Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 1bf66a15c0e5 · 2025-10-20T06:31:42.000Z
GHSA-7vvg-4g6w-39mf GHSA-vwfw-9fqw-jjvp GHSA-xhc6-mmf6-vvgh GHSA-68g6-84fp-8hf9 GHSA-7p6w-xg84-v7c5 GHSA-874f-wxq7-gpmm
diff --git a/advisories/unreviewed/2025/09/GHSA-7vvg-4g6w-39mf/GHSA-7vvg-4g6w-39mf.json b/advisories/unreviewed/2025/09/GHSA-7vvg-4g6w-39mf/GHSA-7vvg-4g6w-39mf.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7vvg-4g6w-39mf",
-  "modified": "2025-09-13T21:31:36Z",
+  "modified": "2025-10-20T06:30:17Z",
   "published": "2025-09-13T21:31:36Z",
   "aliases": [
     "CVE-2025-10373"
@@ -27,6 +27,14 @@
       "type": "WEB",
       "url": "https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/22.md"
     },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10373"
+    },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10373/#proof-of-concept-poc"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.323781"
diff --git a/advisories/unreviewed/2025/09/GHSA-vwfw-9fqw-jjvp/GHSA-vwfw-9fqw-jjvp.json b/advisories/unreviewed/2025/09/GHSA-vwfw-9fqw-jjvp/GHSA-vwfw-9fqw-jjvp.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vwfw-9fqw-jjvp",
-  "modified": "2025-09-17T06:30:22Z",
+  "modified": "2025-10-20T06:30:17Z",
   "published": "2025-09-17T06:30:22Z",
   "aliases": [
     "CVE-2025-10584"
@@ -27,6 +27,14 @@
       "type": "WEB",
       "url": "https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/25.md"
     },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10584"
+    },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10584/#proof-of-concept-poc"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.324561"
diff --git a/advisories/unreviewed/2025/09/GHSA-xhc6-mmf6-vvgh/GHSA-xhc6-mmf6-vvgh.json b/advisories/unreviewed/2025/09/GHSA-xhc6-mmf6-vvgh/GHSA-xhc6-mmf6-vvgh.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xhc6-mmf6-vvgh",
-  "modified": "2025-09-13T18:30:56Z",
+  "modified": "2025-10-20T06:30:17Z",
   "published": "2025-09-13T18:30:56Z",
   "aliases": [
     "CVE-2025-10372"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://github.com/KarinaGante/KG-Sec/blob/main/CVEs/i-Educar/21.md"
     },
+    {
+      "type": "WEB",
+      "url": "https://karinagante.github.io/cve-2025-10372"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.323780"
diff --git a/advisories/unreviewed/2025/10/GHSA-68g6-84fp-8hf9/GHSA-68g6-84fp-8hf9.json b/advisories/unreviewed/2025/10/GHSA-68g6-84fp-8hf9/GHSA-68g6-84fp-8hf9.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-68g6-84fp-8hf9",
+  "modified": "2025-10-20T06:30:17Z",
+  "published": "2025-10-20T06:30:17Z",
+  "aliases": [
+    "CVE-2025-11948"
+  ],
+  "details": "Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11948"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/en/cp-139-10453-43e63-2.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/tw/cp-132-10452-72cb6-1.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-434"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-20T04:15:36Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/10/GHSA-7p6w-xg84-v7c5/GHSA-7p6w-xg84-v7c5.json b/advisories/unreviewed/2025/10/GHSA-7p6w-xg84-v7c5/GHSA-7p6w-xg84-v7c5.json
@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7p6w-xg84-v7c5",
+  "modified": "2025-10-20T06:30:17Z",
+  "published": "2025-10-20T06:30:17Z",
+  "aliases": [
+    "CVE-2025-40004"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: Fix buffer overflow in USB transport layer\n\nA buffer overflow vulnerability exists in the USB 9pfs transport layer\nwhere inconsistent size validation between packet header parsing and\nactual data copying allows a malicious USB host to overflow heap buffers.\n\nThe issue occurs because:\n- usb9pfs_rx_header() validates only the declared size in packet header\n- usb9pfs_rx_complete() uses req->actual (actual received bytes) for\nmemcpy\n\nThis allows an attacker to craft packets with small declared size\n(bypassing validation) but large actual payload (triggering overflow\nin memcpy).\n\nAdd validation in usb9pfs_rx_complete() to ensure req->actual does not\nexceed the buffer capacity before copying data.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40004"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/0da18d49f874d444ad83c8a546fa33bfcf2f582c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c04db81cd0288dfc68b7a0f7d09bd49b40bba451"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/df8462f0fc045b4475dc494a5787a03c972ba2a2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-20T06:15:36Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/10/GHSA-874f-wxq7-gpmm/GHSA-874f-wxq7-gpmm.json b/advisories/unreviewed/2025/10/GHSA-874f-wxq7-gpmm/GHSA-874f-wxq7-gpmm.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-874f-wxq7-gpmm",
+  "modified": "2025-10-20T06:30:17Z",
+  "published": "2025-10-20T06:30:17Z",
+  "aliases": [
+    "CVE-2025-62577"
+  ],
+  "details": "ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62577"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN44266462"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.fsastech.com/ja-jp/resources/security/2025/1020.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.fujitsu.com/global/support/products/computing/storage/20251020/index.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-276"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-20T06:15:36Z"
+  }
+}
