Publish Advisories

GHSA-49f8-xpw4-j5hh
GHSA-gphh-v52r-j3fw

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-49f8-xpw4-j5hh/GHSA-49f8-xpw4-j5hh.json

@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-49f8-xpw4-j5hh",
+  "modified": "2025-12-07T03:30:54Z",
+  "published": "2025-12-07T03:30:54Z",
+  "aliases": [
+    "CVE-2025-14183"
+  ],
+  "details": "A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14183"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334603"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334603"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698566"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698567"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/2b16cf4e528a8000b30bd543247fa1bd"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.notion.so/2b16cf4e528a80859264db63f2340d7a"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T03:15:59Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-gphh-v52r-j3fw/GHSA-gphh-v52r-j3fw.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-gphh-v52r-j3fw",
+  "modified": "2025-12-07T03:30:54Z",
+  "published": "2025-12-07T03:30:54Z",
+  "aliases": [
+    "CVE-2025-14182"
+  ],
+  "details": "A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14182"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/hacker-routing/cve/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334602"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334602"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.698561"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T03:15:58Z"
+  }
+}