Publish Advisories

GHSA-6gx7-q299-g2j8
GHSA-m43j-2jmj-r98g
GHSA-q4qv-52x7-v238
GHSA-xhc6-mmf6-vvgh
GHSA-4hx2-58xv-6gx8
GHSA-6cj3-32f8-w65v
GHSA-89pp-7p3f-32x2
GHSA-8fg8-r2x2-4mv9
GHSA-9266-4xcc-jjfm
GHSA-9wc5-vw6h-63g3
GHSA-c2g6-6cr7-6gxc
GHSA-c78m-c7wq-r5w4
GHSA-gh4w-8qgq-8w9r
GHSA-gv7w-jh8g-vr73
GHSA-p598-ccq9-3xq4
GHSA-q88p-jvv3-f2pm
GHSA-rmwf-53xh-pr9x
GHSA-v9x9-gr2p-9wq7
GHSA-vgqx-447m-wvcj
GHSA-xcj6-xpjg-c4xr
GHSA-xv4c-h899-8cjv

Author: advisory-database[bot]

advisories/unreviewed/2025/09/GHSA-6gx7-q299-g2j8/GHSA-6gx7-q299-g2j8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6gx7-q299-g2j8",
-  "modified": "2025-09-23T09:30:19Z",
+  "modified": "2025-10-28T00:31:25Z",
   "published": "2025-09-23T09:30:19Z",
   "aliases": [
     "CVE-2025-10844"
@@ -31,6 +31,14 @@
       "type": "WEB",
       "url": "https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/24.md#poc"
     },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10844"
+    },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10844/#proof-of-concept-poc"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.325206"

advisories/unreviewed/2025/09/GHSA-m43j-2jmj-r98g/GHSA-m43j-2jmj-r98g.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m43j-2jmj-r98g",
-  "modified": "2025-09-23T09:30:19Z",
+  "modified": "2025-10-28T00:31:25Z",
   "published": "2025-09-23T09:30:19Z",
   "aliases": [
     "CVE-2025-10846"
@@ -31,6 +31,14 @@
       "type": "WEB",
       "url": "https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/27.md#poc"
     },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10846"
+    },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10846/#proof-of-concept-poc"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.325208"

advisories/unreviewed/2025/09/GHSA-q4qv-52x7-v238/GHSA-q4qv-52x7-v238.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q4qv-52x7-v238",
-  "modified": "2025-09-23T09:30:20Z",
+  "modified": "2025-10-28T00:31:25Z",
   "published": "2025-09-23T09:30:19Z",
   "aliases": [
     "CVE-2025-10845"
@@ -31,6 +31,14 @@
       "type": "WEB",
       "url": "https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/26.md#poc"
     },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10845"
+    },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10845/#proof-of-concept-poc"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.325207"

advisories/unreviewed/2025/09/GHSA-xhc6-mmf6-vvgh/GHSA-xhc6-mmf6-vvgh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xhc6-mmf6-vvgh",
-  "modified": "2025-10-20T06:30:17Z",
+  "modified": "2025-10-28T00:31:25Z",
   "published": "2025-09-13T18:30:56Z",
   "aliases": [
     "CVE-2025-10372"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://karinagante.github.io/cve-2025-10372"
     },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10372/#proof-of-concept-poc"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.323780"

advisories/unreviewed/2025/10/GHSA-4hx2-58xv-6gx8/GHSA-4hx2-58xv-6gx8.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4hx2-58xv-6gx8",
+  "modified": "2025-10-28T00:31:25Z",
+  "published": "2025-10-28T00:31:25Z",
+  "aliases": [
+    "CVE-2025-12328"
+  ],
+  "details": "A vulnerability was identified in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. Impacted is an unknown function of the file /contestproblem.php. Such manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12328"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.330105"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.330105"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.674399"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T22:15:39Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-6cj3-32f8-w65v/GHSA-6cj3-32f8-w65v.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6cj3-32f8-w65v",
+  "modified": "2025-10-28T00:31:26Z",
+  "published": "2025-10-28T00:31:26Z",
+  "aliases": [
+    "CVE-2025-12333"
+  ],
+  "details": "A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12333"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://figshare.com/s/b35b6f6f6a10d8fdc131?file=58703836"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.330120"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.330120"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.674483"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T23:15:37Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-89pp-7p3f-32x2/GHSA-89pp-7p3f-32x2.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-89pp-7p3f-32x2",
+  "modified": "2025-10-28T00:31:26Z",
+  "published": "2025-10-28T00:31:26Z",
+  "aliases": [
+    "CVE-2025-12335"
+  ],
+  "details": "A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_update.php. This manipulation of the argument supp_name/supp_address causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12335"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://figshare.com/s/3e547f5ef85470696c2a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.330122"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.330122"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.674485"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-28T00:15:37Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-8fg8-r2x2-4mv9/GHSA-8fg8-r2x2-4mv9.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8fg8-r2x2-4mv9",
+  "modified": "2025-10-28T00:31:26Z",
+  "published": "2025-10-28T00:31:26Z",
+  "aliases": [
+    "CVE-2025-43024"
+  ],
+  "details": "A GUI dialog of an application allows to view what files are in the file system without proper authorization.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43024"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.hp.com/us-en/document/ish_13164593-13164617-16/hpsbhf04066"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-497"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-28T00:15:38Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-9266-4xcc-jjfm/GHSA-9266-4xcc-jjfm.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9266-4xcc-jjfm",
+  "modified": "2025-10-28T00:31:26Z",
+  "published": "2025-10-28T00:31:26Z",
+  "aliases": [
+    "CVE-2025-33126"
+  ],
+  "details": "IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33126"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.ibm.com/support/pages/node/7249336"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-131"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-28T00:15:37Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-9wc5-vw6h-63g3/GHSA-9wc5-vw6h-63g3.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9wc5-vw6h-63g3",
+  "modified": "2025-10-28T00:31:26Z",
+  "published": "2025-10-28T00:31:25Z",
+  "aliases": [
+    "CVE-2025-12330"
+  ],
+  "details": "A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12330"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/matthewdeaves/willow/issues/131"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.330115"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.330115"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.674404"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.youtube.com/watch?v=jhFCYpFu9qI"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T22:15:41Z"
+  }
+}