Skip to content

Commit a998b93

Browse files
advisory-database[bot]advisory-database[bot]
committed
Advisory Database Sync
1 parent c553edb commit a998b93

File tree

28 files changed

+1064
-6
lines changed

28 files changed

+1064
-6
lines changed

advisories/unreviewed/2024/01/GHSA-cx8g-4cf5-cjv3/GHSA-cx8g-4cf5-cjv3.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-cx8g-4cf5-cjv3",
4-
"modified": "2026-04-17T12:31:24Z",
4+
"modified": "2026-04-17T15:31:05Z",
55
"published": "2024-01-25T21:32:14Z",
66
"aliases": [
77
"CVE-2023-52356"
@@ -75,10 +75,18 @@
7575
"type": "WEB",
7676
"url": "https://access.redhat.com/security/cve/CVE-2023-52356"
7777
},
78+
{
79+
"type": "WEB",
80+
"url": "https://access.redhat.com/errata/RHSA-2026:8748"
81+
},
7882
{
7983
"type": "WEB",
8084
"url": "https://access.redhat.com/errata/RHSA-2026:8747"
8185
},
86+
{
87+
"type": "WEB",
88+
"url": "https://access.redhat.com/errata/RHSA-2026:8746"
89+
},
8290
{
8391
"type": "WEB",
8492
"url": "https://access.redhat.com/errata/RHSA-2026:7335"

advisories/unreviewed/2026/02/GHSA-pm8w-jq9r-x5rp/GHSA-pm8w-jq9r-x5rp.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-pm8w-jq9r-x5rp",
4-
"modified": "2026-04-17T12:31:24Z",
4+
"modified": "2026-04-17T15:31:05Z",
55
"published": "2026-02-09T15:30:31Z",
66
"aliases": [
77
"CVE-2025-14831"
@@ -31,10 +31,18 @@
3131
"type": "WEB",
3232
"url": "https://access.redhat.com/security/cve/CVE-2025-14831"
3333
},
34+
{
35+
"type": "WEB",
36+
"url": "https://access.redhat.com/errata/RHSA-2026:8748"
37+
},
3438
{
3539
"type": "WEB",
3640
"url": "https://access.redhat.com/errata/RHSA-2026:8747"
3741
},
42+
{
43+
"type": "WEB",
44+
"url": "https://access.redhat.com/errata/RHSA-2026:8746"
45+
},
3846
{
3947
"type": "WEB",
4048
"url": "https://access.redhat.com/errata/RHSA-2026:7335"

advisories/unreviewed/2026/03/GHSA-6frc-h2x4-jwq3/GHSA-6frc-h2x4-jwq3.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-6frc-h2x4-jwq3",
4-
"modified": "2026-03-13T21:31:45Z",
4+
"modified": "2026-04-17T15:31:06Z",
55
"published": "2026-03-13T21:31:45Z",
66
"aliases": [
77
"CVE-2025-12453"
88
],
99
"details": "Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. \nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:X/U:X"

advisories/unreviewed/2026/03/GHSA-96v9-4pvw-w72p/GHSA-96v9-4pvw-w72p.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-96v9-4pvw-w72p",
4-
"modified": "2026-03-13T21:31:45Z",
4+
"modified": "2026-04-17T15:31:06Z",
55
"published": "2026-03-13T21:31:45Z",
66
"aliases": [
77
"CVE-2025-12454"
88
],
99
"details": "Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. \nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:X/U:X"

advisories/unreviewed/2026/03/GHSA-phcr-v9ch-26r8/GHSA-phcr-v9ch-26r8.json

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,17 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-phcr-v9ch-26r8",
4-
"modified": "2026-03-13T21:31:45Z",
4+
"modified": "2026-04-17T15:31:06Z",
55
"published": "2026-03-13T21:31:45Z",
66
"aliases": [
77
"CVE-2025-12455"
88
],
99
"details": "Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing.  \nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.",
1010
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
14+
},
1115
{
1216
"type": "CVSS_V4",
1317
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:X/RE:X/U:X"

