Skip to content

Commit e33bb85

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2gx3-2m5f-vj2w GHSA-4fwj-8595-wp25 GHSA-6wqg-9vx3-jvvm GHSA-95g3-5j3x-8jq6 GHSA-c67q-mx69-vv7w GHSA-g6wg-qc5j-3jpf GHSA-jw69-49f2-2vh8 GHSA-qcwv-qghh-rpc5 GHSA-w694-7r6q-q7vv GHSA-wgq5-7q8g-hr57 GHSA-wvw2-3jh4-4c39
1 parent 9d156df commit e33bb85

File tree

11 files changed

+428
-0
lines changed

11 files changed

+428
-0
lines changed

advisories/unreviewed/2025/07/GHSA-2gx3-2m5f-vj2w/GHSA-2gx3-2m5f-vj2w.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2gx3-2m5f-vj2w",
4+
"modified": "2025-07-18T12:30:35Z",
5+
"published": "2025-07-18T12:30:35Z",
6+
"aliases": [
7+
"CVE-2025-2425"
8+
],
9+
"details": "Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2425"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://support.eset.com/en/ca8840-eset-customer-advisory-toctou-race-condition-vulnerability-in-eset-products-on-windows-fixed"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-367"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-07-18T10:15:30Z"
35+
}
36+
}

advisories/unreviewed/2025/07/GHSA-4fwj-8595-wp25/GHSA-4fwj-8595-wp25.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4fwj-8595-wp25",
4+
"modified": "2025-07-18T12:30:36Z",
5+
"published": "2025-07-18T12:30:36Z",
6+
"aliases": [
7+
"CVE-2025-6227"
8+
],
9+
"details": "Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6227"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://mattermost.com/security-updates"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-522"
30+
],
31+
"severity": "LOW",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-07-18T12:15:23Z"
35+
}
36+
}

advisories/unreviewed/2025/07/GHSA-6wqg-9vx3-jvvm/GHSA-6wqg-9vx3-jvvm.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6wqg-9vx3-jvvm",
4+
"modified": "2025-07-18T12:30:35Z",
5+
"published": "2025-07-18T12:30:35Z",
6+
"aliases": [
7+
"CVE-2025-49486"
8+
],
9+
"details": "A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49486"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://extensions.joomla.org/extension/gallery"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "HIGH",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-07-18T10:15:33Z"
35+
}
36+
}

advisories/unreviewed/2025/07/GHSA-95g3-5j3x-8jq6/GHSA-95g3-5j3x-8jq6.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-95g3-5j3x-8jq6",
4+
"modified": "2025-07-18T12:30:36Z",
5+
"published": "2025-07-18T12:30:36Z",
6+
"aliases": [
7+
"CVE-2025-50126"
8+
],
9+
"details": "A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jform[tags_text] parameter.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50126"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://rsjoomla.com"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-07-18T10:15:34Z"
35+
}
36+
}

advisories/unreviewed/2025/07/GHSA-c67q-mx69-vv7w/GHSA-c67q-mx69-vv7w.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-c67q-mx69-vv7w",
4+
"modified": "2025-07-18T12:30:37Z",
5+
"published": "2025-07-18T12:30:37Z",
6+
"aliases": [
7+
"CVE-2025-7785"
8+
],
9+
"details": "A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7785"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/thinkgem/jeesite5/issues/29"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/thinkgem/jeesite5/issues/29#issue-3209433725"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/thinkgem/jeesite5/issues/29#issuecomment-3045862084"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/thinkgem/jeesite5/commit/3d06b8d009d0267f0255acc87ea19d29d07cedc3"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?ctiid.316846"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?id.316846"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/?submit.616104"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-601"
58+
],
59+
"severity": "MODERATE",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2025-07-18T12:15:24Z"
63+
}
64+
}

advisories/unreviewed/2025/07/GHSA-g6wg-qc5j-3jpf/GHSA-g6wg-qc5j-3jpf.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-g6wg-qc5j-3jpf",
4+
"modified": "2025-07-18T12:30:36Z",
5+
"published": "2025-07-18T12:30:36Z",
6+
"aliases": [
7+
"CVE-2025-50058"
8+
],
9+
"details": "A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50058"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://rsjoomla.com"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-07-18T10:15:34Z"
35+
}
36+
}

advisories/unreviewed/2025/07/GHSA-jw69-49f2-2vh8/GHSA-jw69-49f2-2vh8.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jw69-49f2-2vh8",
4+
"modified": "2025-07-18T12:30:36Z",
5+
"published": "2025-07-18T12:30:36Z",
6+
"aliases": [
7+
"CVE-2025-50056"
8+
],
9+
"details": "A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50056"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://rsjoomla.com"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-79"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-07-18T10:15:34Z"
35+
}
36+
}

advisories/unreviewed/2025/07/GHSA-qcwv-qghh-rpc5/GHSA-qcwv-qghh-rpc5.json

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-qcwv-qghh-rpc5",
4+
"modified": "2025-07-18T12:30:36Z",
5+
"published": "2025-07-18T12:30:36Z",
6+
"aliases": [
7+
"CVE-2025-50057"
8+
],
9+
"details": "A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50057"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://rsjoomla.com"
25+
}
26+
],
27+
"database_specific": {
28+
"cwe_ids": [
29+
"CWE-400"
30+
],
31+
"severity": "MODERATE",
32+
"github_reviewed": false,
33+
"github_reviewed_at": null,
34+
"nvd_published_at": "2025-07-18T10:15:34Z"
35+
}
36+
}

advisories/unreviewed/2025/07/GHSA-w694-7r6q-q7vv/GHSA-w694-7r6q-q7vv.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-w694-7r6q-q7vv",
4+
"modified": "2025-07-18T12:30:35Z",
5+
"published": "2025-07-18T12:30:35Z",
6+
"aliases": [
7+
"CVE-2025-49484"
8+
],
9+
"details": "A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49484"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-49484"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://joomsky.com/js-jobs-joomla"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-89"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2025-07-18T10:15:33Z"
39+
}
40+
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy