Skip to content

Commit c3f81c9

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-p8x2-9p55-jgpm GHSA-vrcj-vw2x-3wmp GHSA-xgmg-683w-vgfx
1 parent 3a4f105 commit c3f81c9

File tree

3 files changed

+164
-0
lines changed

3 files changed

+164
-0
lines changed

advisories/unreviewed/2025/12/GHSA-p8x2-9p55-jgpm/GHSA-p8x2-9p55-jgpm.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-p8x2-9p55-jgpm",
4+
"modified": "2025-12-08T00:30:12Z",
5+
"published": "2025-12-08T00:30:12Z",
6+
"aliases": [
7+
"CVE-2025-14204"
8+
],
9+
"details": "A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14204"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://lavender-bicycle-a5a.notion.site/TokyoTech-RCE-26153a41781f80b6a370d427a6d307f0"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.334647"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.334647"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.700182"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-77"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2025-12-07T23:15:50Z"
51+
}
52+
}

advisories/unreviewed/2025/12/GHSA-vrcj-vw2x-3wmp/GHSA-vrcj-vw2x-3wmp.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-vrcj-vw2x-3wmp",
4+
"modified": "2025-12-08T00:30:11Z",
5+
"published": "2025-12-08T00:30:11Z",
6+
"aliases": [
7+
"CVE-2025-14203"
8+
],
9+
"details": "A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14203"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/asd1238525/cve/blob/main/SQL17.md"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.334646"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.334646"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.700153"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-07T22:15:48Z"
55+
}
56+
}

advisories/unreviewed/2025/12/GHSA-xgmg-683w-vgfx/GHSA-xgmg-683w-vgfx.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-xgmg-683w-vgfx",
4+
"modified": "2025-12-08T00:30:12Z",
5+
"published": "2025-12-08T00:30:12Z",
6+
"aliases": [
7+
"CVE-2025-14205"
8+
],
9+
"details": "A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is an unknown function of the file /membership_profile.php of the component Your Info Handler. Performing manipulation of the argument Full Name/Address/City/State results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14205"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.334648"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.334648"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.700421"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.yuque.com/u42535181/pm5nde/ky49h1xg6si9d3m8#zdDXX"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-79"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-08T00:15:45Z"
55+
}
56+
}

0 commit comments

Comments
 (0)