Publish Advisories

GHSA-876p-p3c7-ggc7
GHSA-pxfw-cxx3-vxv8
GHSA-23mx-m43g-r4fh
GHSA-6j6h-gw62-v4w9
GHSA-7rwh-q57w-mhc9
GHSA-863r-5cgc-6c3p
GHSA-mf8r-m6vx-6fff
GHSA-wh3m-7fwp-mxjw
GHSA-x8j2-jjhg-5gvx

Author: advisory-database[bot]

advisories/unreviewed/2024/04/GHSA-876p-p3c7-ggc7/GHSA-876p-p3c7-ggc7.json

@@ -34,6 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-476",
       "CWE-690"
     ],
     "severity": "HIGH",

advisories/unreviewed/2024/04/GHSA-pxfw-cxx3-vxv8/GHSA-pxfw-cxx3-vxv8.json

@@ -30,7 +30,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-1391"
+      "CWE-1391",
+      "CWE-259"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/06/GHSA-23mx-m43g-r4fh/GHSA-23mx-m43g-r4fh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-23mx-m43g-r4fh",
-  "modified": "2025-06-18T06:31:37Z",
+  "modified": "2025-06-18T21:30:29Z",
   "published": "2025-06-18T06:31:37Z",
   "aliases": [
     "CVE-2025-4955"
   ],
   "details": "The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T06:15:28Z"

advisories/unreviewed/2025/06/GHSA-6j6h-gw62-v4w9/GHSA-6j6h-gw62-v4w9.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6j6h-gw62-v4w9",
+  "modified": "2025-06-18T21:30:30Z",
+  "published": "2025-06-18T21:30:30Z",
+  "aliases": [
+    "CVE-2025-26199"
+  ],
+  "details": "An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code via the cleartext submission of passwords.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26199"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/tansique-17/6e01bb1b8a09ef499a9b8484a8dc2487"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-319"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-18T20:15:19Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-7rwh-q57w-mhc9/GHSA-7rwh-q57w-mhc9.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7rwh-q57w-mhc9",
+  "modified": "2025-06-18T21:30:29Z",
+  "published": "2025-06-18T21:30:29Z",
+  "aliases": [
+    "CVE-2025-6192"
+  ],
+  "details": "Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6192"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/421471016"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-18T19:15:22Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-863r-5cgc-6c3p/GHSA-863r-5cgc-6c3p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-863r-5cgc-6c3p",
-  "modified": "2025-06-18T18:30:32Z",
+  "modified": "2025-06-18T21:30:29Z",
   "published": "2025-06-18T18:30:32Z",
   "aliases": [
     "CVE-2025-44952"
   ],
   "details": "A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than 101.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T16:15:27Z"

advisories/unreviewed/2025/06/GHSA-mf8r-m6vx-6fff/GHSA-mf8r-m6vx-6fff.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mf8r-m6vx-6fff",
-  "modified": "2025-06-06T18:30:32Z",
+  "modified": "2025-06-18T21:30:28Z",
   "published": "2025-06-06T18:30:32Z",
   "aliases": [
     "CVE-2025-29885"
   ],
   "details": "An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4791 and later\n  and later",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/06/GHSA-wh3m-7fwp-mxjw/GHSA-wh3m-7fwp-mxjw.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wh3m-7fwp-mxjw",
-  "modified": "2025-06-18T18:30:33Z",
+  "modified": "2025-06-18T21:30:29Z",
   "published": "2025-06-18T18:30:33Z",
   "aliases": [
     "CVE-2025-26198"
   ],
   "details": "CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL Injection in loginlinkadmin.php, allowing unauthenticated attackers to bypass authentication and gain administrative access. The application fails to properly sanitize user inputs before constructing SQL queries, enabling an attacker to manipulate database queries via specially crafted payloads",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-06-18T18:15:24Z"

advisories/unreviewed/2025/06/GHSA-x8j2-jjhg-5gvx/GHSA-x8j2-jjhg-5gvx.json

@@ -0,0 +1,41 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x8j2-jjhg-5gvx",
+  "modified": "2025-06-18T21:30:29Z",
+  "published": "2025-06-18T21:30:29Z",
+  "aliases": [
+    "CVE-2025-6191"
+  ],
+  "details": "Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6191"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/420697404"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-190",
+      "CWE-472"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-18T19:15:22Z"
+  }
+}