Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2025/05/GHSA-fh7c-x2jh-rc4w/GHSA-fh7c-x2jh-rc4w.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fh7c-x2jh-rc4w",
-  "modified": "2025-05-23T15:31:10Z",
+  "modified": "2026-01-29T18:31:29Z",
   "published": "2025-05-23T15:31:10Z",
   "aliases": [
     "CVE-2025-39494"

advisories/unreviewed/2025/09/GHSA-m5cv-rq77-5q44/GHSA-m5cv-rq77-5q44.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m5cv-rq77-5q44",
-  "modified": "2025-09-10T12:30:20Z",
+  "modified": "2026-01-29T18:31:30Z",
   "published": "2025-09-10T12:30:20Z",
   "aliases": [
     "CVE-2025-10214"
   ],
   "details": "DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of their choice in the 'C:\\Users\\<user>\\AppData\\Local\\UPDF\\FREngine\\Bin64\\' directory, which could lead to arbitrary code execution and persistence.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/10/GHSA-7wwx-xj66-r44x/GHSA-7wwx-xj66-r44x.json

@@ -41,7 +41,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-295"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/10/GHSA-cxq7-xw9v-rcv3/GHSA-cxq7-xw9v-rcv3.json

@@ -41,7 +41,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-532"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/10/GHSA-frhw-mqj2-wxw2/GHSA-frhw-mqj2-wxw2.json

@@ -41,7 +41,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-407"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/10/GHSA-hjx7-fpxx-mj48/GHSA-hjx7-fpxx-mj48.json

@@ -41,7 +41,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-770"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/10/GHSA-wcw9-47fp-rrfr/GHSA-wcw9-47fp-rrfr.json

@@ -41,7 +41,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-770"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/12/GHSA-4973-8mgr-386v/GHSA-4973-8mgr-386v.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4973-8mgr-386v",
-  "modified": "2025-12-31T21:30:59Z",
+  "modified": "2026-01-29T18:31:31Z",
   "published": "2025-12-31T21:30:59Z",
   "aliases": [
     "CVE-2015-10145"
   ],
   "details": "Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2025/12/GHSA-4qpp-gxm3-h9vw/GHSA-4qpp-gxm3-h9vw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4qpp-gxm3-h9vw",
-  "modified": "2026-01-29T12:30:25Z",
+  "modified": "2026-01-29T18:31:31Z",
   "published": "2025-12-11T15:30:32Z",
   "aliases": [
     "CVE-2025-14523"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14523"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:1572"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:1571"
@@ -35,6 +39,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:1570"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:1569"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:1509"

advisories/unreviewed/2025/12/GHSA-f5cx-j2cw-pgfg/GHSA-f5cx-j2cw-pgfg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f5cx-j2cw-pgfg",
-  "modified": "2026-01-28T18:30:37Z",
+  "modified": "2026-01-29T18:31:31Z",
   "published": "2025-12-18T21:31:42Z",
   "aliases": [
     "CVE-2025-56157"
@@ -19,6 +19,18 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56157"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/langgenius/dify/issues/15285"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/langgenius/dify/pull/15286"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/langgenius/dify/pull/15286.diff"
+    },
     {
       "type": "WEB",
       "url": "https://gist.github.com/Cristliu/216ddbadaf3258498c93d408683ecabd"