github
diff --git a/‎advisories/unreviewed/2025/12/GHSA-29qw-ccch-hcg3/GHSA-29qw-ccch-hcg3.json‎
Lines changed: 60 additions & 0 deletions b/‎advisories/unreviewed/2025/12/GHSA-29qw-ccch-hcg3/GHSA-29qw-ccch-hcg3.json‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/12/GHSA-37xp-g99p-rjh7/GHSA-37xp-g99p-rjh7.json‎
Lines changed: 64 additions & 0 deletions b/‎advisories/unreviewed/2025/12/GHSA-37xp-g99p-rjh7/GHSA-37xp-g99p-rjh7.json‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/12/GHSA-5vq3-62fq-x6vj/GHSA-5vq3-62fq-x6vj.json‎
Lines changed: 56 additions & 0 deletions b/‎advisories/unreviewed/2025/12/GHSA-5vq3-62fq-x6vj/GHSA-5vq3-62fq-x6vj.json‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/12/GHSA-7j2x-pfr2-m22p/GHSA-7j2x-pfr2-m22p.json‎
Lines changed: 40 additions & 0 deletions b/‎advisories/unreviewed/2025/12/GHSA-7j2x-pfr2-m22p/GHSA-7j2x-pfr2-m22p.json‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/12/GHSA-87pr-jc7p-jpc4/GHSA-87pr-jc7p-jpc4.json‎
Lines changed: 48 additions & 0 deletions b/‎advisories/unreviewed/2025/12/GHSA-87pr-jc7p-jpc4/GHSA-87pr-jc7p-jpc4.json‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/12/GHSA-f39m-23x8-34jr/GHSA-f39m-23x8-34jr.json‎
Lines changed: 60 additions & 0 deletions b/‎advisories/unreviewed/2025/12/GHSA-f39m-23x8-34jr/GHSA-f39m-23x8-34jr.json‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/12/GHSA-fcq9-xmgf-q7q3/GHSA-fcq9-xmgf-q7q3.json‎
Lines changed: 56 additions & 0 deletions b/‎advisories/unreviewed/2025/12/GHSA-fcq9-xmgf-q7q3/GHSA-fcq9-xmgf-q7q3.json‎
Lines changed: 56 additions & 0 deletions
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-29qw-ccch-hcg3",
+  "modified": "2025-12-21T06:31:12Z",
+  "published": "2025-12-21T06:31:12Z",
+  "aliases": [
+    "CVE-2025-14993"
+  ],
+  "details": "A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14993"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_AC18/SetDlnaCfg/SetDlnaCfg.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_AC18/SetDlnaCfg/SetDlnaCfg.md#reproduce"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.337687"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.337687"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.719084"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-21T05:16:05Z"
+  }
+}
@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-37xp-g99p-rjh7",
+  "modified": "2025-12-21T06:31:10Z",
+  "published": "2025-12-21T06:31:10Z",
+  "aliases": [
+    "CVE-2025-13220"
+  ],
+  "details": "The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode attributes in all versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13220"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L525"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L542"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L558"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L591"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L625"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-shortcodes.php#L67"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3421362%40ultimate-member&new=3421362%40ultimate-member&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4c06548-238d-4b75-8f20-d7de6fc21539?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-21T04:16:04Z"
+  }
+}
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5vq3-62fq-x6vj",
+  "modified": "2025-12-21T06:31:10Z",
+  "published": "2025-12-21T06:31:10Z",
+  "aliases": [
+    "CVE-2025-12654"
+  ],
+  "details": "The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories that can be created, or in what location. This makes it possible for authenticated attackers, with Administrator-level access and above, to create arbitrary directories.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12654"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.120/includes/staging/class-wpvivid-staging.php#L1535"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.120/includes/staging/class-wpvivid-staging.php#L1568"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.120/includes/staging/class-wpvivid-staging.php#L1571"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3397673%40wpvivid-backuprestore&new=3397673%40wpvivid-backuprestore&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://wordpress.org/plugins/wpvivid-backuprestore"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/662aa8dd-69b7-49e3-811c-04329544e106?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-73"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-21T04:16:04Z"
+  }
+}
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7j2x-pfr2-m22p",
+  "modified": "2025-12-21T06:31:10Z",
+  "published": "2025-12-21T06:31:10Z",
+  "aliases": [
+    "CVE-2025-12398"
+  ],
+  "details": "The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_key' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12398"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3420662%40woo-product-table&new=3420662%40woo-product-table&sfp_email=&sfph_mail="
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35790e70-6e96-4ffe-9d4e-828dd649e8c0?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-21T04:16:03Z"
+  }
+}
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-87pr-jc7p-jpc4",
+  "modified": "2025-12-21T06:31:10Z",
+  "published": "2025-12-21T06:31:10Z",
+  "aliases": [
+    "CVE-2025-13361"
+  ],
+  "details": "The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13361"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/web-to-sugarcrm-lead/tags/1.0.0/wpscl-admin-functions.php#L496"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/web-to-sugarcrm-lead/trunk/wpscl-admin-functions.php#L496"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3423497%40web-to-sugarcrm-lead&new=3423497%40web-to-sugarcrm-lead"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7c54b5d-ad73-44f1-afdb-01136ec0b9ae?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-21T04:16:04Z"
+  }
+}
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f39m-23x8-34jr",
+  "modified": "2025-12-21T06:31:11Z",
+  "published": "2025-12-21T06:31:11Z",
+  "aliases": [
+    "CVE-2025-14992"
+  ],
+  "details": "A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14992"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_AC18/GetParentControlInfo/GetParentControlInfo.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_AC18/GetParentControlInfo/GetParentControlInfo.md#reproduce"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.337686"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.337686"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.719073"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-21T04:16:05Z"
+  }
+}
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fcq9-xmgf-q7q3",
+  "modified": "2025-12-21T06:31:11Z",
+  "published": "2025-12-21T06:31:11Z",
+  "aliases": [
+    "CVE-2025-14991"
+  ],
+  "details": "A weakness has been identified in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/bwdates-reports-details.php. Executing manipulation of the argument fromdate can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14991"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/funnnxxx/my-cve/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.337685"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.337685"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.718458"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.campcodes.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-21T04:16:04Z"
+  }
+}