Publish Advisories

GHSA-295f-pwgh-q72q
GHSA-29mq-c452-8pvf
GHSA-52mc-8c8q-x9g6
GHSA-7xr6-x66r-h3w5
GHSA-h684-p7cm-3g45
GHSA-j3gv-x7fr-5wqw
GHSA-mg82-54x7-675c
GHSA-vfpj-4m7v-768q
GHSA-xmhv-g25h-6j26

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-295f-pwgh-q72q/GHSA-295f-pwgh-q72q.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-295f-pwgh-q72q",
+  "modified": "2025-11-17T12:30:14Z",
+  "published": "2025-11-17T12:30:14Z",
+  "aliases": [
+    "CVE-2025-40936"
+  ],
+  "details": "A vulnerability has been identified in PS/IGES Parasolid Translator Component (All versions < V29.0.258). The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process. (ZDI-CAN-26755)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40936"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-241605.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-17T12:15:44Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-29mq-c452-8pvf/GHSA-29mq-c452-8pvf.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-29mq-c452-8pvf",
+  "modified": "2025-11-17T12:30:14Z",
+  "published": "2025-11-17T12:30:14Z",
+  "aliases": [
+    "CVE-2025-11681"
+  ],
+  "details": "Denial-of-service condition in M-Files Server versions before 25.11.15392.1 allows an authenticated user to cause the MFserver process to crash.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11681"
+    },
+    {
+      "type": "WEB",
+      "url": "https://product.m-files.com/security-advisories/cve-2025-11681"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-400"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-17T12:15:43Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-52mc-8c8q-x9g6/GHSA-52mc-8c8q-x9g6.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-52mc-8c8q-x9g6",
+  "modified": "2025-11-17T12:30:14Z",
+  "published": "2025-11-17T12:30:14Z",
+  "aliases": [
+    "CVE-2025-13276"
+  ],
+  "details": "A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13276"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Nianalb/Report_Online-Banking-System/blob/main/SQL.docx"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.332611"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.332611"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.690087"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-17T11:15:46Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-7xr6-x66r-h3w5/GHSA-7xr6-x66r-h3w5.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7xr6-x66r-h3w5",
+  "modified": "2025-11-17T12:30:14Z",
+  "published": "2025-11-17T12:30:14Z",
+  "aliases": [
+    "CVE-2025-40834"
+  ],
+  "details": "A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40834"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-190588.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-17T12:15:44Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-h684-p7cm-3g45/GHSA-h684-p7cm-3g45.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h684-p7cm-3g45",
+  "modified": "2025-11-17T12:30:14Z",
+  "published": "2025-11-17T12:30:14Z",
+  "aliases": [
+    "CVE-2025-13275"
+  ],
+  "details": "A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13275"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mhszed/Report/blob/main/php-business-website%20upload.docx"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.332610"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.332610"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.690049"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-17T11:15:42Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-j3gv-x7fr-5wqw/GHSA-j3gv-x7fr-5wqw.json

@@ -26,6 +26,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-426",
       "CWE-732"
     ],
     "severity": "MODERATE",

advisories/unreviewed/2025/11/GHSA-mg82-54x7-675c/GHSA-mg82-54x7-675c.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mg82-54x7-675c",
+  "modified": "2025-11-17T12:30:14Z",
+  "published": "2025-11-17T12:30:14Z",
+  "aliases": [
+    "CVE-2025-13277"
+  ],
+  "details": "A flaw has been found in code-projects Nero Social Networking Site 1.0. This issue affects some unknown processing of the file /friendsphoto.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13277"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/daojian1/Nero-Social-Networking-Site-V1.0_004"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.332612"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.332612"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.690140"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-17T12:15:44Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-vfpj-4m7v-768q/GHSA-vfpj-4m7v-768q.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vfpj-4m7v-768q",
+  "modified": "2025-11-17T12:30:14Z",
+  "published": "2025-11-17T12:30:14Z",
+  "aliases": [
+    "CVE-2025-13274"
+  ],
+  "details": "A weakness has been identified in Campcodes School Fees Payment Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_fees. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13274"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ASantsSec/CVE/issues/21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.332609"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.332609"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.690886"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.campcodes.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-17T10:15:59Z"
+  }
+}