Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 5660f08f133f · 2025-12-11T09:33:24.000Z
GHSA-m54p-35qp-m26h GHSA-2jwx-73fx-pwrv GHSA-2p5v-p767-wqv5 GHSA-628m-vf23-822j GHSA-cpx5-2q84-prc5 GHSA-gq3p-5rgr-j77q
diff --git a/advisories/unreviewed/2023/12/GHSA-m54p-35qp-m26h/GHSA-m54p-35qp-m26h.json b/advisories/unreviewed/2023/12/GHSA-m54p-35qp-m26h/GHSA-m54p-35qp-m26h.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m54p-35qp-m26h",
-  "modified": "2023-12-25T03:30:27Z",
+  "modified": "2025-12-11T09:31:25Z",
   "published": "2023-12-25T03:30:27Z",
   "aliases": [
     "CVE-2023-7096"
@@ -11,6 +11,10 @@
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
     }
   ],
   "affected": [],
@@ -19,6 +23,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7096"
     },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/Glunko/vulnerability/blob/main/Faculty-Management-System_sql.md"
@@ -30,10 +38,23 @@
     {
       "type": "WEB",
       "url": "https://vuldb.com/?id.248948"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.256818"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.703136"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.703137"
     }
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-74",
       "CWE-89"
     ],
     "severity": "MODERATE",
diff --git a/advisories/unreviewed/2025/12/GHSA-2jwx-73fx-pwrv/GHSA-2jwx-73fx-pwrv.json b/advisories/unreviewed/2025/12/GHSA-2jwx-73fx-pwrv/GHSA-2jwx-73fx-pwrv.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2jwx-73fx-pwrv",
+  "modified": "2025-12-11T09:31:25Z",
+  "published": "2025-12-11T09:31:25Z",
+  "aliases": [
+    "CVE-2025-12029"
+  ],
+  "details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious external scripts into the Swagger UI.\"",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12029"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hackerone.com/reports/3317485"
+    },
+    {
+      "type": "WEB",
+      "url": "https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/577975"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T08:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-2p5v-p767-wqv5/GHSA-2p5v-p767-wqv5.json b/advisories/unreviewed/2025/12/GHSA-2p5v-p767-wqv5/GHSA-2p5v-p767-wqv5.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2p5v-p767-wqv5",
+  "modified": "2025-12-11T09:31:25Z",
+  "published": "2025-12-11T09:31:25Z",
+  "aliases": [
+    "CVE-2025-14512"
+  ],
+  "details": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2025-14512"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-190"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T07:16:00Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-628m-vf23-822j/GHSA-628m-vf23-822j.json b/advisories/unreviewed/2025/12/GHSA-628m-vf23-822j/GHSA-628m-vf23-822j.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-628m-vf23-822j",
+  "modified": "2025-12-11T09:31:26Z",
+  "published": "2025-12-11T09:31:26Z",
+  "aliases": [
+    "CVE-2025-64701"
+  ],
+  "details": "QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may be accessed or altered, and arbitrary actions may be performed.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64701"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/jp/JVN40102375"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.qualitysoft.com/product/qnd_vulnerabilities_2025"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-268"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T09:15:49Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-cpx5-2q84-prc5/GHSA-cpx5-2q84-prc5.json b/advisories/unreviewed/2025/12/GHSA-cpx5-2q84-prc5/GHSA-cpx5-2q84-prc5.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cpx5-2q84-prc5",
+  "modified": "2025-12-11T09:31:26Z",
+  "published": "2025-12-11T09:31:26Z",
+  "aliases": [
+    "CVE-2025-12734"
+  ],
+  "details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to leak sensitive information from specifically crafted merge request titles.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12734"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hackerone.com/reports/3379381"
+    },
+    {
+      "type": "WEB",
+      "url": "https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/579573"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-116"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T08:15:51Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-gq3p-5rgr-j77q/GHSA-gq3p-5rgr-j77q.json b/advisories/unreviewed/2025/12/GHSA-gq3p-5rgr-j77q/GHSA-gq3p-5rgr-j77q.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gq3p-5rgr-j77q",
+  "modified": "2025-12-11T09:31:25Z",
+  "published": "2025-12-11T09:31:25Z",
+  "aliases": [
+    "CVE-2025-67738"
+  ],
+  "details": "squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able to authenticate to Webmin and has certain Cache Manager permissions (the \"cms\" security option).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67738"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/webmin/webmin/commit/1a52bf4d72f9da6d79250c66e51f41c6f5b880ee"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/webmin/webmin/compare/2.520...2.600"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-11T07:16:00Z"
+  }
+}
