Skip to content

Commit 6216deb

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-3wg4-q244-7pm9 GHSA-5rqv-jmfm-p4q9 GHSA-782m-97fg-54p5 GHSA-95jq-xph2-cx9h GHSA-h5v8-7v92-wm9h
1 parent 00be92d commit 6216deb

File tree

5 files changed

+241
-0
lines changed

5 files changed

+241
-0
lines changed

advisories/unreviewed/2025/07/GHSA-3wg4-q244-7pm9/GHSA-3wg4-q244-7pm9.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3wg4-q244-7pm9",
4+
"modified": "2025-07-26T00:30:32Z",
5+
"published": "2025-07-26T00:30:32Z",
6+
"aliases": [
7+
"CVE-2025-8173"
8+
],
9+
"details": "A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8173"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Pick-program/CVE/issues/2"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://1000projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.317587"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.317587"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.621508"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-07-25T23:15:24Z"
55+
}
56+
}

advisories/unreviewed/2025/07/GHSA-5rqv-jmfm-p4q9/GHSA-5rqv-jmfm-p4q9.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5rqv-jmfm-p4q9",
4+
"modified": "2025-07-26T00:30:32Z",
5+
"published": "2025-07-26T00:30:32Z",
6+
"aliases": [
7+
"CVE-2025-8171"
8+
],
9+
"details": "A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8171"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/XiaoJiesecqwq/CVE/issues/4"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.317585"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.317585"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.621411"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-284"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-07-25T22:15:25Z"
55+
}
56+
}

advisories/unreviewed/2025/07/GHSA-782m-97fg-54p5/GHSA-782m-97fg-54p5.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-782m-97fg-54p5",
4+
"modified": "2025-07-26T00:30:32Z",
5+
"published": "2025-07-26T00:30:32Z",
6+
"aliases": [
7+
"CVE-2025-8172"
8+
],
9+
"details": "A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8172"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/XiaoJiesecqwq/CVE/issues/5"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://itsourcecode.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.317586"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.317586"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.621482"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-07-25T22:15:25Z"
55+
}
56+
}

advisories/unreviewed/2025/07/GHSA-95jq-xph2-cx9h/GHSA-95jq-xph2-cx9h.json

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-95jq-xph2-cx9h",
4+
"modified": "2025-07-26T00:30:32Z",
5+
"published": "2025-07-26T00:30:32Z",
6+
"aliases": [
7+
"CVE-2025-8101"
8+
],
9+
"details": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8101"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://fluidattacks.com/advisories/charly"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/nfrasser/linkifyjs"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/nfrasser/linkifyjs/releases/tag/v4.3.2"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://www.npmjs.com/package/linkifyjs"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-1321"
42+
],
43+
"severity": "HIGH",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2025-07-25T22:15:25Z"
47+
}
48+
}

advisories/unreviewed/2025/07/GHSA-h5v8-7v92-wm9h/GHSA-h5v8-7v92-wm9h.json

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h5v8-7v92-wm9h",
4+
"modified": "2025-07-26T00:30:32Z",
5+
"published": "2025-07-26T00:30:32Z",
6+
"aliases": [
7+
"CVE-2023-2274"
8+
],
9+
"details": "Rejected reason: This CVE assignment was considered invalid after investigation.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2274"
16+
}
17+
],
18+
"database_specific": {
19+
"cwe_ids": [],
20+
"severity": null,
21+
"github_reviewed": false,
22+
"github_reviewed_at": null,
23+
"nvd_published_at": "2025-07-26T00:15:24Z"
24+
}
25+
}

0 commit comments

Comments
 (0)