Publish Advisories

GHSA-88w2-6722-q9jg
GHSA-hfpp-2q66-88fj
GHSA-j2f8-96fc-682m

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-88w2-6722-q9jg/GHSA-88w2-6722-q9jg.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-88w2-6722-q9jg",
+  "modified": "2025-11-09T00:30:26Z",
+  "published": "2025-11-09T00:30:26Z",
+  "aliases": [
+    "CVE-2025-12914"
+  ],
+  "details": "A vulnerability has been found in aaPanel BaoTa up to 11.1.0. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12914"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/coolcj-stack/BaoTa-Panel-Backstage-SQL-injection-vulnerability/blob/main/README.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.331632"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.331632"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.678237"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-08T22:15:41Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-hfpp-2q66-88fj/GHSA-hfpp-2q66-88fj.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hfpp-2q66-88fj",
+  "modified": "2025-11-09T00:30:26Z",
+  "published": "2025-11-09T00:30:26Z",
+  "aliases": [
+    "CVE-2025-12915"
+  ],
+  "details": "A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion. The attack requires a local approach. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12915"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/geo-chen/70mai/blob/main/README.md#finding-11-init-script-binary-hijack-persistence-vulnerability-in-70mai-x200-omni-dashcam"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.331633"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.331633"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.678285"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-73"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-08T23:15:48Z"
+  }
+}

advisories/unreviewed/2025/11/GHSA-j2f8-96fc-682m/GHSA-j2f8-96fc-682m.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j2f8-96fc-682m",
+  "modified": "2025-11-09T00:30:26Z",
+  "published": "2025-11-09T00:30:26Z",
+  "aliases": [
+    "CVE-2025-12916"
+  ],
+  "details": "A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.0.11 and 3.0.12 is recommended to address this issue. It is advisable to upgrade the affected component.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12916"
+    },
+    {
+      "type": "WEB",
+      "url": "https://h4cker.zip/post/fe0ada"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.331634"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.331634"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.678377"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-11-09T00:15:40Z"
+  }
+}