Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/06/GHSA-xh2q-mw6g-7hg3/GHSA-xh2q-mw6g-7hg3.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xh2q-mw6g-7hg3",
-  "modified": "2025-06-05T21:30:55Z",
+  "modified": "2026-01-13T21:31:39Z",
   "published": "2025-06-05T21:30:55Z",
   "aliases": [
     "CVE-2025-43026"
   ],
   "details": "A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/08/GHSA-h53g-frqp-qfgw/GHSA-h53g-frqp-qfgw.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h53g-frqp-qfgw",
-  "modified": "2025-08-12T06:34:23Z",
+  "modified": "2026-01-13T21:31:40Z",
   "published": "2025-08-12T06:34:23Z",
   "aliases": [
     "CVE-2025-7622"
   ],
   "details": "During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/12/GHSA-5xw5-83cp-4rjf/GHSA-5xw5-83cp-4rjf.json

@@ -34,7 +34,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-403"
+      "CWE-403",
+      "CWE-668"
     ],
     "severity": "CRITICAL",
     "github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-9837-5f4m-mwrm/GHSA-9837-5f4m-mwrm.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-121"
+      "CWE-121",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-9vxp-vq3x-qvgh/GHSA-9vxp-vq3x-qvgh.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-74"
+      "CWE-74",
+      "CWE-94"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-cxvx-7fc3-h99x/GHSA-cxvx-7fc3-h99x.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-121"
+      "CWE-121",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-jmhw-q48p-p8p3/GHSA-jmhw-q48p-p8p3.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-122"
+      "CWE-122",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-r4qq-jqmf-cm7j/GHSA-r4qq-jqmf-cm7j.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-121"
+      "CWE-121",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/12/GHSA-wm7p-2wcf-h9qh/GHSA-wm7p-2wcf-h9qh.json

@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-266"
+      "CWE-266",
+      "CWE-78"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2026/01/GHSA-29v9-x79c-6xjf/GHSA-29v9-x79c-6xjf.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-29v9-x79c-6xjf",
+  "modified": "2026-01-13T21:31:44Z",
+  "published": "2026-01-13T21:31:44Z",
+  "aliases": [
+    "CVE-2025-37170"
+  ],
+  "details": "Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37170"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-13T20:16:04Z"
+  }
+}