Publish Advisories

GHSA-g7mr-vm94-3rv7
GHSA-2p5v-p767-wqv5
GHSA-9m4g-m3p5-p6gm
GHSA-m2x7-c9gp-xc46
GHSA-r2rp-r5cj-6c6x
GHSA-6g5m-c89w-7pwf
GHSA-h943-hrx6-86cq
GHSA-jx49-fphc-w293
GHSA-vx4w-426f-69qh
GHSA-x2wr-f89p-cqwh
GHSA-xrqh-48jh-pjv2

Author: advisory-database[bot]

advisories/unreviewed/2025/11/GHSA-g7mr-vm94-3rv7/GHSA-g7mr-vm94-3rv7.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g7mr-vm94-3rv7",
-  "modified": "2026-03-19T00:30:19Z",
+  "modified": "2026-03-19T12:30:31Z",
   "published": "2025-11-18T21:32:31Z",
   "aliases": [
     "CVE-2025-61662"
@@ -63,6 +63,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:4998"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5074"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-61662"

advisories/unreviewed/2025/12/GHSA-2p5v-p767-wqv5/GHSA-2p5v-p767-wqv5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2p5v-p767-wqv5",
-  "modified": "2025-12-11T09:31:25Z",
+  "modified": "2026-03-19T12:30:31Z",
   "published": "2025-12-11T09:31:25Z",
   "aliases": [
     "CVE-2025-14512"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421339"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3845"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/01/GHSA-9m4g-m3p5-p6gm/GHSA-9m4g-m3p5-p6gm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9m4g-m3p5-p6gm",
-  "modified": "2026-01-27T15:30:32Z",
+  "modified": "2026-03-19T12:30:31Z",
   "published": "2026-01-27T15:30:32Z",
   "aliases": [
     "CVE-2026-1489"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433348"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3872"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/01/GHSA-m2x7-c9gp-xc46/GHSA-m2x7-c9gp-xc46.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m2x7-c9gp-xc46",
-  "modified": "2026-01-21T12:30:30Z",
+  "modified": "2026-03-19T12:30:31Z",
   "published": "2026-01-21T12:30:30Z",
   "aliases": [
     "CVE-2026-0988"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429886"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3851"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/01/GHSA-r2rp-r5cj-6c6x/GHSA-r2rp-r5cj-6c6x.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r2rp-r5cj-6c6x",
-  "modified": "2026-01-27T15:30:31Z",
+  "modified": "2026-03-19T12:30:32Z",
   "published": "2026-01-27T15:30:31Z",
   "aliases": [
     "CVE-2026-1484"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433259"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3870"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-6g5m-c89w-7pwf/GHSA-6g5m-c89w-7pwf.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6g5m-c89w-7pwf",
+  "modified": "2026-03-19T12:30:32Z",
+  "published": "2026-03-19T12:30:32Z",
+  "aliases": [
+    "CVE-2025-14716"
+  ],
+  "details": "Improper Authentication vulnerability in Secomea GateManager (webserver modules) allows Authentication Bypass.This issue affects GateManager: 11.4;0.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14716"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.secomea.com/support/cybersecurity-advisory"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-19T11:16:14Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-h943-hrx6-86cq/GHSA-h943-hrx6-86cq.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h943-hrx6-86cq",
+  "modified": "2026-03-19T12:30:32Z",
+  "published": "2026-03-19T12:30:32Z",
+  "aliases": [
+    "CVE-2006-10002"
+  ],
+  "details": "XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes.\n\nA :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-10002"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cpan-authors/XML-Parser/issues/64"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rt.cpan.org/Ticket/Display.html?id=19859"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-122"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-19T12:16:16Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-jx49-fphc-w293/GHSA-jx49-fphc-w293.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jx49-fphc-w293",
+  "modified": "2026-03-19T12:30:33Z",
+  "published": "2026-03-19T12:30:32Z",
+  "aliases": [
+    "CVE-2026-3511"
+  ],
+  "details": "Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) attacks and obtain unauthorized access to local files on filesystems running the vulnerable application. Successful exploitation requires the victim to visit a specially crafted website that sends request containing a specially crafted XML document to /sign endpoint of the local HTTP server run by the application.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3511"
+    },
+    {
+      "type": "WEB",
+      "url": "https://blog.binary.house/2026/03/pripadova-studia-ako-sme-s-claude-code.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/slovensko-digital/autogram/releases/tag/v2.7.2"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-611"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-19T12:16:18Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-vx4w-426f-69qh/GHSA-vx4w-426f-69qh.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vx4w-426f-69qh",
+  "modified": "2026-03-19T12:30:32Z",
+  "published": "2026-03-19T12:30:32Z",
+  "aliases": [
+    "CVE-2026-3658"
+  ],
+  "details": "The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database, including usernames, email addresses, and password hashes.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3658"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/class-appointment-type-model.php#L907"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/lib/td-util/class-td-api-model.php#L140"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/lib/td-util/class-td-db-model.php#L1171"
+    },
+    {
+      "type": "WEB",
+      "url": "https://plugins.trac.wordpress.org/changeset/3485143"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/67c7b9b2-e73f-47fe-aecc-14e998a607c8?source=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-19T12:16:18Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-x2wr-f89p-cqwh/GHSA-x2wr-f89p-cqwh.json

@@ -0,0 +1,39 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x2wr-f89p-cqwh",
+  "modified": "2026-03-19T12:30:32Z",
+  "published": "2026-03-19T12:30:32Z",
+  "aliases": [
+    "CVE-2006-10003"
+  ],
+  "details": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.\n\nIn the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.\n\nThe bug can be observed when parsing an XML file with very deep element nesting",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-10003"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cpan-authors/XML-Parser/issues/39"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rt.cpan.org/Ticket/Display.html?id=19860"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-122"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-19T12:16:17Z"
+  }
+}