Publish Advisories

GHSA-26wj-qjvf-gf89
GHSA-2w2q-r6q7-86fg
GHSA-2x59-2w3w-3ccw
GHSA-5rcg-7jx4-f3xr
GHSA-5wvf-mw3c-73fm
GHSA-63jh-v6wx-r73j
GHSA-7q72-8f9r-v4mw
GHSA-9hwh-38g7-jrxm
GHSA-c2x5-h372-v5w7
GHSA-fxm8-3753-c2p6
GHSA-h3mf-62g7-rhfj
GHSA-hpjm-36pf-pv8v
GHSA-jgm2-j5pr-pph9
GHSA-jvgr-7mgj-9rx2
GHSA-jwpw-v44x-63pc
GHSA-q57j-wgw3-jw48
GHSA-xxxg-8p58-2qqv

Author: advisory-database[bot]

advisories/unreviewed/2025/10/GHSA-26wj-qjvf-gf89/GHSA-26wj-qjvf-gf89.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-26wj-qjvf-gf89",
+  "modified": "2025-10-27T06:30:27Z",
+  "published": "2025-10-27T06:30:27Z",
+  "aliases": [
+    "CVE-2025-12212"
+  ],
+  "details": "A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12212"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/setNetworkService.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.329882"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.329882"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.673267"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T04:15:50Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2w2q-r6q7-86fg/GHSA-2w2q-r6q7-86fg.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2w2q-r6q7-86fg",
+  "modified": "2025-10-27T06:30:28Z",
+  "published": "2025-10-27T06:30:28Z",
+  "aliases": [
+    "CVE-2025-12226"
+  ],
+  "details": "A vulnerability was found in SourceCodester Best House Rental Management System 1.0. Impacted is the function save_house of the file /admin_class.php. Performing manipulation of the argument house_no results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12226"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/zhang947/vul/blob/main/report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.329896"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.329896"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.673611"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.674055"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.675883"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sourcecodester.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T05:15:38Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-2x59-2w3w-3ccw/GHSA-2x59-2w3w-3ccw.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x59-2w3w-3ccw",
+  "modified": "2025-10-27T06:30:28Z",
+  "published": "2025-10-27T06:30:28Z",
+  "aliases": [
+    "CVE-2025-12229"
+  ],
+  "details": "A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12229"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/QIU-DIE/CVE/issues/10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.329899"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.329899"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.673706"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T06:15:38Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-5rcg-7jx4-f3xr/GHSA-5rcg-7jx4-f3xr.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5rcg-7jx4-f3xr",
+  "modified": "2025-10-27T06:30:26Z",
+  "published": "2025-10-27T06:30:26Z",
+  "aliases": [
+    "CVE-2025-12211"
+  ],
+  "details": "A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12211"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/setDmzInfo.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.329881"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.329881"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.673265"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T04:15:48Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-5wvf-mw3c-73fm/GHSA-5wvf-mw3c-73fm.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5wvf-mw3c-73fm",
+  "modified": "2025-10-27T06:30:28Z",
+  "published": "2025-10-27T06:30:28Z",
+  "aliases": [
+    "CVE-2025-12231"
+  ],
+  "details": "A security vulnerability has been detected in projectworlds Expense Management System 1.0. Affected is an unknown function of the file /public/admin/expense_categories/create of the component Expense Categories Page. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12231"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/QIU-DIE/CVE/issues/12"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.329901"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.329901"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.673708"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T06:15:39Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-63jh-v6wx-r73j/GHSA-63jh-v6wx-r73j.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-63jh-v6wx-r73j",
+  "modified": "2025-10-27T06:30:28Z",
+  "published": "2025-10-27T06:30:28Z",
+  "aliases": [
+    "CVE-2025-12230"
+  ],
+  "details": "A weakness has been identified in projectworlds Expense Management System 1.0. This impacts an unknown function of the file /public/admin/currencies/create of the component Currency Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12230"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/QIU-DIE/CVE/issues/11"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.329900"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.329900"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.673707"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-27T06:15:38Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-7q72-8f9r-v4mw/GHSA-7q72-8f9r-v4mw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7q72-8f9r-v4mw",
-  "modified": "2025-10-01T21:31:21Z",
+  "modified": "2025-10-27T06:30:26Z",
   "published": "2025-10-01T21:31:21Z",
   "aliases": [
     "CVE-2025-46205"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46205"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ShadowByte1/CVE-Reports/issues/1"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/ShadowByte1/CVE-Reports/blob/main/CVE-2025-46205.md"