Publish Advisories

GHSA-62rw-g63g-4696
GHSA-g442-cv6p-6f3m
GHSA-mhxh-7p9w-pvcq
GHSA-p34c-25jj-vgmh
GHSA-pqpx-59rc-8jj4
GHSA-x5ph-c3x5-4wmg

Author: advisory-database[bot]

advisories/unreviewed/2025/08/GHSA-62rw-g63g-4696/GHSA-62rw-g63g-4696.json

@@ -0,0 +1,54 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-62rw-g63g-4696",
+  "modified": "2025-08-09T00:30:30Z",
+  "published": "2025-08-09T00:30:30Z",
+  "aliases": [
+    "CVE-2025-8741"
+  ],
+  "details": "A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8741"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/N1n3b9S/cve/issues/10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/N1n3b9S/cve/issues/10#issue-3262475757"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.319237"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.319237"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.623318"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-08-08T22:16:17Z"
+  }
+}

advisories/unreviewed/2025/08/GHSA-g442-cv6p-6f3m/GHSA-g442-cv6p-6f3m.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g442-cv6p-6f3m",
+  "modified": "2025-08-09T00:30:30Z",
+  "published": "2025-08-09T00:30:30Z",
+  "aliases": [
+    "CVE-2025-46709"
+  ],
+  "details": "Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46709"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-08-09T00:15:26Z"
+  }
+}

advisories/unreviewed/2025/08/GHSA-mhxh-7p9w-pvcq/GHSA-mhxh-7p9w-pvcq.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mhxh-7p9w-pvcq",
+  "modified": "2025-08-09T00:30:30Z",
+  "published": "2025-08-09T00:30:30Z",
+  "aliases": [
+    "CVE-2025-8742"
+  ],
+  "details": "A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8742"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/N1n3b9S/cve/issues/12"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.319238"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.319238"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.623319"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-307"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-08-08T22:16:18Z"
+  }
+}

advisories/unreviewed/2025/08/GHSA-p34c-25jj-vgmh/GHSA-p34c-25jj-vgmh.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-p34c-25jj-vgmh",
+  "modified": "2025-08-09T00:30:31Z",
+  "published": "2025-08-09T00:30:31Z",
+  "aliases": [
+    "CVE-2025-8744"
+  ],
+  "details": "A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8744"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.319240"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.319240"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.616911"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-08-09T00:15:26Z"
+  }
+}

advisories/unreviewed/2025/08/GHSA-pqpx-59rc-8jj4/GHSA-pqpx-59rc-8jj4.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pqpx-59rc-8jj4",
+  "modified": "2025-08-09T00:30:30Z",
+  "published": "2025-08-09T00:30:30Z",
+  "aliases": [
+    "CVE-2025-8743"
+  ],
+  "details": "A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /data_source_edit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8743"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/CVE-2025-8743.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/Cross-Site_Scripting_(XSS)_Stored_endpoint_data_source_edit.shtm_parameter_name.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.319239"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.319239"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.623428"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-08-08T23:15:37Z"
+  }
+}

advisories/unreviewed/2025/08/GHSA-x5ph-c3x5-4wmg/GHSA-x5ph-c3x5-4wmg.json

@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x5ph-c3x5-4wmg",
+  "modified": "2025-08-09T00:30:30Z",
+  "published": "2025-08-09T00:30:30Z",
+  "aliases": [
+    "CVE-2025-6573"
+  ],
+  "details": "Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE).",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6573"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-280"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-08-09T00:15:26Z"
+  }
+}