Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/05/GHSA-v5mc-ffgc-f77v/GHSA-v5mc-ffgc-f77v.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v5mc-ffgc-f77v",
-  "modified": "2025-10-21T12:31:20Z",
+  "modified": "2026-02-03T03:30:25Z",
   "published": "2024-05-08T15:30:43Z",
   "aliases": [
     "CVE-2024-32761"

advisories/unreviewed/2025/10/GHSA-g34m-cm8j-m5gg/GHSA-g34m-cm8j-m5gg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g34m-cm8j-m5gg",
-  "modified": "2025-10-22T21:31:18Z",
+  "modified": "2026-02-03T03:30:26Z",
   "published": "2025-10-15T15:30:28Z",
   "aliases": [
     "CVE-2025-60013"

advisories/unreviewed/2025/10/GHSA-vw9r-c6xc-fpxh/GHSA-vw9r-c6xc-fpxh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vw9r-c6xc-fpxh",
-  "modified": "2025-10-22T21:31:18Z",
+  "modified": "2026-02-03T03:30:26Z",
   "published": "2025-10-15T15:30:28Z",
   "aliases": [
     "CVE-2025-58424"

advisories/unreviewed/2026/02/GHSA-2pvg-g56g-vcf2/GHSA-2pvg-g56g-vcf2.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2pvg-g56g-vcf2",
+  "modified": "2026-02-03T03:30:27Z",
+  "published": "2026-02-03T03:30:27Z",
+  "aliases": [
+    "CVE-2025-67475"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php.\n\nThis issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67475"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phabricator.wikimedia.org/T406664"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T02:16:08Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-386j-565c-f86f/GHSA-386j-565c-f86f.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-386j-565c-f86f",
+  "modified": "2026-02-03T03:30:26Z",
+  "published": "2026-02-03T03:30:26Z",
+  "aliases": [
+    "CVE-2025-58382"
+  ],
+  "details": "A vulnerability in the secure configuration of authentication and \nmanagement services in Brocade Fabric OS before Fabric OS 9.2.1c2 could \nallow an authenticated, remote attacker with administrative credentials \nto execute arbitrary commands as root using “supportsave”, \n“seccertmgmt”, “configupload” command.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58382"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36849"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-305"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T02:16:07Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-3gr8-gx4f-v8jq/GHSA-3gr8-gx4f-v8jq.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3gr8-gx4f-v8jq",
+  "modified": "2026-02-03T03:30:27Z",
+  "published": "2026-02-03T03:30:27Z",
+  "aliases": [
+    "CVE-2025-61652"
+  ],
+  "details": "Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61652"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phabricator.wikimedia.org/T397580"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T02:16:07Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-53xr-2xx3-73wm/GHSA-53xr-2xx3-73wm.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-53xr-2xx3-73wm",
+  "modified": "2026-02-03T03:30:27Z",
+  "published": "2026-02-03T03:30:27Z",
+  "aliases": [
+    "CVE-2026-24934"
+  ],
+  "details": "The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the response, leading the device to update its DDNS record with an incorrect IP address.\nAffected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24934"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.asustor.com/security/security_advisory_detail?id=50"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-295"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T03:15:53Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-5499-9jhv-ccm9/GHSA-5499-9jhv-ccm9.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5499-9jhv-ccm9",
+  "modified": "2026-02-03T03:30:27Z",
+  "published": "2026-02-03T03:30:27Z",
+  "aliases": [
+    "CVE-2025-61656"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js.\n\nThis issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61656"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phabricator.wikimedia.org/T397232"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T02:16:08Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-5gh3-pm42-f6qp/GHSA-5gh3-pm42-f6qp.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5gh3-pm42-f6qp",
+  "modified": "2026-02-03T03:30:27Z",
+  "published": "2026-02-03T03:30:27Z",
+  "aliases": [
+    "CVE-2025-61655"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js.\n\nThis issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61655"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phabricator.wikimedia.org/T395858"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T02:16:07Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-5h67-qfvj-ggxp/GHSA-5h67-qfvj-ggxp.json

@@ -0,0 +1,34 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5h67-qfvj-ggxp",
+  "modified": "2026-02-03T03:30:27Z",
+  "published": "2026-02-03T03:30:27Z",
+  "aliases": [
+    "CVE-2025-67476"
+  ],
+  "details": "Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php.\n\nThis issue affects MediaWiki: from * before 1.44.3, 1.45.1.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67476"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phabricator.wikimedia.org/T405859"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-03T02:16:08Z"
+  }
+}