Skip to content

Commit 797d03b

Browse files
1 parent 2f415a8 commit 797d03b

6 files changed

Lines changed: 323 additions & 0 deletions

File tree

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2fwv-2r36-xvh5",
4+
"modified": "2025-06-28T21:30:28Z",
5+
"published": "2025-06-28T21:30:28Z",
6+
"aliases": [
7+
"CVE-2025-6822"
8+
],
9+
"details": "A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/removeProduct.php. The manipulation of the argument productId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6822"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Dav1d-safe/cve/issues/2"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.314260"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.314260"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.602641"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-06-28T19:15:23Z"
55+
}
56+
}
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4435-hcqq-9f9v",
4+
"modified": "2025-06-28T21:30:28Z",
5+
"published": "2025-06-28T21:30:28Z",
6+
"aliases": [
7+
"CVE-2025-6824"
8+
],
9+
"details": "A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6824"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/awindog/cve/blob/main/688/28.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/awindog/cve/blob/main/688/28.md#poc"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.314262"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.314262"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.602643"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.totolink.net"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-119"
54+
],
55+
"severity": "HIGH",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2025-06-28T20:15:23Z"
59+
}
60+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-48rm-w7x2-9hjv",
4+
"modified": "2025-06-28T21:30:28Z",
5+
"published": "2025-06-28T21:30:28Z",
6+
"aliases": [
7+
"CVE-2025-6823"
8+
],
9+
"details": "A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /php_action/editProduct.php. The manipulation of the argument editProductName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6823"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Dav1d-safe/cve/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.314261"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.314261"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.602642"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-06-28T20:15:22Z"
55+
}
56+
}
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h9x4-6j6x-7vjx",
4+
"modified": "2025-06-28T21:30:28Z",
5+
"published": "2025-06-28T21:30:28Z",
6+
"aliases": [
7+
"CVE-2025-6825"
8+
],
9+
"details": "A vulnerability classified as critical was found in TOTOLINK A702R up to 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6825"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/awindog/cve/blob/main/688/29.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/awindog/cve/blob/main/688/29.md#poc"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.314263"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.314263"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.602655"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.totolink.net"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-119"
54+
],
55+
"severity": "HIGH",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2025-06-28T21:15:29Z"
59+
}
60+
}
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j88r-fq49-rgqf",
4+
"modified": "2025-06-28T21:30:28Z",
5+
"published": "2025-06-28T21:30:28Z",
6+
"aliases": [
7+
"CVE-2025-6826"
8+
],
9+
"details": "A vulnerability, which was classified as critical, has been found in code-projects Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /Payroll_Management_System/ajax.php?action=save_department. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6826"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Cashbeebee/CVE/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.314264"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.314264"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.602674"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-06-28T21:15:30Z"
55+
}
56+
}
Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-m964-fjrh-xxq2",
4+
"modified": "2025-06-28T21:30:27Z",
5+
"published": "2025-06-28T21:30:27Z",
6+
"aliases": [
7+
"CVE-2025-32897"
8+
],
9+
"details": "Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).\n\nThis security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow.\nThis issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0.\n\nUsers are recommended to upgrade to version 2.3.0, which fixes the issue.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32897"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://lists.apache.org/thread/9fhtf7yvpjpzlwd1m0wfgg6tp2btxpy1"
20+
},
21+
{
22+
"type": "WEB",
23+
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47552"
24+
}
25+
],
26+
"database_specific": {
27+
"cwe_ids": [
28+
"CWE-502"
29+
],
30+
"severity": null,
31+
"github_reviewed": false,
32+
"github_reviewed_at": null,
33+
"nvd_published_at": "2025-06-28T19:15:21Z"
34+
}
35+
}

0 commit comments

Comments
 (0)