Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/11/GHSA-4w5x-gxff-8vr4/GHSA-4w5x-gxff-8vr4.json

@@ -53,7 +53,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2022/11/GHSA-f988-q9m6-r9h6/GHSA-f988-q9m6-r9h6.json

@@ -49,7 +49,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-94"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2022/11/GHSA-g7j7-888j-qv8x/GHSA-g7j7-888j-qv8x.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g7j7-888j-qv8x",
-  "modified": "2022-11-02T12:00:44Z",
+  "modified": "2025-05-06T06:30:34Z",
   "published": "2022-11-01T12:00:30Z",
   "aliases": [
     "CVE-2022-2572"

advisories/unreviewed/2022/11/GHSA-qgjm-gpxr-6x7m/GHSA-qgjm-gpxr-6x7m.json

@@ -33,7 +33,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-200"
+    ],
     "severity": "LOW",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-27w7-2jg3-x45x/GHSA-27w7-2jg3-x45x.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-27w7-2jg3-x45x",
+  "modified": "2025-05-06T06:30:37Z",
+  "published": "2025-05-06T06:30:37Z",
+  "aliases": [
+    "CVE-2025-4313"
+  ],
+  "details": "A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Affected is an unknown function of the file /admin/admin_addnew_product.php. The manipulation of the argument txtProdId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4313"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Samsamue1/CVE/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.307416"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.307416"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.564311"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-06T05:15:50Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-2w42-m6v3-6gxq/GHSA-2w42-m6v3-6gxq.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2w42-m6v3-6gxq",
+  "modified": "2025-05-06T06:30:37Z",
+  "published": "2025-05-06T06:30:37Z",
+  "aliases": [
+    "CVE-2025-47302"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47302"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-06T04:16:23Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-3hrf-pq5f-6637/GHSA-3hrf-pq5f-6637.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3hrf-pq5f-6637",
-  "modified": "2025-05-05T18:32:54Z",
+  "modified": "2025-05-06T06:30:35Z",
   "published": "2025-05-05T18:32:54Z",
   "aliases": [
     "CVE-2025-45237"
   ],
   "details": "Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-05T18:15:43Z"

advisories/unreviewed/2025/05/GHSA-4p2f-v377-v6xf/GHSA-4p2f-v377-v6xf.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4p2f-v377-v6xf",
+  "modified": "2025-05-06T06:30:36Z",
+  "published": "2025-05-06T06:30:36Z",
+  "aliases": [
+    "CVE-2021-43069"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43069"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-06T04:15:55Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-4wmw-m5rh-vjc7/GHSA-4wmw-m5rh-vjc7.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4wmw-m5rh-vjc7",
+  "modified": "2025-05-06T06:30:38Z",
+  "published": "2025-05-06T06:30:38Z",
+  "aliases": [
+    "CVE-2025-4337"
+  ],
+  "details": "The AHAthat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the aha_plugin_page() function. This makes it possible for unauthenticated attackers to delete AHA pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4337"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ahathat/trunk/includes/class-aha-admin-menu.php#L42"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af15ae80-dbce-4899-9604-82fdca222bf5?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-06T05:15:50Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-55w3-jp57-3mq5/GHSA-55w3-jp57-3mq5.json

@@ -0,0 +1,25 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-55w3-jp57-3mq5",
+  "modified": "2025-05-06T06:30:36Z",
+  "published": "2025-05-06T06:30:36Z",
+  "aliases": [
+    "CVE-2025-47298"
+  ],
+  "details": "Rejected reason: Not used",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47298"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-06T04:16:23Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-5g9r-rwq5-h87v/GHSA-5g9r-rwq5-h87v.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5g9r-rwq5-h87v",
-  "modified": "2025-05-05T21:31:30Z",
+  "modified": "2025-05-06T06:30:36Z",
   "published": "2025-05-05T21:31:30Z",
   "aliases": [
     "CVE-2025-45618"
   ],
   "details": "Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-05T20:15:21Z"

advisories/unreviewed/2025/05/GHSA-5pv4-5wmq-2pxg/GHSA-5pv4-5wmq-2pxg.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5pv4-5wmq-2pxg",
-  "modified": "2025-05-05T21:31:30Z",
+  "modified": "2025-05-06T06:30:36Z",
   "published": "2025-05-05T21:31:30Z",
   "aliases": [
     "CVE-2025-45617"
   ],
   "details": "Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-05T20:15:20Z"

advisories/unreviewed/2025/05/GHSA-6fcr-87qh-q4w5/GHSA-6fcr-87qh-q4w5.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6fcr-87qh-q4w5",
+  "modified": "2025-05-06T06:30:37Z",
+  "published": "2025-05-06T06:30:37Z",
+  "aliases": [
+    "CVE-2025-4323"
+  ],
+  "details": "A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4323"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/bdkuzma/vuln/issues/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.307424"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.307424"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.563540"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-06T05:15:50Z"
+  }
+}