Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/04/GHSA-2275-4rpp-82v7/GHSA-2275-4rpp-82v7.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2275-4rpp-82v7",
+  "modified": "2026-04-01T06:31:33Z",
+  "published": "2026-04-01T06:31:33Z",
+  "aliases": [
+    "CVE-2026-5292"
+  ],
+  "details": "Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5292"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/492213293"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-01T05:16:02Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2739-cxg4-jp3j/GHSA-2739-cxg4-jp3j.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2739-cxg4-jp3j",
+  "modified": "2026-04-01T06:31:32Z",
+  "published": "2026-04-01T06:31:32Z",
+  "aliases": [
+    "CVE-2026-5284"
+  ],
+  "details": "Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5284"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/492139412"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-01T05:16:01Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2q94-wprw-25w4/GHSA-2q94-wprw-25w4.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2q94-wprw-25w4",
+  "modified": "2026-04-01T06:31:32Z",
+  "published": "2026-04-01T06:31:32Z",
+  "aliases": [
+    "CVE-2026-5279"
+  ],
+  "details": "Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5279"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/490642836"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-01T05:16:01Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3rff-rg87-9c8x/GHSA-3rff-rg87-9c8x.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3rff-rg87-9c8x",
+  "modified": "2026-04-01T06:31:33Z",
+  "published": "2026-04-01T06:31:33Z",
+  "aliases": [
+    "CVE-2026-5290"
+  ],
+  "details": "Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5290"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/496205576"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-01T05:16:02Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-4c6f-f3m2-g3pw/GHSA-4c6f-f3m2-g3pw.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4c6f-f3m2-g3pw",
+  "modified": "2026-04-01T06:31:31Z",
+  "published": "2026-04-01T06:31:31Z",
+  "aliases": [
+    "CVE-2026-5252"
+  ],
+  "details": "A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5252"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/z9527-admin/vulnerability-10"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/780613"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354442"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/354442/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-01T04:17:11Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-4j5r-7xc7-9pr6/GHSA-4j5r-7xc7-9pr6.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4j5r-7xc7-9pr6",
+  "modified": "2026-04-01T06:31:32Z",
+  "published": "2026-04-01T06:31:32Z",
+  "aliases": [
+    "CVE-2026-5276"
+  ],
+  "details": "Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5276"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/489711638"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-01T05:16:00Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-63vg-wchr-j5wj/GHSA-63vg-wchr-j5wj.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-63vg-wchr-j5wj",
+  "modified": "2026-04-01T06:31:32Z",
+  "published": "2026-04-01T06:31:32Z",
+  "aliases": [
+    "CVE-2026-5278"
+  ],
+  "details": "Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5278"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/490254128"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-01T05:16:01Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-68r5-52qj-jm6w/GHSA-68r5-52qj-jm6w.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-68r5-52qj-jm6w",
+  "modified": "2026-04-01T06:31:32Z",
+  "published": "2026-04-01T06:31:32Z",
+  "aliases": [
+    "CVE-2026-5282"
+  ],
+  "details": "Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5282"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/491655161"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-01T05:16:01Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-6mjm-fq7h-cm4p/GHSA-6mjm-fq7h-cm4p.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6mjm-fq7h-cm4p",
+  "modified": "2026-04-01T06:31:32Z",
+  "published": "2026-04-01T06:31:32Z",
+  "aliases": [
+    "CVE-2026-5277"
+  ],
+  "details": "Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5277"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/489791424"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-472"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-01T05:16:00Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-6r8r-3947-g6p3/GHSA-6r8r-3947-g6p3.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6r8r-3947-g6p3",
+  "modified": "2026-04-01T06:31:32Z",
+  "published": "2026-04-01T06:31:32Z",
+  "aliases": [
+    "CVE-2026-5275"
+  ],
+  "details": "Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5275"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/489494022"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-122"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-01T05:16:00Z"
+  }
+}