Skip to content

Commit 2dbb4d4

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-874w-8r6x-gq2c GHSA-mx5f-4vx4-2f5r GHSA-w2wx-g95c-8j7q
1 parent 7ae82e3 commit 2dbb4d4

File tree

3 files changed

+109
-1
lines changed

3 files changed

+109
-1
lines changed

advisories/unreviewed/2025/11/GHSA-874w-8r6x-gq2c/GHSA-874w-8r6x-gq2c.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-874w-8r6x-gq2c",
4-
"modified": "2025-12-01T21:30:25Z",
4+
"modified": "2025-12-07T09:30:18Z",
55
"published": "2025-11-30T18:30:12Z",
66
"aliases": [
77
"CVE-2025-13792"
@@ -35,6 +35,10 @@
3535
"type": "WEB",
3636
"url": "https://vuldb.com/?submit.691251"
3737
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.704314"
41+
},
3842
{
3943
"type": "WEB",
4044
"url": "https://www.qualitor.com.br/official-security-advisory-cve-2025-13792"

advisories/unreviewed/2025/12/GHSA-mx5f-4vx4-2f5r/GHSA-mx5f-4vx4-2f5r.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-mx5f-4vx4-2f5r",
4+
"modified": "2025-12-07T09:30:18Z",
5+
"published": "2025-12-07T09:30:18Z",
6+
"aliases": [
7+
"CVE-2025-14187"
8+
],
9+
"details": "A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14187"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://vuldb.com/?ctiid.334607"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?id.334607"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?submit.698652"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://www.notion.so/2b16cf4e528a80bbb5fdeff145f110ec"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-119"
46+
],
47+
"severity": "HIGH",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2025-12-07T09:15:48Z"
51+
}
52+
}

advisories/unreviewed/2025/12/GHSA-w2wx-g95c-8j7q/GHSA-w2wx-g95c-8j7q.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-w2wx-g95c-8j7q",
4+
"modified": "2025-12-07T09:30:18Z",
5+
"published": "2025-12-07T09:30:17Z",
6+
"aliases": [
7+
"CVE-2025-14186"
8+
],
9+
"details": "A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14186"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://drive.google.com/file/d/1rsskCaj4TwiaGG9_VYabjnKMP_zAry7L/view?usp=sharing"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.334606"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.334606"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.698650"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-74"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2025-12-07T08:15:46Z"
51+
}
52+
}

0 commit comments

Comments
 (0)