Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 2483202b1625 · 2025-11-23T21:32:32.000Z
GHSA-235q-qgg3-c2xw GHSA-7xmv-xm4j-88mj GHSA-fcmx-4fpp-mg5q GHSA-gcfw-6v54-vq4f GHSA-mggq-rppf-vgmq GHSA-xjx2-5qhc-hpw9
diff --git a/advisories/unreviewed/2025/11/GHSA-235q-qgg3-c2xw/GHSA-235q-qgg3-c2xw.json b/advisories/unreviewed/2025/11/GHSA-235q-qgg3-c2xw/GHSA-235q-qgg3-c2xw.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-235q-qgg3-c2xw",
+  "modified": "2025-11-23T21:30:32Z",
+  "published": "2025-11-23T21:30:32Z",
+  "aliases": [
+    "CVE-2025-13567"
+  ],
+  "details": "A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This affects an unknown function of the file /admin/?page=establishment. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13567"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Abxery/cveee/issues/9"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333331"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333331"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698116"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-23T20:15:40Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-7xmv-xm4j-88mj/GHSA-7xmv-xm4j-88mj.json b/advisories/unreviewed/2025/11/GHSA-7xmv-xm4j-88mj/GHSA-7xmv-xm4j-88mj.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7xmv-xm4j-88mj",
+  "modified": "2025-11-23T21:30:33Z",
+  "published": "2025-11-23T21:30:33Z",
+  "aliases": [
+    "CVE-2025-13569"
+  ],
+  "details": "A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/?page=city. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13569"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/yihaofuweng/cve/issues/58"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333333"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333333"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698655"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-23T21:15:58Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-fcmx-4fpp-mg5q/GHSA-fcmx-4fpp-mg5q.json b/advisories/unreviewed/2025/11/GHSA-fcmx-4fpp-mg5q/GHSA-fcmx-4fpp-mg5q.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fcmx-4fpp-mg5q",
+  "modified": "2025-11-23T21:30:32Z",
+  "published": "2025-11-23T21:30:32Z",
+  "aliases": [
+    "CVE-2025-13565"
+  ],
+  "details": "A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13565"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333329"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333329"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.697984"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/Unauthenticated-Password-Reset-Vulnerability-in-SourceCodester-Inventory-Management-System-2b023917db8c8001b5ecf4c50a54dfbd?source=copy_link"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-640"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-23T19:15:46Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-gcfw-6v54-vq4f/GHSA-gcfw-6v54-vq4f.json b/advisories/unreviewed/2025/11/GHSA-gcfw-6v54-vq4f/GHSA-gcfw-6v54-vq4f.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gcfw-6v54-vq4f",
+  "modified": "2025-11-23T21:30:32Z",
+  "published": "2025-11-23T21:30:32Z",
+  "aliases": [
+    "CVE-2025-13568"
+  ],
+  "details": "A flaw has been found in itsourcecode COVID Tracking System 1.0. This impacts an unknown function of the file /admin/?page=people. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13568"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Abxery/cveee/issues/10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333332"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333332"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698117"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-23T21:15:58Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-mggq-rppf-vgmq/GHSA-mggq-rppf-vgmq.json b/advisories/unreviewed/2025/11/GHSA-mggq-rppf-vgmq/GHSA-mggq-rppf-vgmq.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mggq-rppf-vgmq",
+  "modified": "2025-11-23T21:30:32Z",
+  "published": "2025-11-23T21:30:32Z",
+  "aliases": [
+    "CVE-2025-13566"
+  ],
+  "details": "A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function show_content_in_floating_window/run_cmd_as_plugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is 2f07ccdf21e705377862e5f9dfa31e1694979ac7. It is suggested to install a patch to address this issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13566"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jarun/nnn/issues/2091#issue-3635886658"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jarun/nnn/issues/2091#issuecomment-3547591759"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jarun/nnn/commit/2f07ccdf21e705377862e5f9dfa31e1694979ac7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333330"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333330"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698113"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-23T20:15:39Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-xjx2-5qhc-hpw9/GHSA-xjx2-5qhc-hpw9.json b/advisories/unreviewed/2025/11/GHSA-xjx2-5qhc-hpw9/GHSA-xjx2-5qhc-hpw9.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xjx2-5qhc-hpw9",
+  "modified": "2025-11-23T21:30:32Z",
+  "published": "2025-11-23T21:30:32Z",
+  "aliases": [
+    "CVE-2025-13564"
+  ],
+  "details": "A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13564"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/0xffaaa/cve/blob/main/Pre_School_Management_System_Arbitrary_File_Deletion_Vulnerabilit.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333328"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333328"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.697083"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-404"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-23T19:15:46Z"
+  }
+}
