Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit c6ca45b852e2 · 2025-12-14T18:33:03.000Z
GHSA-3f8c-8h8v-p54h GHSA-52cp-m58w-wp9x GHSA-56fg-4g9q-9hgx GHSA-77vm-wwqh-qv39 GHSA-pw2x-h8g7-9fgp GHSA-rw74-fqrf-pr2q
diff --git a/advisories/unreviewed/2025/12/GHSA-3f8c-8h8v-p54h/GHSA-3f8c-8h8v-p54h.json b/advisories/unreviewed/2025/12/GHSA-3f8c-8h8v-p54h/GHSA-3f8c-8h8v-p54h.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3f8c-8h8v-p54h",
+  "modified": "2025-12-14T18:31:30Z",
+  "published": "2025-12-14T18:31:30Z",
+  "aliases": [
+    "CVE-2025-14674"
+  ],
+  "details": "A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in injection. The attack can be launched remotely. Upgrading to version 1.7.0-beta1 addresses this issue. The patch is identified as 978f316c38b3d68bb74d2489b5e5f721f6675e86. The affected component should be upgraded.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14674"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/aizuda/snail-job/commit/978f316c38b3d68bb74d2489b5e5f721f6675e86"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/aizuda/snail-job/issues/ICNUG0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/aizuda/snail-job/issues/ICNUG0#note_44321424_link"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/aizuda/snail-job/releases/tag/vsj1.7.0-beta1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.336403"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.336403"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-14T18:15:43Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-52cp-m58w-wp9x/GHSA-52cp-m58w-wp9x.json b/advisories/unreviewed/2025/12/GHSA-52cp-m58w-wp9x/GHSA-52cp-m58w-wp9x.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-52cp-m58w-wp9x",
+  "modified": "2025-12-14T18:31:30Z",
+  "published": "2025-12-14T18:31:30Z",
+  "aliases": [
+    "CVE-2025-14672"
+  ],
+  "details": "A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing manipulation can lead to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14672"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/gmg137/snap7-rs/issues/ID2H8E"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.336401"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.336401"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-14T17:15:39Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-56fg-4g9q-9hgx/GHSA-56fg-4g9q-9hgx.json b/advisories/unreviewed/2025/12/GHSA-56fg-4g9q-9hgx/GHSA-56fg-4g9q-9hgx.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-56fg-4g9q-9hgx",
+  "modified": "2025-12-14T18:31:30Z",
+  "published": "2025-12-14T18:31:30Z",
+  "aliases": [
+    "CVE-2025-14667"
+  ],
+  "details": "A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=system_info. Such manipulation of the argument meta_value leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14667"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/bardminx/Lonlydance/issues/3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.336399"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.336399"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.714805"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-14T16:15:37Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-77vm-wwqh-qv39/GHSA-77vm-wwqh-qv39.json b/advisories/unreviewed/2025/12/GHSA-77vm-wwqh-qv39/GHSA-77vm-wwqh-qv39.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-77vm-wwqh-qv39",
+  "modified": "2025-12-14T18:31:30Z",
+  "published": "2025-12-14T18:31:29Z",
+  "aliases": [
+    "CVE-2025-14666"
+  ],
+  "details": "A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14666"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/bardminx/Lonlydance/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.336398"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.336398"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.714786"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-14T16:15:37Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-pw2x-h8g7-9fgp/GHSA-pw2x-h8g7-9fgp.json b/advisories/unreviewed/2025/12/GHSA-pw2x-h8g7-9fgp/GHSA-pw2x-h8g7-9fgp.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-pw2x-h8g7-9fgp",
+  "modified": "2025-12-14T18:31:30Z",
+  "published": "2025-12-14T18:31:30Z",
+  "aliases": [
+    "CVE-2025-14668"
+  ],
+  "details": "A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14668"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/gravity123123/CVE/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.336400"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.336400"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.714806"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.campcodes.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-14T17:15:39Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-rw74-fqrf-pr2q/GHSA-rw74-fqrf-pr2q.json b/advisories/unreviewed/2025/12/GHSA-rw74-fqrf-pr2q/GHSA-rw74-fqrf-pr2q.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-rw74-fqrf-pr2q",
+  "modified": "2025-12-14T18:31:30Z",
+  "published": "2025-12-14T18:31:30Z",
+  "aliases": [
+    "CVE-2025-14673"
+  ],
+  "details": "A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14673"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/gmg137/snap7-rs/issues/ID2H74"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.336402"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.336402"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-14T18:15:43Z"
+  }
+}
