Publish Advisories

GHSA-4683-qx8f-q55q
GHSA-wmv2-2cpq-7wfr

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-4683-qx8f-q55q/GHSA-4683-qx8f-q55q.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4683-qx8f-q55q",
+  "modified": "2025-12-07T06:30:18Z",
+  "published": "2025-12-07T06:30:17Z",
+  "aliases": [
+    "CVE-2025-14184"
+  ],
+  "details": "A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14184"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334604"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334604"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698568"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698569"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698570"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/2b16cf4e528a80858abbf62b721a54b0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/2b16cf4e528a80f2ada9dc83651a4013"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T05:15:49Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-wmv2-2cpq-7wfr/GHSA-wmv2-2cpq-7wfr.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wmv2-2cpq-7wfr",
+  "modified": "2025-12-07T06:30:17Z",
+  "published": "2025-12-07T06:30:17Z",
+  "aliases": [
+    "CVE-2025-14185"
+  ],
+  "details": "A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14185"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/798xuezhiqian-collab/vuln01"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334605"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334605"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698601"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T05:15:59Z"
+  }
+}