Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit d2a39419016f · 2026-03-25T06:32:19.000Z
GHSA-g7mr-vm94-3rv7 GHSA-8745-x4ph-xhpc GHSA-mc38-gw9c-q8f5 GHSA-q8x7-j9x6-2fpc GHSA-w7c9-8pqp-97mg
diff --git a/advisories/unreviewed/2025/11/GHSA-g7mr-vm94-3rv7/GHSA-g7mr-vm94-3rv7.json b/advisories/unreviewed/2025/11/GHSA-g7mr-vm94-3rv7/GHSA-g7mr-vm94-3rv7.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g7mr-vm94-3rv7",
-  "modified": "2026-03-23T06:30:27Z",
+  "modified": "2026-03-25T06:30:29Z",
   "published": "2025-11-18T21:32:31Z",
   "aliases": [
     "CVE-2025-61662"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:5233"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5127"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:5074"
diff --git a/advisories/unreviewed/2026/03/GHSA-8745-x4ph-xhpc/GHSA-8745-x4ph-xhpc.json b/advisories/unreviewed/2026/03/GHSA-8745-x4ph-xhpc/GHSA-8745-x4ph-xhpc.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8745-x4ph-xhpc",
+  "modified": "2026-03-25T06:30:29Z",
+  "published": "2026-03-25T06:30:29Z",
+  "aliases": [
+    "CVE-2026-33253"
+  ],
+  "details": "SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33253"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN90835713"
+    },
+    {
+      "type": "WEB",
+      "url": "https://products.sanyodenki.com/media/document/sanups/H0033413_jp.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://products.sanyodenki.com/media/document/sanups/H0033449_en.pdf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-428"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-25T06:16:28Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-mc38-gw9c-q8f5/GHSA-mc38-gw9c-q8f5.json b/advisories/unreviewed/2026/03/GHSA-mc38-gw9c-q8f5/GHSA-mc38-gw9c-q8f5.json
@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mc38-gw9c-q8f5",
+  "modified": "2026-03-25T06:30:29Z",
+  "published": "2026-03-25T06:30:29Z",
+  "aliases": [
+    "CVE-2026-26306"
+  ],
+  "details": "The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the user invoking the installer.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26306"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jvn.jp/en/jp/JVN19505323"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.jp.omsystem.com/en/support/imsg/digicamera/info/omws.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-427"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-25T06:16:28Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/03/GHSA-q8x7-j9x6-2fpc/GHSA-q8x7-j9x6-2fpc.json b/advisories/unreviewed/2026/03/GHSA-q8x7-j9x6-2fpc/GHSA-q8x7-j9x6-2fpc.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q8x7-j9x6-2fpc",
-  "modified": "2026-03-24T12:30:24Z",
+  "modified": "2026-03-25T06:30:28Z",
   "published": "2026-03-04T18:31:52Z",
   "aliases": [
     "CVE-2025-12801"
@@ -39,6 +39,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:3942"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5127"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:5606"
diff --git a/advisories/unreviewed/2026/03/GHSA-w7c9-8pqp-97mg/GHSA-w7c9-8pqp-97mg.json b/advisories/unreviewed/2026/03/GHSA-w7c9-8pqp-97mg/GHSA-w7c9-8pqp-97mg.json
@@ -0,0 +1,29 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-w7c9-8pqp-97mg",
+  "modified": "2026-03-25T06:30:29Z",
+  "published": "2026-03-25T06:30:29Z",
+  "aliases": [
+    "CVE-2026-2343"
+  ],
+  "details": "The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2343"
+    },
+    {
+      "type": "WEB",
+      "url": "https://wpscan.com/vulnerability/ac1572ca-7994-401d-a268-6a8773e60ab1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-25T06:16:28Z"
+  }
+}
