Publish Advisories

GHSA-7wwm-57j8-wx2j
GHSA-63hr-jqx6-r6hw
GHSA-7vx5-gmqw-3wfc
GHSA-8hx5-5mh4-xhjv
GHSA-8w5g-q885-39xw
GHSA-9888-65w8-vw6m
GHSA-9q78-jg46-rwj6
GHSA-cc6v-6w77-q59h
GHSA-h2f3-9263-mhpx
GHSA-h78x-26f7-7h7h
GHSA-hqp6-q766-2qrf
GHSA-q3cq-6xv8-j4p3
GHSA-rfmc-2hwr-mm4p
GHSA-w62p-cm3c-7rfc
GHSA-x255-qvfv-83jw

Author: advisory-database[bot]

advisories/unreviewed/2023/09/GHSA-7wwm-57j8-wx2j/GHSA-7wwm-57j8-wx2j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7wwm-57j8-wx2j",
-  "modified": "2023-11-16T18:30:23Z",
+  "modified": "2025-05-23T21:31:11Z",
   "published": "2023-09-29T06:30:29Z",
   "aliases": [
     "CVE-2023-44466"

advisories/unreviewed/2025/05/GHSA-63hr-jqx6-r6hw/GHSA-63hr-jqx6-r6hw.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-7vx5-gmqw-3wfc/GHSA-7vx5-gmqw-3wfc.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7vx5-gmqw-3wfc",
-  "modified": "2025-05-22T15:34:51Z",
+  "modified": "2025-05-23T21:31:12Z",
   "published": "2025-05-22T15:34:51Z",
   "aliases": [
     "CVE-2024-54188"
   ],
   "details": "Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-22T15:16:03Z"

advisories/unreviewed/2025/05/GHSA-8hx5-5mh4-xhjv/GHSA-8hx5-5mh4-xhjv.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8hx5-5mh4-xhjv",
+  "modified": "2025-05-23T21:31:12Z",
+  "published": "2025-05-23T21:31:12Z",
+  "aliases": [
+    "CVE-2025-48738"
+  ],
+  "details": "An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage exhaustion for targeted users, reputation damage to the SMTP server, potentially causing it to be blacklisted, and overload of the SMTP server's outbound mail queue.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48738"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-003.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-770"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-23T20:15:25Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-8w5g-q885-39xw/GHSA-8w5g-q885-39xw.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8w5g-q885-39xw",
+  "modified": "2025-05-23T21:31:12Z",
+  "published": "2025-05-23T21:31:12Z",
+  "aliases": [
+    "CVE-2025-48735"
+  ],
+  "details": "A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2_220219 before 21.45.8.2.3_230220 allows remote attackers to obtain sensitive information from the database via crafted input in the request body.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48735"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bositaly.it/wp-content/uploads/2025/04/CAMERA-VULNERABILITY-REPORT-SQL-INJECTION.pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-23T20:15:25Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-9888-65w8-vw6m/GHSA-9888-65w8-vw6m.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9888-65w8-vw6m",
-  "modified": "2025-05-22T15:34:51Z",
+  "modified": "2025-05-23T21:31:12Z",
   "published": "2025-05-22T15:34:51Z",
   "aliases": [
     "CVE-2025-32813"
   ],
   "details": "An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-22T15:16:04Z"

advisories/unreviewed/2025/05/GHSA-9q78-jg46-rwj6/GHSA-9q78-jg46-rwj6.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9q78-jg46-rwj6",
+  "modified": "2025-05-23T21:31:13Z",
+  "published": "2025-05-23T21:31:13Z",
+  "aliases": [
+    "CVE-2025-5119"
+  ],
+  "details": "A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5119"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/404heihei/CVE/issues/5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.310198"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.310198"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.555822"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-23T21:15:21Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-cc6v-6w77-q59h/GHSA-cc6v-6w77-q59h.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cc6v-6w77-q59h",
+  "modified": "2025-05-23T21:31:12Z",
+  "published": "2025-05-23T21:31:12Z",
+  "aliases": [
+    "CVE-2025-48740"
+  ],
+  "details": "A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic authentication.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48740"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-001.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-23T20:15:25Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-h2f3-9263-mhpx/GHSA-h2f3-9263-mhpx.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-h78x-26f7-7h7h/GHSA-h78x-26f7-7h7h.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h78x-26f7-7h7h",
+  "modified": "2025-05-23T21:31:12Z",
+  "published": "2025-05-23T21:31:12Z",
+  "aliases": [
+    "CVE-2025-44998"
+  ],
+  "details": "A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44998"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/l8BL/CVE-2025-44998"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/prasathmani/tinyfilemanager"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-23T19:15:22Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-hqp6-q766-2qrf/GHSA-hqp6-q766-2qrf.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hqp6-q766-2qrf",
+  "modified": "2025-05-23T21:31:12Z",
+  "published": "2025-05-23T21:31:12Z",
+  "aliases": [
+    "CVE-2025-46176"
+  ],
+  "details": "Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46176"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/namberino/cve/tree/main/CVE-2025-46176"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dlink.com/en/security-bulletin"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-23T19:15:22Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-q3cq-6xv8-j4p3/GHSA-q3cq-6xv8-j4p3.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-79"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/05/GHSA-rfmc-2hwr-mm4p/GHSA-rfmc-2hwr-mm4p.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rfmc-2hwr-mm4p",
-  "modified": "2025-05-23T18:32:13Z",
+  "modified": "2025-05-23T21:31:12Z",
   "published": "2025-05-23T18:32:13Z",
   "aliases": [
     "CVE-2024-51102"
   ],
   "details": "PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-05-23T18:15:36Z"