Publish Advisories

GHSA-2j56-f322-jxrm
GHSA-hgq8-fc97-42ff
GHSA-3pqf-w7fm-5f4w
GHSA-333r-822h-h7j4
GHSA-4hcq-q3qf-q453
GHSA-577g-w45q-4pwf
GHSA-57g6-cvq3-mxgp
GHSA-5c5p-g26h-xx2f
GHSA-7v52-p3w5-3m2m
GHSA-9g5v-hmcj-pxrc
GHSA-f2p8-hh36-r2r8
GHSA-fgq8-gvxr-ghw7
GHSA-g579-x2p7-hjfv
GHSA-p54q-9gfq-fvp4
GHSA-qf5w-6pph-h289
GHSA-vgc8-whvm-22v4
GHSA-x4r4-f558-hvh7
GHSA-xfhq-47hp-mvcx

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-2j56-f322-jxrm/GHSA-2j56-f322-jxrm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2j56-f322-jxrm",
-  "modified": "2025-10-22T03:30:27Z",
+  "modified": "2026-01-12T21:30:28Z",
   "published": "2022-05-02T03:31:14Z",
   "aliases": [
     "CVE-2009-2055"
   ],
   "details": "Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2022/05/GHSA-hgq8-fc97-42ff/GHSA-hgq8-fc97-42ff.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hgq8-fc97-42ff",
-  "modified": "2025-10-22T03:30:42Z",
+  "modified": "2026-01-12T21:30:28Z",
   "published": "2022-05-17T04:06:30Z",
   "aliases": [
     "CVE-2015-0666"
   ],
   "details": "Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {

advisories/unreviewed/2025/04/GHSA-3pqf-w7fm-5f4w/GHSA-3pqf-w7fm-5f4w.json

@@ -26,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-121"
+      "CWE-121",
+      "CWE-787"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,

advisories/unreviewed/2026/01/GHSA-333r-822h-h7j4/GHSA-333r-822h-h7j4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-333r-822h-h7j4",
-  "modified": "2026-01-08T12:30:31Z",
+  "modified": "2026-01-12T21:30:34Z",
   "published": "2026-01-08T12:30:31Z",
   "aliases": [
     "CVE-2025-69169"
   ],
   "details": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through <= 1.1.11.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-80"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-08T10:15:54Z"

advisories/unreviewed/2026/01/GHSA-4hcq-q3qf-q453/GHSA-4hcq-q3qf-q453.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4hcq-q3qf-q453",
+  "modified": "2026-01-12T21:30:34Z",
+  "published": "2026-01-12T21:30:34Z",
+  "aliases": [
+    "CVE-2026-22200"
+  ],
+  "details": "Enhancesoft osTicket versions up to and including 1.18.2 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the server filesystem as bitmap images, allowing disclosure of sensitive local files in the context of the osTicket application user. This issue is exploitable in default configurations where guests may create tickets and access ticket status, or where self-registration is enabled.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22200"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/osTicket/osTicket"
+    },
+    {
+      "type": "WEB",
+      "url": "https://osticket.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/osticket-pdf-export-arbitrary-file-read"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T19:16:02Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-577g-w45q-4pwf/GHSA-577g-w45q-4pwf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-577g-w45q-4pwf",
-  "modified": "2026-01-12T18:30:30Z",
+  "modified": "2026-01-12T21:30:34Z",
   "published": "2026-01-12T18:30:30Z",
   "aliases": [
     "CVE-2025-66689"
   ],
   "details": "A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed logic in the is_dangerous_path() validation function that uses exact string matching against a blacklist of system directories. Attackers can bypass these restrictions by accessing subdirectories of blacklisted paths.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-12T17:15:52Z"

advisories/unreviewed/2026/01/GHSA-57g6-cvq3-mxgp/GHSA-57g6-cvq3-mxgp.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-57g6-cvq3-mxgp",
-  "modified": "2026-01-08T12:30:31Z",
+  "modified": "2026-01-12T21:30:34Z",
   "published": "2026-01-08T12:30:31Z",
   "aliases": [
     "CVE-2026-0674"
   ],
   "details": "Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Campaign Monitor for WordPress: from n/a through <= 2.9.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-08T10:15:54Z"

advisories/unreviewed/2026/01/GHSA-5c5p-g26h-xx2f/GHSA-5c5p-g26h-xx2f.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5c5p-g26h-xx2f",
-  "modified": "2026-01-10T12:30:15Z",
+  "modified": "2026-01-12T21:30:34Z",
   "published": "2026-01-10T12:30:15Z",
   "aliases": [
     "CVE-2025-52435"
   ],
   "details": "J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE.\n\nImproper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange.\nThis issue affects Apache NimBLE: through <= 1.8.0.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-5"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-10T10:15:50Z"

advisories/unreviewed/2026/01/GHSA-7v52-p3w5-3m2m/GHSA-7v52-p3w5-3m2m.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7v52-p3w5-3m2m",
+  "modified": "2026-01-12T21:30:34Z",
+  "published": "2026-01-12T21:30:34Z",
+  "aliases": [
+    "CVE-2023-36331"
+  ],
+  "details": "Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36331"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Exrick/xmall/issues/100"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-01-12T20:15:52Z"
+  }
+}

advisories/unreviewed/2026/01/GHSA-9g5v-hmcj-pxrc/GHSA-9g5v-hmcj-pxrc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9g5v-hmcj-pxrc",
-  "modified": "2026-01-12T18:30:30Z",
+  "modified": "2026-01-12T21:30:34Z",
   "published": "2026-01-12T18:30:30Z",
   "aliases": [
     "CVE-2025-63314"
   ],
   "details": "A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-640"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-12T17:15:52Z"