Publish Advisories

GHSA-2rmw-22w9-6gqv
GHSA-32fm-h45j-grpv
GHSA-647r-rhm4-28g2
GHSA-65px-wjwf-w4j6
GHSA-6mcx-64mw-m32r
GHSA-7cf5-cv98-v7j6
GHSA-7xr9-h4qx-73w3
GHSA-c3mr-fcrj-6g2w
GHSA-ff2p-7h68-73qg
GHSA-g7hf-xr86-7qmf
GHSA-h5m8-46r9-qc8j
GHSA-h9xr-f47v-rhg4
GHSA-qhjv-vvf7-w9xf
GHSA-v37q-cgjj-3w5j
GHSA-x9qh-8h86-936g

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-2rmw-22w9-6gqv/GHSA-2rmw-22w9-6gqv.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rmw-22w9-6gqv",
+  "modified": "2025-12-22T06:30:28Z",
+  "published": "2025-12-22T06:30:28Z",
+  "aliases": [
+    "CVE-2025-15012"
+  ],
+  "details": "A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15012"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jjjjj-zr/jjjjjzr17/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.337718"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.337718"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.719788"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T05:16:19Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-32fm-h45j-grpv/GHSA-32fm-h45j-grpv.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-32fm-h45j-grpv",
+  "modified": "2025-12-22T06:30:27Z",
+  "published": "2025-12-22T06:30:27Z",
+  "aliases": [
+    "CVE-2025-11540"
+  ],
+  "details": "Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11540"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11540.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T05:16:06Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-647r-rhm4-28g2/GHSA-647r-rhm4-28g2.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-647r-rhm4-28g2",
+  "modified": "2025-12-22T06:30:28Z",
+  "published": "2025-12-22T06:30:28Z",
+  "aliases": [
+    "CVE-2025-11544"
+  ],
+  "details": "Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11544"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11544.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-912"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T06:15:50Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-65px-wjwf-w4j6/GHSA-65px-wjwf-w4j6.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-65px-wjwf-w4j6",
+  "modified": "2025-12-22T06:30:27Z",
+  "published": "2025-12-22T06:30:27Z",
+  "aliases": [
+    "CVE-2025-59301"
+  ],
+  "details": "Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59301"
+    },
+    {
+      "type": "WEB",
+      "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00020_DVP15MC11T%20Modbus%20TCP%20DoS%20Vulnerability.pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T04:16:00Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-6mcx-64mw-m32r/GHSA-6mcx-64mw-m32r.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6mcx-64mw-m32r",
+  "modified": "2025-12-22T06:30:27Z",
+  "published": "2025-12-22T06:30:27Z",
+  "aliases": [
+    "CVE-2025-15011"
+  ],
+  "details": "A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15011"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/chunmingshanan/CVE/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.337717"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.337717"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.719663"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T04:16:00Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-7cf5-cv98-v7j6/GHSA-7cf5-cv98-v7j6.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7cf5-cv98-v7j6",
+  "modified": "2025-12-22T06:30:27Z",
+  "published": "2025-12-22T06:30:27Z",
+  "aliases": [
+    "CVE-2025-11543"
+  ],
+  "details": "Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized firmware.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11543"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11540.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-354"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T05:16:18Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-7xr9-h4qx-73w3/GHSA-7xr9-h4qx-73w3.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7xr9-h4qx-73w3",
+  "modified": "2025-12-22T06:30:27Z",
+  "published": "2025-12-22T06:30:27Z",
+  "aliases": [
+    "CVE-2025-11542"
+  ],
+  "details": "Stack-based Buffer Overflow vulnerability in Sharp Display Solutions projectors allows a attacker may execute arbitrary commands and programs.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11542"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11540.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-121"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T05:16:17Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-c3mr-fcrj-6g2w/GHSA-c3mr-fcrj-6g2w.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c3mr-fcrj-6g2w",
+  "modified": "2025-12-22T06:30:27Z",
+  "published": "2025-12-22T06:30:27Z",
+  "aliases": [
+    "CVE-2025-12049"
+  ],
+  "details": "Missing Authentication for Critical Function vulnerability in Sharp Display Solutions Media Player MP-01 All Verisons allows a attacker may access to the web interface of the affected product without authentication and change settings or perform other operations, and deliver content from the authoring software to the affected product without authentication.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12049"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sharp-displays.jp.sharp/global/support/info/MP01-CVE-2025-12049.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T05:16:19Z"
+  }
+}