Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2022/05/GHSA-7fxq-f8vg-7f3w/GHSA-7fxq-f8vg-7f3w.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7fxq-f8vg-7f3w",
-  "modified": "2022-05-24T17:42:39Z",
+  "modified": "2026-03-30T15:31:33Z",
   "published": "2022-05-24T17:42:39Z",
   "aliases": [
     "CVE-2020-19513"
   ],
   "details": "Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -21,7 +26,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-1236"
+      "CWE-1236",
+      "CWE-787"
     ],
     "severity": "HIGH",
     "github_reviewed": false,

advisories/unreviewed/2025/11/GHSA-39m5-rg2v-54h9/GHSA-39m5-rg2v-54h9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-39m5-rg2v-54h9",
-  "modified": "2025-12-11T00:30:26Z",
+  "modified": "2026-03-30T15:31:34Z",
   "published": "2025-11-26T21:31:26Z",
   "aliases": [
     "CVE-2025-13611"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released"
     },
+    {
+      "type": "WEB",
+      "url": "https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released"
+    },
     {
       "type": "WEB",
       "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/545947"

advisories/unreviewed/2026/02/GHSA-r6vr-hwpr-qqch/GHSA-r6vr-hwpr-qqch.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r6vr-hwpr-qqch",
-  "modified": "2026-02-06T09:30:29Z",
+  "modified": "2026-03-30T15:31:34Z",
   "published": "2026-02-06T09:30:29Z",
   "aliases": [
     "CVE-2026-21643"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-1142"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/0xBlackash/CVE-2026-21643/blob/main/cve-2026-21643.py"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-2mq5-fr5w-rr29/GHSA-2mq5-fr5w-rr29.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2mq5-fr5w-rr29",
-  "modified": "2026-03-26T21:31:28Z",
+  "modified": "2026-03-30T15:31:51Z",
   "published": "2026-03-26T21:31:28Z",
   "aliases": [
     "CVE-2026-3530"
   ],
   "details": "Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-918"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-26T21:17:09Z"

advisories/unreviewed/2026/03/GHSA-3mvf-x53v-pjr7/GHSA-3mvf-x53v-pjr7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3mvf-x53v-pjr7",
-  "modified": "2026-03-26T21:31:28Z",
+  "modified": "2026-03-30T15:31:52Z",
   "published": "2026-03-26T21:31:28Z",
   "aliases": [
     "CVE-2026-4933"
   ],
   "details": "Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-863"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-26T21:17:10Z"

advisories/unreviewed/2026/03/GHSA-4qgx-7r85-6fpx/GHSA-4qgx-7r85-6fpx.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4qgx-7r85-6fpx",
+  "modified": "2026-03-30T15:32:06Z",
+  "published": "2026-03-30T15:32:06Z",
+  "aliases": [
+    "CVE-2026-4315"
+  ],
+  "details": "A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4315"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00006"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-30T13:16:22Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-5fjm-c352-35cv/GHSA-5fjm-c352-35cv.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5fjm-c352-35cv",
-  "modified": "2026-03-23T21:30:52Z",
+  "modified": "2026-03-30T15:31:36Z",
   "published": "2026-03-23T21:30:52Z",
   "aliases": [
     "CVE-2026-32851"
   ],
   "details": "MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the Attendees parameter in the FreeBusy.aspx form, which is not properly sanitized before being embedded into dynamically generated JavaScript.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/03/GHSA-6457-73j6-h3qg/GHSA-6457-73j6-h3qg.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6457-73j6-h3qg",
+  "modified": "2026-03-30T15:32:07Z",
+  "published": "2026-03-30T15:32:07Z",
+  "aliases": [
+    "CVE-2026-5164"
+  ],
+  "details": "A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. This can cause a system crash, resulting in a Denial of Service (DoS).",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5164"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/virtio-win/kvm-guest-drivers-windows/pull/1504"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-5164"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453014"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-30T15:16:36Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-68p2-v646-58j6/GHSA-68p2-v646-58j6.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-68p2-v646-58j6",
-  "modified": "2026-03-27T15:30:25Z",
+  "modified": "2026-03-30T15:31:57Z",
   "published": "2026-03-27T15:30:25Z",
   "aliases": [
     "CVE-2025-61190"
   ],
   "details": "A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -28,8 +33,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-03-27T15:16:45Z"

advisories/unreviewed/2026/03/GHSA-6fw6-rqjg-9v3j/GHSA-6fw6-rqjg-9v3j.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6fw6-rqjg-9v3j",
+  "modified": "2026-03-30T15:32:07Z",
+  "published": "2026-03-30T15:32:07Z",
+  "aliases": [
+    "CVE-2026-5165"
+  ],
+  "details": "A flaw was found in virtio-win, specifically within the VirtIO Block (BLK) device. When the device undergoes a reset, it fails to properly manage memory, resulting in a use-after-free vulnerability. This issue could allow a local attacker to corrupt system memory, potentially leading to system instability or unexpected behavior.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5165"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/virtio-win/kvm-guest-drivers-windows/pull/1493"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-5165"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453015"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-825"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-30T15:16:36Z"
+  }
+}