Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/08/GHSA-9chr-m38j-w26g/GHSA-9chr-m38j-w26g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9chr-m38j-w26g",
-  "modified": "2024-09-04T15:30:33Z",
+  "modified": "2026-01-28T00:31:37Z",
   "published": "2024-08-30T00:31:23Z",
   "aliases": [
     "CVE-2024-1545"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1545"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/wolfSSL/wolfssl/pull/7167"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable"
@@ -27,6 +31,7 @@
   "database_specific": {
     "cwe_ids": [
       "CWE-1256",
+      "CWE-252",
       "CWE-74"
     ],
     "severity": "MODERATE",

advisories/unreviewed/2024/08/GHSA-grjj-54gm-q5vf/GHSA-grjj-54gm-q5vf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-grjj-54gm-q5vf",
-  "modified": "2024-08-27T21:31:13Z",
+  "modified": "2026-01-28T00:31:37Z",
   "published": "2024-08-27T21:31:13Z",
   "aliases": [
     "CVE-2024-1544"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1544"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/wolfSSL/wolfssl/pull/7020"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable"

advisories/unreviewed/2026/01/GHSA-2x38-48vp-w23x/GHSA-2x38-48vp-w23x.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2x38-48vp-w23x",
-  "modified": "2026-01-27T21:31:49Z",
+  "modified": "2026-01-28T00:31:40Z",
   "published": "2026-01-27T21:31:49Z",
   "aliases": [
     "CVE-2026-24858"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24858"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/01/GHSA-34g3-9529-6r2w/GHSA-34g3-9529-6r2w.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-34g3-9529-6r2w",
-  "modified": "2026-01-22T18:30:35Z",
+  "modified": "2026-01-28T00:31:38Z",
   "published": "2026-01-22T18:30:35Z",
   "aliases": [
     "CVE-2025-68835"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:16:11Z"

advisories/unreviewed/2026/01/GHSA-492m-9864-4xjr/GHSA-492m-9864-4xjr.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-492m-9864-4xjr",
-  "modified": "2026-01-22T18:30:38Z",
+  "modified": "2026-01-28T00:31:39Z",
   "published": "2026-01-22T18:30:38Z",
   "aliases": [
     "CVE-2025-69182"
   ],
   "details": "Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-266"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:16:24Z"

advisories/unreviewed/2026/01/GHSA-4ffx-5v5p-gf97/GHSA-4ffx-5v5p-gf97.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4ffx-5v5p-gf97",
-  "modified": "2026-01-22T18:30:36Z",
+  "modified": "2026-01-28T00:31:38Z",
   "published": "2026-01-22T18:30:36Z",
   "aliases": [
     "CVE-2025-68896"
   ],
   "details": "Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:16:13Z"

advisories/unreviewed/2026/01/GHSA-6h74-r6p3-8hvh/GHSA-6h74-r6p3-8hvh.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6h74-r6p3-8hvh",
-  "modified": "2026-01-22T18:30:35Z",
+  "modified": "2026-01-28T00:31:38Z",
   "published": "2026-01-22T18:30:35Z",
   "aliases": [
     "CVE-2025-68839"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy Theme Options: from n/a through <= 1.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:16:11Z"

advisories/unreviewed/2026/01/GHSA-7jq6-95cj-mcx6/GHSA-7jq6-95cj-mcx6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7jq6-95cj-mcx6",
-  "modified": "2026-01-22T18:30:38Z",
+  "modified": "2026-01-28T00:31:38Z",
   "published": "2026-01-22T18:30:38Z",
   "aliases": [
     "CVE-2025-69076"
   ],
   "details": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Modern Housewife modernhousewife allows PHP Local File Inclusion.This issue affects Modern Housewife: from n/a through <= 1.0.12.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-98"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:16:21Z"

advisories/unreviewed/2026/01/GHSA-9m3q-c2qh-cgvf/GHSA-9m3q-c2qh-cgvf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9m3q-c2qh-cgvf",
-  "modified": "2026-01-23T15:31:35Z",
+  "modified": "2026-01-28T00:31:39Z",
   "published": "2026-01-23T15:31:35Z",
   "aliases": [
     "CVE-2026-24525"
   ],
   "details": "Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-23T15:16:08Z"

advisories/unreviewed/2026/01/GHSA-c6jq-h3hj-7vwx/GHSA-c6jq-h3hj-7vwx.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c6jq-h3hj-7vwx",
-  "modified": "2026-01-22T18:30:40Z",
+  "modified": "2026-01-28T00:31:39Z",
   "published": "2026-01-22T18:30:40Z",
   "aliases": [
     "CVE-2026-22481"
   ],
   "details": "Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-01-22T17:16:36Z"