-76j9-fcp3/GHSA-pw42-76j9-fcp3.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pw42-76j9-fcp3",
-  "modified": "2026-02-03T00:30:19Z",
+  "modified": "2026-03-25T15:31:24Z",
   "published": "2026-02-03T00:30:19Z",
   "aliases": [
     "CVE-2025-61643"
   ],
   "details": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php.\n\nThis issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:Green"
@@ -25,7 +29,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-212"
+    ],
     "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/02/GHSA-qmgg-3m8p-p8cc/GHSA-qmgg-3m8p-p8cc.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qmgg-3m8p-p8cc",
-  "modified": "2026-02-03T00:30:19Z",
+  "modified": "2026-03-25T15:31:24Z",
   "published": "2026-02-03T00:30:19Z",
   "aliases": [
     "CVE-2025-61641"
   ],
   "details": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php.\n\nThis issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/02/GHSA-v564-5h76-v6ch/GHSA-v564-5h76-v6ch.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v564-5h76-v6ch",
-  "modified": "2026-02-03T03:30:26Z",
+  "modified": "2026-03-25T15:31:24Z",
   "published": "2026-02-03T03:30:26Z",
   "aliases": [
     "CVE-2025-61646"
   ],
   "details": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php.\n\nThis issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/03/GHSA-2f5p-h4fx-2cqj/GHSA-2f5p-h4fx-2cqj.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2f5p-h4fx-2cqj",
+  "modified": "2026-03-25T15:31:29Z",
+  "published": "2026-03-25T15:31:29Z",
+  "aliases": [
+    "CVE-2026-3126"
+  ],
+  "details": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3126"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-25T15:16:50Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3222-m64x-qwpg/GHSA-3222-m64x-qwpg.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3222-m64x-qwpg",
+  "modified": "2026-03-25T15:31:29Z",
+  "published": "2026-03-25T15:31:29Z",
+  "aliases": [
+    "CVE-2025-27260"
+  ],
+  "details": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27260"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-790"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-25T14:16:30Z"
+  }
+}