Publish Advisories

GHSA-cx8g-4cf5-cjv3
GHSA-pm8w-jq9r-x5rp
GHSA-xrqh-48jh-pjv2
GHSA-4229-xrvq-qm47
GHSA-536m-vwvg-ggr6
GHSA-53vq-962v-f9cq
GHSA-6w3g-2v88-h993
GHSA-7g82-gmhh-22cx
GHSA-7rfm-rcv9-66r2
GHSA-f2cg-3cww-mcq8
GHSA-jh98-4jxg-c74j
GHSA-pc4q-wmj3-q7jg
GHSA-r9x4-2726-c64m
GHSA-w6h6-qc6q-q65w
GHSA-wx63-92xj-ggq5
GHSA-x63q-987j-jrv7
GHSA-xgpm-2v6j-vx8q

Author: advisory-database[bot]

advisories/unreviewed/2024/01/GHSA-cx8g-4cf5-cjv3/GHSA-cx8g-4cf5-cjv3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cx8g-4cf5-cjv3",
-  "modified": "2026-04-09T21:31:23Z",
+  "modified": "2026-04-17T12:31:24Z",
   "published": "2024-01-25T21:32:14Z",
   "aliases": [
     "CVE-2023-52356"
@@ -75,6 +75,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2023-52356"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:8747"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:7335"

advisories/unreviewed/2026/02/GHSA-pm8w-jq9r-x5rp/GHSA-pm8w-jq9r-x5rp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pm8w-jq9r-x5rp",
-  "modified": "2026-04-09T21:31:24Z",
+  "modified": "2026-04-17T12:31:24Z",
   "published": "2026-02-09T15:30:31Z",
   "aliases": [
     "CVE-2025-14831"
@@ -21,63 +21,67 @@
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:3477"
+      "url": "https://gitlab.com/gnutls/gnutls/-/issues/1773"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:4188"
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:4655"
+      "url": "https://access.redhat.com/security/cve/CVE-2025-14831"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:4943"
+      "url": "https://access.redhat.com/errata/RHSA-2026:8747"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:5585"
+      "url": "https://access.redhat.com/errata/RHSA-2026:7335"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:5606"
+      "url": "https://access.redhat.com/errata/RHSA-2026:7329"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:6618"
+      "url": "https://access.redhat.com/errata/RHSA-2026:6738"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:6737"
     },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:6630"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:6737"
+      "url": "https://access.redhat.com/errata/RHSA-2026:6618"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:6738"
+      "url": "https://access.redhat.com/errata/RHSA-2026:5606"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:7329"
+      "url": "https://access.redhat.com/errata/RHSA-2026:5585"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:7335"
+      "url": "https://access.redhat.com/errata/RHSA-2026:4943"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/security/cve/CVE-2025-14831"
+      "url": "https://access.redhat.com/errata/RHSA-2026:4655"
     },
     {
       "type": "WEB",
-      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423177"
+      "url": "https://access.redhat.com/errata/RHSA-2026:4188"
     },
     {
       "type": "WEB",
-      "url": "https://gitlab.com/gnutls/gnutls/-/issues/1773"
+      "url": "https://access.redhat.com/errata/RHSA-2026:3477"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-xrqh-48jh-pjv2/GHSA-xrqh-48jh-pjv2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xrqh-48jh-pjv2",
-  "modified": "2026-04-16T15:31:26Z",
+  "modified": "2026-04-17T12:31:24Z",
   "published": "2026-03-13T21:31:51Z",
   "aliases": [
     "CVE-2026-4111"
@@ -59,6 +59,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:7335"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:8747"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-4111"

advisories/unreviewed/2026/04/GHSA-4229-xrvq-qm47/GHSA-4229-xrvq-qm47.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4229-xrvq-qm47",
+  "modified": "2026-04-17T12:31:25Z",
+  "published": "2026-04-17T12:31:25Z",
+  "aliases": [
+    "CVE-2026-35153"
+  ],
+  "details": "Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35153"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-88"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T11:16:10Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-536m-vwvg-ggr6/GHSA-536m-vwvg-ggr6.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-536m-vwvg-ggr6",
+  "modified": "2026-04-17T12:31:25Z",
+  "published": "2026-04-17T12:31:25Z",
+  "aliases": [
+    "CVE-2025-46641"
+  ],
+  "details": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46641"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T12:16:32Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-53vq-962v-f9cq/GHSA-53vq-962v-f9cq.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-53vq-962v-f9cq",
+  "modified": "2026-04-17T12:31:25Z",
+  "published": "2026-04-17T12:31:25Z",
+  "aliases": [
+    "CVE-2026-35072"
+  ],
+  "details": "Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command ('OS command injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35072"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T11:16:10Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-6w3g-2v88-h993/GHSA-6w3g-2v88-h993.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6w3g-2v88-h993",
+  "modified": "2026-04-17T12:31:25Z",
+  "published": "2026-04-17T12:31:25Z",
+  "aliases": [
+    "CVE-2026-28263"
+  ],
+  "details": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a cross-site Scripting vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28263"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T12:16:32Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-7g82-gmhh-22cx/GHSA-7g82-gmhh-22cx.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7g82-gmhh-22cx",
+  "modified": "2026-04-17T12:31:25Z",
+  "published": "2026-04-17T12:31:25Z",
+  "aliases": [
+    "CVE-2026-23779"
+  ],
+  "details": "Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a command injection vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain root-level access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23779"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.dell.com/support/kbdoc/en-us/000450699/dsa-2026-060-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T10:16:05Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-7rfm-rcv9-66r2/GHSA-7rfm-rcv9-66r2.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7rfm-rcv9-66r2",
+  "modified": "2026-04-17T12:31:25Z",
+  "published": "2026-04-17T12:31:25Z",
+  "aliases": [
+    "CVE-2026-6483"
+  ],
+  "details": "A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2026.04.16 is able to resolve this issue. Upgrading the affected component is recommended.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6483"
+    },
+    {
+      "type": "WEB",
+      "url": "https://dl.wavlink.com/firmware/RD/root_uImage_WN530H4-A_2026.04.16.bin"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/dxz0069/WAVLINK-WN530H4-Command-Injection-in-set_add_routing/blob/main/vuldb_submission_report.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/783055"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358021"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358021/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T11:16:11Z"
+  }
+}