Publish Advisories

GHSA-cqj4-fp95-jqxq
GHSA-f7q5-qg45-7vm8
GHSA-fv5h-vqpf-6fqj
GHSA-prf7-7jvx-hxj5
GHSA-v8v5-8mm8-3j8p
GHSA-4mm8-49x8-v5qm
GHSA-58ff-3f7r-gpxr
GHSA-8fqc-wr75-66c9
GHSA-9c77-xh28-7vf7
GHSA-9vfp-jrmr-qcrr
GHSA-f75f-v33m-pj77
GHSA-h2f9-84pg-6vj7
GHSA-x72w-3h7j-3f2r

Author: advisory-database[bot]

advisories/unreviewed/2025/02/GHSA-cqj4-fp95-jqxq/GHSA-cqj4-fp95-jqxq.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cqj4-fp95-jqxq",
-  "modified": "2025-06-02T15:31:21Z",
+  "modified": "2025-10-06T12:30:29Z",
   "published": "2025-02-10T18:30:46Z",
   "aliases": [
     "CVE-2024-12243"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12243"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:17361"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:4051"

advisories/unreviewed/2025/07/GHSA-f7q5-qg45-7vm8/GHSA-f7q5-qg45-7vm8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f7q5-qg45-7vm8",
-  "modified": "2025-10-06T03:31:37Z",
+  "modified": "2025-10-06T12:30:30Z",
   "published": "2025-07-10T09:32:27Z",
   "aliases": [
     "CVE-2025-32989"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:17348"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:17361"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-32989"

advisories/unreviewed/2025/07/GHSA-fv5h-vqpf-6fqj/GHSA-fv5h-vqpf-6fqj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fv5h-vqpf-6fqj",
-  "modified": "2025-10-06T03:31:37Z",
+  "modified": "2025-10-06T12:30:29Z",
   "published": "2025-07-10T09:32:27Z",
   "aliases": [
     "CVE-2025-32988"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:17348"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:17361"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-32988"

advisories/unreviewed/2025/07/GHSA-prf7-7jvx-hxj5/GHSA-prf7-7jvx-hxj5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-prf7-7jvx-hxj5",
-  "modified": "2025-10-06T03:31:38Z",
+  "modified": "2025-10-06T12:30:30Z",
   "published": "2025-07-10T18:31:26Z",
   "aliases": [
     "CVE-2025-6395"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:17348"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:17361"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-6395"

advisories/unreviewed/2025/07/GHSA-v8v5-8mm8-3j8p/GHSA-v8v5-8mm8-3j8p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v8v5-8mm8-3j8p",
-  "modified": "2025-10-06T03:31:37Z",
+  "modified": "2025-10-06T12:30:30Z",
   "published": "2025-07-10T12:31:18Z",
   "aliases": [
     "CVE-2025-32990"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:17348"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:17361"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-32990"

advisories/unreviewed/2025/10/GHSA-4mm8-49x8-v5qm/GHSA-4mm8-49x8-v5qm.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4mm8-49x8-v5qm",
+  "modified": "2025-10-06T12:30:31Z",
+  "published": "2025-10-06T12:30:31Z",
+  "aliases": [
+    "CVE-2025-11330"
+  ],
+  "details": "A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11330"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xiaoxinkaishi/cve/issues/6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xiaoxinkaishi/cve/issues/7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phpgurukul.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327213"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327213"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.664545"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.664546"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-06T10:15:34Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-58ff-3f7r-gpxr/GHSA-58ff-3f7r-gpxr.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-58ff-3f7r-gpxr",
+  "modified": "2025-10-06T12:30:31Z",
+  "published": "2025-10-06T12:30:31Z",
+  "aliases": [
+    "CVE-2025-11332"
+  ],
+  "details": "A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing manipulation of the argument PHP_SELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11332"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tiancesec/CVE/issues/5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327215"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327215"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.664560"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-06T11:15:32Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-8fqc-wr75-66c9/GHSA-8fqc-wr75-66c9.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8fqc-wr75-66c9",
+  "modified": "2025-10-06T12:30:31Z",
+  "published": "2025-10-06T12:30:30Z",
+  "aliases": [
+    "CVE-2025-11331"
+  ],
+  "details": "A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument 网站名称 results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11331"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tiancesec/CVE/issues/4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327214"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327214"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.664550"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-06T10:15:34Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-9c77-xh28-7vf7/GHSA-9c77-xh28-7vf7.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9c77-xh28-7vf7",
+  "modified": "2025-10-06T12:30:31Z",
+  "published": "2025-10-06T12:30:31Z",
+  "aliases": [
+    "CVE-2025-11334"
+  ],
+  "details": "A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11334"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/melody27/cve/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327217"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327217"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.664583"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.campcodes.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-06T12:15:32Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-9vfp-jrmr-qcrr/GHSA-9vfp-jrmr-qcrr.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9vfp-jrmr-qcrr",
+  "modified": "2025-10-06T12:30:30Z",
+  "published": "2025-10-06T12:30:30Z",
+  "aliases": [
+    "CVE-2025-0609"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS).This issue affects Logo Cloud: before 1.18.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0609"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.usom.gov.tr/bildirim/tr-25-0318"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-06T10:15:33Z"
+  }
+}