Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/03/GHSA-3wjc-g785-xjp8/GHSA-3wjc-g785-xjp8.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3wjc-g785-xjp8",
-  "modified": "2024-03-25T06:30:24Z",
+  "modified": "2026-01-13T15:36:47Z",
   "published": "2024-03-25T06:30:24Z",
   "aliases": [
     "CVE-2023-37885"
   ],
-  "details": "Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.\n\n",
+  "details": "Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2024/03/GHSA-858p-q38q-g87r/GHSA-858p-q38q-g87r.json

@@ -33,7 +33,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-670"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2024/03/GHSA-h3h4-5vcv-376h/GHSA-h3h4-5vcv-376h.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h3h4-5vcv-376h",
-  "modified": "2024-03-15T15:30:43Z",
+  "modified": "2026-01-13T15:36:46Z",
   "published": "2024-03-15T15:30:43Z",
   "aliases": [
     "CVE-2024-27189"
   ],
-  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through 2.2.5.\n\n",
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through 2.2.5.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2024/03/GHSA-rqhc-7mvg-jchq/GHSA-rqhc-7mvg-jchq.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rqhc-7mvg-jchq",
-  "modified": "2024-03-25T06:30:24Z",
+  "modified": "2026-01-13T15:36:47Z",
   "published": "2024-03-25T06:30:24Z",
   "aliases": [
     "CVE-2023-37886"
   ],
-  "details": "Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.\n\n",
+  "details": "Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2025/12/GHSA-wqgj-c38v-hpmm/GHSA-wqgj-c38v-hpmm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wqgj-c38v-hpmm",
-  "modified": "2025-12-10T21:31:30Z",
+  "modified": "2026-01-13T15:36:47Z",
   "published": "2025-12-09T18:30:35Z",
   "aliases": [
     "CVE-2025-14327"
@@ -30,6 +30,10 @@
     {
       "type": "WEB",
       "url": "https://www.mozilla.org/security/advisories/mfsa2025-95"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mozilla.org/security/advisories/mfsa2026-03"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/01/GHSA-27xq-wwxh-hrf6/GHSA-27xq-wwxh-hrf6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-27xq-wwxh-hrf6",
-  "modified": "2026-01-06T18:31:36Z",
+  "modified": "2026-01-13T15:36:48Z",
   "published": "2026-01-06T18:31:36Z",
   "aliases": [
     "CVE-2025-69359"
   ],
   "details": "Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through <= 1.1.12.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-06T17:15:48Z"

advisories/unreviewed/2026/01/GHSA-283f-7499-gpcp/GHSA-283f-7499-gpcp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-283f-7499-gpcp",
-  "modified": "2026-01-06T18:31:36Z",
+  "modified": "2026-01-13T15:36:48Z",
   "published": "2026-01-06T18:31:36Z",
   "aliases": [
     "CVE-2025-69355"
   ],
   "details": "Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.4.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-06T17:15:48Z"

advisories/unreviewed/2026/01/GHSA-2934-gw32-fqg4/GHSA-2934-gw32-fqg4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2934-gw32-fqg4",
-  "modified": "2026-01-06T18:31:36Z",
+  "modified": "2026-01-13T15:36:48Z",
   "published": "2026-01-06T18:31:36Z",
   "aliases": [
     "CVE-2025-69356"
   ],
   "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-98"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-06T17:15:48Z"

advisories/unreviewed/2026/01/GHSA-3m78-88vj-q2rf/GHSA-3m78-88vj-q2rf.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3m78-88vj-q2rf",
+  "modified": "2026-01-13T15:37:04Z",
+  "published": "2026-01-13T15:37:04Z",
+  "aliases": [
+    "CVE-2026-0892"
+  ],
+  "details": "Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0892"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1986912%2C1996718%2C1999633%2C2001081%2C2004443"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mozilla.org/security/advisories/mfsa2026-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-13T14:16:39Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-484x-228c-ffm5/GHSA-484x-228c-ffm5.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-484x-228c-ffm5",
+  "modified": "2026-01-13T15:37:05Z",
+  "published": "2026-01-13T15:37:04Z",
+  "aliases": [
+    "CVE-2026-0890"
+  ],
+  "details": "Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0890"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mozilla.org/security/advisories/mfsa2026-01"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mozilla.org/security/advisories/mfsa2026-03"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-13T14:16:39Z"
+  }
+}