Publish Advisories

GHSA-j9wp-865g-rf48
GHSA-mmhq-qjv3-4q6f

Author: advisory-database[bot]

advisories/unreviewed/2025/05/GHSA-j9wp-865g-rf48/GHSA-j9wp-865g-rf48.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j9wp-865g-rf48",
+  "modified": "2025-05-25T15:30:32Z",
+  "published": "2025-05-25T15:30:32Z",
+  "aliases": [
+    "CVE-2025-5150"
+  ],
+  "details": "A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5150"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/superboy-zjc/56502343bcb12eb653081b426debf2c8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.310238"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.310238"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.574696"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-94"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-25T15:15:22Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-mmhq-qjv3-4q6f/GHSA-mmhq-qjv3-4q6f.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mmhq-qjv3-4q6f",
+  "modified": "2025-05-25T15:30:32Z",
+  "published": "2025-05-25T15:30:32Z",
+  "aliases": [
+    "CVE-2025-5149"
+  ],
+  "details": "A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5149"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/nwtmd5/cve/issues/IC6O7D"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.310237"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.310237"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.574590"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-25T13:15:19Z"
+  }
+}