Publish Advisories

GHSA-wv79-2fc4-v4hj
GHSA-6gj4-wp95-h55h
GHSA-7935-596x-4p9v
GHSA-cq5q-mc33-6v8q
GHSA-gcq5-qc75-mh9g
GHSA-w45m-h9p7-x2wf

Author: advisory-database[bot]

advisories/unreviewed/2025/05/GHSA-wv79-2fc4-v4hj/GHSA-wv79-2fc4-v4hj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wv79-2fc4-v4hj",
-  "modified": "2025-05-27T21:32:17Z",
+  "modified": "2025-06-16T00:31:38Z",
   "published": "2025-05-27T21:32:17Z",
   "aliases": [
     "CVE-2025-5222"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368600"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/06/GHSA-6gj4-wp95-h55h/GHSA-6gj4-wp95-h55h.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6gj4-wp95-h55h",
+  "modified": "2025-06-16T00:31:39Z",
+  "published": "2025-06-16T00:31:39Z",
+  "aliases": [
+    "CVE-2025-6093"
+  ],
+  "details": "A vulnerability classified as critical was found in uYanki board-stm32f103rc-berial up to 84daed541609cb7b46854cc6672a275d1007e295. This vulnerability affects the function heartrate1_i2c_hal_write of the file 7.Example/hal/i2c/max30100/Manual/demo2/2/heartrate1_hal.c. The manipulation of the argument num leads to stack-based buffer overflow. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6093"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/uYanki/board-stm32f103rc-berial/issues/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.312562"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.312562"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.588106"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-15T22:15:19Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-7935-596x-4p9v/GHSA-7935-596x-4p9v.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7935-596x-4p9v",
+  "modified": "2025-06-16T00:31:39Z",
+  "published": "2025-06-16T00:31:39Z",
+  "aliases": [
+    "CVE-2025-6095"
+  ],
+  "details": "A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6095"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/YZS17/CVE/blob/main/Jasmin-Ransomware/sqli_password.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/YZS17/CVE/blob/main/Jasmin-Ransomware/sqli_username.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.312564"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.312564"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.588833"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.588834"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-15T23:15:18Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-cq5q-mc33-6v8q/GHSA-cq5q-mc33-6v8q.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cq5q-mc33-6v8q",
+  "modified": "2025-06-16T00:31:39Z",
+  "published": "2025-06-16T00:31:39Z",
+  "aliases": [
+    "CVE-2025-6096"
+  ],
+  "details": "A vulnerability has been found in codesiddhant Jasmin Ransomware up to 1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The manipulation of the argument Search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6096"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/YZS17/CVE/blob/main/Jasmin-Ransomware/sqli_search.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.312565"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.312565"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.588836"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-16T00:15:18Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-gcq5-qc75-mh9g/GHSA-gcq5-qc75-mh9g.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gcq5-qc75-mh9g",
+  "modified": "2025-06-16T00:31:39Z",
+  "published": "2025-06-16T00:31:38Z",
+  "aliases": [
+    "CVE-2025-6094"
+  ],
+  "details": "A vulnerability, which was classified as critical, has been found in FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6094"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/FSRM1/CVE/blob/main/foxcms_%E5%90%8E%E5%8F%B0sql%E6%B3%A8%E5%85%A5.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.312563"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.312563"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.588807"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-15T23:15:18Z"
+  }
+}

advisories/unreviewed/2025/06/GHSA-w45m-h9p7-x2wf/GHSA-w45m-h9p7-x2wf.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-w45m-h9p7-x2wf",
+  "modified": "2025-06-16T00:31:39Z",
+  "published": "2025-06-16T00:31:39Z",
+  "aliases": [
+    "CVE-2025-6097"
+  ],
+  "details": "A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6097"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pfwqdxwdd/cve/blob/main/6.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.312566"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.312566"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.589425"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-620"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-06-16T00:15:18Z"
+  }
+}