Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 547f2a96f65a · 2025-10-05T21:31:31.000Z
GHSA-98gv-47jr-425g GHSA-fmr3-3xjp-2wx4 GHSA-hwh4-89vv-rqpw GHSA-jw8p-752q-4f34 GHSA-m8h2-55vc-q3fc GHSA-q7jf-w79v-v8hf
diff --git a/advisories/unreviewed/2025/10/GHSA-98gv-47jr-425g/GHSA-98gv-47jr-425g.json b/advisories/unreviewed/2025/10/GHSA-98gv-47jr-425g/GHSA-98gv-47jr-425g.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-98gv-47jr-425g",
+  "modified": "2025-10-05T21:30:14Z",
+  "published": "2025-10-05T21:30:14Z",
+  "aliases": [
+    "CVE-2025-11301"
+  ],
+  "details": "A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11301"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWlanSetupWPS.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWlanSetupWPS.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327182"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327182"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661305"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T20:15:31Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/10/GHSA-fmr3-3xjp-2wx4/GHSA-fmr3-3xjp-2wx4.json b/advisories/unreviewed/2025/10/GHSA-fmr3-3xjp-2wx4/GHSA-fmr3-3xjp-2wx4.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fmr3-3xjp-2wx4",
+  "modified": "2025-10-05T21:30:14Z",
+  "published": "2025-10-05T21:30:14Z",
+  "aliases": [
+    "CVE-2025-11300"
+  ],
+  "details": "A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results in buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11300"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWlanMP.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWlanMP.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327181"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327181"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661304"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T19:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/10/GHSA-hwh4-89vv-rqpw/GHSA-hwh4-89vv-rqpw.json b/advisories/unreviewed/2025/10/GHSA-hwh4-89vv-rqpw/GHSA-hwh4-89vv-rqpw.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hwh4-89vv-rqpw",
+  "modified": "2025-10-05T21:30:14Z",
+  "published": "2025-10-05T21:30:14Z",
+  "aliases": [
+    "CVE-2025-11302"
+  ],
+  "details": "A security vulnerability has been detected in Belkin F9K1015 1.00.10. This impacts an unknown function of the file /goform/formWpsStart. Such manipulation of the argument pinCode leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11302"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWpsStart.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWpsStart.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327183"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327183"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661306"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T20:15:32Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/10/GHSA-jw8p-752q-4f34/GHSA-jw8p-752q-4f34.json b/advisories/unreviewed/2025/10/GHSA-jw8p-752q-4f34/GHSA-jw8p-752q-4f34.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jw8p-752q-4f34",
+  "modified": "2025-10-05T21:30:15Z",
+  "published": "2025-10-05T21:30:14Z",
+  "aliases": [
+    "CVE-2025-11304"
+  ],
+  "details": "A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11304"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/PlsRevert/CVEs/issues/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/PlsRevert/CVEs/issues/3#issue-3447867888"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327185"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327185"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661733"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-346"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T21:15:31Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/10/GHSA-m8h2-55vc-q3fc/GHSA-m8h2-55vc-q3fc.json b/advisories/unreviewed/2025/10/GHSA-m8h2-55vc-q3fc/GHSA-m8h2-55vc-q3fc.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m8h2-55vc-q3fc",
+  "modified": "2025-10-05T21:30:14Z",
+  "published": "2025-10-05T21:30:14Z",
+  "aliases": [
+    "CVE-2025-11299"
+  ],
+  "details": "A vulnerability was identified in Belkin F9K1015 1.00.10. The affected element is an unknown function of the file /goform/formWanTcpipSetup. The manipulation of the argument pppUserName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11299"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWanTcpipSetup.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWanTcpipSetup.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327180"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327180"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661303"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T19:15:59Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/10/GHSA-q7jf-w79v-v8hf/GHSA-q7jf-w79v-v8hf.json b/advisories/unreviewed/2025/10/GHSA-q7jf-w79v-v8hf/GHSA-q7jf-w79v-v8hf.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q7jf-w79v-v8hf",
+  "modified": "2025-10-05T21:30:14Z",
+  "published": "2025-10-05T21:30:14Z",
+  "aliases": [
+    "CVE-2025-11303"
+  ],
+  "details": "A vulnerability was detected in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/mp. Performing manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11303"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/mp.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/mp.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327184"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327184"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661307"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T21:15:31Z"
+  }
+}
