Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 3a4f1059ea84 · 2025-12-07T18:32:39.000Z
GHSA-423v-7q98-2mj3 GHSA-23pm-7qvj-mjmc GHSA-fp2q-4h72-pcjp GHSA-g3h4-h85m-jqvx GHSA-rmhj-6jmw-2pxq GHSA-wghp-x8f8-p2w5 GHSA-x8w5-83w4-56jr
diff --git a/advisories/unreviewed/2025/11/GHSA-423v-7q98-2mj3/GHSA-423v-7q98-2mj3.json b/advisories/unreviewed/2025/11/GHSA-423v-7q98-2mj3/GHSA-423v-7q98-2mj3.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-423v-7q98-2mj3",
-  "modified": "2025-11-24T06:31:25Z",
+  "modified": "2025-12-07T18:31:16Z",
   "published": "2025-11-24T06:31:25Z",
   "aliases": [
     "CVE-2025-13585"
@@ -31,6 +31,10 @@
       "type": "WEB",
       "url": "https://code-projects.org"
     },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.333349"
@@ -42,6 +46,10 @@
     {
       "type": "WEB",
       "url": "https://vuldb.com/?submit.699840"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.701229"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2025/12/GHSA-23pm-7qvj-mjmc/GHSA-23pm-7qvj-mjmc.json b/advisories/unreviewed/2025/12/GHSA-23pm-7qvj-mjmc/GHSA-23pm-7qvj-mjmc.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-23pm-7qvj-mjmc",
+  "modified": "2025-12-07T18:31:16Z",
+  "published": "2025-12-07T18:31:16Z",
+  "aliases": [
+    "CVE-2025-14198"
+  ],
+  "details": "A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14198"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jjjjj-zr/jjjjjzr/issues/7"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334618"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334618"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699533"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T17:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-fp2q-4h72-pcjp/GHSA-fp2q-4h72-pcjp.json b/advisories/unreviewed/2025/12/GHSA-fp2q-4h72-pcjp/GHSA-fp2q-4h72-pcjp.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fp2q-4h72-pcjp",
+  "modified": "2025-12-07T18:31:16Z",
+  "published": "2025-12-07T18:31:16Z",
+  "aliases": [
+    "CVE-2025-14197"
+  ],
+  "details": "A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14197"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jjjjj-zr/jjjjjzr/issues/6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jjjjj-zr/jjjjjzr/issues/8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334617"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334617"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699498"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699537"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T16:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-g3h4-h85m-jqvx/GHSA-g3h4-h85m-jqvx.json b/advisories/unreviewed/2025/12/GHSA-g3h4-h85m-jqvx/GHSA-g3h4-h85m-jqvx.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g3h4-h85m-jqvx",
+  "modified": "2025-12-07T18:31:17Z",
+  "published": "2025-12-07T18:31:17Z",
+  "aliases": [
+    "CVE-2025-14201"
+  ],
+  "details": "A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14201"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Yh276/h0202/blob/main/Hotel-Management-services-using-MYSQL-and-php%20web%201%20xxs.docx"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334621"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334621"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699994"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T18:16:02Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-rmhj-6jmw-2pxq/GHSA-rmhj-6jmw-2pxq.json b/advisories/unreviewed/2025/12/GHSA-rmhj-6jmw-2pxq/GHSA-rmhj-6jmw-2pxq.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rmhj-6jmw-2pxq",
+  "modified": "2025-12-07T18:31:16Z",
+  "published": "2025-12-07T18:31:16Z",
+  "aliases": [
+    "CVE-2025-14200"
+  ],
+  "details": "A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14200"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Yh276/h0202/blob/main/Hotel-Management-services-using-MYSQL-and-php%20web%202xxs.docx"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334620"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334620"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699993"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T18:16:01Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-wghp-x8f8-p2w5/GHSA-wghp-x8f8-p2w5.json b/advisories/unreviewed/2025/12/GHSA-wghp-x8f8-p2w5/GHSA-wghp-x8f8-p2w5.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wghp-x8f8-p2w5",
+  "modified": "2025-12-07T18:31:16Z",
+  "published": "2025-12-07T18:31:16Z",
+  "aliases": [
+    "CVE-2025-14199"
+  ],
+  "details": "A flaw has been found in Verysync 微力同步 up to 2.21.3. This impacts an unknown function of the file /rest/f/api/resources/f96956469e7be39d/tmp/text.txt?override=false of the component Web Administration Module. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14199"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jjjjj-zr/jjjjjzr/issues/10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334619"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334619"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699539"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T17:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-x8w5-83w4-56jr/GHSA-x8w5-83w4-56jr.json b/advisories/unreviewed/2025/12/GHSA-x8w5-83w4-56jr/GHSA-x8w5-83w4-56jr.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x8w5-83w4-56jr",
+  "modified": "2025-12-07T18:31:16Z",
+  "published": "2025-12-07T18:31:16Z",
+  "aliases": [
+    "CVE-2025-14196"
+  ],
+  "details": "A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14196"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lin-3-start/lin-cve/blob/main/H3C%20Magic%20B1/H3C%20Magic%20B1.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lin-3-start/lin-cve/blob/main/H3C%20Magic%20B1/H3C%20Magic%20B1.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334616"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334616"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699387"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T16:15:47Z"
+  }
+}