advisories/unreviewed/2026/03/GHSA-xrqh-48jh-pjv2/GHSA-xrqh-48jh-pjv2.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-xrqh-48jh-pjv2",
4-
"modified": "2026-04-17T12:31:24Z",
4+
"modified": "2026-04-17T15:31:07Z",
55
"published": "2026-03-13T21:31:51Z",
66
"aliases": [
77
"CVE-2026-4111"
@@ -59,10 +59,18 @@
5959
"type": "WEB",
6060
"url": "https://access.redhat.com/errata/RHSA-2026:7335"
6161
},
62+
{
63+
"type": "WEB",
64+
"url": "https://access.redhat.com/errata/RHSA-2026:8746"
65+
},
6266
{
6367
"type": "WEB",
6468
"url": "https://access.redhat.com/errata/RHSA-2026:8747"
6569
},
70+
{
71+
"type": "WEB",
72+
"url": "https://access.redhat.com/errata/RHSA-2026:8748"
73+
},
6674
{
6775
"type": "WEB",
6876
"url": "https://access.redhat.com/security/cve/CVE-2026-4111"

advisories/unreviewed/2026/04/GHSA-28hj-3gj2-63m5/GHSA-28hj-3gj2-63m5.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-28hj-3gj2-63m5",
4+
"modified": "2026-04-17T15:31:18Z",
5+
"published": "2026-04-17T15:31:18Z",
6+
"aliases": [
7+
"CVE-2026-6507"
8+
],
9+
"details": "A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6507"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://access.redhat.com/security/cve/CVE-2026-6507"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459181"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-787"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-04-17T13:16:14Z"
39+
}
40+
}

advisories/unreviewed/2026/04/GHSA-376w-pjjp-jrvj/GHSA-376w-pjjp-jrvj.json

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-376w-pjjp-jrvj",
4+
"modified": "2026-04-17T15:31:18Z",
5+
"published": "2026-04-17T15:31:17Z",
6+
"aliases": [
7+
"CVE-2026-6486"
8+
],
9+
"details": "A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 2.17.1 will fix this issue. The patch is identified as 69c3c9bb8a17f1ea572d8f4502bf238f0214c98a. It is suggested to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6486"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/classroombookings/classroombookings/pull/83"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/classroombookings/classroombookings/commit/69c3c9bb8a17f1ea572d8f4502bf238f0214c98a"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/classroombookings/classroombookings"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://github.com/classroombookings/classroombookings/releases/tag/v2.17.1"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/sudo-secure/security-research/blob/main/classroombookings/stored-xss/PoC.md"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/submit/786154"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://vuldb.com/vuln/358027"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://vuldb.com/vuln/358027/cti"
57+
}
58+
],
59+
"database_specific": {
60+
"cwe_ids": [
61+
"CWE-79"
62+
],
63+
"severity": "MODERATE",
64+
"github_reviewed": false,
65+
"github_reviewed_at": null,
66+
"nvd_published_at": "2026-04-17T13:16:14Z"
67+
}
68+
}

advisories/unreviewed/2026/04/GHSA-3g88-37vp-qh92/GHSA-3g88-37vp-qh92.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3g88-37vp-qh92",
4+
"modified": "2026-04-17T15:31:18Z",
5+
"published": "2026-04-17T15:31:18Z",
6+
"aliases": [
7+
"CVE-2026-6492"
8+
],
9+
"details": "A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of the component Health Check Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6492"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/sudo-secure/security-research/blob/main/Hotel-Booking-Management-System/sensitive-information-disclosure/PoC.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/787242"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/358036"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/358036/cti"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-200"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-04-17T14:16:35Z"
51+
}
52+
}

advisories/unreviewed/2026/04/GHSA-3jrj-7493-fgq2/GHSA-3jrj-7493-fgq2.json

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-3jrj-7493-fgq2",
4+
"modified": "2026-04-17T15:31:18Z",
5+
"published": "2026-04-17T15:31:18Z",
6+
"aliases": [
7+
"CVE-2026-40459"
8+
],
9+
"details": "PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations.\n\nThis issue was fixed in PAC4J versions 4.5.10, 5.7.10 and 6.4.1",
10+
"severity": [
11+
{
12+
"type": "CVSS_V4",
13+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40459"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://cert.pl/en/posts/2026/04/CVE-2026-40458"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.pac4j.org/blog/security-advisory-pac4j-core-and-ldap.html"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-90"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-04-17T14:16:34Z"
39+
}
40+
}

0 commit comments

Comments
 (0)