Publish Advisories

GHSA-3j9x-gm2x-f8f7
GHSA-7gxx-5pqg-v8f2
GHSA-mg9h-26fx-x4qq

Author: advisory-database[bot]

advisories/unreviewed/2025/10/GHSA-3j9x-gm2x-f8f7/GHSA-3j9x-gm2x-f8f7.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3j9x-gm2x-f8f7",
+  "modified": "2025-10-31T06:33:21Z",
+  "published": "2025-10-31T06:33:21Z",
+  "aliases": [
+    "CVE-2025-54763"
+  ],
+  "details": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection vulnerability. A user who logs in to the Web UI of the product may execute an arbitrary OS command.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54763"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/vu/JVNVU98191201"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-31T06:15:33Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-7gxx-5pqg-v8f2/GHSA-7gxx-5pqg-v8f2.json

@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7gxx-5pqg-v8f2",
+  "modified": "2025-10-31T06:33:21Z",
+  "published": "2025-10-31T06:33:21Z",
+  "aliases": [
+    "CVE-2025-11191"
+  ],
+  "details": "The RealPress  WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11191"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/74f19ff2-d5c0-4bd4-83f2-688ea37022b1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-31T06:15:32Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-mg9h-26fx-x4qq/GHSA-mg9h-26fx-x4qq.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mg9h-26fx-x4qq",
+  "modified": "2025-10-31T06:33:21Z",
+  "published": "2025-10-31T06:33:21Z",
+  "aliases": [
+    "CVE-2025-58152"
+  ],
+  "details": "FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the garbage collection information on the internal web page. With some crafted HTTP request, they can be accessed without authentication.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58152"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/vu/JVNVU98191201"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.centurysys.co.jp/backnumber/common/jvnvu98191201.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-552"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-31T06:15:34Z"
+  }
+}