Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 14964a3f0f1f · 2026-04-18T06:31:52.000Z
GHSA-24g2-fgx6-x4g7 GHSA-8rxc-fxqr-8jx3 GHSA-f28j-gx5r-p78j GHSA-g37f-4r6m-qg8m GHSA-mwg5-3pp3-6h5w GHSA-pqvv-q69f-46xj GHSA-q5mc-rx2x-2mqv GHSA-qvmh-94p6-pp46 GHSA-5pgv-4jf4-9r43 GHSA-7m2j-268v-rc6r GHSA-c9qp-qc83-7rwj GHSA-cwq2-35x4-44pq GHSA-g88c-8gfj-6c98 GHSA-vf7g-wm62-vfxh
diff --git a/advisories/unreviewed/2026/03/GHSA-24g2-fgx6-x4g7/GHSA-24g2-fgx6-x4g7.json b/advisories/unreviewed/2026/03/GHSA-24g2-fgx6-x4g7/GHSA-24g2-fgx6-x4g7.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-24g2-fgx6-x4g7",
-  "modified": "2026-03-23T12:30:29Z",
+  "modified": "2026-04-18T06:30:14Z",
   "published": "2026-03-23T12:30:29Z",
   "aliases": [
     "CVE-2026-4581"
@@ -42,6 +42,18 @@
     {
       "type": "WEB",
       "url": "https://vuldb.com/?submit.775211"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/775211"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352418"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352418/cti"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2026/03/GHSA-8rxc-fxqr-8jx3/GHSA-8rxc-fxqr-8jx3.json b/advisories/unreviewed/2026/03/GHSA-8rxc-fxqr-8jx3/GHSA-8rxc-fxqr-8jx3.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8rxc-fxqr-8jx3",
-  "modified": "2026-03-23T21:30:52Z",
+  "modified": "2026-04-18T06:30:14Z",
   "published": "2026-03-23T21:30:52Z",
   "aliases": [
     "CVE-2026-4597"
@@ -38,6 +38,22 @@
     {
       "type": "WEB",
       "url": "https://vuldb.com/?submit.775635"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/775635"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/780377"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352435"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352435/cti"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2026/03/GHSA-f28j-gx5r-p78j/GHSA-f28j-gx5r-p78j.json b/advisories/unreviewed/2026/03/GHSA-f28j-gx5r-p78j/GHSA-f28j-gx5r-p78j.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f28j-gx5r-p78j",
-  "modified": "2026-03-23T15:30:45Z",
+  "modified": "2026-04-18T06:30:14Z",
   "published": "2026-03-23T15:30:45Z",
   "aliases": [
     "CVE-2026-4589"
@@ -35,6 +35,18 @@
       "type": "WEB",
       "url": "https://vuldb.com/?submit.775467"
     },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/775467"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352425"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352425/cti"
+    },
     {
       "type": "WEB",
       "url": "https://vulnplus-note.wetolink.com/share/UTZQq38f9VyI"
diff --git a/advisories/unreviewed/2026/03/GHSA-g37f-4r6m-qg8m/GHSA-g37f-4r6m-qg8m.json b/advisories/unreviewed/2026/03/GHSA-g37f-4r6m-qg8m/GHSA-g37f-4r6m-qg8m.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g37f-4r6m-qg8m",
-  "modified": "2026-03-22T09:30:27Z",
+  "modified": "2026-04-18T06:30:13Z",
   "published": "2026-03-22T09:30:27Z",
   "aliases": [
     "CVE-2026-4541"
@@ -58,6 +58,18 @@
     {
       "type": "WEB",
       "url": "https://vuldb.com/?submit.774687"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/774687"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352358"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352358/cti"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2026/03/GHSA-mwg5-3pp3-6h5w/GHSA-mwg5-3pp3-6h5w.json b/advisories/unreviewed/2026/03/GHSA-mwg5-3pp3-6h5w/GHSA-mwg5-3pp3-6h5w.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mwg5-3pp3-6h5w",
-  "modified": "2026-03-22T09:30:27Z",
+  "modified": "2026-04-18T06:30:13Z",
   "published": "2026-03-22T09:30:27Z",
   "aliases": [
     "CVE-2026-4542"
@@ -35,6 +35,18 @@
       "type": "WEB",
       "url": "https://vuldb.com/?submit.774689"
     },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/774689"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352359"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352359/cti"
+    },
     {
       "type": "WEB",
       "url": "https://www.yuque.com/la12138/pa2fpb/vlyutc51eb7vhwaz?singleDoc"
diff --git a/advisories/unreviewed/2026/03/GHSA-pqvv-q69f-46xj/GHSA-pqvv-q69f-46xj.json b/advisories/unreviewed/2026/03/GHSA-pqvv-q69f-46xj/GHSA-pqvv-q69f-46xj.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pqvv-q69f-46xj",
-  "modified": "2026-03-23T03:31:40Z",
+  "modified": "2026-04-18T06:30:13Z",
   "published": "2026-03-23T03:31:40Z",
   "aliases": [
     "CVE-2026-4568"
@@ -39,6 +39,18 @@
       "type": "WEB",
       "url": "https://vuldb.com/?submit.775161"
     },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/775161"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352405"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352405/cti"
+    },
     {
       "type": "WEB",
       "url": "https://www.sourcecodester.com"
diff --git a/advisories/unreviewed/2026/03/GHSA-q5mc-rx2x-2mqv/GHSA-q5mc-rx2x-2mqv.json b/advisories/unreviewed/2026/03/GHSA-q5mc-rx2x-2mqv/GHSA-q5mc-rx2x-2mqv.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q5mc-rx2x-2mqv",
