Publish Advisories

GHSA-6qwg-m6gj-jwc9
GHSA-f3c9-cmmx-gjwg
GHSA-qm43-p27g-x33m
GHSA-vff6-7hg4-cqxg

Author: advisory-database[bot]

advisories/unreviewed/2024/08/GHSA-6qwg-m6gj-jwc9/GHSA-6qwg-m6gj-jwc9.json

@@ -42,6 +42,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-284",
       "CWE-434"
     ],
     "severity": "MODERATE",

advisories/unreviewed/2025/11/GHSA-f3c9-cmmx-gjwg/GHSA-f3c9-cmmx-gjwg.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f3c9-cmmx-gjwg",
+  "modified": "2025-11-24T09:30:26Z",
+  "published": "2025-11-24T09:30:26Z",
+  "aliases": [
+    "CVE-2025-13586"
+  ],
+  "details": "A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirm_password causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13586"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/CaseyW33/CVE/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333350"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333350"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.700130"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-24T07:16:04Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-qm43-p27g-x33m/GHSA-qm43-p27g-x33m.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-qm43-p27g-x33m",
+  "modified": "2025-11-24T09:30:26Z",
+  "published": "2025-11-24T09:30:26Z",
+  "aliases": [
+    "CVE-2025-13588"
+  ],
+  "details": "A vulnerability was found in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been made public and could be used. Upgrading to version 2.8.1 is sufficient to resolve this issue. The patch is named c70bfb8d36b47bfd64c5ec73917e1d9ddb97af92. It is suggested to upgrade the affected component.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13588"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lKinderBueno/Streamity-Xtream-IPTV-Web-player/commit/c70bfb8d36b47bfd64c5ec73917e1d9ddb97af92"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lKinderBueno/Streamity-Xtream-IPTV-Web-player/releases/tag/v2.8.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/Streamity.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333352"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333352"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.687573"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-24T07:16:05Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-vff6-7hg4-cqxg/GHSA-vff6-7hg4-cqxg.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vff6-7hg4-cqxg",
+  "modified": "2025-11-24T09:30:26Z",
+  "published": "2025-11-24T09:30:26Z",
+  "aliases": [
+    "CVE-2025-13596"
+  ],
+  "details": "A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client. This may expose internal filesystem paths, SQL queries, database connection details, or environment configuration data to remote unauthenticated attackers. This issue allows information gathering and reconnaissance but does not enable direct system compromise.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:X/U:Clear"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13596"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.atisoluciones.com/incidentes-cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-24T08:16:00Z"
+  }
+}