Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 91979974e5db · 2025-12-07T15:31:41.000Z
GHSA-3r67-697r-3rfg GHSA-7mv9-562j-33vp GHSA-f9vv-rgcq-6jrv GHSA-j89c-6rjp-xxx9 GHSA-jx8c-5wrw-pprp GHSA-wmr8-wvmc-3q52
diff --git a/advisories/unreviewed/2025/12/GHSA-3r67-697r-3rfg/GHSA-3r67-697r-3rfg.json b/advisories/unreviewed/2025/12/GHSA-3r67-697r-3rfg/GHSA-3r67-697r-3rfg.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3r67-697r-3rfg",
+  "modified": "2025-12-07T15:30:26Z",
+  "published": "2025-12-07T15:30:26Z",
+  "aliases": [
+    "CVE-2025-14193"
+  ],
+  "details": "A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /view_personnel.php. Executing manipulation of the argument per_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14193"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/shenxianyuguitian/employee-management-SQL"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334613"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334613"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699245"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T14:15:47Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-7mv9-562j-33vp/GHSA-7mv9-562j-33vp.json b/advisories/unreviewed/2025/12/GHSA-7mv9-562j-33vp/GHSA-7mv9-562j-33vp.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7mv9-562j-33vp",
+  "modified": "2025-12-07T15:30:26Z",
+  "published": "2025-12-07T15:30:26Z",
+  "aliases": [
+    "CVE-2025-14191"
+  ],
+  "details": "A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formP2PLimitConfig. Such manipulation of the argument except leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14191"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/DavCloudz/cve/blob/main/UTT/512W/UTT%20512W%20Buffer%20Overflow%20Vulnerability.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/DavCloudz/cve/blob/main/UTT/512W/UTT%20512W%20Buffer%20Overflow%20Vulnerability.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334611"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334611"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699220"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T13:15:59Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-f9vv-rgcq-6jrv/GHSA-f9vv-rgcq-6jrv.json b/advisories/unreviewed/2025/12/GHSA-f9vv-rgcq-6jrv/GHSA-f9vv-rgcq-6jrv.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f9vv-rgcq-6jrv",
+  "modified": "2025-12-07T15:30:26Z",
+  "published": "2025-12-07T15:30:26Z",
+  "aliases": [
+    "CVE-2025-14190"
+  ],
+  "details": "A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14190"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/hacker-routing/Changjetong-T-/issues/1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/hacker-routing/Changjetong-T-/issues/1#issue-3646765351"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334610"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334610"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699144"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T13:15:58Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-j89c-6rjp-xxx9/GHSA-j89c-6rjp-xxx9.json b/advisories/unreviewed/2025/12/GHSA-j89c-6rjp-xxx9/GHSA-j89c-6rjp-xxx9.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j89c-6rjp-xxx9",
+  "modified": "2025-12-07T15:30:26Z",
+  "published": "2025-12-07T15:30:26Z",
+  "aliases": [
+    "CVE-2025-14192"
+  ],
+  "details": "A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/auth_login.php. Performing manipulation of the argument Username results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14192"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/BrillBigbang/hole-gap/blob/main/online-banking-have-sql.docx"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334612"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334612"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699237"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T14:15:46Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-jx8c-5wrw-pprp/GHSA-jx8c-5wrw-pprp.json b/advisories/unreviewed/2025/12/GHSA-jx8c-5wrw-pprp/GHSA-jx8c-5wrw-pprp.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jx8c-5wrw-pprp",
+  "modified": "2025-12-07T15:30:26Z",
+  "published": "2025-12-07T15:30:26Z",
+  "aliases": [
+    "CVE-2025-14194"
+  ],
+  "details": "A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument per_address/dr_school/other_school leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14194"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/shenxianyuguitian/employee-management-XSS"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334614"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334614"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699246"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T15:15:46Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/12/GHSA-wmr8-wvmc-3q52/GHSA-wmr8-wvmc-3q52.json b/advisories/unreviewed/2025/12/GHSA-wmr8-wvmc-3q52/GHSA-wmr8-wvmc-3q52.json
@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wmr8-wvmc-3q52",
+  "modified": "2025-12-07T15:30:26Z",
+  "published": "2025-12-07T15:30:26Z",
+  "aliases": [
+    "CVE-2025-14195"
+  ],
+  "details": "A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argument per_file results in unrestricted upload. The attack may be launched remotely. The exploit has been released to the public and may be exploited.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14195"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/shenxianyuguitian/employee-management-UFU"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.334615"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.334615"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.699247"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-07T15:15:47Z"
+  }
+}
