Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/01/GHSA-cx8g-4cf5-cjv3/GHSA-cx8g-4cf5-cjv3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cx8g-4cf5-cjv3",
-  "modified": "2026-04-08T15:31:42Z",
+  "modified": "2026-04-09T15:35:05Z",
   "published": "2024-01-25T21:32:14Z",
   "aliases": [
     "CVE-2023-52356"
@@ -75,6 +75,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2023-52356"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7304"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:7081"

advisories/unreviewed/2026/04/GHSA-26fq-x95v-v55j/GHSA-26fq-x95v-v55j.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-26fq-x95v-v55j",
-  "modified": "2026-04-09T00:32:01Z",
+  "modified": "2026-04-09T15:35:06Z",
   "published": "2026-04-09T00:32:00Z",
   "aliases": [
     "CVE-2026-5918"
   ],
   "details": "Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-346"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T22:16:31Z"

advisories/unreviewed/2026/04/GHSA-2h6j-mhcp-9j9h/GHSA-2h6j-mhcp-9j9h.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2h6j-mhcp-9j9h",
-  "modified": "2026-04-07T21:32:39Z",
+  "modified": "2026-04-09T15:35:06Z",
   "published": "2026-04-07T21:32:39Z",
   "aliases": [
     "CVE-2025-56015"
   ],
   "details": "In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-07T20:16:22Z"

advisories/unreviewed/2026/04/GHSA-326f-rc6r-57wf/GHSA-326f-rc6r-57wf.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-326f-rc6r-57wf",
-  "modified": "2026-04-07T18:31:36Z",
+  "modified": "2026-04-09T15:35:06Z",
   "published": "2026-04-07T18:31:36Z",
   "aliases": [
     "CVE-2025-52908"
   ],
   "details": "An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-120"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-07T16:16:23Z"

advisories/unreviewed/2026/04/GHSA-3cjc-vhfm-ffp2/GHSA-3cjc-vhfm-ffp2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3cjc-vhfm-ffp2",
-  "modified": "2026-04-09T12:31:10Z",
+  "modified": "2026-04-09T15:35:07Z",
   "published": "2026-04-09T12:31:10Z",
   "aliases": [
     "CVE-2025-62188"
   ],
   "details": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler.\n\nThis vulnerability may allow unauthorized actors to access sensitive information, including database credentials.\n\n\nThis issue affects Apache DolphinScheduler versions 3.1.*.\n\n\nUsers are recommended to upgrade to:\n\n\n\n\n\n\n\n  *  version ≥ 3.2.0 if using 3.1.x\n\n\n\n\n\n\nAs a temporary workaround, users who cannot upgrade immediately may restrict the exposed management endpoints by setting the following environment variable:\n\n\n```\nMANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus\n```\n\nAlternatively, add the following configuration to the application.yaml file:\n\n\n```\nmanagement:\n   endpoints:\n     web:\n        exposure:\n          include: health,metrics,prometheus\n```\n\nThis issue has been reported as CVE-2023-48796:\n\n https://cveprocess.apache.org/cve5/CVE-2023-48796",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-200"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-09T10:16:20Z"

advisories/unreviewed/2026/04/GHSA-3hh3-hx7r-ggc2/GHSA-3hh3-hx7r-ggc2.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3hh3-hx7r-ggc2",
+  "modified": "2026-04-09T15:35:07Z",
+  "published": "2026-04-09T15:35:07Z",
+  "aliases": [
+    "CVE-2025-50228"
+  ],
+  "details": "Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50228"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Cherry-toto/jizhicms/issues/104"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Cherry-toto/jizhicms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.jizhicms.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T15:16:07Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-5jvx-5q86-rxx3/GHSA-5jvx-5q86-rxx3.json

@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5jvx-5q86-rxx3",
+  "modified": "2026-04-09T15:35:08Z",
+  "published": "2026-04-09T15:35:08Z",
+  "aliases": [
+    "CVE-2026-5441"
+  ],
+  "details": "An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate escape markers placed near the end of the compressed data stream. A crafted sequence at the end of the buffer can cause the decoder to read beyond the allocated memory region and leak heap data into the rendered image output.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5441"
+    },
+    {
+      "type": "WEB",
+      "url": "https://kb.cert.org/vuls/id/536588"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.machinespirits.de"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.orthanc-server.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T15:16:16Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-6279-562x-78g7/GHSA-6279-562x-78g7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6279-562x-78g7",
-  "modified": "2026-04-07T15:30:51Z",
+  "modified": "2026-04-09T15:35:05Z",
   "published": "2026-04-07T15:30:50Z",
   "aliases": [
     "CVE-2025-62818"
   ],
   "details": "An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. An out-of-bounds write occurs due to a mismatch between the TP-UDHI and UDL values when processing an SMS TP-UD packet.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-787"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-07T15:17:34Z"

advisories/unreviewed/2026/04/GHSA-62mc-fgr6-xcww/GHSA-62mc-fgr6-xcww.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-62mc-fgr6-xcww",
-  "modified": "2026-04-07T18:31:37Z",
+  "modified": "2026-04-09T15:35:06Z",
   "published": "2026-04-07T18:31:37Z",
   "aliases": [
     "CVE-2024-36058"
   ],
   "details": "The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -32,8 +37,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-07T17:16:25Z"

advisories/unreviewed/2026/04/GHSA-69gc-w6vg-q56g/GHSA-69gc-w6vg-q56g.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-69gc-w6vg-q56g",
+  "modified": "2026-04-09T15:35:08Z",
+  "published": "2026-04-09T15:35:08Z",
+  "aliases": [
+    "CVE-2026-5959"
+  ],
+  "details": "A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.8.2 can resolve this issue. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5959"
+    },
+    {
+      "type": "WEB",
+      "url": "https://dl.gl-inet.com/kvm"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/gl-inet/CVE-issues/blob/main/KVM/1.8.1/Remote%20Access%20Authentication%20Bypass%20After%20Factory%20Reset.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/786688"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356512"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/356512/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-09T15:16:17Z"
+  }
+}