-  "modified": "2026-03-23T12:30:29Z",
+  "modified": "2026-04-18T06:30:14Z",
   "published": "2026-03-23T12:30:29Z",
   "aliases": [
     "CVE-2026-4582"
@@ -38,6 +38,18 @@
     {
       "type": "WEB",
       "url": "https://vuldb.com/?submit.775433"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/775433"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352419"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352419/cti"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2026/03/GHSA-qvmh-94p6-pp46/GHSA-qvmh-94p6-pp46.json b/advisories/unreviewed/2026/03/GHSA-qvmh-94p6-pp46/GHSA-qvmh-94p6-pp46.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qvmh-94p6-pp46",
-  "modified": "2026-03-23T21:30:51Z",
+  "modified": "2026-04-18T06:30:14Z",
   "published": "2026-03-23T21:30:51Z",
   "aliases": [
     "CVE-2026-4595"
@@ -42,6 +42,18 @@
     {
       "type": "WEB",
       "url": "https://vuldb.com/?submit.775623"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/775623"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352433"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/352433/cti"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2026/04/GHSA-5pgv-4jf4-9r43/GHSA-5pgv-4jf4-9r43.json b/advisories/unreviewed/2026/04/GHSA-5pgv-4jf4-9r43/GHSA-5pgv-4jf4-9r43.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5pgv-4jf4-9r43",
+  "modified": "2026-04-18T06:30:14Z",
+  "published": "2026-04-18T06:30:14Z",
+  "aliases": [
+    "CVE-2026-41253"
+  ],
+  "details": "In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka \"hypothetical in-band signaling abuse.\" This occurs because iTerm2 accepts the SSH conductor protocol from terminal output that does not originate from a legitimate conductor session.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41253"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/gnachman/iTerm2/commit/a9e745993c2e2cbb30b884a16617cd5495899f86"
+    },
+    {
+      "type": "WEB",
+      "url": "https://blog.calif.io/p/mad-bugs-even-cat-readmetxt-is-not"
+    },
+    {
+      "type": "WEB",
+      "url": "https://iterm2.com/downloads.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://news.ycombinator.com/item?id=47809190"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-829"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-18T06:16:17Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-7m2j-268v-rc6r/GHSA-7m2j-268v-rc6r.json b/advisories/unreviewed/2026/04/GHSA-7m2j-268v-rc6r/GHSA-7m2j-268v-rc6r.json
@@ -0,0 +1,84 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7m2j-268v-rc6r",
+  "modified": "2026-04-18T06:30:14Z",
+  "published": "2026-04-18T06:30:14Z",
+  "aliases": [
+    "CVE-2026-4801"
+  ],
+  "details": "The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insufficient output escaping of event titles, descriptions, and locations fetched from external iCal feeds in the Events block rendering function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4801"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L218"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L245"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L246"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L255"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/coblocks/tags/3.1.16/src/blocks/events/index.php#L91"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L218"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L245"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L246"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L255"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/coblocks/trunk/src/blocks/events/index.php#L91"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3475789/coblocks/trunk/src/blocks/events/index.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcoblocks/tags/3.1.16&new_path=%2Fcoblocks/tags/3.1.17"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bde0aef3-aa61-4ee7-9cbf-9f51cb5ac700?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-18T05:16:23Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-c9qp-qc83-7rwj/GHSA-c9qp-qc83-7rwj.json b/advisories/unreviewed/2026/04/GHSA-c9qp-qc83-7rwj/GHSA-c9qp-qc83-7rwj.json
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c9qp-qc83-7rwj",
-  "modified": "2026-04-16T18:31:22Z",
+  "modified": "2026-04-18T06:30:14Z",
   "published": "2026-04-16T18:31:22Z",
   "aliases": [
     "CVE-2026-37100"
   ],
   "details": "An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -20,8 +25,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-16T16:16:16Z"
diff --git a/advisories/unreviewed/2026/04/GHSA-cwq2-35x4-44pq/GHSA-cwq2-35x4-44pq.json b/advisories/unreviewed/2026/04/GHSA-cwq2-35x4-44pq/GHSA-cwq2-35x4-44pq.json
diff --git a/advisories/unreviewed/2026/04/GHSA-g88c-8gfj-6c98/GHSA-g88c-8gfj-6c98.json b/advisories/unreviewed/2026/04/GHSA-g88c-8gfj-6c98/GHSA-g88c-8gfj-6c98.json
diff --git a/advisories/unreviewed/2026/04/GHSA-vf7g-wm62-vfxh/GHSA-vf7g-wm62-vfxh.json b/advisories/unreviewed/2026/04/GHSA-vf7g-wm62-vfxh/GHSA-vf7g-wm62-vfxh.json
