Publish Advisories

GHSA-4r9v-pqh7-jq6c
GHSA-49pm-cgmh-hw25
GHSA-892r-x96w-jh76
GHSA-h4r4-6hvf-34r8
GHSA-3424-mxvj-pcgx
GHSA-3w23-97r5-6593
GHSA-7h57-mj3h-9r35
GHSA-f5r8-q623-6xj2
GHSA-grvc-rfhw-m5cf
GHSA-vf3v-g8q7-mh8x
GHSA-wmh3-mm6h-qc24

Author: advisory-database[bot]

advisories/unreviewed/2025/08/GHSA-4r9v-pqh7-jq6c/GHSA-4r9v-pqh7-jq6c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4r9v-pqh7-jq6c",
-  "modified": "2025-08-04T18:30:37Z",
+  "modified": "2025-11-03T09:30:38Z",
   "published": "2025-08-04T18:30:36Z",
   "aliases": [
     "CVE-2025-8516"
@@ -23,6 +23,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8516"
     },
+    {
+      "type": "WEB",
+      "url": "https://vip.kingdee.com/link/s/ZgAmJ"
+    },
     {
       "type": "WEB",
       "url": "https://vuldb.com/?ctiid.318642"
@@ -35,6 +39,10 @@
       "type": "WEB",
       "url": "https://vuldb.com/?submit.573678"
     },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.601912"
+    },
     {
       "type": "WEB",
       "url": "https://wx.mail.qq.com/s?k=hk3Fixc6Z1cKMI9rge"

advisories/unreviewed/2025/10/GHSA-49pm-cgmh-hw25/GHSA-49pm-cgmh-hw25.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-49pm-cgmh-hw25",
-  "modified": "2025-10-30T06:30:54Z",
+  "modified": "2025-11-03T09:30:38Z",
   "published": "2025-10-30T06:30:53Z",
   "aliases": [
     "CVE-2025-62229"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62229"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19434"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62229"

advisories/unreviewed/2025/10/GHSA-892r-x96w-jh76/GHSA-892r-x96w-jh76.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-892r-x96w-jh76",
-  "modified": "2025-10-30T06:30:54Z",
+  "modified": "2025-11-03T09:30:38Z",
   "published": "2025-10-30T06:30:54Z",
   "aliases": [
     "CVE-2025-62230"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62230"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19434"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62230"

advisories/unreviewed/2025/10/GHSA-h4r4-6hvf-34r8/GHSA-h4r4-6hvf-34r8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h4r4-6hvf-34r8",
-  "modified": "2025-10-30T06:30:53Z",
+  "modified": "2025-11-03T09:30:38Z",
   "published": "2025-10-30T06:30:53Z",
   "aliases": [
     "CVE-2025-62231"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62231"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:19434"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-62231"

advisories/unreviewed/2025/11/GHSA-3424-mxvj-pcgx/GHSA-3424-mxvj-pcgx.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3424-mxvj-pcgx",
+  "modified": "2025-11-03T09:30:38Z",
+  "published": "2025-11-03T09:30:38Z",
+  "aliases": [
+    "CVE-2025-48396"
+  ],
+  "details": "Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48396"
+    },
+    {
+      "type": "WEB",
+      "url": "https://https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1021.pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-434"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-03T08:15:34Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-3w23-97r5-6593/GHSA-3w23-97r5-6593.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3w23-97r5-6593",
+  "modified": "2025-11-03T09:30:38Z",
+  "published": "2025-11-03T09:30:38Z",
+  "aliases": [
+    "CVE-2025-12622"
+  ],
+  "details": "A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12622"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pan.baidu.com/s/1Jl1zy5niigg1XYm8ZCh_Lg"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.330914"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.330914"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.678889"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.yuque.com/ba1ma0-an29k/nnxoap/rg8eug0zk8ep3zne?singleDoc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-03T08:15:33Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-7h57-mj3h-9r35/GHSA-7h57-mj3h-9r35.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7h57-mj3h-9r35",
+  "modified": "2025-11-03T09:30:38Z",
+  "published": "2025-11-03T09:30:38Z",
+  "aliases": [
+    "CVE-2025-12623"
+  ],
+  "details": "A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component Authentication Token Handler. Such manipulation leads to authorization bypass. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitation is known to be difficult. The exploit is publicly available and might be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12623"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/fushengqian/fuint/issues/67"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.330915"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.330915"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.678911"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-285"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-03T08:15:33Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-f5r8-q623-6xj2/GHSA-f5r8-q623-6xj2.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f5r8-q623-6xj2",
+  "modified": "2025-11-03T09:30:38Z",
+  "published": "2025-11-03T09:30:38Z",
+  "aliases": [
+    "CVE-2025-12503"
+  ],
+  "details": "EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12503"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/en/cp-139-10476-c8448-2.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.twcert.org.tw/tw/cp-132-10475-01c6d-1.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-03T07:15:41Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-grvc-rfhw-m5cf/GHSA-grvc-rfhw-m5cf.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-grvc-rfhw-m5cf",
+  "modified": "2025-11-03T09:30:38Z",
+  "published": "2025-11-03T09:30:38Z",
+  "aliases": [
+    "CVE-2025-48397"
+  ],
+  "details": "The privileged user could log in without sufficient credentials after enabling an application protocol.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48397"
+    },
+    {
+      "type": "WEB",
+      "url": "https://https://https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1030.pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-03T09:15:46Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-vf3v-g8q7-mh8x/GHSA-vf3v-g8q7-mh8x.json

@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vf3v-g8q7-mh8x",
+  "modified": "2025-11-03T09:30:38Z",
+  "published": "2025-11-03T09:30:38Z",
+  "aliases": [
+    "CVE-2025-12619"
+  ],
+  "details": "A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12619"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pan.baidu.com/s/1N5pzWOYFGl7KGuh9yjlDHg"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.330913"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.330913"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.678888"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.yuque.com/ba1ma0-an29k/nnxoap/tzg68iadbmqx6esm?singleDoc"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-03T07:15:43Z"
+  }
+}