Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit fed11e303241 · 2025-11-03T06:32:24.000Z
GHSA-98qw-prqm-9f4p GHSA-4mcf-c9v4-fpcr GHSA-cv6h-r85q-6vvv GHSA-pcp2-9pj8-878j GHSA-q2gf-mw7m-x2mr
diff --git a/advisories/unreviewed/2025/06/GHSA-98qw-prqm-9f4p/GHSA-98qw-prqm-9f4p.json b/advisories/unreviewed/2025/06/GHSA-98qw-prqm-9f4p/GHSA-98qw-prqm-9f4p.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-98qw-prqm-9f4p",
-  "modified": "2025-11-03T03:30:25Z",
+  "modified": "2025-11-03T06:30:26Z",
   "published": "2025-06-26T21:31:08Z",
   "aliases": [
     "CVE-2025-5318"
@@ -47,6 +47,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19400"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19401"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-5318"
diff --git a/advisories/unreviewed/2025/08/GHSA-4mcf-c9v4-fpcr/GHSA-4mcf-c9v4-fpcr.json b/advisories/unreviewed/2025/08/GHSA-4mcf-c9v4-fpcr/GHSA-4mcf-c9v4-fpcr.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4mcf-c9v4-fpcr",
-  "modified": "2025-08-29T21:32:02Z",
+  "modified": "2025-11-03T06:30:26Z",
   "published": "2025-08-29T21:32:02Z",
   "aliases": [
     "CVE-2023-41471"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/9001/copyparty"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/9001/copyparty/releases/tag/v1.9.2"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/Trinity-SYT-SECURITY/XSS_vuln_issue/blob/main/copyparty.md"
diff --git a/advisories/unreviewed/2025/11/GHSA-cv6h-r85q-6vvv/GHSA-cv6h-r85q-6vvv.json b/advisories/unreviewed/2025/11/GHSA-cv6h-r85q-6vvv/GHSA-cv6h-r85q-6vvv.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cv6h-r85q-6vvv",
+  "modified": "2025-11-03T06:30:26Z",
+  "published": "2025-11-03T06:30:26Z",
+  "aliases": [
+    "CVE-2025-12617"
+  ],
+  "details": "A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/login_crud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12617"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.330911"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.330911"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.678665"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.yuque.com/yuqueyonghuexlgkz/zepczx/py9oh6m1p7mx4eqr?singleDoc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-03T05:15:46Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-pcp2-9pj8-878j/GHSA-pcp2-9pj8-878j.json b/advisories/unreviewed/2025/11/GHSA-pcp2-9pj8-878j/GHSA-pcp2-9pj8-878j.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pcp2-9pj8-878j",
+  "modified": "2025-11-03T06:30:26Z",
+  "published": "2025-11-03T06:30:26Z",
+  "aliases": [
+    "CVE-2025-12616"
+  ],
+  "details": "A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12616"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Information%20Disclosure%20via%20Debug%20Mode.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phpgurukul.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.330910"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.330910"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.678649"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-03T04:15:32Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/11/GHSA-q2gf-mw7m-x2mr/GHSA-q2gf-mw7m-x2mr.json b/advisories/unreviewed/2025/11/GHSA-q2gf-mw7m-x2mr/GHSA-q2gf-mw7m-x2mr.json
@@ -0,0 +1,54 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q2gf-mw7m-x2mr",
+  "modified": "2025-11-03T06:30:26Z",
+  "published": "2025-11-03T06:30:26Z",
+  "aliases": [
+    "CVE-2025-12615"
+  ],
+  "details": "A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key\n . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12615"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phpgurukul.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.330909"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.330909"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.678625"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-03T04:15:32Z"
+  }
+}
