Skip to content

Commit 3763ac2

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-q9c9-gpm6-qqq6 GHSA-wqr4-qgr2-f3rc GHSA-wrgj-7835-qfh2 GHSA-x74x-r4q4-c3rw
1 parent f69f576 commit 3763ac2

4 files changed

Lines changed: 169 additions & 0 deletions

File tree

advisories/unreviewed/2026/01/GHSA-q9c9-gpm6-qqq6/GHSA-q9c9-gpm6-qqq6.json

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-q9c9-gpm6-qqq6",
4+
"modified": "2026-01-29T06:30:17Z",
5+
"published": "2026-01-29T06:30:17Z",
6+
"aliases": [
7+
"CVE-2025-14975"
8+
],
9+
"details": "The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14975"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://wpscan.com/vulnerability/a1403186-51aa-4eae-a3fe-0c559570eb93"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-01-29T06:15:51Z"
28+
}
29+
}

advisories/unreviewed/2026/01/GHSA-wqr4-qgr2-f3rc/GHSA-wqr4-qgr2-f3rc.json

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wqr4-qgr2-f3rc",
4+
"modified": "2026-01-29T06:30:17Z",
5+
"published": "2026-01-29T06:30:17Z",
6+
"aliases": [
7+
"CVE-2025-55704"
8+
],
9+
"details": "Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55704"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://faq.brother.co.jp/app/answers/detail/a_id/13716"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://jvn.jp/en/vu/JVNVU92878805"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2026-0001.pdf"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-912"
42+
],
43+
"severity": "MODERATE",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2026-01-29T04:15:52Z"
47+
}
48+
}

advisories/unreviewed/2026/01/GHSA-wrgj-7835-qfh2/GHSA-wrgj-7835-qfh2.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wrgj-7835-qfh2",
4+
"modified": "2026-01-29T06:30:17Z",
5+
"published": "2026-01-29T06:30:17Z",
6+
"aliases": [
7+
"CVE-2025-53869"
8+
],
9+
"details": "Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53869"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://faq.brother.co.jp/app/answers/detail/a_id/13716"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://jvn.jp/en/vu/JVNVU92878805"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2026-0001.pdf"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2026-000001"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-295"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-01-29T04:15:51Z"
51+
}
52+
}

advisories/unreviewed/2026/01/GHSA-x74x-r4q4-c3rw/GHSA-x74x-r4q4-c3rw.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-x74x-r4q4-c3rw",
4+
"modified": "2026-01-29T06:30:17Z",
5+
"published": "2026-01-29T06:30:17Z",
6+
"aliases": [
7+
"CVE-2026-25067"
8+
],
9+
"details": "SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25067"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://www.smartertools.com/smartermail/release-notes/current"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-background-of-the-day-path-coercion"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-706"
34+
],
35+
"severity": "MODERATE",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-01-29T05:16:13Z"
39+
}
40+
}

0 commit comments

Comments
 (0)