Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 479378d7cf7f · 2025-12-01T03:32:11.000Z
GHSA-6w73-x38p-26g5 GHSA-3rcp-jp25-8fmh GHSA-5w96-gg7w-f8mg GHSA-8444-jvgr-g6c6 GHSA-fhwr-fq2h-xgvf GHSA-g9g9-xhr4-m69q GHSA-jx6r-j78m-pjfg GHSA-r59j-vrhf-mp7x
diff --git a/advisories/unreviewed/2025/10/GHSA-6w73-x38p-26g5/GHSA-6w73-x38p-26g5.json b/advisories/unreviewed/2025/10/GHSA-6w73-x38p-26g5/GHSA-6w73-x38p-26g5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6w73-x38p-26g5",
-  "modified": "2025-11-27T03:30:25Z",
+  "modified": "2025-12-01T03:30:25Z",
   "published": "2025-10-22T15:31:09Z",
   "aliases": [
     "CVE-2025-11411"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00008.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00032.html"
+    },
     {
       "type": "WEB",
       "url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt"
diff --git a/advisories/unreviewed/2025/12/GHSA-3rcp-jp25-8fmh/GHSA-3rcp-jp25-8fmh.json b/advisories/unreviewed/2025/12/GHSA-3rcp-jp25-8fmh/GHSA-3rcp-jp25-8fmh.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3rcp-jp25-8fmh",
+  "modified": "2025-12-01T03:30:27Z",
+  "published": "2025-12-01T03:30:27Z",
+  "aliases": [
+    "CVE-2025-13803"
+  ],
+  "details": "A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be launched remotely.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13803"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/lakshayyverma/CVE-Discovery/blob/main/mediacrush.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333813"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333813"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.691857"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-644"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T03:15:46Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-5w96-gg7w-f8mg/GHSA-5w96-gg7w-f8mg.json b/advisories/unreviewed/2025/12/GHSA-5w96-gg7w-f8mg/GHSA-5w96-gg7w-f8mg.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5w96-gg7w-f8mg",
+  "modified": "2025-12-01T03:30:26Z",
+  "published": "2025-12-01T03:30:26Z",
+  "aliases": [
+    "CVE-2025-64772"
+  ],
+  "details": "The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64772"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN28247549"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.sony.com/electronics/support/others-software/inzone-hub"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-427"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T01:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-8444-jvgr-g6c6/GHSA-8444-jvgr-g6c6.json b/advisories/unreviewed/2025/12/GHSA-8444-jvgr-g6c6/GHSA-8444-jvgr-g6c6.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8444-jvgr-g6c6",
+  "modified": "2025-12-01T03:30:26Z",
+  "published": "2025-12-01T03:30:26Z",
+  "aliases": [
+    "CVE-2025-13798"
+  ],
+  "details": "A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13798"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333809"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333809"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.691841"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/2a60c75766a8805a8973d2ff6a6bcb26"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T01:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-fhwr-fq2h-xgvf/GHSA-fhwr-fq2h-xgvf.json b/advisories/unreviewed/2025/12/GHSA-fhwr-fq2h-xgvf/GHSA-fhwr-fq2h-xgvf.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fhwr-fq2h-xgvf",
+  "modified": "2025-12-01T03:30:26Z",
+  "published": "2025-12-01T03:30:26Z",
+  "aliases": [
+    "CVE-2025-13799"
+  ],
+  "details": "A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13799"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333810"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333810"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.691842"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/2a60c75766a8801e8e4bdd3be8072d9d"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T01:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-g9g9-xhr4-m69q/GHSA-g9g9-xhr4-m69q.json b/advisories/unreviewed/2025/12/GHSA-g9g9-xhr4-m69q/GHSA-g9g9-xhr4-m69q.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-g9g9-xhr4-m69q",
+  "modified": "2025-12-01T03:30:27Z",
+  "published": "2025-12-01T03:30:27Z",
+  "aliases": [
+    "CVE-2025-13802"
+  ],
+  "details": "A vulnerability was determined in jairiidriss RestaurantWebsite up to e7911f12d035e8e2f9a75e7a28b59e4ef5c1d654. Impacted is an unknown function of the component Make a Reservation. This manipulation of the argument selected_date causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13802"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/dream357/report/blob/main/restaurant-website-report.docx"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333812"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333812"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.691839"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T03:15:46Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-jx6r-j78m-pjfg/GHSA-jx6r-j78m-pjfg.json b/advisories/unreviewed/2025/12/GHSA-jx6r-j78m-pjfg/GHSA-jx6r-j78m-pjfg.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jx6r-j78m-pjfg",
+  "modified": "2025-12-01T03:30:26Z",
+  "published": "2025-12-01T03:30:26Z",
+  "aliases": [
+    "CVE-2025-13800"
+  ],
+  "details": "A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13800"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333811"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333811"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.691942"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/2a70c75766a88023aa0ed833ff0239e1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T02:15:45Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-r59j-vrhf-mp7x/GHSA-r59j-vrhf-mp7x.json b/advisories/unreviewed/2025/12/GHSA-r59j-vrhf-mp7x/GHSA-r59j-vrhf-mp7x.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r59j-vrhf-mp7x",
+  "modified": "2025-12-01T03:30:25Z",
+  "published": "2025-12-01T03:30:25Z",
+  "aliases": [
+    "CVE-2025-13797"
+  ],
+  "details": "A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdel_swifimac of the file /send_order.cgi. Performing manipulation of the argument del_swifimac results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13797"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.333808"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.333808"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.691838"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/2a60c75766a88027a6aec07b378332a8"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-01T01:16:00Z"
+  }
+}
