Publish Advisories

GHSA-4r38-2fwm-9vj5
GHSA-cfv9-2rgf-f55c
GHSA-hv2j-4g9f-chqp
GHSA-qcp5-jccp-3p6h
GHSA-29h2-5h98-8vhx
GHSA-2jr8-f8fj-4r8r
GHSA-2vp3-crwq-3fg5
GHSA-32wx-j5gv-pmfp
GHSA-498r-64c2-wwrm
GHSA-5vw7-qm3f-g8ww
GHSA-9p55-rmhm-pj6f
GHSA-f8pm-w4xh-wj52
GHSA-g7x3-mc24-pxm6
GHSA-h63j-vf47-m3ch
GHSA-hjq6-jrvq-m64c
GHSA-hpgm-55wq-hgmv
GHSA-jjch-662j-9g32
GHSA-mmgv-xv74-2786
GHSA-p66j-4q5j-7v5q
GHSA-pxq2-rvhg-7cp9
GHSA-q3rm-84j8-cvr4
GHSA-r33m-95px-px34
GHSA-v8c7-m4fp-fc53
GHSA-x3xg-7fvh-66q9

Author: advisory-database[bot]

advisories/unreviewed/2025/04/GHSA-4r38-2fwm-9vj5/GHSA-4r38-2fwm-9vj5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4r38-2fwm-9vj5",
-  "modified": "2025-04-14T18:31:49Z",
+  "modified": "2025-07-17T15:32:09Z",
   "published": "2025-04-14T18:31:49Z",
   "aliases": [
     "CVE-2025-2572"

advisories/unreviewed/2025/05/GHSA-cfv9-2rgf-f55c/GHSA-cfv9-2rgf-f55c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cfv9-2rgf-f55c",
-  "modified": "2025-07-16T21:30:33Z",
+  "modified": "2025-07-17T15:32:09Z",
   "published": "2025-05-06T15:31:10Z",
   "aliases": [
     "CVE-2025-4373"
@@ -31,6 +31,14 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:11327"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:11373"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:11374"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-4373"

advisories/unreviewed/2025/06/GHSA-hv2j-4g9f-chqp/GHSA-hv2j-4g9f-chqp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hv2j-4g9f-chqp",
-  "modified": "2025-06-26T21:31:12Z",
+  "modified": "2025-07-17T15:32:09Z",
   "published": "2025-06-26T21:31:12Z",
   "aliases": [
     "CVE-2025-49152"

advisories/unreviewed/2025/06/GHSA-qcp5-jccp-3p6h/GHSA-qcp5-jccp-3p6h.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qcp5-jccp-3p6h",
-  "modified": "2025-06-26T21:31:12Z",
+  "modified": "2025-07-17T15:32:09Z",
   "published": "2025-06-26T21:31:12Z",
   "aliases": [
     "CVE-2025-49151"

advisories/unreviewed/2025/07/GHSA-29h2-5h98-8vhx/GHSA-29h2-5h98-8vhx.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-29h2-5h98-8vhx",
+  "modified": "2025-07-17T15:32:15Z",
+  "published": "2025-07-17T15:32:15Z",
+  "aliases": [
+    "CVE-2025-5346"
+  ],
+  "details": "Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver \"kr.co.bluebird.android.bbsettings.BootReceiver\". A local attacker can call the receiver to overwrite file containing \".json\" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file.\n\nThis issue affects all versions before 1.3.3.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5346"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert.pl/en/posts/2025/07CVE-2025-5344"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-926"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-17T13:15:23Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-2jr8-f8fj-4r8r/GHSA-2jr8-f8fj-4r8r.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-400"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/07/GHSA-2vp3-crwq-3fg5/GHSA-2vp3-crwq-3fg5.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-755"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/07/GHSA-32wx-j5gv-pmfp/GHSA-32wx-j5gv-pmfp.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-32wx-j5gv-pmfp",
+  "modified": "2025-07-17T15:32:15Z",
+  "published": "2025-07-17T15:32:15Z",
+  "aliases": [
+    "CVE-2025-40924"
+  ],
+  "details": "Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.\n\nThe session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nPredicable session ids could allow an attacker to gain access to systems.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40924"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/perl-catalyst/Catalyst-Plugin-Session/pull/5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/c0e2b4ab1e42ebce1008286db8c571b6ee98c22c.patch"
+    },
+    {
+      "type": "WEB",
+      "url": "https://metacpan.org/release/HAARG/Catalyst-Plugin-Session-0.43/source/lib/Catalyst/Plugin/Session.pm#L632"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-338"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-17T14:15:31Z"
+  }
+}

advisories/unreviewed/2025/07/GHSA-498r-64c2-wwrm/GHSA-498r-64c2-wwrm.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-498r-64c2-wwrm",
-  "modified": "2025-07-17T09:30:31Z",
+  "modified": "2025-07-17T15:32:14Z",
   "published": "2025-07-17T09:30:31Z",
   "aliases": [
     "CVE-2025-4302"
   ],
   "details": "The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-17T08:15:27Z"

advisories/unreviewed/2025/07/GHSA-5vw7-qm3f-g8ww/GHSA-5vw7-qm3f-g8ww.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5vw7-qm3f-g8ww",
+  "modified": "2025-07-17T15:32:14Z",
+  "published": "2025-07-17T15:32:14Z",
+  "aliases": [
+    "CVE-2025-52933"
+  ],
+  "details": "Rejected reason: 3rd party vulnerability",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52933"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-17T13:15:22Z"
+  }
+}